The term Operational Risk Management (ORM) is not new. It has been tossed about in businesses across North America for the last several years. ORM and the oft associated term Enterprise Risk Management (ERM) have generally been used as corporate buzzwords, business culture idioms referenced in board meetings and articulated during presentations. Recent developments, such as the creation of the Sarbanes-Oxley (SOX) Act in 2002 in response to growing financial scandals in the U.S., have brought Operational Risk Management, Enterprise Risk Management and related concepts from the backrooms to the forefront of corporate America.
The inescapable reality is that every single day businesses incur losses and experience operational disruptions due to failures by employees, incorrect implementation of processes and technologies as well as wilful disobedience to internal controls. These losses may be manifest in the form of uncollectible receivables from disappointed clients, lost sales due to call centre failures or unproductive employee downtime when computer systems are unavailable, or a host of other potential problems. While most businesses have developed ad hoc methods of...