Tuesday, February 08, 2005

OREA: Operational Risk Enterprise Architecture

UBS has their own interpretations of Operational Risk and it's definitions. Of particular note is this:

Operational Risk is the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external causes, whether deliberate, accidental or natural. It is inherent in all our activities, not only in the business we conduct but also from the fact that we are a business – an employer, owning and occupying property, and holding assets, including information, belonging to ourselves and our clients. Our operational risk framework is not designed to eliminate risk per se but, rather, to contain it within acceptable levels, as determined by senior management, and to ensure that we have sufficient information to make informed decisions about additional controls, adjustments to controls, or risk mitigation efforts.


Without an effective Operational Risk Enterprise Architecture (OREA) an institution is driving blind in a blizzard of incidents that increases their potential for losses and diminishes their performance. In order to make certain that you have sufficient information in order to make informed decisions, you must have a system. Not only a management system. But a software system to provide relevant and actionable intelligence.

When operational risk ‘events’ occur – actual failures of processes, people or systems – we assess their causes and the implications for our control framework, because an event such as a virus attack or a customer complaint, even if it does not lead to a direct or indirect financial loss, may indicate that our standards are not being complied with or that they are ineffective, and that remedial action must be taken. --UBS


OREA enables enterprises to establish a cohesive framework for enterprise risk management in their organizations. OREA is a management system supported by an enterprise software platform that enables organizations to automatically collect, manage and distribute real-time operational risk content. This includes homeland security alerts, business continuity policies, emergency response procedures, control standards, facilities and IT assets, baselines, threats/vulnerabilities and delivers education and awareness programs to customers, employees and partners.

In light of new global terrorist threats, government regulation, increasing investor scrutiny, continuous litigation and changing response to risk, the stakes for public companies and complex organizations have never been more extreme. The solutions never more challenging. Today more than ever, it is vital that senior executives and board members have all the information, tools and answers they need to fulfill their fiduciary duties.

No comments: