Thursday, September 28, 2023

Problem-Set: Enterprise OPS Risk...

Who is responsible when a particular Operational Risk problem-set has risen to your organizational awareness?  Clue: It is not the name of a department or single person.

This means that all people in your company, agency or command unit may have encountered behaviors, information or evidence of potential Operational Risk loss event outcomes.

Until you have a documented 1-Pager in your organization, you don’t have a problem-set or someone with the responsibility to solve it.

What is the Problem-Set? Give it a short Title that identifies the issue.

How do you describe the Background on the new problem-set in less than two short paragraphs?

Explain the Challenge ahead.

In less than one paragraph of three or four sentences, explain what the intended outcomes of solving the problem-set will be.

Now provide the Boundaries in your process of discovery and activity, that will provide you with the solutions solving the problem-set.

Now, who is the Owner / Sponsor of this problem-set?

“You have an “Operational Risk” loss event potentially waiting to happen.”

The people and/or the team who have been assigned to the defined  “OPS_RISK_PROBLEM-SET” (ORP), now have the organizational responsibility and power to engage with mitigating the risk of the potential outcomes, by designing and implementing the prototype Solution.

If leadership assigns you to this particular 1-Pager, it is now your responsibility to follow the process and to execute the steps you have been trained to carry out within your organization.

This shall occur in a timely manner, based upon the severity of the Operational Risk:

Design an easy and memorable numerical scale that could be utilized with the team or owners of your Problem-Set to provide a quick numerical severity for the ORP.

SEVERITY / LIKELIHOOD OF LOSS EVENT

LOW >>>>> 1 >>>>> 3 >>>>> 6 >>>>> 10+ HIGH

Stack rank your company, agency or command unit ORPs from High Severity to Low Severity on a pre-determined schedule, relevant to the size and pace of your national regulatory requirements.

If your organization is categorized as one of the 16+ national Critical Infrastructure Sectors as defined by the U.S. Department of Homeland Security (DHS), your organization shall engage in a continuous process of solving new problem-sets that are being continuously discovered in your enterprise.

Now you are on your way to solving more problem-sets with timely defined solutions within your entire Operational Risk Management (ORM) organization.

Onward!