The Costs of Operational Risk


Operational Risk

The Global Association of Risk Professionals (GARP) refers to operational risk as the risk of loss resulting from inadequate or failed processes, people and systems, or from external events”. The definition excludes strategic, financial, and market risks. Operational risk is not always clearly understood, and there are often questions about what these inadequate or failed processes are. But when these risks manifest themselves in an organization, they can have a significant and negative impact on the organization’s financial health. Consider the following examples and the financial consequences they may have on your organization.

Workplace Violence

Beyond the obvious traumatization to employees due to acts or threats of violence in the workplace, there are other costs that may not be on the radar screen of the C-Suite.  These costs are more quantifiable and may include:

  • Workers compensation claims resulting from death or injuries. One state estimates the average cost of a lost-work claim at about $65,000.
  • Legal costs and damages from negligent hiring and negligent retention litigation that can run into the millions of dollars.
  • Large fines by OSHA for failing to provide for a safe workplace.
  • Costs related to unanticipated employee turnover due to personal safety concerns. These may be as much as 20% of an employee’s annual salary.

Solution: Mitigate these potential costs through a comprehensive threat management and workplace violence intervention program. This includes a program risk assessment, training, and threat management protocols based on best practices.

Loss of Intellectual Property

Economic espionage and aggressive competitive intelligence efforts continue to threaten the intellectual property (IP) of U.S. companies. A Fortune 300 company estimated their losses at about $40 million when an employee sold trade secrets to a competitor, and the Department of Commerce estimates the losses of IP to U.S. companies at $250 billion a year. These losses result from:

  • Incurred research and development costs.
  • Costs of not being first to market.
  • Costs associated with lost market share.
  • Lost client sales that run into the millions of dollars.

Solution: Implement an information protection program based on the national standard that works to protect all IP; cyber, physical, or intrinsic, in a comprehensive IP protection program.

Internal Fraud

The cost of fraud from employees or those in collusion with third parties can be devastating to organizations. Unfortunately, many organizations are naïve about these costs unless they have been victimized and by then may be too late.  In 2014 The Association of Certified Fraud Examiners reported that:

  • The median loss of an internal fraud is $145,000.
  • Only 17% of these frauds are detected by an internal or external audit.
  • Approximately 22% of the cases cost companies at least $1 million, with smaller companies experiencing a disproportionate number of frauds.
  • The average fraudster operates for about 18 months before being detected.

Solution: Fraud awareness and detection processes are proactive efforts that include a fraud risk assessment, fraud awareness training, and reporting and investigative protocols in the event of a suspected fraud. All of these go a long way in protecting the financial assets of an organization.

Negligent security

In today’s litigious environment the risk of negligent security claims is ever present. This type of premise liability is another unanticipated cost that may adversely impact an organization. Such claims may result from:

  • Malfunctioning security systems due to neglect or lack of training.
  • Security guard negligence resulting in large claims.
  • Poorly maintained physical security safeguards.

Solution: A security risk assessment by a board certified subject matter expert goes a long way in identifying vulnerabilities and providing organizations a road map to mitigate threats associated with such vulnerabilities.  It also sets the stage for an affirmative defense in the event of litigation against the organization because of negligent security.

About the Author

Jim Dale is the owner and principal of Seven Citadels Consulting. Jim brings to clients more than 30 years of security and risk experience in both the private and public sectors. Formerly the Chief Security Officer (CSO) for three Fortune 500 companies, Jim is a graduate of the University of Nebraska at Omaha and was a career officer, commander, and special agent with the Air Force Office of Special Investigations. He is certified threat manager (CTM) and board certified in security management as a Certified Protection Professional (CPP). Jim is a member of the Association of Threat Assessment Professionals (ATAP), the International Association of Professional Security Consultants (IAPSC), and ASIS International.