I have been trying to understand how organizations think about the operational risk caused by their processes. It makes logical sense – companies have scores of processes (some with guidelines and procedure manuals, some automed using BPM or other tools, many completely ad-hoc and unstructured ) that drive the business. Looking at the risks related to these process should be something that a CRO (Chief Risk Officer) or Corporate Audit Committee is looking at. So I tried to find some information on managing process risk.

I found a few pointers to BPMN tools that allow you to make risk considerations part of the model (but it wasn’t clear to me how that got translated to the actual implementation), and I found one good screen show talking about process risk. – and thats about it. Either I am missing something, or this area is being completely ignored.

One chart in presentation I found caught my eye. It shows that execution, delivery and process management make up about 40% percent of the losses generated by operational risk – much more than by internal or external fraud. If that is true, I would be expecting companies to be trying to understand the linkages between processes (structured and unstructured), and attempting to manage the risk. Here is the slideshow:

Process Based Risk Management

View more presentations from Péter Fehér