The C-Brief: Operational Risks Impacting Business

C-Suite leaders have a lot to consider today. For many companies, typical operational risks are being amplified by concerns about recession, inflation and rising interest rates, along with the impact of global geopolitical dynamics.

During times of uncertainty and volatility, managing operational risk is more important than ever for C-suite leaders and the companies they run.

Some operational risks are specific to particular businesses or industries, but all of them typically fall into one of several categories. Operational risk management identifies these potential hazards and develops strategies to mitigate or manage them.

 

10 Operational Risks to Consider

1. Cybersecurity

Cybersecurity consistently ranks among the top 10 operational risks in every survey of risk managers done over the past 15 years by Risk.Net.

Globally, cyberattacks rose by 38% in 2022 compared to 2021, according to Check Point Research, a cyberthreat intelligence reporting service.

2. Data Risks

Data breaches can cause significant financial losses for companies, along with very real reputational risk. One study from IBM found that the global average cost of a data breach is $4.45 million.

However, breaches aren't the only risk that occurs when it comes to data. Companies that mismanage their data, or fail to use it appropriately, can miss out on supply chain insights, inadvertently issue misstatements, release inaccurate reporting and even face fines from regulatory agencies as a result.

3. Risk From Third-parties

Nearly every business hires third parties in some capacity and buys goods and services from outside vendors. However, these practices also open companies up to potential operational risk that should be accounted for and managed.

Third-party risk can be introduced from:

  • Suppliers.
  • Vendors.
  • Contractors.

These risks are heightened when a third party has access to company systems, customer data and internal meetings.

Suppliers and vendors face a variety of their own risks, which can then become problems for any company that works with them. For example, one manager in the Risk.Net survey commented that his company's email went down for three days because of issues with a cloud service provider.

But reliability issues aren't where the risks stop. Working with third-party vendors could increase the likelihood of confidential company information being leaked to the public, data being breached and general lack of control over processes.

Other risks of working with third parties can include:

  • Financial losses and missed goals.
  • Legal and compliance issues.
  • Reputational risk due to negative news about a third party contractor or vendor.

Of course, working with third parties is almost unavoidable for most organizations. Having a vendor assessment process in place can help your company mitigate risk exposure.

4. People Risk

Two important issues fall under the umbrella of “people risk" that have been recently impacting businesses: a general shortage of skilled workers and a specific risk around succession planning and replacing retiring baby boomers.

While workforce participation has increased in recent months, particularly when compared to the height of the pandemic, many companies continue to grapple with skilled worker shortages.

As large numbers of baby boomers retire, business leaders with institutional knowledge disappear. Unless processes are in place and data is shared across a spectrum of employees and departments, business operations might suffer.

5. Regulatory Compliance

Regulatory compliance risk describes the likelihood that a company will inadvertently violate laws or regulations. Inadequate focus on this important risk can result in financial losses and, in some cases, criminal prosecution.

Regulatory risk can generally be split into two categories:

  • Compliance risk describes the internal systems and processes in place to prevent a company from breaking rules and regulations.
  • Regulatory risk describes the risk that comes with not having adequate controls in place to keep current with ever-changing rules and regulations.

These two concepts work together: Compliance risk practices help a company avoid breaching any laws while regulatory risk practices help keep companies updated on current requirements.

6. Supply Chain

Supply chain disruptions, which were particularly common at the height of the pandemic, continue to plague businesses. They remain thanks in part to geopolitical issues and inflationary pressures.

While some companies have found workarounds for supply chain disruptions, there are no one-size-fits-all solutions. However, having a great relationship with suppliers could be the first step to minimizing supply chain issues in your business.

7. Macroeconomic Risks

While operational risks refer to potential issues that can impact daily business, macroeconomic risks such as global instability, recession fears and rising interest rates can trigger operational issues.

A generally slower economy will naturally impact demand and spending patterns. Layoffs of employees can exacerbate supply chain issues and increase human error.

Higher interest rates that increase borrowing costs can slow investment in necessary upgrades to a business. Inflation naturally impacts the bottom line for every business in the form of higher costs and potential reduced demand as customers grapple with higher prices.

8. Resilience & Climate Risk

An increasing concern for businesses is the risk of an adverse event related to climate change such as a natural disaster that impacts them directly or one that impacts a supplier.

While physical threats such as hurricanes, wildfires and tornados come to mind, power outages related to storms or to cyberattacks could also pose a risk to operations, including cloud storage of data.

9. Change Management

The ability to adapt to any risk can fall under the umbrella of change management. Change management refers to anything from restructuring staffing to addressing monetary, reputation and non-monetary factors, with risk particularly focused on whether a company has the technology, employees and leadership team in place to enable it to adapt quickly.

10. Global Risks

Geopolitical risk can affect businesses in a variety of ways, including supply chain issues during tariff disputes, higher energy costs and other prices, and reduced demand from some global markets. The war in Ukraine, tensions with China and the economy in Europe have all influenced the U.S. economic outlook as well as individual businesses.

 

How to Manage Operational Risks

Depending on the size of your business, you may have all your employees trained in operational risk management, or it may be limited to a particular division, staff member or outsourced to a consultant.

No matter how you structure your approach, there are four general principles of risk management that apply to every organization:

  • Do not accept unnecessary risk. Evaluate every decision from a risk lens and make smart, measured decisions.
  • Make risk decisions at the right level. C-suite leaders need to identify risk decisions that would be appropriate for employees to make at different levels in the business to encourage engagement and accountability, while making it clear that certain types of decisions must be made at the highest level in the organization.
  • Do a cost-benefit analysis to determine when to accept risk. Weighing promising opportunities versus potential downside risk is an essential part of every decision.
  • Integrate operational risk management into every level of your business. Risk management should be part of every phase in your business growth and every decision you make, from planning to execution.

While how you address risk varies according to the issues that affect your business, there are generally three levels of operational risk management: time-critical, deliberate and strategic.

Ideally, a comprehensive, strategic approach to risk management involves data analysis, research and numerous employees. The middle ground, the deliberate level, works well for a specific project or problem that is not time sensitive. Time-critical operational risk management typically takes over during emergencies.

Business leaders who take a holistic, strategic approach to operational risk management are more likely to be ready when unanticipated issues arise, since they'll have a team in place and a framework to find solutions to business risks.




This article is for general information and education only. It is provided as a courtesy to the clients and friends of City National Bank (City National). City National does not warrant that it is accurate or complete. Opinions expressed and estimates or projections given are those of the authors or persons quoted as of the date of the article with no obligation to update or notify of inaccuracy or change. This article may not be reproduced, distributed or further published by any person without the written consent of City National. Please cite source when quoting.