Heightening Corporate Risk Mitigation with the Operational Risk Management Lifecycle

Michael Herrera

To manage operational risk we must determine a way to measure, prioritize, monitor, and reduce exposure. The Operational Risk Management (ORM) lifecycle is divided in to five sections.

Program Design: ORM is potentially a significant undertaking. It demands a level of control, backing, structure and overall program design that aligns with other corporate initiatives. This framework helps insure that management and staff remain focused throughout.

Impact Analysis: Business Impact Analysis (BIA) is the technique used to determine the organization’s tolerance and characteristic pattern of loss arising from a disruption. The resulting data establishes timeframes for recovering functions, processes and systems, and is also used in the risk assessment.

Risk Assessment: Risk Assessment involves the collecting of data relating to people, processes, systems and environmental circumstances. The assessment combines BIA and probability data to prioritize the plugging of gaps, cost-justifying and competing strategies for mitigation.

Continuity Planning: The Business Continuity Plan (BCP) provides the ultimate backstop where risk mitigation measures have failed or were inappropriate and the organization faces potential disaster. The BCP identifies what people, processes, systems and other structures must be provided to the company in a timely fashion to ensure its survival.

Assurance: Assurance is a set of activities that help ensure that your continuity provisions work. Training encourages staff to develop a consistent understanding of risk and continuity issues and building familiarity with aspects that could affect them. Periodic review or audit ensures your continuity provisions still reflect the needs of the business. Rehearsal and testing provide controlled means of simulating real incidents, finding and fixing problems under safe conditions.

About
Michael Herrera is the Chief Executive Officer (CEO) of MHA. In his role, Michael provides global leadership to the entire set of industry practices and horizontal capabilities within MHA. Under his leadership, MHA has become a leading provider of Business Continuity and Disaster Recovery services to organizations on a global level. He is also the founder of BCMMETRICS, a leading cloud based tool designed to assess business continuity compliance and residual risk. Michael is a well-known and sought after speaker on Business Continuity issues at local and national contingency planner chapter meetings and conferences. Prior to founding MHA, he was a Regional VP for Bank of America, where he was responsible for Business Continuity across the southwest region.