Basel II Accord for International Banking Operational Risk is defined as, “Risk of loss from inadequate or failed internal; processes, people, and systems or external events “. When Processes, People or Systems fail, whether it be from internal or external events, the losses can be substantial. As an example, the Ponemon Institute estimates that worldwide organizational are losing over $35 Billion monthly from data center downtime. Nicholas G. Carr point out in his seminal Harvard Business Review article IT Doesn’t Matter, “today, an IT disruption can paralyze a company’s ability to make products, deliver its services, and connect with its customers, not to mention foul its reputation … even a brief disruption in availability of technology can be devastating.”
There are two primary ways for an organization to increase value. The first way is to increase expected gains. Typically, most organizations exclusively focus on increasing expected gains and IT has been used to increase value for many organizations. Information Technology has transformed the way we do business. IT increases operating efficiencies, extends our reach globally, accelerates the overall pace of business. It has changed the way we sell; it has changed the way we buy; and it has even changed the way we meet, read books and chat with colleagues.
It is understandable that most organizations focus on increasing expected gain, in general people are wired to spend more time thinking about how they are going to succeed. Only a fraction of the time do people think about all the ways that things can go wrong. Controlling operational risk takes a different path from increasing gains and this second, equally valid, approach to increasing value is often overlooked. That second way to increase value is to reduce expected losses and considering that organizations are losing over $35 Billion monthly there is tremendous untapped potential within the IT infrastructure to reduce costs by controlling operational risk.
The growing complexity and increased dependence on information technology has introduced new risks and transformed some benign ones. What was once considered a minor problem, like a software error, can now cause the same economic loss as a fire. A single bad bit can ruin an entire day. Symantec , in fact, has identified over 5,000 risk signatures within the IT infrastructure. Rationally controlling these operational risks will reduce increase service level, reduce failures, mitigate economic losses and help drive competitive advantage.