Primary navigation:

QFINANCE Quick Links
QFINANCE Reference
Add the QFINANCE search widget to your website

Home > Operations Management Best Practice > Managing Operational Risks Using an All-Hazards Approach

Operations Management Best Practice

Managing Operational Risks Using an All-Hazards Approach

by Mark Abkowitz

Executive Summary

  • Operational risk management (ORM) enables an enterprise to understand, prioritize, and control risks that threaten its well-being and the livelihood of its partners.

  • Although traditionally stove-piped within an organization, different operational risks share many common elements, providing an opportunity to consolidate ORM into a single all-hazards approach, one that is holistic and systematic.

  • The key to effective ORM is to recognize and mitigate those risk factors that erode our margin of safety, so allowing situations to spiral out of control.

  • A key first step is for an organization to perform an ORM physical, enabling the identification of reasonably foreseeable risks, benchmarking the current status of the ORM program, revealing gaps where the organization is vulnerable, and developing cost-effective strategies to address these gaps.

  • Based on recent historical events and changing conditions in our world, bringing ORM to the forefront of an organization is more important now than ever before.

Operational Risk Management: A Definition and a Strategy

For the purpose of this discussion, Operational Risk Management (ORM) is considered to be the policies, methods, practices, and institutional culture that enable an enterprise to understand, prioritize, and control risks that threaten the well-being of the organization, its business partners, communities in which it operates, and society at large.

The cost of poor operational risk management can be excessive, considering that the occurrence of undesirable events can lead to fatalities and injuries; property loss; business interruption; clean-up, remediation and disposal; fines and penalties; future inspections; new regulations; long-term human health effects; environmental degradation; damaged investor, insurer, supplier, and customer relations; and loss of public confidence. By contrast, the cost of good operational risk management may be limited to investment in risk management benchmarking and needs assessment; resources allocated to control high-priority risks; and ongoing costs associated with ORM performance monitoring and evaluation.

The Need for an All-Hazards Approach

In many organizations, the approach to dealing with operational risks is stove-piped, with different entities having responsibility for different hazards. For example, environmental health and safety worries about toxicity exposure, legal is concerned with liability, human resources focuses on occupational health, executive management has its eye on business continuity, risk management addresses insurance, and research and development cares about design failure. As a result each group has its own priorities, separate resources are used to address each problem, and there is limited coordination. Yet, while each threat may seem quite different, when one takes a closer look at how these events evolve, there is remarkable similarity; that is, a pattern or “recipe” for disaster emerges. This situation begs for the adoption of a single “all-hazards” ORM approach, a process that is holistic and systematic in nature.

Back to Table of contents

Further reading


  • Abkowitz, Mark D. Operational Risk Management: A Case Study Approach to Effective Planning and Response. Hoboken, NJ: Wiley, 2008.
  • Garrick, B. John. Quantifying and Controlling Catastrophic Risks. San Diego, CA: Elsevier, 2008.


Back to top

Share this page

  • Facebook
  • Twitter
  • LinkedIn
  • Bookmark and Share