21 July 2004

Operational Risk Enterprise Architecture (OREA)

The operational risks facing corporate organizations today are found across a wide spectrum:

  • People
  • Processes
  • Systems
  • External Events

Now take this and multiply by the number of business units or lines of business in your organization. Now multiply this by the industry environments you operate in, the countries you operate in and the number of transactions you do on an annual basis. This will give you an idea of all of the places you have the potential to experience a "Loss Event." These add up over the course of a day, week, month and quarter to erode your earnings, performance and competitive position.

The only way to come close to managing such a dynamically changing foe is to first understand how the architecture of your business is interdependent or dependent on various components that make up it's structure. Only then can you begin to understand why certain loss events happen and what environment or characteristics make it more probable that they will occur.

Recently, a new law in the US called the Identity Theft Penalty Enhancement Act was signed by President Bush. What is interesting about this fact is that it wasn't until Phishing victims lost $1.2 Billion to identity theft related fraud between 2003 and 2004 that the banking industry, the FTC and our legislators understood one of the important facts in accelerating the mitigation of these loss events. Make the penalties for getting caught more severe, if they ever get caught. The law also allows the US Sentencing Commission to potentially increase the penalties for employees who steal sensitive information from their employers. Watch for more on this in the months to come.

The speed of change in the connected economy has finally subjected modern criminal organizations to finally be acknowledged that they are a larger target for law enforcement and our justice system. Only through effective operational risk architecture will our institutions be able to detect, deter and defend against the next wave of threats to our people, processes, systems and critical infrastructures.

No comments:

Post a Comment