Operational risk management consulting experts debate how effectively organizations are adjusting risk management practices to govern AI. From MIT Sloan Management Review.
It’s a perfect storm for operational risk and resilience. New technologies are raising new concerns. Regulatory landscapes are evolving. And the ability to absorb shocks is becoming a strategic priority. But as cost pressures mount, the key—and the challenge—is finding a framework for operational risk management that avoids a tradeoff between efficiency and effectiveness.
BCG’s Approach to Operational Risk and Resilience
Our take is simple: best-of-breed resilience risk management is a competitive advantage. It not only lets companies avoid disruption but also helps them streamline processes, improve operational resilience, and spark value—no easy feats. Successful resilience risk management requires the right governance, processes, roles, and culture. In short, it calls for an operating model for operational risk that is prepared to manage tomorrow’s uncertainty and enables the organization to innovate quickly.
To help companies, we have developed a unique operating model that combines deep experience in operational risk with expertise across functional and technical areas—everything from organization design to generative AI. We work with organizations on every aspect of operational risk management, from risk taxonomy to end-to-end risk function transformation. It’s a holistic approach built around four steps.
Embed operational risk management into the business strategy
Operational risk covers a lot of ground. It includes any risk arising from a company’s processes, people, and systems. It’s essential to understand where—and to what degree—perils lurk. We help clients develop a risk taxonomy, a set of relevant risk types, and use it to assess risks by probability and impact. This evaluation lets companies optimize their risk appetite—setting the right level of risk for every type of operational risk—and develop a risk strategy that aligns with their business strategy.
Establish operational risk governance and an organization structure
A key success factor in operational risk and resilience is having clarity on roles and responsibilities across the three lines of defense: managers on the ground, the risk function, and internal and external auditors. We help clients define decision rights and strike the right balance of delegation and control, so operational risk management can be effective without slowing down day-to-day business.
Implement a strong risk management framework
At the heart of an operating model for operational risk are the mechanisms for assessing, mitigating, and monitoring risk. We develop the processes, playbooks, reporting, and testing that help organizations zero in on potential and emerging risks—and take the right action at the right time. We identify where technology, such as
risk analytics and
AI, can boost efficiency and effectiveness. And we create controls to ensure that the risk function runs as it should.
Leverage operational risk management enablers
People,
technology, and
culture are key ingredients—and potentially catalysts—in any risk management model. We help leaders set the tone from the top and establish a culture where operational resilience is a key strategic objective. And we unleash the power of data and AI to drive predictive analytics and fuel visual dashboards, so the right information gets before the right people at the right time—enabling faster, better decisions on operational risk.
Our Clients’ Success in Operational Risk and Resilience
Our operational risk consulting team reshaped the risk organization for a European bank, developing an action plan to boost effectiveness while reducing costs by up to 20%. Key components included a new organization structure with defined responsibilities, governance that optimized interaction between the central risk group and the bank’s subsidiaries, and digital technologies that enhanced and simplified operational risk management.
We helped a fintech startup grow its roster of partners from 14 to 25 and deploy three scorecards to assess customer profiles and risk, in only six months. We developed an end-to-end operational risk system, including structures and governance for its risk management function. BCG’s experts defined guardrails to expedite risk approvals, designed dashboards, and created rules for partnering with other fintechs.
Our Insights on Operational Risk and Operational Resilience
Article
January 17, 2024
Regulation of technology firms is increasing, especially in the AI arena. Tech leaders must build an effective compliance function that supports rather than hinders innovation.
Article
June 28, 2023
Risk has always outpaced risk management, but the scale, complexity, and interconnectedness of risk today mean that businesses need a new approach.
Article
November 6, 2023
A BCG study reveals how top-performing companies effectively addressed the risk management challenges of recent crises and what other companies can learn from them.
Meet Our Operational Risk Consulting Team
Our risk management consulting leaders help clients manage operational risk and bolster operational resilience. Here are some of our experts.
