Gartner Research

Operational Risk Management, Metrics and Methodology

Published: 02 September 2004

ID: G00128461

Analyst(s): Michael Smith, Vincent Oliva, Michael Gomez, Douglas McKibben, Thomas Wagner, Lane Leskela


Operational risk-the exposure to uncertainty arising from daily tactical business activities across the enterprise-isn't a new risk category, but it's been an ill-defined. Unlike market and credit risks, which are speculative and offer upside as well as downside potential, operational risk is pure risk and the only possible outcome is loss. The management of operational risk is critical to address heightened security and compliance threats from both internal and external sources. GartnerG2 offers essential metrics, risk models and best practices as well as the steps you can take to develop your own enterprise risk management process.

Table Of Contents
  • Introduction
    • Defining operation risk
    • Develop a definition for your organization
  • Types of Operational Risks
    • The cost of operational risk
  • Business Issues Heighten the Priority of Operational Risk Management
    • An enterprisewide approach
    • Managing enterprise risk management
  • Regulatory Compliance Drives Enterprise Risk Management
    • The European regulatory environment
    • The U.S. regulatory environment
    • New focus on internal control
    • Automating the risk management process
  • How to Measure Operational Risk
    • Step 1. Identify key performance indicators
    • Step 2: Determine the acceptable range for poor performance
    • Step 3: Identify relevant risk events
    • Step 4: Determine the likelihood of risk events that will result in poor performance
    • Step 5: Calculate financial exposure to operational risk
  • The Methodology for Effective Risk Management
  • Enterprise Management System as a Risk Mitigation Process
  • Bringing It All Together
    • Effective communications is key to risk management
    • The human factor
    • The enterprise risk management committee
    • Communication activities
    • Communicating data
  • Adopt a Technology Framework to Manage Operational Risk
    • The Gartner risk management technology framework
    • Activities included in our risk management technology framework and representative vendors
    • Use caution when integrating risk management
    • Risk management market dynamics
  • Footnotes

©2021 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.

Already have a Gartner Account?

Become a client

Learn how to access this content as a Gartner client.