Most organizations will have in place some form of Operational Risk Management Framework (ORMF). This framework will typically include tools for the identification, assessment, monitoring and control of operational risks. Often these will be documented in policies and procedure manuals and supported by a formal governance infrastructure, as well as informal elements like the organization’s risk culture. Appendix A summarises the common elements of an effective ORMF.
The presence of an ORMF is a necessary part of effective operational risk management, but it is rarely adequate in isolation. Organizations must ensure that the ORMF is embedded in day-to-day business activities and decisions. The aim is to implement an ORMF that brings benefits to the organisation. Benefits that the users of the framework recognize as valuable, both to the organisation and to themselves in the performance of their duties.
The term embedding is open to interpretation and can mean different things to different people. This guidance will explore what it means from an operational risk management perspective. In addition, the guidance examines the critical success factors involved in achieving an embedded ORMF; how framework components and activities can be integrated and aligned to businesses processes to maximise their net benefit; and how ‘embeddedness’ can be assessed.