Organizations are exposed to a range of risk types. Operational risks are one of these risk types.

Whilst the focus of this paper is the categorization of operational risks, they exist within a wider organizational context. Specifically, there will be times when exposures and events over-lap these risk types or where an event in one type of risk causes risks in another. For example, the emergence of an operational risk could precipitate a strategic risk and the combination could in turn lead to a reputational impact. In view of this, any categorization of operational risks must not seek to segregate or isolate exposures and should be conducted within a holistic framework for categorizing all of the risks to which an organization is exposed (for example, an enterprise risk management framework).