There are several approaches to achieve this result.
* Approach the process: it is made from the process mapping an inventory of the various operational risks associated with tasks that make up these processes. For this, an analysis is required on the inputs, the transformation process and outputs delivered to the end of each process.
* Approach the interview operational: this process allows questionnaires from pre-established list the operational risks identified by the business as those who actually or potentially affect their operations.
Whatever the approach used to identify risks, it should be complemented by a comparison with a benchmark sector wise operational risk.
The result of this work should be formalized in a holder who submits a mapping type of process risks.
The risk assessment
From the operational risks established, it should conduct an assessment of risks. For this, a definition of criteria for risk assessment should be performed to objectify the evaluation process.
Observation of practices established in this field identifies the following criteria:
* Severity: is the maximum impact of the exposure or potential exposure to risk situations. This is the concept of gross exposure.
* Detection / Management: This is the company's ability to identify and respond to risk events. This is the concept of risk management device.
* Occurrence: This is the probability of occurrence of risk situations. This is the concept of frequency of events. To determine this probability should identify incidents occurring over the period and form the basis of historical intervene in the decision process.
In summary, the assessment of operational risk should be against these criteria, completed the evaluation of residual risk for the net risk.
This evaluation process of operational risk should be integrated as a milestone and indispensable in the process of establishment of the life cycle of projects and products.