Today, many businesses must deal with complex operational models which present many varied types of operational risks. In addition to the normal business risks, increasing privacy related regulations and ethics rules must be complied with by businesses. Regardless of the source of operational risk, responsibility for failing to deal with operational risk is often placed on the board of directors or other executives of an institution or organization. There is an increasing need for comprehensive governance process to assure operational risk is managed appropriately across an entire business organization. For very large and geographically diverse organizations, these requirements can create significant challenges and cause significant resource expenditure.
Historically, efforts to accomplish operational risk assessment, management, and control have centered around separate systems, often based largely on individual, subjective judgements of management personnel and others responsible for risk management in an organization. Sometimes these efforts lack currency and are not adequately monitored and tracked over time. Therefore, there is a need for an integrated process and system for efficiently assessing risk and monitoring mitigation activities.