Always take into account the Operational Risk

The workflow of an organization depends on the management pace of several factors: receptive market, credit disponibility, legal framework and operating procedures in check. Is about the latter that we will focus for a moment, taking as a starting point the fact that protected data is one of the resources that allow the a satisfactory operations in the organization.

Operational Risk is related to the possibility of losses or impacts caused by information systems, inadequate or insufficient controls, management failures or human error. We could say that Operational Risk is divided by three: Organizational Risk, Operational Risk and Personal Risk.

Organizational Risk

Organizational Risk happens when the organization is inefficient or due to inconsistent management and its long term goals are not well defined. Some Governance actions are related to this and some segments have legislation that try to avoid problems such as this. Nevertheless, apart from whether a legislation exists or not, the organization must analyse these aspects constantly. One of the difficulties is the search for short term profits, pushing aside profit continuity and even from the organization itself. The present crisis is rich in examples with such characteristics.

GRC Information Security - Governance, Risk Manager and Compliance Management

Always take into account the Operational Risk – Part 1