Zurich Research Laboratory
MATH & COMPUTER SCIENCE
Business optimization
	Marketing optimization
	Operational risk
	Supply chain optimization
Business process transformation
Systems management
Cryptography
Secure systems
Governance & security management

Contact
	Eleni Pratsini

Operational risk

Project overview

Following many high-profile losses among public companies and the advent of new regulations, operational risk has recently emerged as an important source of risk that businesses must manage and control. Operational risk encompasses a wide range of risks, including IT systems failures, internal and external fraud, regulatory and compliance risks, errors in financial reporting, and "acts of God" such as floods, fires, and hurricanes. Regulations such as Basel II for the financial services sector and Sarbanes-Oxley now require publicly traded companies to report and manage these risks, in some cases even setting aside capital to guard against unexpectedly large operational losses.

In order to measure and manage operational risk effectively, a company must first answer several challenging questions, including

·	How can sources of risk be identified?
·	How do these risks impact business processes, and what effect do they have on business performance?
·	What data must be collected both within and outside the organization, and how can this data be used to measure performance impacts?

These questions are made more difficult by the fact that companies generally have little usable data on past loss events, and that models for operational risk have not yet been standardized.

The Business Optimization group is developing tools and methods to measure and deal with operational risk in a variety of industries. Examples of past projects include

·	measuring the risk associated with IT systems, and optimizing IT configurations with regard to the risk posed to a financial services institution,
·	assessing regulatory risk of compliance for a pharmaceutical company, and
·	identifying key risk indicators for assessing risks associated with IT projects undertaken by a bank.

We have developed several methods to deal with sparse data, including specialized methods of inference using causal networks, homogeneity and scaling analysis for comparing and aggregating risk data from different sources, as well as methods for incorporating expert opinion. These methods have proved to be effective not only for measuring the impacts of risk, but also for identifying key risk drivers and optimal risk mitigation measures.

Additional information


	»	To compliance and beyond

Selected publications and presentations

[1]	Supatgiat, C., Kenyon, C. and Heusler, L. "Cause-to-Effect Operational Risk Quantification and Management" Risk Management, 8(1), 2006.
[2]	Subramanian, D., Supatgiat, C. and Ramachandran, B. "Counter-Measure Portfolio Optimization for Operational Risk Mitigation" IIE Research Conference, May 2006, Orlando, Florida, 2006.
[3]	Labbi, A. "Handbook of Integrated Risk Management for e-Business" J. Ross Publishing, Inc., Boca Raton, 2005.