Operational risk management is the area of risk management that is concerned with back-office and regulatory functions. For public companies, operational risk management has become in large part focused on what is called governance, risk management and compliance (GRC). Many different service providers and operational risk management software applications have emerged to help companies in the GRC area. The three main types of GRC services and operational risk management software programs are integrated and enterprisewide governance, risk, and compliance solutions; domain specific tools; and specifically tailored solutions.
The first type of solution, or the integrated operational risk management software tool, is designed to combine operational risk management with government regulatory management and compliance control. The second type provides a more transparent solution to the operational risk management and GRC problem. It allows the tool to be accessed more easily by both internal audit teams and external audit teams. The third type of software is specifically tailored to cover one of the three functions of GRC and only that function, whether it's governance, risk management, or compliance.
Whichever type of operational risk management software is needed, there are some general rules to follow to determine if that GRC solution is the right one. For example, top GRC solutions can offer full-time and real-time information monitoring capabilities that also allow that information to be analyzed immediately after it's been captured. Another key facet is the ability to help identify risk, assess risk, and address risks. The operational risk management software could also be able to work through the so-called cloud. This allows the software and data to be housed on outside servers, which make up the cloud, and allows users to interface with the program through the Internet.
There are three other key aspects of operational risk management software to look for. These include the capacity to produce status reports on compliance for all of the departments in the company, no matter where those departments are around the world. The second feature is that the risk management tool should provide clear and easy to follow documentation so that the whole GRC and operational risk management process can be audited. Third, an operational risk management software tool should create alerts so that key personnel can be notified when violations do occur. Depending on which jurisdictions a company operates in, it may need a tool with other capabilities to match specific local regulations and compliance mandates.
