FBS turns 16

Unlock birthday rewards: from gadgets and dreams cars to VIP trips.Learn more
Open account
Open accountLog In
Open account

July 08, 2025

Risk management

What is Operational Risk?

What is Operational Risk?

It goes without saying that you want to know about a company you invest in. This means being acquainted with things like its business model, revenue, growth, valuation, dividend rate, and how much of the market it dominates within an industry. You also want to be aware of the risks and obstacles the business may encounter along the way. It’s important to know about these and the measures a company takes to manage and prepare for them, because their impact can affect the stock price and therefore your investment. In this article, we will focus on operational risk.

Operational risk is the risk that a company will incur losses due to failures in the way that it runs its daily operations, such as through human error or system crashes. Since this is an internal type of business risk, it is unique to every company and therefore unsystematic.

Responsible companies work to manage operational risk by identifying things that can go wrong, assessing how dangerous a risk is, and developing strategies to prepare for and minimize their exposure to it. Every company has its own level of risk appetite and tolerance.

What are the causes of operational risk?

Operational risk falls under four main categories. A company will be exposed to them in some proportion, depending on the type of business.

People risk

This category of operational risk basically includes any type of people-related problem. Examples of this are poor management, bad training, conflicts in the workplace, understaffing, accidents due to negligence, or employee fraud. Companies therefore have to hire qualified workers they can trust to help run their business. To mitigate this kind of risk, some companies will replace employees with automation or machines wherever possible.

Systems risk

As technology advances, companies increasingly adopt new software that makes it easier and more affordable to run their daily operations, because it automates things and replaces workers they would otherwise have to pay. Systems and software aren’t perfect either, and while they help companies increase efficiency and output, they come with their own set of problems. Systems risk is therefore any type of risk related to the technologies that companies will adopt. Computer systems can experience bugs or crashes, bringing an entire business to a halt. Cyberattacks can also cripple a company, forcing it to pay a ransom, or result in the theft of intellectual property or customer data. Companies have to make sure that systems are always safe, up to date, and running smoothly, because sometimes all it takes is a tiny bug to cause a massive problem.

Processes risk

If you think of a company like a well-oiled machine, all of its parts work and interact with each other in specific and unique ways. Sometimes, one piece will have a leak, and not enough fuel will be pumped into the engine.

Every company has its own way of functioning. Process risk is related to problems that arise in a company’s internal processes. This can be anything from mistakes and delays in processing paperwork or transactions to failure to prevent fraud. Companies have to enforce internal controls and rely on feedback to improve the efficiency of their processes.

External risk

External risks are outside of a company’s control. A supplier can go out of business, a hurricane can disrupt supply chains, and changes in regulation and politics can disrupt operations.

One example most companies can relate to is the COVID-19 pandemic. While a company can’t prevent these risks, it can be aware of them and prepare for them. This helps it limit the damage in the event that something does happen.

What are the types of operational risk?

Now that we have covered the four causes, let’s have a look at seven different types of operational risk that they can be broken down into.

Internal fraud. Employees intentionally and secretly misappropriate company resources. It is up to management to establish proper checks.

External fraud. An external party attempts to steal company resources or property. This can be hackers stealing money or competition stealing intellectual property.

Technology failures. A company’s software and computer systems fail.

Process management. Those in charge fail to develop the proper response to a problem or fail to implement their strategy.

Workplace safety. A company violates safety regulations or fails to protect its employees from physical or mental harm.

Damage. External factors like weather or natural disasters impact company supplies or production, or the ability of employees to do their job. A fire or flash flood can disrupt a supply chain. A snowstorm could prevent people from reaching their workplace. American food chain Waffle House is an example of a company that has great disaster preparation, as it is known for staying open all day, every day of the year, except in extremely bad conditions. There is even a metric called the Waffle House Index used to measure how bad a storm is.

Clients. A company harms its clients by providing false information, faulty products, not abiding by the law, or failing to meet requirements.

Other types of risks

Let’s go over how operational risk compares to financial, market, and strategic risk.

Market risk refers to the risk of losses associated with changes in market prices, like stocks, interest rates, and currency rates. Stock prices can be directly related to market sentiment. Investors will feel a certain way about a company and its stock and options prices: is it overvalued or at a discount? Is sentiment bullish or bearish? Market risk is also related to changes in interest rates, as these will have an effect on how much it costs for companies to borrow money. Changes in currency rates, the price of raw materials, and other economic factors also come into play here.

Credit risk refers to the risk of financial loss a company will face when it no longer has enough money to pay off its loans and debt. While this could be related to poor management and bad sales, financial risk is different from operational risk because it has to do with a company’s financial health rather than how it runs its operations on a daily basis.

Strategic risk relates to a company’s strategy and objectives in the long term. It comes from a company’s failure to adapt to new regulations, for example, or investing too much in a sector that doesn’t end up growing. It is linked to operational risk in the sense that operational risk is the risk of failure encountered while trying to implement this strategy. The operational human or systems errors have a more immediate impact.

Managing operational risk

Who manages operational risk?

Responsibility for managing operational risk usually comes down to senior management. They have to be aware of what can go wrong and ask themselves the right questions to identify different risks that arise in the daily operations of their business. Once they identify the risks they want to prioritize and focus on, they establish strategies to mitigate and control them and oversee lower levels of management to make sure they are implementing them.

How do they deal with it?

A company’s management team can then take different actions. If they decide that they’re ok with the risk and don’t feel too threatened by it, they can simply accept it and not do anything, while continuing to monitor it. They can also decide to keep doing the risky activity but get insurance from another company, essentially transferring the risk over to that third party. If the risk is too important to ignore, they can develop strategies to minimize it or simply cease all activity related to it.

Risk level

Risks can be more or less likely and severe. A company will measure them to determine how likely they are to happen and how negatively they may impact its operations. It will also decide whether it’s actually worth addressing the risk to prevent it, or if it would just cost more than the potential outcome. Usually, a company’s management will measure risk on five different levels, depending on the likelihood that it will happen. A risk can be highly unlikely (meaning such an event is a rare, exceptional case), highly likely (meaning this type of event occurs very often, or in most cases), and anywhere in between. Keep in mind that every company has its own risk appetite and way of measuring risk level.

Operational risk examples

Operational risk can be anything related to a company’s inner workings and range from money laundering to being vulnerable to cyberattacks. Below are two specific examples of companies that have been impacted by operational risk.

  • The first took place in 1997. A fire broke out at the Aisin factory in Japan, which was Toyota’s only supplier of brake fluid proportioning valves, an essential component of their cars. Toyota had to stop production for several days because the Aisin factory couldn’t deliver the pieces anymore. Being dependent on a single supplier made Toyota vulnerable, and its management learned that they had to diversify their supply chain and be more prepared for future crises to avoid this happening again.

  • A second example happened in 2024, when cybersecurity company CrowdStrike made a faulty software update, causing 8.5 million Microsoft Windows computers around the world to crash. The event of global proportions disrupted nearly every area of society, from airports to hospitals, banks, media, and much more, leading to $10 billion of damage. CrowdStrike’s stock plummeted and took months to recover, and its reputation was damaged. All these companies relying on a single technology to run their businesses meant they were vulnerable and overexposed if something were to happen to it. It also meant that CrowdStrike had to do more testing and be better prepared to deal with this kind of scenario.

Operational risk examples

Summary

Operational risk is ever-present and continuously evolving as a company works to execute its strategy. Risk can never be totally eliminated. Businesses therefore have to develop strategies to mitigate it and decide how much risk it is comfortable with. As an investor, it’s important to know about what can go wrong in the daily operations of a company you invest in, and how it is prepared to deal with it. A company with good operational risk management will be better positioned to prevent losses from unexpected events and develop strong internal processes and resilience, which is good news for your investment.

Share with friends:

Open an FBS account

By registering, you accept FBS Customer Agreement conditions and FBS Privacy Policy and assume all risks inherent with trading operations on the world financial markets.

FBS at social media

iconhover iconiconhover iconiconhover iconiconhover icon

Contact us

iconhover iconiconhover iconiconhover iconiconhover icon
store iconstore icon
Get on the
Google Play

Trading

Trading conditions

Deposits & withdrawals

FBS app

MetaTrader 5

MetaTrader 4

Open a Forex account

Market

Forex

Metals

Indices

Energies

Stocks

Forex Exotic

Tools

Economic calendar

Trading calculators

VPS

Analytics

Market Analytics

VIP Analytics

Top trades of the hour

Education

FBS Academy

Trader’s blog

Glossary

Company

About FBS

Our social impact

Legal documents

Company news

FC Leicester City

Help Center

Partnership programs

IB Program

CPA Program

The website is operated by FBS Markets Inc.; Registration No. 000001317; FBS Markets Inc. is registered by the Financial Services Commission under the Securities Industry Act 2021, license number 000102/31. Office Address: 9725, Fabers Road Extension, Unit 1, Belize City, Belize.

FBS Markets Inc. does not offer financial services to residents of certain jurisdictions, including, but not limited to: the USA, the EU, the UK, Israel, the Islamic Republic of Iran, Myanmar.

Payment transactions are managed by HDC Technologies Ltd.; Registration No. HE 370778; Legal address: Arch. Makariou III & Vyronos, P. Lordos Center, Block B, Office 203, Limassol, Cyprus. Additional address: Office 267, Irene Court, Corner Rigenas and 28th October street, Agia Triada, 3035, Limassol, Cyprus.

Contact number: +357 22 010970; additional number: +501 611 0594.

For cooperation, please contact us via [email protected].

Risk Warning: Before you start trading, you should completely understand the risks involved with the currency market and trading on margin, and you should be aware of your level of experience.

Any copying, reproduction, republication, as well as on the Internet resources of any materials from this website is possible only upon written permission.

The information on this website does not constitute investment advice, a recommendation, or a solicitation to engage in any investment activity.