Êtes-vous un étudiant de l'EPFL à la recherche d'un projet de semestre?
Travaillez avec nous sur des projets en science des données et en visualisation, et déployez votre projet sous forme d'application sur Graph Search.
Operational risk management
Operational risk management (ORM) is defined as a continual recurring process that includes risk assessment, risk decision making, and the implementation of risk controls, resulting in the acceptance, mitigation, or avoidance of risk. ORM is the oversight of operational risk, including the risk of loss resulting from inadequate or failed internal processes and systems; human factors; or external events. Unlike other type of risks (market risk, credit risk, etc.) operational risk had rarely been considered strategically significant by senior management. The U.S. Department of Defense summarizes the principles of ORM as follows: Accept risk when benefits outweigh the cost. Accept no unnecessary risk. Anticipate and manage risk by planning. Make risk decisions in the right time at the right level. In Depth In depth risk management is used before a project is implemented, when there is plenty of time to plan and prepare. Examples of in depth methods include training, drafting instructions and requirements, and acquiring personal protective equipment. Deliberate Deliberate risk management is used at routine periods through the implementation of a project or process. Examples include quality assurance, on-the-job training, safety briefs, performance reviews, and safety checks. Time Critical Time critical risk management is used during operational exercises or execution of tasks. It is defined as the effective use of all available resources by individuals, crews, and teams to safely and effectively accomplish the mission or task using risk management concepts when time and resources are limited. Examples of tools used includes execution check-lists and change management. This requires a high degree of situational awareness. The International Organization for Standardization defines the risk management process in a four-step model: Establish context Risk assessment Risk identification Risk analysis Risk evaluation Risk treatment Monitor and review This process is cyclic as any changes to the situation (such as operating environment or needs of the unit) requires re-evaluation per step one.