Operational Risk Management provides a holistic perspective for risk evaluation from the business perspective, using the risk management framework will help to have insight into risks and threats to the organization, as well the framework will provide means to assess, manage, and control the different risks across the organization.
The use of an Operational Risk Committee (ORC) should be in place to discuss periodically the threat and compliance landscape that the organization has throughout time. Usually the participants for this committee are conformed by business (i.e. CEO, COO, CIO, CFO), compliance (CRO, Compliance Officers) and Control personnel (Audit, Security and Risk Management).
The use of Business Impact Assessment methodologies will help the organization to identify which processes are critical for the organization and plan accordingly to protect them, ensure proper continuity plans and measure the associated risk using Key Risk Indicators.
Key Risk Indicators can be monitored periodically through a Risk Scorecard, integrating information from Security Monitoring Services, or information consolidated on the Information Services Domain.