How an operational assessment can help an organization identify risk Featured

8:01pm EDT August 31, 2011
How an operational assessment can help an organization identify risk

Challenging times present an opportunity for organizations to perform detailed assessments of their operations.

While recent stock market turmoil has many organizations worried about both short and long-term prospects, the risky environment can present opportunities for those that are ready to capitalize on change.

Performing operational assessments can help organizations identify, mitigate and take advantage of the risks that they face.

“These assessments focus on process design and execution risks,” says James P. Martin, CMA, CIA, CFE, managing director of Cendrowski Corporate Advisors. “When properly performed, operational assessments identify areas where process design and execution risks are not aligned with the organization’s risk tolerance.”

Smart Business spoke with Martin about the benefits of operational assessments and how to conduct them.

How can operational assessments assist organizations?

Organizations must achieve a diverse set of strategic objectives. This is accomplished by translating strategic objectives into often interdependent and disparate operational objectives. Operational objectives include revenue growth, operational efficiency, compliance with laws and regulations, public perception, corporate responsibility and market leadership, as well as customer and employee satisfaction. Attainment of each operational objective requires the assumption of inherent risks.

Operational assessments focus on mitigating inherent process design and execution risks through the use of controls. Controls are employed to reduce the organization’s residual risk, or risk after control implementation, to a tolerable level.

What steps are included in an operational assessment?

Operational assessments examine whether the organization’s processes enable the achievement of strategic objectives. The first step in performing an operational assessment is breaking down process design and execution elements into tasks performed by the organization’s employees. This is often accomplished through employee interviews, as well as through observation in the workplace.

Once tasks have been identified, risks associated with the accomplishment of tasks are enumerated, as well as controls centered on mitigating risks. Risks are quantified by likelihood (what is the chance of this risk occurring?) and impact (what consequences will the organization face if it occurs?).  High-likelihood and/or high-impact risks are prioritized for mitigation in operational assessments, as these risks pose the greatest threat to the organization.

How can organizations decrease high-likelihood and/or high-impact risks?

High-likelihood risks can be decreased through preventive controls, while high-impact risks can be decreased by detective controls. For example, organizational training regarding fire hazards decreases the likelihood that a fire will occur. This is a form of preventive control.

Proper placement of fire detectors throughout the organization’s premises decreases the potential impact should a fire occur. This is a form of detective control.

For risks that remain at a level too high for the organization to tolerate, new controls must be developed to bring residual risks in line with the organization’s risk tolerance, or the organization should consider outsourcing the risk to a third party.  For example, numerous firms employ hedging strategies and insurance contracts to transfer risk to a third party outside of the organization.

Are there any key elements that organizations sometimes miss when they are performing operational assessments?

A key element that is sometimes missed by those performing operational assessments is the assignment of clear roles and responsibilities to team members who will oversee the creation and redesign of process controls. Without accountability, proper incentives are not present, and the operational assessment may struggle to achieve its intended results.

It seems as though risk assessments are an important component of operational assessments. How do these assessments differ?

Risk assessments primarily assist organizations is preserving shareholder value, while operational assessments also help organizations grow shareholder value. More specifically, a risk assessment is really a deep dive into one component of an operational assessment. It involves the identification and analysis of potential risks that may impede an organization from achieving its strategic objectives.

By performing risk assessments across the organization, organizational managers can develop plans to mitigate the risks an organization may face, helping preserve its objective from potential threats and, hence, its shareholder value.

Actively identifying internal risks can also help organizational managers remove the opportunity for fraudulent activity.

What resources exist for organizations looking to perform operational assessments?

Interested parties may download Cendrowski Corporate Advisors’ free Operational Assessment Guide from

It’s an excellent starting point for any organization looking to perform an operational assessment. <<