RSK4801

DEPARTMENT OF FINANCE, RISK MANAGEMENT AND BANKING

OPERATIONAL RISK MANAGEMENT

RSK4801

Topic 1: Overview of Operational Risk Management

 UNISA

PO BOX 393, UNISA, 0003

Copyright © UNISA 2011

In terms of the Copyright Act 98 of 1978 no part of this material may be

reproduced be stored in a retrieval system, be transmitted or used in any form or
be published, redistributed or screened by any means (electronic, mechanical,
photocopying, recording or otherwise) without the prior written permission of
UNISA. However, permission to use in these ways any material in this work that
is derived from other sources must be obtained from the original sources.

Printed in South Africa by UNISA

RSK4801/1/2012 - 2015

98363573
TOPIC 1: OVERVIEW OF OPERATIONAL RISK MANAGEMENT

AIM

The aim of this topic is to introduce students to Operational Risk Management and the benefits
that can be derived from effectively implement an operational risk management framework.

LEARNING OUTCOMES

At the end of this topic, the student will be able to:

argue the definition operational risk;

argue the definition enterprise risk management;
analyse and argue the interrelationships between different risk types;
analyse and argue the cause and effect relationship; and
evaluate the operational risk management framework.

TOPIC CONTENT

Study Unit 1: The focus on risk management

Study Unit 2: The business case for operational risk management

OVERVIEW
st
The 1 topic gives a brief introduction and overview of operational risk management. The topic
will form the basis for the rest of the course. It is also important to pay attention to the case
studies included in the study units as it gives a good background on real life experiences and
provides insight in what can go wrong and how companies mismanaged, managed and
prevented incidents.

1
STUDY UNIT 1: THE FOCUS ON RISK MANAGEMENT

ASSESSMENT

1. Analyse the interrelationship between operational and reputational risk in Case Study 1.

Case Study 1: Comair 2004

Comair is a subsidiary of Delta Air Lines. The airline experienced an IT incident on 24 December
2004, when the company’s crew-scheduling system failed.

Federal Aviation Administration safety regulations limit the number of hours any aircrew member
can work in a twenty-four hour period. The scheduling system ensures compliance with the strictly
enforced regulation – to put it simply, without it scheduling system the airline cannot fly. An airline’s
crew-scheduling system is therefore mission critical.

December is always the busiest month for US airlines because of the holidays and airlines were
operating at full capacity. The United States experienced bad weather in December 2004. Airlines
were forced to cancel and reschedule many flights, including 91 percent of all flights between the
22nd and 24th December. Comair was unfortunately not an exception.

Comair’s crew-scheduling system was purchased from an external vendor. No one at the airline
knew that the system was only capable of handling a maximum of only thirty-two thousand
changes per month. The system abruptly stopped functioning at about 10 pm on Christmas Eve
after the airline exceeded the monthly capacity of the system.

The airline’s IT team made a quick assessment and thought that the problem can be resolved by
re-booting the system. They were however unable to restart the system. The logical next step was
to re-install the entire system as quickly as possible. The IT team had the system online late on
Christmas Day. At that stage, the crews and aircraft were widely dispersed and Comair had
problems to assemble them where they were needed. The airline was only able to resume normal
operations on the 29th of December.

As the company struggled to recover from the disaster, nearly two hundred thousand stranded
Comair passengers helplessly roamed airport terminals throughout the US. Airlines were fully
booked for the holiday travel season, and there were few alternatives flights. Throughout the
Christmas holiday, camera crews from local and international television news outlets followed
passengers through those terminals, broadcasting travellers’ and Comair’s distress to the American
public.

2
The US Secretary of Transportation announced an investigation shortly after the incident. A week
later, the company’s CEO resigned. In addition to the damage to the company’s reputation, its
management, and its customers, revenue losses as a direct result of this incident were estimated
at about USD20 million. The loss from this single incident was nearly as high as the firm’s entire
USD25.7 million operating profit for the previous quarter.

The company had planned but delayed the replacement of the scheduling system several times
before it failed. The system has been running for years and the likelihood of a complete systems
failure was regarded as low. Despite the outcome, these decisions could be defended as rational
business decisions. That the system failed at a point in time when its failure was maximally
damaging to the company and its customers was extremely bad luck, but difficult to predict.

But something more was involved than an unfortunate decision to defer an upgrade. Comair lacked
a viable plan for the immediate recovery of this mission-critical business process. Its executives
failed to plan for such a high-impact failure, however unlikely it seemed. When the software went
down, there was no backup system that could be put into immediate service. The 3rd party vendor
was also not available on call or ready to step in. The airline also did not have a manual backup
plan in the event that the system might not be available.

It was not just the computer system that failed but also that senior management at Comair did not
understand, nor managed the business consequences of IT risk.

2. Read the following case study and complete the cause, event and chain analysis.

Case Study 2: Eskom

Introduction
South Africa experienced major electricity supply interruptions between October 2007 and
February 2008 due to the inability of Eskom, South Africa’s electricity supplier, to meet
electricity demands.

As electricity cannot be stored, a reserve margin is set to act as a buffer against any
unforeseen events. A reserve margin can be described as cushion of spare capacity that can
be used when planned maintenance is necessary and when the system is impacted by
unexpected technical faults that demand unplanned maintenance, such as poor coal quality,

3
sudden peaks in demand, or extreme weather conditions.
Short term management of a shortage
The reserve margin is measured as a percentage of the maximum generating capacity. In the
event of a decline in the reserve margin, the only option available is to reduce the load
through load shedding and reduced demand by customers. The National Energy Regulator of
South Africa (NERSA) recommended a reserve margin of 19%. Planned maintenance is
mostly scheduled in the summer months, as electricity demand is traditionally lower in
summer than in winter.
Eskom implements load shedding in conjunction with the redistributors (municipalities) when
the demand for power on the national grid exceeds the available generation capacity. Failure
to balance the supply and demand would result in the possibility of power interruptions
across the national grid. To avoid the interruptions, Eskom monitors the demand for power
and shuts down sections of the grid to reduce the load and ensure network stability.

Reasons for the shortage

Government planned to open the market to independent power producers into the market
however, Eskom’s low prices dissuaded independent power producers from investing in the
power-generation sector. Both the private sector and government resisted Eskom to build
new capacity between 1996 – 2004. although they were warned that a decision was required
by 2000 as the national grid will be under severe strain as the economy expands.
Eskom received approval to start building a new plant in October 2004. The long lead time
required to build new stations meant that there was insufficient time to create capacity to
ensure adequate generation capacity in the short term.

As a result the reserve margin has decreased to about 8%, well below the accepted norm of
15%. When generator units are taken out of service for planned maintenance, the lower
reserve margin means that the remaining generator units need to run harder to meet the
demand for electricity. This makes the units more vulnerable to faults caused by accelerated
wear and tear, which lead to an increase in technical faults during this period.

The situation was worsened by a reduction in the quality of the coal received, which
necessitated the burning of increased volumes of coal for the same output of electricity. The

4
 unusually heavy rains during January and February 2008 caused production delays at the
collieries. Wet coal turns into sludge which creates problems to process coal at the collieries
and to pulverise it at the power stations. As a result of these problems, a number of power
stations were unable to operate at full production.
The problem was exacerbated by low coal reserves at the power stations. The stockpiles of
five power stations were below desired level. Eskom announced in January 2008 that it has
problems with coal supply at some of the power stations and has appointed a team to build
the stockpiles to a more acceptable level of 20 days. Coal stockpiles were improved from an
average of less than 10 days’ supply of coal to an average of 13 days supply as by March
2008.

REFERENCE

Blunden, T. Thirlwell, J. 2010. Mastering Operational Risk. Harlow: Pearson Education Ltd.

Deloitte. Navigating in a changed world. 2011. Global risk management survey, seventh edition.
http://www.deloitte.com/view/en_GX/global/industries/financial-
services/6d8c180133f0e210VgnVCM3000001c56f00aRCRD.htm. (Accessed 2011/05/10).

Eskom Holdings Ltd. Annual Report 2008. www.eskom.co.za/annreport08. (Accessed 2011/05/11).

Eskom Holdings Ltd. Annual Report 2009. www.eskom.co.za/annreport09. (Accessed 2011/05/10).

Moosa,I.A. 2007. Operational Risk Management. Hampshire: Palgrave Macmillan.

Westerman,G. Hunter, R. 2007. IT Risk: Turning Business Threats into Competitive Advantage.
Boston Harvard Business School Publishing. (Accessed 10 May 2011).

Stockpiles at Eskom Power Stations in Perspective. Eskom Media Release 8 March 2008.
(Accessed 2011/05/10).

Young, J. 2006. Operational Risk Management: The practical application of a qualitative approach.
Pretoria: Van Schaik Publishers.

Overby, S.2005. Comair’s disaster: Bound to fail. CIO. May 01 2005.

http://www.cio.com/article/print/112103 (Accessed 2011/05/15).

5
Westerman, G. Hunter, R. 2008. IT risk and consequence. Mainframe Zone. Com. 31 July 2008.
http://www.mainframezone.com/it-management/it-risk-and-consequences/print (Accessed
2011/05/25).

Vance, A. 2004. Official orders probe of airlines that stole Christmas. 2004. The Register, 27
December 2004. http://www.theregister.co.uk/2004/12/27/us_investigates_airglitch/print.html.
(Accessed 2011/05/30).

6
STUDY UNIT 2: THE BUSINESS CASE FOR OPERATIONAL RISK MANAGEMENT

ASSESSMENT

1. Discuss the benefits of an operational risk management framework.

2. Evaluate the contribution an operational risk management framework and process can
make to optimise business processes.