Poor operational risk management has been the fundamental cause of most significant losses in numerous financial and non-financial companies worldwide. In Kenya, for example, over 15 State-sponsored enterprises (SSEs) in the past two or three decades have collapsed.
Other large businesses, such as the retailer Nakumatt, were closed down after struggling to repay suppliers, landlords, and other creditors. Many of these failures were due to fraud and corruption and the lack of commitment to governance and risk management expertise at the board and senior management levels.
Operational risk refers to the potential losses resulting from a range of operational failures and weaknesses. Functional failure includes accounting errors, inefficient or failed internal processes, operational execution errors, fraud, management, faulty controls, people and systems, or external events. We discuss some of these operational risk issues below.
Haco Industries Company is a well-publicised operational risk fiasco. The CEO and the CFO were found to have inflated revenue and profits to cover up their flagging performance. They were fired for knowingly participating in a pre-invoicing profit manipulation scheme that inflated their earnings to pursue hefty bonuses. Management defrauded the company close to Sh9 billion.
Operational risk issues at Kenya Pipeline Company (KPC) resulted in the firing of the CEO and the entire management team amid investigations into the disappearance of 21 million litres of fuel valued at about Sh 2 billion.
Operational risk issues included execution errors, oil spillage, overpriced technology, inflated prices for constructing the oil pipeline, excessive board expenses, bonuses, and travel perks. KPC was defrauded Sh272 million in the KPC Ngong forest land scandal in 2012.
The current Deputy President William Ruto, Moi’s presidential Aide Joshua Kulei, and a politician Sammy Mwaita were accused of acquiring public land through fraud and subsequently selling it to KPC (a parastatal).
The trio won the case on a technicality when KPC finance manager could not testify for her company. The government took back the land without compensating KPC for the fraud. As a result of the scam, KPC did not recover the money from Ruto, Kulei, and Mwaita.
Kenya Power company (KPLC) is currently tittering toward collapse resulting from a corrupted fraudulent procurement process. For example, slightly over five years ago, the fraudulent purchase of second-hand transformers continues to plunge the country into darkness at the most crucial times.
For over 40 years, the company has embarked on expansionary projects that were on the face of it designed to provide Kenyans with energy solutions, quality, and reliable service for better lives, including sustaining a resilient country’s socio-economic development. In-lieu-of, the projects became conduits of sleaze in the form of carrying out nonexistent feasibility studies for power dams.
For example, senior government officials and business people designed megaprojects to purposely collect bribes, such as the Turkwel. These bribes have dire consequences for the Kenyan economy due to the importance of energy in running industries, companies, and homes.
Legal and regulatory risks are particular cases of operational risk. They arise for various reasons and are closely related to reputation risk. For example, a counterparty might lack the legal or regulatory authority to engage in a risky transaction.
For example, the Capital Markets Authority (CMA) recently opened investigations into Cytonn High Yield Solutions (CHYS) and Cytonn Project Notes (CPN) investments worth Sh13.5 billion.
CHYS and CPN financial products are investments considered outside the CMA’s purview and are sold only to high-risk takers. Investors in these categories of funds are typically cautioned to invest judiciously. The CMA approves only up to 100 investors in these products who should presumably be well-versed with the risks they are undertaking.
Cytonn was marketing the CHYS and CPN funds as private placements to a closed shop of a few sophisticated investors. However, the court agreed with the CMA that Cytonn had raised money from 3,000 investors and therefore had breached regulations that demand funds raised through private placements could only involve fewer than 100 people.
Operational risk also includes the risk of a cyber-attack. New vulnerabilities have emerged in cybersecurity, and many firms outsource cyber risk management to specialists. For example, many Kenyan institutions utilise cloud services providers to innovate new services cost-effectively.
However, this deep, multi-layered, and highly specialised supply chain exposes institutions to unknown cyber risks, threats, and vulnerabilities.
The quarterly sector statistics report released by the Communications Authority of Kenya (CA) covering July-September 2020 indicated that there had been a sharp increase in cyber threats. During the last year, threats increased from 21 million incidences in the first quarter of 2019 to 56 million in the third quarter of 2020.
Operational risk crises can be unexpectedly expensive and potentially catastrophic. For example, share prices can plummet, and institutions disappear into oblivion due to operational risk events. Organisations in every industry can reduce their exposure by understanding the diverse types of operational risks they face and the extent of their potential losses.
Many companies will need to develop a more informed and systematic approach to managing operational risk. In practice, the ability to measure and manage operational risk well is often limited by model complexity and the lack of adequate technology to handle internal and external market data.
As mentioned earlier, the impact of an operational risk crisis often far exceeds the actual direct loss. For example, it can be demonstrated that an organisations’ loss from such emergencies pales beside the eventual loss to shareholders and stakeholders.
Organisations protect their shareholders’ value and stakeholders’ interests by preparing in advance to mitigate a risk environment that is growing more unsafe and costlier.
Boards and senior management need to help guide their companies toward operational resilience and value protection by embedding strategic risk capabilities throughout the organisation.
Given the current uncertain economic environment, paying more attention to operational risk measurement and management in nonfinancial firms is a critical success factor. Only a coherent, transparent, and active operational risk management policy can help prevent more minor issues from becoming major problems.
Courtesy-https://www.businessdailyafrica.com/bd/lifestyle/personal-finance/cutting-operations-risk-in-your-organisation-3754556
