Operational risk is defined as the risk of loss due to:
- Inadequate or failed internal processes (process disruptions, customer complaints, lack of reliable management information, business continuity issues, mismanagement of business-related costs, inefficient change management, inconsistent or incomplete process documentation, etc.);
- Inappropriate or inefficient human behaviour (inadequate human resource management, loss of key personnel, lack of knowledge and competences, employee misconduct, etc.);
- Inadequate or failed systems (outdated software applications and/or infrastructure in use, lack of audit trails in software, inadequate backup and recovery times, etc.);
- External events (changes in regulation, natural disasters, competition, fraudulent activity, etc.).
Zavarovalnica Triglav has determined a framework to identify and measure operational risks, their reasons and their consequences, assessment methodology and identification of internal controls. To provide a unified standard, an extensive analysis of the internal controls system was performed at Zavarovalnica Triglav in 2011, focused on the regularity and reliability of financial reporting in Zavarovalnica Triglav. On the basis of the analysis results, the Risk Management Department suggested mitigation measures for the identified risks and specified minimum standards for internal controls.
In the scope of operational risks, insurance companies have a large potential exposure to insurance fraud. To manage this exposure, a special department was established and put in charge of the development and implementation of fraud indicators, research of potential fraudulent activity and reporting to the Management Board on the findings and initiated procedures. In the scope of the aforementioned internal control system, activities to prevent fraudulent behaviour will to the extent reasonable be transferred to all members of the Triglav Group in the year to come.
Another important segment of operational risks are compliance risks which are managed in the framework of the compliance function (see also Section 4.1).