In the framework of Triglav's operations, operational risk is defined as the risk of loss due to:
- inadequate or inefficient internal procedures (disruption of work procedures, client complaints, lack of reliable information for the management, disruptions to business continuity, improper cost management, poor change management, inconsistent or incomplete process documentation, etc.);
- unsuitable or inefficient staff behaviour (inadequate human resource management, key staff turnover, lack of know-how and skills, inappropriate staff behaviour, etc.);
- inadequate and inefficient functioning of systems (obsolete software and/or infrastructure, lack of documented audit trails in software, inadequate control of system operability, etc.); or
- external events (changes in legislation, natural disasters, competition, fraud, etc.).
For identifying and measuring operational risks, Zavarovalnica Triglav drew up a framework which defines their type, underlying reasons, consequences, assessment methods and internal control identification. In 2011, Triglav carried out an extensive analysis of the internal control system, focusing on the accuracy and reliability of financial reporting in all departments. The analysis results are used as a basis for further upgrades of the internal control environment in Zavarovalnica Triglav and monitoring of operations in the Triglav Group subsidiaries.
In general, insurance companies have a large potential exposure to insurance fraud. To manage this type of operational risk, Triglav established a special department responsible for the development and implementation of fraud indicators, research of potential fraudulent activity, and reporting to the Management Board on the findings and initiated procedures. In the coming years, also these activities will to the extent reasonable be transferred to other Group members.
Another important segment of operational risks are compliance risks which are managed in the framework of the compliance function.