Operational Risk Management in Corporate and Banking Sector of Pakistan

This paper is to examine the current status of operational risk management in Pakistan concerning corporate and banking sector and explore the reasons for the adoption or lack of adoption of integrated approach to operational risk management. It identifies the imperatives for implementation of comprehensive risk management solutions leading to enterprise risk management (ERM). The mode of research is qualitative. The paper shows that effective risk management can enhance organizational performance but appropriate infrastructure is not available in companies. This paper highlights the fact that knowledge of risk management in corporate sectors of Pakistan is insufficient and sample companies hesitate to respond thinking that it may reflect inefficiencies and in banking sectors the concept of operational risk management can be seen up to some extent.


Benefits of Operational risk management:
The benefits which can be got from operational risk management are: 1. Reduction of operational loss. 2. Lower compliance/auditing costs. 3. Early detection of unlawful activities. 4. Reduced exposure to future risks. Risk management involves four stages: risk identification, measurement, monitoring, and management. Operational risk and control assessments are often the first process that a firm uses to carry out operational risk management. Frequently the assessment is carried out without an operational risk management framework in place and without much thought being given to high-quality corporate governance around the multiple interlocking processes of operational risk management Operational risk management provides us with a set of tools that will allow us to attain even greater and more consistent results by using a systematic method to approach issues rather than relying on experience. Risks have to be assessed against benefit, the purpose of ORM is to lessen risk and thus improve the ratio of benefit to cost. Whenever any risk arises first it recognizes, then it is prioritized according to the importance then it is managed, as it is shown in following diagram.
Risk management must be integrated part of planning and executing any operation, routinely applied by management, not a way of reacting when some unforeseen problem occurs. Managers are responsible for the routine use of risk management at every level of activity, preliminary with the planning of that activity and continuing through its completion. Key points operational risk management includes: ORM is systematic not merely intuitive ORM focuses on excellence, not standard ORM addresses all dimensions of organizational risk, not just safety risk ORM doesn't aim solely at reducing risk but instead at optimizing it ORM enables a safety role in emergency situations ORM transforms safety from a "cost" to an "investment" ORM is "upstream" management instead of "downstream" ORM emphasizes getting it right the first time ORM is empirical and data-based ORM occurs from within the process, not from outside 1.3 Enterprise risk management (ERM) ERM in business includes the methods and processes used by organizations to manage risks and grab opportunities related to the accomplishment of their objectives. ERM provides a framework for risk management, which usually involves identifying particular events or circumstances significant to the organization's objectives (risks and opportunities).

Management
Information and Knowledge Management www.iiste.org ISSN 2224-5758 (Paper) ISSN 2224-896X (Online) Vol.4, No.5, 2014 This is an area which has not been explored so far by any researcher especially nobody worked out on operational risk management in Pakistan. P.K Gupta carried out his research in Indian companies which was qualitative research and he conducted through structured questionnaires based on both closed ended and open ended questions and also conducted interviews from 130 companies. It is very recent article and published in 2011. Now in this paper I worked out to examine the field of operational risk management in context to Pakistan. I carried out my research in different Pakistani companies like Platinum Pharmaceutical Company, Mukhtar oil and Soap Company, Indigo textile, State life Insurance and on banking sector which includes National Bank of Pakistan (NBP), HBL (Habib Bank Limited), Allied Bank, MCB Bank, JS Bank, Bank ALHABIB Limited, Meezan Bank. Design/methodology which will be used to test is qualitative research by developing questionnaire.

PURPOSE/AIM OF RESEARCH:
The motive of my research is to find the ratio of awareness about the risk management in the context of Pakistan.

Hypothesis:
My hypothesis is that risk management function is not yet fully developed in Pakistani companies.

REVIEW OF LITERATURE:
Operational risk is for many organizations the most common form of risk, and is often regarded as the most important function or task to be performed. Managing risks is of course not new. Typically, risks have been managed by insight and experience. Operational risk is clearly very common since it's "the risk of loss resulting from either inadequate or failed internal processes, systems or people or from external events" (Basel Committee on Banking Supervision, 2003). A similar discussion has been made by (Chenhall 2003), who differentiates between what he calls "uncertainty" or "unpredictability" and risk. Risk is concerned with all those situations in which relevant databases can be built and thus probabilities attached to specific events occurring. Such risks can be capital credit and physical security lie into this category. This leads the way to advanced statistical techniques and model building and gives clear indications for parameter estimation. This means that risks should be managed by a department of statisticians and risk specialists reporting to upper level management. The problems involved in defining or elaborating what data are relevant to operational risk and its management are very complex because there can be no standard procedure. (e.g. Power, 2003). Barki et al. (2001) have noted that the risk management profile of a project needs to differ according to the level of risk posed by the project itself with more risky projects needing more broad and extensive risk resolution. Risk management begins by sitting down and identifying possible risks. Risk Management encompasses cost-benefit analyses that will help out policy-makers delegate scarce resources (Wolf, 1998). Every enterprise is subject to numerous types of risks and the concentration varies across organizations. Risk has been identified, classified and interpreted from various perspectives. Gupta (2004a, b) says "Risk reflects to the possibility of deviation from the standard path. These deviations reduce or minimize the value and imply unhappy situations". Classification of risk as finance, market and operational is a widely accepted concept and methodology (Lam, 2001;BCBS, 2003). Risk is not uniform across different enterprises, but the absolute need to manage risk applies to all type of entities. Operational Risk Management is all about maintaining growth in our business in a highly competitive environment at optimal operating costs. The move toward the portfolio approach has led to the development of enterprise risk management (ERM) as a top management concern in several companies. To manage our risk and protect our business, we need to know exactly: • How the business is now functioning?
• What the key risks and issues are?
• How you are going to manage them? .Recognition of risk management as a separate managerial function entails number of advantages. Inclusion of risk management as a strategy in the general management function helps to enhance or promote the value (Suranarayana, 2003). According to Jorion (2001), the success of organization depends upon the risk management and manufacturing firms are still in primitive or initial stage to understand properly the firm's sensitiveness to numerous types of risk. KPMG (2001) traces the change of risk management approach from an individualistic narrow silo type (structure for storing bulk material) to portfolio type and the risk management is initiated to be perceived as a new means of strategic business management, linking business strategy to day-to-day risks. Tonello (2009) study on risk management in financial institutions shows that the role of chief risk officers (CROs) had extended dramatically, with more than half of them recurrently involved in firm-level strategic decisions. This indicates that though the idea is catching in developed countries, yet it is a long way in India. As Information and Knowledge Management www.iiste.org ISSN 2224-5758 (Paper) ISSN 2224-896X (Online) Vol.4, No.5, 2014 a matter of recent development, amendments to the clause 49 of the listing agreement between companies and stock exchanges in India makes it mandatory for companies to institute internal controls and report on the deficiencies. The board of companies is now necessary to review the company's risk management framework. According to some risk consultants, most of the companies do not have articulated risk management policies, and, even those that do infrequently have it linked to their business plans (www.expresscomputers online.com). Shimell (2002) study the risk management practices to indicate that risk management focuses and concentrate to now shifting to a strategic one and risk involvement must be universal and thorough in the enterprise. Doherty (2000) argues that risk management suffers from the problem and hurdles of duality in the sense that either the enterprise can remove the risk or its effect (accommodate). Risks should include a various range of approaches to accommodate the variations in industry risk measurement and management practices. Risk optimization is important to value creation (Murphy and Davies, 2006) and EWRM enhances organization's capabilities to counter risk and seize opportunities (Miccolis, 2001). Berinato (2006) argues that risk management is critical because balancing risk is becoming the only effective way to manage a corporation in a complex world. Researchers have shown that firms feel an aggregate measure should include all risks facing the enterprise, but acknowledging the fact that some risks like operational risk are complicated to quantify in a consistent way. Training is the best opportunity for developing, implementing, and managing the operational risk management process (Loflin and Kipp, October, 1997). A well-run and efficient Risk Management Program incorporates key functions of the organization; the components must handle every division within the department. In fact, one of the ingredients of successful risk management is the effective linking of all loss avoidance activities into a single, unified program (Wilder, 1997). Huchzermeier and Cohen (1996) analyze operational flexibility, which they define as the capability to switch among different global manufacturing strategy options. We observed that risk management is quickly gaining the attention of the market participants and slowly the regulation is also moving in the specific direction. EWRM framework is geared to availing an entity's objectives and goals, set onward in four categories: 1. Strategic. High-level goals, aligned with and supporting its mission.

2.
Operations. Effective and efficient use of its resources. 3. Reporting. Reliability of reporting. 4. Compliance. Compliance with applicable laws and regulations Risk became a dominant preoccupation within Western society towards the end of the 20th century, to the point where w are now said to live in a 'risk society' (Beck, 1992), with an emphasis on uncertainty, individualization and culpability There has been a concurrent growing distrust of professionals in social work and an increased reliance by the profession on complex systems of assessment, monitoring and quality control (Stalker, 2003). The risk management in organizations has undergone a paradigm shift. It has moved from being "hazard type" to "strategic type". Risks are now not perceived as threats (adverse financial effects) but as potential opportunities. The focus of risk management has changed from all risks to critical risks (KPMG LLC, 2001). The risk management process is a tool that can keep the crisis services business a step ahead. It is not a cure-all, but it can identify problems or risks that can influence the organization.

DATA AND METHODOLOGY:
Our hypothesis is that risk management function is not yet fully developed in Pakistan regarding corporate sector and banking sector. The method proposed for research is qualitative research to collect the data because it enables to explore the issues, understanding phenomena, and answering questions. My sample is consisting on both large and medium sized companies in the manufacturing and service base and on different banks either comes under private sector or government sector. For conducting qualitative research, structured questionnaire is prepared which include closed ended questions framed on a Likert type scale. It consists on five major building blocks which are: a) Risk awareness b) Risk communication c) Risk responsibility d) Risk measurement and analysis e) Risk implementation and integration The above factors will assist to analyze the company's specific risk profile and the current utilization and future outlook of various risk recognizing techniques. The respondent for my research are executives, supervisors and any employee of the firm from the staff who are directly related to managing and minimizing all the risks faced by organization.

Data collection method
Qualitative method is used to collect the data in empirical research. This method generally assists the researchers to understand in-depth and detailed description of phenomenon of being studied. It also provides a wealth of Information and Knowledge Management www.iiste.org ISSN 2224-5758 (Paper) ISSN 2224-896X (Online) Vol.4, No.5, 2014 detailed information and tends to be generalized and useful tool for testing the hypothesis.

questionnaire development
The development of suitable and reliable questionnaire is one of the major tasks of the research which needs a prominent consideration to be designed with a use of appropriate words.

EMPIRICAL FINDINGS
As we have already mentioned that we conducted our research on banking sector and Corporate sector .The results which we found regarding operational risk management in both sectors are relatively different. The findings are tabulated separately.
• Findings from banking sector • Findings from corporate sectors

Finding from Banking Sector
The tabulated result shows that in banking sector a proper system of operational risk management exists due to fully awareness and resources required identifying to minimize and mange the risk are properly allocated and it's communicated among each relevant employees to implement all the risk control measures.

Over all Findings From Banking Sector
Strongly agree Agree Neither agree nor disagree Disagree Strongly disagree

Findings from Corporate Sector
The following tabulated result shows that in corporate sectors companies especially medium sized or small having lack of awareness regarding operational risk management. In most of the companies a proper system to manage operational risks does not execute

Findings from Corporate Sector
The following tabulated result shows that in corporate sectors companies especially medium sized or small having lack of awareness regarding operational risk management. In most of the companies a proper system to manage operational risks does not execute which causes to face huge losses. The following tabulated result shows that in corporate sectors companies especially medium sized or small having lack of awareness regarding operational risk management. In most of the companies a proper system to  4, No.5, 2014 Overall findings from Corporate sector: Strongly agree Agree Neither agree nor disagree Disagree Strongly disagree

6.
RESULT AND DISCUSSION Findings shows that in corporate sector concept of operational risk 28% respondent respond on neither agree nor disagree which shows lack of awareness and 29% respondent deny with the implementation of the operational risk management process in their organization while in banking sector a proper system is executed because 18% respondents were strongly agree and 52% respondents are agree with implementation of operational risk management system only 10% were disagree so these findings bifurcated my hypothesis in two parts: RESULT AND DISCUSSION Findings shows that in corporate sector concept of operational risk management is not fully developed because 28% respondent respond on neither agree nor disagree which shows lack of awareness and 29% respondent deny with the implementation of the operational risk management process in their organization while in banking sector a proper system is executed because 18% respondents were strongly agree and 52% respondents are agree with implementation of operational risk management system only 10% were disagree so these findings bifurcated my hypothesis in two parts: Ho accepted Ho rejected management is not fully developed because 28% respondent respond on neither agree nor disagree which shows lack of awareness and 29% respondent deny with the implementation of the operational risk management process in their organization while in banking sector a proper system is executed because 18% respondents were strongly agree and 52% respondents are agree with implementation of operational risk management system only 10% were disagree so these findings

CONCLUSION
The key points to be concluded here is that companies are not having sufficient awareness and tools to avoid and minimize operational risks due to which these companies usually get involved in losses. On the contrary in banking sector all the banks have a proper channel, staff and resources to identify, assess, prioritize and manage the upcoming risks. The fact to be focused is that operational risk management has become a core management function which has its own specific importance. No any company can step towards success until or unless it goes through this function. Operational risks have become a sole focus area of attention in several companies. However, there are enormous risks which may be relatively more important. Hence, in the approach to risk assessment a drastic and extreme change is required in companies while in banks there is just a need of improving the operational risk management process to enhance the performance. Operational Risk management in corporate sector of Pakistan is currently facing the problem of integration and implementation. The risk management function is not suitably blended into the corporate strategy and use of information technology for risk management is minimal. While concerning banking sector the awareness of operational risk management is exist at its appropriate level and implementation is done through proper planning and procedures. ERM can be considered as a risk-based approach to managing an enterprise, integrating concepts of internal control and strategic planning. The strategies to manage risk include transferring the risk to other parties, avoiding the risk, dropping the negative effect or probability of the risk, or even accepting some or all of the consequences of different specific risk.

RECOMMENDATIONS:
We will recommend that this topic can be further explored in the other sectors such as agriculture sector, educational sector, health sector and so on. Researcher has a bright opportunity to work on these sectors because no any researcher has explored this topic in the other mentioned sectors in the context of Pakistan.