Call for Papers – Special Issue on Rising Tide of Operational Risks: Management Controls for Better Risk Management

Feb 17, 2025
Aug 31, 2024
About

Guest-editors:

Sergeja Slapničar, the University of Queensland, Australia

Sebastian Oelrich,Aarhus University, Denmark

Operational risks, such as cyber risk, pandemics, natural disasters, terrorism, geopolitical
uncertainties, a lack of employees’ skills, fraud, supply chain risk, and failure of processes and
systems are more pervasive than ever before (ECIIA, 2022; World Economic Forum, 2023).
They contribute to the increased complexity of the business environment and operations. Not
only that operational risks require adequate procedures and management controls, but when
materialising, existing management control tools may show limited usefulness. How can
management control tools that address such risks be designed and used? Challenges are
numerous: Operational risks have been notoriously difficult to measure due to the rarity of
events, the novelty of threat types and the scarcity of data (Wahlström, 2006, 2009). Apart from
their wide-ranging nature, operational risks differ from other significant risks due to their loss
distribution pattern, characterised by a higher frequency of small losses with low impact and a
few rare but high-impact losses (black swan events) (Kay & King, 2020; Taleb, 2009). These
unique characteristics challenge quantifying, managing, and overseeing operational risks.
Risk management of various operational risks tends to be confined to silos and special,
often self-managing teams (security specialists, compliance officers, crisis managers). While
some internal operational risks, such as fraud or cyber breach, may be managed with boundary
and belief systems (codes of conduct, training, organisational culture and transparency)
(Bussmann & Niemeczek, 2019; Oelrich, 2021; Posch, 2020), managing the risks coming from
external disruptions calls for different approaches, such as stress testing, scenario analysis,
contingency planning and crisis management (Harrer & Wald, 2016; Kaplan & Mikes, 2012)
or, for example, in case of supply chain risks – risk performance target setting, information
sharing, supplier support and joint problem solving (Dekker, Sakaguchi & Kawai, 2013).
While recent advances in digital technology allow risk detection to become more
effective (Andreassen, 2020; Fähndrich, 2023), a methodological shift is taking place from risk
prevention and detection to building resiliency, encompassing response and recovery (Tsen, Ko
& Slapničar, 2022). These approaches demand different forms of management control. One
aspect is how organisations approach high-level risk management standards and guidelines
(e.g., ISO/IEC 3100) with numerous discretions (Jemaa, 2022). Second, operational risk
measurement heavily relies on expert judgment, and research is largely lacking on what biases
risk specialists are prone to when estimating highly uncertain events (Montibeller &
Winterfeldt, 2015; Themsen & Skaerbaek, 2018). Third, quantifying operational risks to
compare them to other risks causes considerable frustrations and hinders their integration with
Enterprise Risk Management (Boehm, Laube, & Riek, 2018; Ittner & Oyon, 2020; Mikes &
Kaplan, 2015; Pollmeier, Bongiovanni & Slapničar, 2023;). Fourth, organisations seem to have
different approaches to the measurement of operational risks, from pragmatic ones, based on
qualitative assessments and narratives to idealist, pursuing quantification with statistical and
machine learning approaches (Arena et al., 2010; Mikes, 2009, 2011; Slapničar et al., 2023). It
is not well understood which factors affect the adoption of alternative approaches and how
effective they are for risk outcomes. Fifth, the scarcity of studies exploring the behavioural
aspects of operational risk management further hinders our understanding of how firms design
risk-focused control practices to embed risk considerations in employee decision-making
(Posch, 2020) and why risk management failures persist (Meyer, Grisar, & Kuhnert, 2011).
Last but not least, temporal dynamics play an essential role (Ahrens & Chapman, 2007; Klein
& Reilley, 2021): when risks such as a pandemic, major fraud or natural disasters occur, how
do organisations use traditional management controls such as attainment of budgets and
incentivising employees.

Deadline: August 31, 2024

Organizer:
JoMaC
Event Language:
Type:
Website:
Attachments
  • CfP-JoMaC-Special-Issue-Operational-Risks-and-MC-2024.pdf
Target Group:
Topic:
Share
WordPress Cookie Plugin by Real Cookie Banner