Abstract
Uncertainty arising from military, geopolitical, technological, and regulatory developments has intensified the need for comprehensive methodology of operational risk assessment in financial institutions worldwide. At the same time different points of views on operational risk definition is augmenting mentioned above issues.
Authors propose operational risk definition as the degree of negative deviation from the expected outcome of a process. Given this its effective assessment requires methods that capture both measurable (financial) loss exposures and non‑financial impacts as well as potential (emerging) threats.
Quantitative methodologies are based on probabilistic loss measurement and distributional modelling. The Loss Distribution Approach decomposes operational loss experience into frequency and severity components, typically modelling frequency with discrete distributions such as the Poisson distribution and severity with heavy tailed continuous distributions such as the lognormal, Weibull, or Generalized Pareto distribution. Aggregation of these components into an operational risk loss distribution is commonly achieved through Monte Carlo simulation or other numerical techniques such as Fast Fourier Transform and Panjer recursion. Adaptation of Value-at-Risk methodology to operational risk estimates both expected and unexpected loss at specified confidence levels, thereby supporting managerial decisions, further capital estimation and risk trend analysis. The principal limitation of quantitative models is their dependence on the availability, sufficiency, and representativeness of historical loss data, which constrains their capacity to capture rare, systemic, or novel events and to support early warning system in terms of appropriate managerial response.
Qualitative methods address gaps left by purely statistical approaches by eliciting expert judgement and contextual knowledge. Techniques surveyed include structured interviews, the Delphi method, scenario analysis, root cause analysis, Ishikawa diagrams, Bowtie diagrams, and checklists. These tools facilitate identification of emerging risks, behavioral and organizational drivers of loss, and non‑monetary impacts that are not reflected in historical datasets. Their principal weaknesses are inherent subjectivity, potential for group biases, and resource intensity, which necessitate rigorous design, facilitation, and validation to ensure reliability.
Hybrid approaches integrate quantitative outputs with qualitative interpretation to produce consolidated, decision‑relevant risk profiles. These mixed methods include indicator dynamics analysis, structural decomposition, and combined dynamics and structure analysis. Such approaches enable efficient early warning system design, concentration identification, and monitoring of structural shifts in the risk profile over time. Effective hybrid implementation requires a set of supporting practices: data normalization and aggregation rules; attribution analysis to distribute contributions across personnel, processes, and infrastructure; model validation through back‑testing and scenario testing; sensitivity analysis and confidence interval construction; and visualization techniques such as heat maps and structural flow diagrams to render results comprehensible to stakeholders.
Given this, integrative assessment practices reconcile the need for historical data with the necessity of capturing contextual and emerging threats. Institutional measures that support integration include enhanced internal and external data collection, standardized loss taxonomy and normalization procedures, formalized expert opinions collection protocols, and governance arrangements that link assessment outputs to decision making.
A singular methodological orientation is rendered as inadequate for comprehensive operational risk management. Quantitative models provide essential metrics for measuring financial loss exposure, qualitative techniques surface non‑historical and behavioral risks, and hybrid approaches synthesize these perspectives into actionable risk profiles. Adoption of integrated assessment frameworks, underpinned by strict data governance, model validation, sensitivity testing, and stakeholder‑oriented visualization, will improve the quality of managerial decisions and strengthen institutional resilience in uncertain business environments.
Keywords
References
1) Ashby, S. (2022). Fundamentals of Operational Risk Management: Understanding and Implementing Effective Tools, Policies and Frameworks. Kogan Page, Limited.
2) Basel Committee on Banking Supervision. (1998). Operational Risk Management.
3) Basel Committee on Banking Supervision. (2001). QIS 2—Operational Risk Loss Data.
4) BBC News. (2013). Target card heist hits 40 million. BBC News. https://www.bbc.com/news/technology-25447077
5) Bezshtanko, D. (2025). AI AND BANK’S OPERATIONAL RISK MANAGEMENT. Three Seas Economic Journal, 6(2), 22–27. https://doi.org/10.30525/2661-5150/2025-2-4
6) Chapelle, A. (2019). Operational risk management: Best practices in the financial services industry. John Wiley and Sons, Inc. https://doi.org/10.1002/9781119548997
7) Chapelle, A., Crama, Y., Hubner, G., & Peters, J.-P. (2005). Measuring and Managing Operational Risk in the Financial Sector: An Integrated Framework. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.675186
8) Chaudhuri, A., & Ghosh, S. (2016). Probabilistic View of Operational Risk (Вип. 331, с. 47–73). https://doi.org/10.1007/978-3-319-26039-6_4
9) Jobst, A. (2007). Consistent Quantitative Operational Risk Measurement and Regulation: Challenges of Model Specification, Data Collection, and Loss Reporting. IMF Working Papers, 07(254), 1. https://doi.org/10.5089/9781451868173.001
10) Jung, J. C., & “Alison” Park, S. B. (2017). Case Study: Volkswagen’s Diesel Emissions Scandal. Thunderbird International Business Review, 59(1), 127–137. https://doi.org/10.1002/tie.21876
11) Kuczynski, J., Wang, C., & Hoffman, F. (2021). Boeing 737 MAX: A case study of failure in a supply chain using system of systems framework. Issues in Information Systems, 22, 51–62. https://doi.org/10.48009/1_iis_2021_51-62
12) Mullen, R. M., Jethro. (2017, Січень 30). Computer outage grounds Delta flights in U.S. | CNN Business. CNN. https://www.cnn.com/2017/01/29/news/delta-system-outage
13) National Bank of Ukraine. (2018). Положення про організацію системи управління ризиками в банках України та банківських групах [Regulation on the organisation of risk management systems in banks of Ukraine and banking groups]. https://zakon.rada.gov.ua/laws/show/v0064500-18?lang=en#Text
14) Naumova, O., & Kopyl, A. (2025). Роль кадрового аудиту в системі управління ризиками організації: вплив на лояльність працівників [The role of HR audit in organizational risk management: impact on employee loyalty]. Sustainable Economic Development, (1(52)), 288–296. https://doi.org/10.32782/2308-1988/2025-52-40
15) Pescaroli, G., McMillan, L., Gordon, M., Aydin, N. Y., Comes, T., Maraschini, M., Palma Oliveira, J., Torresan, S., Trump, B., Pelling, M., & Linkov, I. (2025). Definitions and taxonomy for High Impact Low Probability (HILP) and outlier events. International Journal of Disaster Risk Reduction, 127, 105504. https://doi.org/10.1016/j.ijdrr.2025.105504
16) Pichet, E. (2010). What Governance Lessons Should be Learnt from the Société Générale’s Kerviel Affair?
17) Plachkinova, M., & Maurer, C. (2018). Teaching Case Security Breach at Target. Journal of Information Systems Education, 29.
18) Polleri, M. (2025). Fukushima and the Politics of Nuclear Disaster Recovery. Current History, 124, 216–221. https://doi.org/10.1525/curh.2025.124.863.216
19) Popov, G., Lyon, B. K., & Hollcroft, B. (2022). Risk assessment: A practical guide to assessing operational risks (Second edition). John Wiley & Sons, Inc. https://doi.org/10.1002/9781119798323
20) Samad-Khan, A. (2010). New approach of the operational risk management.
21) Samad-Khan, A., Rheinbay, A., & Le Blevec, S. (2006). Fundamental Issues in OpRisk Management.
22) Sokolovska, N. (2022). Операційний ризик менеджмент у банках [Operational risk management in banks]. Kyiv: Vadym Hetman Kyiv National Economic University.
23) Strategic Organizing Center. (2025). Failure to deliver—Amazon falls short on safety. Strategic Organizing Center. https://thesoc.org/
24) Tattam, D. (Ред.). (2011). A short guide to operational risk. Gower.
25) Yevtushenko, H. V., Baboshko, A. I., & Bushlya, D. I. (2015). Операційні ризики в системі банківської діяльності та нові шляхи їх попередження [Operational risks in the banking system and new ways of their prevention]. Retrieved from http://global-national.in.ua/issue-5-2015/13-vipusk-5-traven-2015-r/821-evtushenko-g-v-baboshko-a-i-bushlya-d-i-operatsijni-riziki-v-sistemi-bankivskoji-diyalnosti-ta-novi-shlyakhi-jikh-poperedzhennya