Best Practices for Managing Operational Risk
A single IT outage doesn’t just interrupt operations. In many cases, it becomes front-page news. In July 2024, CrowdStrike served as a wake-up call when a software glitch caused the largest IT outage in history, disrupting business operations around the world. In early 2025, Barclays customers took to social media as a 14-hour outage left them locked out of their accounts.
These incidents have more than failed technology in common. Both reflect our dependence on interconnected systems and third-party infrastructures. Like falling dominos, a failure in one segment can create disruption on a global scale. It is at this critical juncture where external and internal risks overlap and your organization’s response can make or break customer trust. Add in a growing list of global regulatory requirements, as well as your own internal risk factors and operational resilience—a compliance mandate at its core—also becomes a critical business differentiator.
This evolving risk environment demands a proactive, integrated strategy. A trifold approach supported by greater transparency, innovative technology, and smarter frameworks is a good place to start.
Three Things to Know About Managing Operational Risk
Operational risk is more complex—and visible—than ever
Given its potential to create headlines, operational risk is now front and center. This increased visibility means your organization needs greater transparency into its operational risks and controls. Your ability to track and report on operational activities is important to your internal, as well as your external stakeholders.
AI is a game-changer
AI is reshaping how organizations operate and offers real promise for operational resilience. It is already being successfully used to enhance controls—such as mapping risks more efficiently, analyzing risk data, and reducing repetitive tasks through automation. Relatedly, there’s also a growing need to upskill teams. Risk professionals must now understand not only how AI works, but how to monitor its outputs, validate its decisions, and flag emerging threats in real time.
Integrated, data-driven frameworks unify efforts
Without a unified view of risk across departments and systems, firms struggle to respond quickly—or even understand where their most critical exposures lie.
In an SAI360 webinar poll with ~250 respondents, fragmented risk data was identified as the top challenge by 55% of attendees. Coming in second, 38% of survey respondents said manual processes are still slowing them down.
What’s needed? More agile frameworks. Instead of relying solely on annual assessments, firms should embrace trigger-based and automated risk assessment tools that respond to business changes, third-party incidents, or regulatory shifts in real time. These tools help reduce manual errors and improve consistency. Embracing operational risk technology supports collaboration, reduces friction, and enable real-time risk analysis. The end-result is not only more data—it’s more relevant data flowing into the right hands at the right time.
Final Thoughts
Firms that leverage technology and embed operational risk into their broader risk management strategy are positioned to thrive, even as threats become more unpredictable.
Learn More in Our On-Demand Webinar
This piece was inspired by the webinar Best Practices for Managing Operational Risk in 2025, presented by SAI360 in partnership with PRMIA. Speakers were Nathan Parker, GRC Researcher at SAI360, and Rob Taylor, Head of Enterprise and Non-Financial Risk at London Stock Exchange Group. Key topics included AI risk, regulatory expectations, data integration, and best practices for resilience. Watch the full session on-demand here.