Risk categories

We mentioned earlier that operational risk can be broken down into four headline
risk categories (representing the risk of unexpected loss) due to operational failures
in people, process and technology deployed within the business – collectively the
internal dependencies and external dependencies.
Internal dependencies should each be reviewed according to a common set of
factors. Assume, for illustrative purposes, that the common set of factors consist of
three key components of capacity, capability and availability. For example, if we
examine operational risk arising from the people risk category then one can ask:
Ω Does the business have enough people (capacity) to accomplish its business plan?
Ω Do the people have the right skills (capability)?
Ω Are the people going to be there when needed (availability)?
External dependencies are also analyzed in terms of the specific type of external
interaction. For example, one would look at clients (external to the bank, or an
internal function that is external to the business unit under analysis).