Operational risks are risks that originate from the business itself conducting operations. Common examples include physical damage, safety issues, quality issues, theft, fraud, and business interruption (often a repercussion of another operational risk).

As usual, let’s illustrate this concept in a case study format, this time of a fictional company called Case4U. Case4U operates out of a plastic injection molding facility in Colorado and employs a staff of 25 to make cases for cell phones, action cameras, and other small electronics.

Just from the few sentences above, we can already identify a source of operational risks. Note that Case4U’s products are small in physical size, often in high demand (especially around the launch period of a new flagship device), and have a low individual cost (despite a much higher retail price). As a result, Case4U faces the operational risk of their inventory being particularly susceptible to internal theft.

Now that we’ve identified an operational risk in this situation, let’s use our usual array of potential responses to determine the best way to respond to this risk.


We opened this post up by defining operational risks as being a byproduct of the business conducting operations - this makes the avoidance option pretty invalid here.


Unfortunately, there’s no way to truly transfer this risk to an external party (such as an insurer). To consider this, production would have to be outsourced and Case4U would need to operate as a dropshipper, so that the entire production process (and the resultant operational risks) are borne by another company. This results in a fundamentally different business model, so we can conclude that it’s a bit too extreme of a response in this situation - although one worth considering, if only very briefly and for the sake of explicitly ruling it out.


Doing nothing to respond to this risk certainly can work; and in fact, this is the reaction that many business owners inadvertently take if they haven’t taken the time to do a proper risk assessment on the business. But that’s not us, of course. We can recall that acceptance should only be considered when none of the other response options are viable; so with that in mind, let’s consider one last one before this ‘last resort’ option.


We have several options to effectively mitigate this risk that are viable from a cost/benefit perspective. In the real world, cost/benefit is a huge factor in terms of what approach/response we take when faced with a risk. For instance, having unique barcodes on every product that gets individually scanned at every stage of production would be too cumbersome and costly for a low-cost/ high-volume product like this. A better fit would be to install cameras in the production area that provide a visual deterrent and allow management to review footage to help identify any internal theft. Another common practice is making vacation mandatory, so that in the absence of an employee, there is a better chance of any schemes coming to light.

So that wraps up our brief exercise on organizational risks. We’ll be moving onto the last few types of risks in upcoming posts, so if you have questions on any of the above or the organizational risks your business faces, let me know in the comments below!