The level and type of risk that you need to consider will vary with the type of business you operate. However, there are some common categories which you can use to guide your thinking and the development of your risk management plan.

The following lists the official Basel II defined 7 risk event types with examples for each category:

• Internal Fraud - misappropriation of assets, tax evasion, intentional mismarking of positions, bribery
• External Fraud - theft of information, hacking damage, third-party theft and forgery
• Employment Practices and Workplace Safety - discrimination, workers compensation, employee health and safety
• Clients, Products, and Business Practice - market manipulation, antitrust, improper trade, product defects, fiduciary breaches, account churning
• Damage to Physical Assets - natural disasters, terrorism, vandalism
• Business Disruption and Systems Failures - utility disruptions, software failures, hardware failures
• Execution, Delivery, and Process Management - data entry errors, accounting errors, failed mandatory reporting, negligent loss of client assets

Operational risk management is the oversight of loss resulting from inadequate or failed internal processes; systems; people; or external events.