To be effective, any risk assessment methodology must be part of an overall process to address risk. The Operational Risk Framework is intended to guide information security, business continuity planning and other operational risk officers through the process of identifying and prioritizing risk and maintaining the control environment. It is based on the following components:

• Goal - The primary goal of Operational Risk is the protection of an organization's Information and other critical assets.
• Objectives - To achieve this goal we need to ensure the Confidentiality, Integrity and Availability of these assets
• Resources - These objectives are reached through the utilization of people, processes and technology.
• Method - These resources are organized and guided by a four step process of continuous improvement consisting of:
• Assess the risks to the business
• Implement controls to mitigate these risks
• Monitor the performance of these controls
• Respond to defects in the controls

More simply stated - An effective Operational Risk program protects information and other assets by ensuring the confidentiality, integrity, and availability of the data through the use of people, processes and technology organized within a process of continuous improvement.