---
type: "term"
title: "Operational Risk (OpRisk)"
description: "The broader category of risks arising from inadequate or failed internal processes, people, and systems, or from external events."
resource: "tlctc:term:operational-risk-oprisk"
tags:
  - "glossary"
---
# Operational Risk (OpRisk)

The broader category of risks arising from inadequate or failed internal processes, people, and systems, or from external events. In TLCTC: cyber risks are explicitly defined as a **subset** of operational risks. While cyber risk management focuses on threats from unauthorized or unknown entities (covered by the 10 TLCTC clusters), comprehensive risk management must also consider traditional IT risks (e.g., "software failure", "error in use", "abuse of rights" by authorized actors), compliance risks, and third-party risks. Actions of authorized actors should be managed under separate OpRisk categories unless they attempt to breach authorization boundaries, which then falls within cyber risk scope.

**Reference:** V1.9.1 §Introduction




**Related reading:** [The Adoboli Paradox — Cyber vs Operational Risk](https://www.tlctc.net/tlctc-adoboli-paradox.html)

See also: Cyber Risk, Business Risk Event