Operational risk is a big buzzword in today’s landscape. A lot of recent operational losses running in billions of dollars is worrying and most of them seem to be in the financial services industry. A lot is done to manage operational risk across various types of industries. Corporates and Banks are enhancing their internal control structures, adopting technology etc to minimize losses. There is frantic approach to implementing all possible solutions labeled as Operational Risk solutions that help organizations manage operational risk. Two questions arise from the above situational issue. 1. Can operational losses be ever fully mitigated or minimized. 2.Is technology the ultimate solution to minimize or prevent operational losses The answer is not straight forward. Here are a few specific examples of how operational losses cannot be managed only by better controls and technology. 1.Control framework is a framework that help minimize errors. However, unless the control framework is well built, there is a tendency to build controls that are detective in nature rather than preventive. A trading loss, unauthorized trade in treasury triggers a series of controls to review end of day reports, 3rd or 4th level of authorization etc. But the truth is that the error or intentional fraud can still be committed. What is required is more of preventive controls rather than detective controls. Even then, control framework is not enough. There has to be management buy in on the reason why controls are in place. The tone at the top has to be that of commitment to a strong control culture. If there are many options to by-pass controls by way of approved deviations, exception handling, or the fact that the CEO approved the exception, then not much can be achieved. 2. Next coming to technology, again, it is felt across the world that technology is merely an enabler and not a solution on its own. Buying operational risk management technology will not protect an organisation from losses. This is because the data that forms part of the solution was already there. Then the people who review reports coming out of the technology are the same people. The governance and MIS structures are the same. What has changed is the ability to view data in different dimensions. So, unless the processes, policies and governance around the technology changes for the better, technology alone will not be able to mitigate the various risks especially operational risk.