Which type of risk arises from inadequate internal processes, people, or systems?

Operational risk is defined as the potential for loss resulting from inadequate or failed internal processes, people, and systems, as well as from external events. This includes a wide range of issues such as system failures, human error, fraud, and the inadequacy of processes or procedures. Organizations must manage operational risk effectively as it can lead to significant financial losses, damage to reputation, and can even affect their ability to continue operations.

In contrast, compliance risk refers to the possibility of legal or regulatory sanctions resulting from a failure to comply with laws, regulations, or internal policies. Legal risk is the risk of financial loss due to legal actions or uncertain outcomes in litigation. Regulatory risk involves the risk of changes in regulations that may impact operational capabilities or financial performance. Hence, operational risk specifically addresses the risk arising from the internal framework of an organization, making it the appropriate choice for this question.