Workbook- Manage risk
Section 1: Introduction to risk
A risk management system uses in the companies to reduce the risk at every level of companies but the Pricewater house cooper believes that risk management system is harmful to the companies due to the risk management system’s need of huge resources mobilization. This requirement makes organization more vulnerable. Those companies which have less capital for investment have to face negative impact of risk management system. Pricewater House cooler also believes that poor risk management can decrease the benefits within the organization. Risk management system needs more budgets which every company have to spent so that they can protect themselves from the risk and this make them more vulnerable. Use of risk management system, damages the image of the companies. Clients want confidence that the companies which are selected by them are efficient in handling risk but by the risk management system they feel unsecured and also lose their trust over the companies.
The business of lard:
Loss of a product and the organization’s image or reputation is a major threat for the organization. Loss of product or organization’s image can be seen like a fires damages. Company’s reputation is essential for every company because it is a nerve for company. Many aspects are related to the company’s image like clients, suppliers, investors and so on. If the image of company is effected that means the shareholder’s value will also be effected. Loss of products and the organization’s image always seen as the loss of value of the organization. Due to media, the use of lard has been decreased and its negative results affect the use of lard.
Financial resources denote as money which is available in the business for spending in terms of liquid, cash, securities and credit limits. Cash, investments, shares, borrowing capacity and capacity to raise capital are all factors come under financial resources. In the business, financial resources are probably invites the financial risks due to different factors. Financial risk is described as a probability that the shareholders will lose their investment when they invest money in a company which has bad image or lot of debts. It is also described as a risk that is associated with the financial resources.
Below mentioned resources are highlights the priority like A denotes the high priority, B denotes the less priority and so on.
- Organizational Excellence
- Intellectual Property
There are some organizational strategic resources or skill sets which are rare, difficult to substitute and difficult to intimate for other organizations. These help the organization to improve from others and provide competitive strength. Strategic resource are advantageous for the company. Some strategic resources are giving below:
- Skilled employees
- Performance management
- Brand Image
- Organizational Ethics
Types of Risks
|Identified Issue||Risk Type|
|Issue in developing and improving products and quality||Quality Risk|
|Issues in creating organization as a high performing organization.||Competitive Risk|
|Issues in order to internal process, day to day operations and events.||Operational risk|
Risk management Principles
Mostly organizations are used the risk management to decrease the risk in their businesses and increase the profitable. They use risk management principles to make risk management more effective so that outcomes can be more effective. In the organizations, Risk management should be integral by the planning. Other main risk management principles are as following:
- Risk Identification,
- Risk Analysis
- Risk control,
- Risk Financing,
- Claims management.
These important principles are adhered by the organizations in most any problems and issues. To manage risk in an organization with effective way, it is essential to follow risk principles.Risk management principles provide the business a discipline structure which helps the organizations to overcome the risk. The organizations are not used some principles that are not appropriate to the organizations. The manager of the organization can improved the risk management practices by monitoring and evaluating on regular basis.
Risk Process Scope:
The scope of the risk management task includes three criteria:
- Risk identification
- Qualitative and quantitative risk analysis
- Risk monitoring and control
Describe how identifying the scope of a risk project is important to the management of it.
The scope of a risk project is also important for the managerial activities, status, and results where the risk management process helps in higher level management to resolve the organizational issues.
Examine risk management document:
Yes, the organization risk management reflects on the values, goals, mission and vision of the organization by focusing on the strategies and providing forward thinking & active approaches to management.
Organizational policies and procedures help the employee by providing practical guidance in reducing the risk, achieving legal compliance, or adhering to a standard that how to actually implement the policy as well as performing batter.
The risk management strategy of a firm helps to address identification and control of the risk by defining the actual risk with providing different solutions of the identified risk to control it. It provides the forward thinking and active approaches to manage the potential risks.
|Stakeholders||Internal/external||Types of input|
|CEO or Owner||Internal||Collect the information to provide effective strategy in the business system|
|Employees||Internal||Complete the organizational task and achieve the objectives|
|Customers||External||Use the organizational products and increases the revenue|
|Creditors||External||Provide finance for operation and helps the organization in critical conditions|
|Suppliers||External||In order to increase the productivity, provide different material to produce material|
Stakeholders in risk process:
|Customers||Buy or use the product and helps in branding||Risk related with branding of the company’s product mix in the market|
|Employee||Develops the product and provide innovative ideas for it||Lack of innovation and product quality|
|Government||Change in laws and rules||Introduce new laws related with the business|
The attributes that qualifies a person as a stakeholders in the risk management process includes identifying anyone impacted by the risk, and documenting relevant information regarding their interest, involvement, and impact on the effectiveness of the risk process.
A consultative approach to risk management would take by establishing the contract or the result of a procurement activity to obtain support and achieve legal compliance. Other relevant parties such as suppliers, legal parties, and people who will execute the contract should also be considered as part of the project stakeholders list.
Communicating with stakeholders:
|From: CEO – Jeff Harding
To: Store Manager
It is identified that the sore need to help of risk management, so provide the information to make plan for communicating with stakeholders to outline the risk. In addition, it will outline and provide the techniques for encouraging their participation and management have been laid out.
WHS legislation, standards and codes of conduct:
Use the internet to research WHS legislation, standards and codes of conduct in Australia (relevant to your business sector), and describe how you think these influence risk management processes for your organization.
- Work Health and Safety Act 2011 (ACT)
- Work Health and Safety Regulation 2011
- Safe Work Australia, 2011
All these WHS legislation, standards and codes of conduct in Australia are relevant to a business. These legislations are helpful to provide policies to perform batter with safe manner. It will reduce the negative effect on the health of the worker.
Application of Australian privacy principles:
- Collection of solicited information
- Notification of the collection of personal information
- Access to personal information
A contract include different risks like breach of contract, breaches of legislation, change in rules or regulation, avoidance of contract, etc.
- Financial risk like extra charges
- Holding the property
- Risk of limitation on the liability
- Make the judgment in good faith and for a proper purpose
- not to have a material personal interest in the subject matter of the judgment
Employee may loge unfair dismissal claims of FWA within seven days if they were employed for six months or longer. For this, the organization should aware of these regulations to ensure its compliance.
Awards are found out in “Awards and agreement” tab.
Leave entitlements find out in “Employee entitlements” tab.
Relevant legislations or changes to legislations find out in “Ending employment” tab.
The Fair Work Ombudsman website contains different information about the minimum rates of pay, ordinary hours of work, annual leave and leave loading, long service leave, notice to be given on termination, rest periods, anti-decimation provisions, personal leaves, etc.
|Political – The political environment of the country is positive for the business where the business needs to follow the entire business role with the lower tax rate. The negative environment for the business includes the laws related to the labor laws, environmental laws, and political instability with tariffs or trade restrictions.
Economic – The economy is much suitable for the business, it is because the economic growth of the company is much high in the recent years.
Socio-cultural – The increasing standard of the left creates the positive impact on the business where the customers are creating their culture to call a friend on coffee and meet with a person on café.
Technological – Technological factors are both positive and negative for the business because the competitors are also taking the advantage of technology.
List of risk:
|Operational or Organizational||· Legal and regulatory compliance
· Resources: human, physical
· Product quality
· Infrastructure, plant, and equipment
· Customer interaction
· Market needs
|Financial risks||· Accountability
· Fraud or theft
· Capital investment
· Interest rates
· Loss of income, funding/finance.
|Risks in governance||· Conduct of Board of Directors
· Conflict of interest.
|Risks in Project management||· Procedures and tools for project management
· Stakeholders – the strength of relationships/conflict of interest
· Human resources
· Financial resources.
The requirement gathering methods is an effective process to collect the information from the different stakeholders. It includes different techniques like- One-on-One Interviews, Group Interviews, Observation method, Questionnaires/Surveys, etc.
|· The stores are family-run
· Number of café in the different areas
· Effective and successful strategies
· Increasing productivity
|· Lack of internal controls
· Failure to meet compliance standards
· Lack of written policy and procedures
· Lack of a professional business culture
· Failure to monitor the external environment
|· Develop the business at a global level
· Enlargement the product mix
· Use of marketing mix strategy
|· Increasing the level of competition in the market
· Enhancement of the organizational challenges
· Loss of brand recognition
SWOT analysis is one of the important methods of identifying the risks in an organization. Strengths and weaknesses are generally related to issues that are internal in an organization. Strengths examine what your organization does well or its assets, skill, core competencies. Weaknesses are areas the organization could improve upon that is lacking or missing from the organization. Typically negative risks are associated with the organization’s weaknesses and positive risks are associated with its strengths. In terms of Risk Management, we call negative Risks as threats and positive risks as Opportunities. Opportunities and threats are usually external to the organization.
Goals of risk process:
Goals or objective for the task assigned by Jaff are:
- To encourage innovation and continuous improvement.
- To achieve high quality standards
The goals and objectives play an important role in carrying out the risk management process effective. On the basis of these goals and objectives, an organization can take decisions and use the information in right directions. In addition, if organizations have goals and objectives in the risk management then it reduces the losses, improve responses and enhance community confidence.
The goals of an organization are related with the strategic decisions that coordinate the organizational resources with the mission, vision, and objectives. In which, the management develops the plan according to the need of the objectives and take the strategic decisions correctly.
An organization must ensure that risk management is integrated with all aims and objectives of the firm to reduce overall risk as well as provide high quality in the production.
Financial risk factor: Premise, product and service, purchasing, etc.
People element: People
Actions or processes: Processes and performance
Management issues: Policy and strategy as well as Planning and organizing
Staff input to risk management:
Brainstorm a list of approaches that you can use to encourage staff and stakeholders to provide input and participants in the development of risk management strategies for an organization, and describe how each of these can be effective.
In order to encourage staff and stakeholders, an organization can use of the effective communication, provide training to the employees, effectively control and manage the organizational tasks, etc. in the development of risk management strategies. All these strategies are effective to fill the customer requirements by the use of quality improvement tools in the training, break down barriers in communication, improve the project by controlling and manage the staff by job security and reward system.
The 8 P’s:
The 8 P’s of service industry with the sub-causes are:
- Product- Design, Technology, Usability, Usefulness, value
- Price- Cost plus, Loss leader, Penetration strategy
- Place- Retail, Wholesale, Internet, Local expert
- Promotion- Advertizing, Special offers, Gifts
- People- Founders, Employees, Culture
- Process- Service delivery, Complains, Response time
- Physical evidence- User stories, Recommendations, Buzz
- Productivity and quality- Warranty, Brand
The risk in the business environment can be researched by the use of these three ways:
- Interview– It is primary data collection method where the information are collected by asking the questions to the management and other high profile employees to manage the risk.
- Survey– It is also a primary data collection method where questionnaires provided to the different participants and take their response.
- Literature review– This secondary data collection method where the information are collected from the different sources like books, websites, etc.
The stakeholders would be most beneficial to involve in the process of risk identification. It is because the stakeholders can get the benefits of the success of the related organization. In order to address the issues related to the risk, the stakeholders will be included in gathering input to risk identification.
Board role for risk management:
In the statement, the likely risk would be included and all five areas of this scale would be included. Most of the participants provide their opinion about the risk because it is identified that the board can play essential role to improve the risk management quality.
|Rare: Timesheets sent to head office were not always authorized||Timesheets are issued after the authorization so the rare chances off risk|
|Almost certain: Wet floors on rainy days making it slippery for staff and customers||In the rainy days each floor become slippery, so the chances are almost certain|
The reassessment of the risk can provide relevant information for the organization by defining the chances of risk. But in concern to this, the immediate reassessment cannot provide actual information for risk management because effects of the control system cannot provided immediately.
Residual risk is a method to provide subjective judgment of the inherent risk and reducing the impact of risk controls. On the other hand, it is and risk management tool that is useful after the risk identification to eliminate this specific risk.
|Insignificant||One question on the staff records asked for a full medical history of the employee|
|Catastrophic||Banking not always done every days leaving cash on the premises|
One of each:
- Rare and catastrophic- Catastrophic climate change or extinction of a species
- Frequent and insignificant- Broken floor tiles creating a trip point for staff
- Possible and moderate- Communication conflicts between the employees
|Extreme: Wet floors on rainy days making it slippery for staff and customers||In the rainy days each floor become slippery, so it has extreme priority of occurrence.|
|Low: Timesheets sent to head office were not always authorized||Timesheets are issued after the authorization so it has low priority.|
- Expected loss for a car wash= $500*122= $61000 per year
- Expected loss will be = $500*148= $74000 per year
Earning = $217*300= $65100 per year
So, the business will have the loss in Melbourne = $74000- $65100 = $8900 per year
The laziness of employee is a situation which is extreme because they always try to ignore the hard working at work place.
In this situation, a manager would take these actions:
- Risk identification
- Loss by this risk
- Tools for mitigating this risk.
Risk control in a shop-environment:
Reduce: The risk can be reduced by collecting the cash with counting it as par the sales on each evening as well as deposit this cash daily into the bank account.
Isolate: If it is identified that the cash is mishandled by store staff then there is a need of installing the camera in the retail store.
Control: The store cameras will show the particular parson who is thief or misusing the cash from counter.
Hierarchy of control:
Retain the risk is the best option to treat the identified and shared risk. This option helps to reduce the overall cost that can be occurred due to risk creation as well as provide tangible and intangible benefits.
Risk vs. freedom:
The equity and individual freedom are involved in the risk treatment options because it reduces the cost of the organization as well as increases the overall benefits both for human resources and company. The risk treatment option may not include only the worker’s freedom because each individual have right of the freedom to reduce the risk in workplace.
Common Business Risks
|Capital investment||If an organization identifies the risk related with the capital investment that can be controlled by the effective tool of risk mitigation.|
|Fraud or theft||The fraud or theft related risk can be controlled by the use of advanced technology like camera, security guard, etc|
|Interest rates||The risk related with interest rates can be controlled by perfect forecasting about the economical changes.|
|Loss of income||The loss of income is also an financial risk that can be controlled by the use of effective measurement tools of risk control.|
The product development includes the operational risk during the time of manufacturing.
The risk action plan of the Volunteering Australia includes an organizational risk. As a risk manager, I will use effective risk management plan to control on the risk and manage it.
- Completeness- The complexness is a very necessary part of the risk management plan where all the records and transactions should be completed in the report otherwise it will be rejected.
- Accuracy- If the accuracy will not be provided then the accounting of the data will not be match with the results.
- Authorization- The correct levels of authorization are in place to cover such things as approval, payment, computer access, and data entry.
It can be said that having a store person appointed would help to physically control over the supplier by identifying their price each second.
Risk insurance 1:
- Professional liability insurance– It covers a business against negligence claims due to harm that results from mistakes or failure to perform.
- Property insurance- This insurance covers equipment, signage, inventory and furniture in the event of a fire, storm or theft.
- Worker’s compensation insurance- This insurance covers the medical treatment, disability and death benefits in the event an employee is injured or dies as a result of his work with that business.
- Product liability insurance- In this insurance, the business covers the risk of manufacturing the products to sale in the general market as well as insurance of the product liability.
- Business interruption insurance- This type of insurance is especially applicable to companies that require a physical location to do business, such as retail stores.
Credit card risk:
The requirement of the credit card holder to insurance is that it should try to safe their card and only use it personally. It expenses resulting from efforts to resolve the identity theft. Additionally, it also expenses that get covered are reasonable legal expenses, lost wages, Obligation to pay and miscellaneous expenses like cost of refilling of application for credit accounts or banking accounts, cost of notarizing documents and cost of maximum 4 credit reports from an entity approved.
Risk insurance 2:
- Insurance provider 1- TAL life limited
Suitable: This organization is suitable for credit card insurance, because it helps to protect the money by tracking the account where the thief uses the card.
- Insurance provider 1- AIA Australia limited
Suitable: This organization is also suitable for insurance of credit card, because it helps to protect the credit card by tracking system.
- Insurance provider 1- MLC limited
Suitable: MLC limited is suitable for credit card insurance by protecting the card with extra feature during the use of it.
Risk management and workplace modifications:
In an organization, some person may physical disable for them the company should provide different facilities such as:
- Providing a nearby parking space for a disabled worker
- Reallocation of a duty a disabled employee cannot do
- Providing a piece of equipment
- Swapping two pieces of equipment
- Redeploying a disabled person to a non-public facing role
Communicating the plan:
In order to communicate with the stakeholders, an organization should use written communication by providing information from e-mails and mails for the risk management action plan.
Gaining staff support:
- Implement the risk action plan effectively
- Monitor the risk action plan
- Evaluate the risk management process.
In order to communicate the risk management processes to staff and stockholders different approaches can be use by a manager: Reporting, e-mail, face to face communication, organizing a meeting, etc. In this, the meeting organizing is the best way to communicate the risk management process among the organizational people.
Risk management policy:
Policy- The operational risk management policy is using by the company to reduce the system failure and remove the mistakes in execution.
The risk management will be helpful to mitigate all kind of operational risks of the business. These risks arise due to the execution of the business functions of the enterprises. Enterprises need to assess these risks and prepare action plans to meet the impact of risk. At the primary level, operational risk management deals with technical failures and human errors.
Organizational requirements for storage:
The main benefit of protocols for naming documents is that it can be easily found in future due to reference and effective documentation. It is also helpful to make their content identifiable and locations where particular documents should be stored for future access. Documents can also save by the firm for security purpose and protect them by the use of passwords. During the documents are stored, it is ensured that the requirements of the documents safety are fulfilled like save as template, save documents as per the requirement of organization, protocols for naming documents, provide proper locations, protect the document by password, etc.
Risk reduction training:
In order to provide training to the organizational employees, it is identified that the training should be based on the action plan. In this, the manager should provide practical training to the employees so that they can take action against the risk.
Risk management responsibilities:
|Task||Responsibility and why|
|Prepare a new policy and procedure on storage of sharp knives that are used to cut leather.||Operational manager is responsible because it is appointed by the company to design new policy and procedure.|
|Taking out insurance to cover money kept overnight on the premises.||Financial manager will provide insurance cover money.|
|Training staff on new cash register procedures.||Supervisor and operation manager develop the plan for training.|
|Fixing the broken tiles and eliminate the trip points.||Supervisor can appoint a person who can fix the broken tiles.|
|Issuing chain-mail gloves for use with the leather knife.||Operational manager has duty to issue the chain-mail gloves.|
- Professional development activity- Training staff on new cash register procedures.
Reason: to effectively manage the staff and complete the procedure of new cash registration.
- Professional development activity- Provide training to develop the skills and information about the work.
Reason: To effectively improve the knowledge of employee about the work.
A manager will follow all these steps to review and report the risk, like:
- Monitor identified risks
- Identify new risks
- Ensure the proper execution of planned risk responses
- Evaluate the overall effectiveness of the risk management plan in reducing risk
- Review the risk
- Report the risk
Risk management document:
There are different kinds of risk management documents. As risk management follows risk identification, a lot of these documents will be based on the risk identification reports. Documentation is done in a systematic way and can be from different inputs. Such as: Stakeholder analysis, WBS risk report, scope risk report, cost evaluation risk report, schedule evaluation risk report, technical evaluation risk report, etc. The documents can be stored in computer after scanning and in the storeroom where particular documents should be stored for future access. Documents can also save by the firm for security purpose and protect them by the use of passwords. During the documents are stored, it is ensured that the requirements of the documents safety are fulfilled.
Risk management review:
|Risk area||Review period||Reason|
|Assets and infrastructure- footpaths||One year||Evaluate the overall effectiveness of the risk management plan.|
|Assets and infrastructure- street furniture||One year||To provide best solutions of the street furniture|
|Legislative compliance||Three months||This compliance occurs due to change in the rules.|
|New projects and special events||Half yearly||For the development and growth off the company.|
Risk management reporting:
The risk reporting is beneficial for the organization such as it describes the risk to the top management, provides the rating to the risk, and describes the treatments actions and activities that are taken; assign timelines, responsibility of risk treatment and current status.
Organizational risk management:
Person/position responsible– General manager
- Determine purpose and uses
- Develop measurable objectives
- Develop evaluation questions
- Collect/gather credible evidence
- Analyze information & development conclusions
- Report findings
Risk management monitoring approaches:
|Risk action plan||It provides effective action plan for the risk mitigation.||Sometimes, it may be fail.|
|Scope change||The scope change updates the risk action plan.||Already taken action for action plan become useless.|
|Additional risk identification and analysis||More risk and issues can be identified by this.||Need of different action plan.|
The key performance metrics for successful implementation and monitoring of risk management process are as under:
- Qualitative and quantitative performance metrics
- Leading and lagging performance metrics
- Input, process, and output performance metrics
- Outcome or objective focused
Cardona, O.D., 2013. The need for rethinking the concepts of vulnerability and risk from a holistic perspective: a necessary review and criticism for effective risk management. In Mapping vulnerability (pp. 56-70). Routledge.
Cole, S., Giné, X., Tobacman, J., Topalova, P., Townsend, R. and Vickery, J., 2013. Barriers to household risk management: Evidence from India. American Economic Journal: Applied Economics, 5(1), pp.104-35.
Christoffersen, P.F., 2012. Elements of financial risk management. USA: Academic Press.
Aebi, V., Sabato, G. and Schmid, M., 2012. Risk management, corporate governance, and bank performance in the financial crisis. Journal of Banking & Finance, 36(12), pp.3213-3226.
Sodhi, M.S., Son, B.G. and Tang, C.S., 2012. Researchers’ perspectives on supply chain risk management. Production and operations management, 21(1), pp.1-13.
Glendon, A.I., Clarke, S. and McKenna, E., 2016. Human safety and risk management. USA: Crc Press.
Wu, D.D. and Olson, D.L., 2015. Enterprise Risk Management. In Enterprise Risk Management in Finance (pp. 1-10). Palgrave Macmillan, London.
Driver, J. and Bernard, R., 2012. Enterprise risk management. In The SAGES manual of quality, outcomes and patient safety(pp. 529-539). Springer, Boston, MA.
Paape, L. and Speklè, R.F., 2012. The adoption and design of enterprise risk management practices: An empirical study. European Accounting Review, 21(3), pp.533-564.
Bromiley, P., McShane, M., Nair, A. and Rustambekov, E., 2015. Enterprise risk management: Review, critique, and research directions. Long range planning, 48(4), pp.265-276.
Olson, D.L. and Wu, D.D., 2017. Data Mining Models and Enterprise Risk Management. In Enterprise Risk Management Models (pp. 119-132). Springer, Berlin, Heidelberg.
Lam, J., 2013. Operational Risk Management. Enterprise Risk Management: From Incentives to Controls, Second Edition, pp.237-270.
Academic Research Writing Arm of Global Research Services.