Risk Management Persuasive
A limited time offer! Get a custom sample essay written according to your requirements urgent 3h delivery guaranteed
Order NowOne of the world’s wealthiest investors of all time, Warren Buffett (n.d.), said, “Risk comes from not knowing what you’re doing.” Furthermore, “Denial is a common tactic that substitutes deliberate ignorance for thoughtful planning,” said risk management author Charles Tremper (n.d.). As a newly hired consultant, we have been tasked with the duties of creating and presenting a risk management/business contingency plan for our first client. The legal department and the IT department have both expressed concerns regarding the ethical use and protection of sensitive data, customer records, and other information systems content. In the interest of creating confidence and job satisfaction in this new position, our new employer has decided to let us select our first client. For this task, we may select our client from our actual place of employment, a local small business, or a well-known public company. The client must operate internationally in at least some aspects of its business. Any information that would be considered confidential, proprietary, or personal in nature, should not be included. We will not include the actual names of people, suppliers, the company, or other identifiable information. Fictional names will be used. Also, company-specific data, including financial information, will not be included, but may be addressed in a general fashion if appropriate. Remember, the client insists on maintaining the security of data in information technology and that the potential for ongoing issues is based on global marketplace concerns.
Therefore, we will now prepare to: (A) Create a risk register with eight risks currently facing the business to include the following: (1) Explain how one of the identified risks emanates from an aspect of the companyâs global marketplace activities (e.g., manufacturing uncertainties, problems with suppliers, political instability, currency fluctuations, etc.); (2) Discuss the source(s) of each risk; (3) Evaluate the risk level for each risk in terms of severity of the impact, likelihood of occurrence, and controllability; and (B) Develop an appropriate risk response for each risk to reduce the possible damage to the company (this section will be included as a separate, detailed discussion to accompany the risk register).
Throughout this task, we will creatively solve problems by answering the Helpology Questionâ˘: “What’s the most helpful & simplest way that works?”⢠(Christian, n.d.). For example, we will first focus on various definitions to more clearly understand important topics, then follow with our corresponding analyses and/or recommendations. Discussion
A. Create a risk register with eight risks currently facing the business to include the following: (1) Explain how one of the identified risks emanates from an aspect of the companyâs global marketplace activities (e.g., manufacturing uncertainties, problems with suppliers, political instability, currency fluctuations, etc.); (2) Discuss the source(s) of each risk; (3) Evaluate the risk level for each risk in terms of severity of the impact, likelihood of occurrence, and controllability.
Before we can begin, we must first understand the following:
Risk
Risk affects every aspect of human life; we live with it every day and learn to manage its influence on our lives. In most cases this is done as an unstructured activity, based on common sense, relevant knowledge, experience and instinct. (Merna & Al-Thani, 2008, p. 7)
Rowe (1977) defines risk as âThe potential for unwanted negative consequences of an event or activityâ whilst many authors define risk as âA measure of the probability and the severity of adverse effectsâ. Rescher (1983) explains that âRisk is the chancing of a negative outcome. To measure risk we must accordingly measure both its defining components, and the chance of negativityâ. The way in which these measurements must be combined is described by Gratt (1987) as âestimation of risk is usually based on the expected result of the conditional probability of the event occurring times the consequences of the event given that it has occurredâ. (Merna & Al-Thani, 2008, p. 10)
A common definition of risk â the likelihood of something undesirable happening in a given time â is conceptually simple but difficult to apply. It provides no clues to the overall context and how risks might be perceived. Most people think of risk in terms of three components: something bad happening, the chances of it happening, and the consequences if it does happen. These three components of risk can be used as the basis of a structure for risk assessment. (Merna & Al-Thani, 2008, p. 11)
Risk Management
The art of risk management is to identify risks specific to an organisation [sic] and to respond to them in an appropriate way. Risk management is a formal process that enables the identification, assessment, planning and management of risks. (Merna & Al-Thani, 2008, p. 2) (Merna & Al-Thani, 2008, p. 16)
Risk Register
A risk register is a document or database which records each risk pertaining to a project or particular investment or asset. As an identification aid, risk registers from previous, similar projects may be used in much the same way as checklists. The risk register enables the data collected during the risk management identification process to be captured and saved, for review and as a data container for information on the choice of risk software. There are a number of âprerequisiteâ data items necessary within the risk register, as follows: ⢠The title of the project. This should briefly describe the project. ⢠The project ID. This allows identification of specific projects where multiple projects are being developed. ⢠The activity ID.
⢠The activity acronym.
⢠The team leaderâs name, and the names of the individual teams. This information is necessary should any further investigation be needed or any queries in regard to the original risk assessment be raised. ⢠Activities. This column is a list of activity descriptions, preferably in order of sequence. The register may be used for network or spreadsheet models. ⢠Procedure. This is important for network-based risk software packages. It identifies the linkage between the activities from start to finish. ⢠Most likely. Estimated by the expert for the activities, this is a value used in the risk software package around which the optimistic and pessimistic values operate. This is commonly referred to as a three-point estimate. (Merna & Al-Thani, 2008, pp. 72-73)
Since we now understand the above topics more clearly, we will continue to: (A) Create a risk register with eight risks currently facing the business to include the following: (1) Explain how one of the identified risks emanates from an aspect of the companyâs global marketplace activities (e.g., manufacturing uncertainties, problems with suppliers, political instability, currency fluctuations, etc.); (2) Discuss the source(s) of each risk; (3) Evaluate the risk level for each risk in terms of severity of the impact, likelihood of occurrence, and controllability.
As we identify the eight risks required for our register below, we will ensure one of the eight risks identified is a global risk and includes a description of how this risk emanates from one of the companyâs global
marketplace activities.
Company X – Risk Register
B. Develop an appropriate risk response for each risk to reduce the possible damage to the company (this section will be included as a separate, detailed discussion to accompany the risk register).
Risk Response
Corporate risk strategy often entails planned actions to respond to identified risks. A typical corporate risk strategy includes the following: ⢠Accountabilities for managing the corporate risk.
⢠A corporate risk register will be maintained as a record of the known risks to the corporate strategy plan; the types of mitigating actions can then be taken, and the likely results of the mitigating action recorded. ⢠Treatment plans are identified that form part of the corporate strategy and will be communicated to the [Strategic Business Units], so they in turn may manage the risk which may affect them. A first estimate of potential effects can be determined using assumption analysis, decision tree analysis and the range method. These models can then be used to evaluate the effectiveness of potential mitigating actions and hence select the optimum response. Chapman and Ward (1997) believe mitigating actions can be grouped into four categories and potential action includes: 1. Risk avoidance:
⢠cancel a project
⢠move out of a market
⢠sell off part of the corporation.
2. Risk reduction:
⢠acquisitions or mergers
⢠move to the new market
⢠develop a new product/technology in an existing market
⢠business process re-engineering
⢠corporate risk management policy.
3. Risk transfer:
⢠partnership corporate policy on insurance.
4. Risk retention:
⢠a positive decision to accept the risk due to the potential gain it allows. Many of the mitigating actions at the corporate level generate (or cancel) individual projects or entire programmes [sic] conducted at lower levels. (Merna & Al-Thani, 2008, pp. 202-203)
Our Risk Responses
The discussion below will focus on how various team members will respond to reduce possible damage to the company if the risk occurs. Risk 1 (Global)
If a Loss of IT (Data) occurs, then:
1. Accountabilities – Our IT Director will immediately notify our CEO in addition to any specific department heads affected by the loss.
2. Mitigating Actions (with likely results) – Since this risk is global (due to the potential threat of computer hackers worldwide), to reduce possible damage to the company, our IT Director will maximize all IT security systems now. Then, if any IT data loss does occur in the future, our IT Director will quickly access our backed-up data (continuously saved and stored through a contracted, third party) to safely replace any deleted information (likely results).
3. Treatment Plans – Recorded and communicated to corresponding SBUs.
4. First Estimate of Potential Effects – Determined using assumption analysis, decision tree analysis, or the range method, then evaluated to select (Merna & Al-Thani, 2008, p. 203) our …
5. Optimum Response – Risk Reduction: Business process re-engineering to include increased IT security, as well as employing dual, back-up data systems (in case, for any reason, our first set of backed-up data is also lost).
Risk 2
If a Loss of Computers happens, then:
1. Accountabilities – Our Security Director will immediately notify our CEO in addition to any specific department heads affected by the loss.
2. Mitigating Actions (with likely results) – To reduce possible damage to the company, our Security Director will maximize all corporate security systems now to help ensure all types of loss prevention (likely results).
3. Treatment Plans – Recorded and communicated to corresponding SBUs.
4. First Estimate of Potential Effects – Determined using assumption analysis, decision tree analysis, or the range method, then evaluated to select (Merna & Al-Thani, 2008, p. 203) our …
5. Optimum Response – Risk Reduction: Business process re-engineering to include maximization of all corporate security systems as well as Risk Transfer: Ensure corporate policy on insurance will cover any loss of computers. Risk 3
If a Denial of Building Access takes place, then:
1. Accountabilities – Our Security Guard on duty will kindly ask the individual to prove their identity. Then, our Security Guard will verify whether or not the individual should have building access. If the individual should have access, then the Security Guard will notify the Security Supervisor, who will, in turn, correct the individual’s building access in the security system. If not, immediately the individual will be kindly asked to leave and escorted off the premises by the Security Guard.
2. Mitigating Actions (with likely results) – To reduce possible damage to the company, our Security Director will maximize all corporate security systems now to help ensure all types of loss prevention (likely results).
3. Treatment Plans – Recorded and communicated to corresponding SBUs.
4. First Estimate of Potential Effects – Determined using assumption analysis, decision tree analysis, or the range method, then evaluated to select (Merna & Al-Thani, 2008, p. 203) our …
5. Optimum Response – Risk Reduction: Business process re-engineering to include maximization of all corporate security systems.
Risk 4
If a Loss of Brand Reputation comes to pass, then:
1. Accountabilities – Our Public Relations Director will immediately notify our CEO in addition to any specific department heads potentially affected by the loss.
2. Mitigating Actions (with likely results) – To reduce possible damage to the company, our Marketing Director will help identify, create, and market new and innovative products and services to the company’s existing client bases. Then, our Marking Director will partner with our Public Relations Director to publish an official press release detailing the new innovations to help improve our brand reputation (likely results).
3. Treatment Plans – Recorded and communicated to corresponding SBUs.
4. First Estimate of Potential Effects – Determined using assumption analysis, decision tree analysis, or the range method, then evaluated to select (Merna & Al-Thani, 2008, p. 203) our …
5. Optimum Response – Risk Reduction: Develop and market new and improved products and services to existing markets.
Risk 5
If a Loss of Key Staff transpires, then:
1. Accountabilities – Our HR Director will immediately notify our CEO in addition to any specific department heads potentially affected by the loss.
2. Mitigating Actions (with likely results) – To reduce possible damage to the company, our HR Director will immediately communicate with a predetermined, back-up list of next-in-line, potential employees who are each pre-qualified and professionally prepared to quickly replace any key staff (likely results).
3. Treatment Plans – Recorded and communicated to corresponding SBUs.
4. First Estimate of Potential Effects – Determined using assumption analysis, decision tree analysis, or the range method, then evaluated to select (Merna & Al-Thani, 2008, p. 203) our …
5. Optimum Response – Risk Reduction: Business process re-engineering to include formulating a back-up list of pre-qualified, potential employees as well as Risk Transfer: Ensure corporate policy on insurance will cover any loss of key staff due to death. Risk 6
If a Loss of Vital Records befalls, then:
1. Accountabilities – Our IT Director will immediately notify our CEO in addition to any specific department heads affected by the loss.
2. Mitigating Actions (with likely results) – To reduce possible damage to the company, our IT Director will maximize IT security now to help ensure all types of loss prevention (likely results).
3. Treatment Plans – Recorded and communicated to corresponding SBUs.
4. First Estimate of Potential Effects – Determined using assumption analysis, decision tree analysis, or the range method, then evaluated to select (Merna & Al-Thani, 2008, p. 203) our …
5. Optimum Response – Risk Reduction: Business process re-engineering to include maximization of all IT security systems. Risk 7
If a Loss of Trade Secrets bechances, then:
1. Accountabilities – Our Legal Director will immediately notify our CEO in addition to any specific department heads potentially affected by the loss.
2. Mitigating Actions (with likely results) – To reduce possible damage to the company, our Legal Director will immediately retain and deploy a pre-determined, highly qualified, corporate investigation firm to discover who may be responsible (and if any potential lawsuits should be filed) to prevent any lost trade secrets from getting into the hands of our competitors (likely results).
3. Treatment Plans – Recorded and communicated to corresponding SBUs.
4. First Estimate of Potential Effects – Determined using assumption analysis, decision tree analysis, or the range method, then evaluated to select (Merna & Al-Thani, 2008, p. 203) our …
5. Optimum Response – Risk Reduction: Business process re-engineering to include selecting a pre-determined, highly qualified, corporate investigation firm. Risk 8
If a Loss of Key Distributors comes about, then:
1. Accountabilities – Our Marketing Director will immediately notify our CEO in addition to any specific department heads affected by the loss.
2. Mitigating Actions (with likely results) – To reduce possible damage to the company, our Marketing Director will immediately communicate with a predetermined, back-up list of next-in-line, potential, strategic business partners who are each highly qualified and professionally prepared to quickly replace any key distributors (likely results).
3. Treatment Plans – Recorded and communicated to corresponding SBUs.
4. First Estimate of Potential Effects – Determined using assumption analysis, decision tree analysis or the range method, then evaluated to select (Merna & Al-Thani, 2008, p. 203) our …
5. Optimum Response – Risk Reduction: Business process re-engineering to include formulating a predetermined back-up list of highly qualified, potential, strategic business partners.
Conclusion
In summary, we: (A) Created a risk register with eight risks currently facing the business to include the following: (1) Explained how one of the identified risks emanates from an aspect of the companyâs global marketplace activities (e.g., manufacturing uncertainties, problems with suppliers, political instability, currency fluctuations, etc.); (2) Discussed the source(s) of each risk; (3) Evaluated the risk level for each risk in terms of severity of the impact, likelihood of occurrence, and controllability; and (B) Developed an appropriate risk response for each risk to reduce the possible damage to the company.
In closing, Facebook founder Mark Zuckerberg (n.d.) said, “The biggest risk is not taking any risk. … In a world that is changing really quickly, the only strategy that is guaranteed to fail is not taking risks.” Throughout this task, we creatively solved problems by answering the Helpology Questionâ˘: “What’s the most helpful & simplest way that works?”⢠(Christian, n.d.).
References
Buffett, W. (n.d.). BrainyQuote. Retrieved June 13, 2013, from BrainyQuote Web site: http://www.brainyquote.com/quotes/quotes/w/warrenbuff138173.html Christian, D. (n.d.). Helpology. Retrieved June 13, 2013, from Helpology Web site: http://helpology.org
Merna, T. & Al-Thani, F. F. (2008). Corporate risk management (2nd ed.). Hoboken, NJ: Wiley Tremper, C. (n.d.). WikiHow. Retrieved June 13, 2013, from WikiHow Web site: http://www.wikihow.com/Develop-a-Risk-Management-Plan
Zuckerberg, M. (n.d.). BrainyQuote. Retrieved June 13, 2013, from BrainyQuote Web site: http://www.brainyquote.com/quotes/quotes/m/markzucker453450.html
