Risk Management Affects Different Business Functions

Published Date: 02 Nov 2017

The background of this assignment make a resonance business case for having a burly risk managing program has long been a subtle challenge for many organizations. The doubt still remain unrequited, that How much appeal should be placed on preventing failure from a disaster that it by no means happened  However it is in general agreed that the penalty of risk management failure can be terrible. There is a understandable imperative for lots of companies to develop a strong, consistent, project wide risk management program, as most common to business risks will either remain at current levels or increase.

In following this goal the companies currently doing well to start by identifying their top drivers, then highlighting the peak threats to those income drivers, & distinguishing between those that are chiefly downside risks & those that are chiefly patchy risks.

While mutually categorization of risk justify attention, companies may discover the effectiveness of their risk management programs are most successful if they devote more of their attention to controlling danger rather than transferring it to insurance companies. And the risks which can be most directly controlled are downside risks, the risks that are much likely to threaten company’s top revenue drivers. When lower risks are dealt with first through prevention & control, it enables senior management to deal more aggressively with variable risks. In short they turn out to be more proactive & strategic with their risk management approach.

Conclusion

This assignment is the perceived need for effective Production management & negotiation to reduce business risks associated with Production & management violations.

Once the decision makers are aware of the embedded obligations, liabilities & risks, they can make qualified judgment regarding the best alternatives as well as other risk mitigating actions that they would like to be included in the contract. The stepwise method guides a user in analyzing the production & identifying the obligations, their fulfillment requirements, & their temporal dependencies. This analysis helps in computing the possible risks & violations that could occur & for each of them, possible outcomes, & suggestions for their avoidance. Useful work has been done in this area. Also more attention is needed for the handling of indirect, less tangible risks, such as those having to do with the partnership & strategic benefits.

Assignment

Risk Management

The Risk management is a well developed approach to manage insecurity interconnected to a threat, through a cycle of human behavior including: risk assessment, strategies expansion to manage and improvement of danger using managerial capital.

The strategy include transferring the risk to a dissimilar party, avoiding the hazard, dropping the off-putting effect of the risk accepting some or all of the results of a particular risk.

Some usual risk managements are focused on risks stemming from physical or legal causes (e.g. natural disasters or fires, mishaps, death and lawsuits).(www.whatisriskmanagement.net) Financial risk management on the other hand spotlights on risks that can be managed using traded monetary instruments.

The item of risk management is to decrease different risks associated to a preselected domain to the level customary by society. It may refer to some types of threats caused by environment, technology, organizations, human and politics. Conversely it occupies all means existing for human or in particular, for risk management entities (staff, person and organization).

(www.marquette.edu) In ideal risk management, a key process is followed whereby the risks with the maximum loss and the utmost likelihood of happening are handled first, and risks with lower probability of incidence and lower loss are handled in downward. In practice the method can be very hard, and matching among risks with a high probability of occurrence but lower loss versus a risk with high loss but inferior probability of incidence can over and over again be mishandled.

The elusive risk management recognize a new kind of risk, a risk that has a 100% likelihood of occurring but is unseen by the organization due to a lack of identification ability.

Risk management affects different business functions

Business risk management can become a strategic competitive advantage if it is used to identify specific action steps that enhance performance and optimize risk.

It can also influence business strategy by identifying potential adjustments related to previously unidentified opportunities and risks. Used appropriately, ERM thus becomes a means of helping the organization shift its focus from crisis response and compliance to evaluating risks in business strategies proactively, to enhancing investment decision-making and to improving shareholder value. Organizations that develop an ERM framework for linking critical risks with business strategies can become highly formidable competitors in the quest to add value for shareholders.

Disaster Planning in the Private Sector: A Look at the State of Business Continuity in the U.S.2005. http://www.atti.com

Like business leaders seek new ways to build shareholder value, they have begun to think in new ways about how risk management is tied to value creation. Across industries and organizations, many are recognizing that risks are no longer merely hazards to be avoided but, in many belongings, chances to be embraced.

How best it is to manage the risk to derive that value has become the critical question:

This context, business risk management has emerged as an important new business manner. BRM is a structured and disciplined approach aligning strategy, processes, people, skill, and information with the purpose of evaluating and managing the uncertainties the business faces as it creates value. "Business-wide" means the exclusion of traditional purposeful, divisional, departmental, or enlightening barriers. A truly holistic, included, future-focused, and process-oriented move toward help an organization manage all key business risks and opportunities with the intent of maximizing shareholder value for the business as a whole.

As a means of identifying, prioritizing, and managing such risks across a business or division and linking them to value creation BRM has the potential to provide organizations with a new competitive advantage.

Nearly all organizations, however, are uncertain about how, exactly, to translate the concept of BRM into concrete action steps that will help them enhance shareholder value. Leaders agree that as important as BRM might be in theory, it will never be valuable in practice unless it enables organizations to use risk information to drive business value in a way they could not do otherwise.

Figure

ASIS Business Continuity Framework

ASIS International Web Site Business Continuity Guideline: A Practical Approach for Emergency Preparedness, Crisis Management, and Tragedy Recovery. http://www.asisonlines.org

Business Impact Analysis

This Business Impact Analysis – Applying the results of the risk assessment to the business area analysis to analyze the potential consequences/impacts of identified risks on the business and to identify preventive, preparedness, reply, recovery, continuity and reinstatement controls to protect the business in the event of business disruption. This impact analysis requires consideration of the following questions:

1. How do potential hazards impact business functions, sub-functions and course?

2. What controls are currently in place?

Once risks have been identified, they should then be assessing as to their potential severity of loss and to the probability of occurrence. These quantities can be moreover simple to measure, in the case of the charge of a lost building, or not possible to know for sure in the case of the probability of an unlikely event occurring. Therefore, in the appraisal process it is critical to make the best educated guesses possible in order to properly prioritize the implementation of the risk management plan.

The basic complexity in risk assessment is determining the rate of occurrence since statistical information is not available on all kinds of past incidents. Also, evaluating the severity of the consequences (impact) is often quite difficult for immaterial assets. Asset assessment is another question that needs to be addressed. Thus, best refined opinions and available statistics are the primary sources of information. Nevertheless, risk appraisal should produce such information for the management of the organization that the primary risks are easy to understand and that the risk management decisions may be prioritized. Thus, present have been several theories and attempts to quantify risks. Numerous dissimilar risk formulae exist, but perhaps the most extensively accepted formula for risk quantification is

http://www.pwc.com

Evaluation of methods of assessing risk in business

Management can obtain considerable power from augmenting its knowledge about risk likelihood and impact. Through this procedure they will make judgments on the likelihood and impact of various risks, creating an examination such as that depicted above.

Strategic Risk

This risk is the current and prospective impact on earnings or capital arising from adverse business decisions, rude implementation of decisions, or lack of receptiveness to industry changes. This risk is a area of the compatibility of an organization’s strategic goals, the strategies developed to achieve those goals, the resources organized against these goals, and the quality of implementation. www.strategic-risk.eu/ The resources needed to carry out business strategies are both tangible and intangible

Operational Risk

Thisl risk encompasses a large range of risks that can get in the way with achieving business objectives. It often stems from profound within the spirit of the business, events, in its systems or management controls and practices. In straightforward words, operational risk is the risk of doing the right things the wrong way.

http://www.deloitte.com

Reputation Risk

This risk, often called reputation risk, is a type of threat related to the trustworthiness of business. Damage to a firm's status can result in lost revenue or destruction of shareholder value, even if the business is not found guilty of a crime. Reputational threat can be a matter of corporate trust, but serve also as a tool in crisis prevention

http://en.wikipedia.org

Regulatory or Contractual Risk

This risk separation is the process used by a regulatory authority (the regulator) to systemically treat entities differently based on the regulator's assessment of the risks of the entity's non-compliance.

Financial Risk

These potentials which shareholders can lose money on invest in a company that has debt, if the cash of the company flow proves insufficient to meet its financial obligations. When a business uses debt financing and its credit persons will be repaid if the company becomes bankrupt before its shareholders. (http://www.investopedia.com)

This risk also refers to the possibility of a corporation or government defaulting on its bonds, which would cause those bondholders to lose money.

Market Risk

This is the risk which results from adverse movements in the prices of interest rate instruments, stock indexes, commodities and currencies

Interest rate risk it arises when the income of a company is sensitive to interest rate fluctuations. Consider a company which is going to be in need of funds, a few months from now.

Currency risk is the uncertainty about the value of foreign currency assets, liabilities and operating income due to fluctuations in exchange rates.

Commodity risk is of course the uncertainty about the value of widely used commodities such as gold and silver.

Evaluation of approaches to managing risk in business

On dangerss identification and assessment, the approaches are used to manage the risk fall into one or more of these four major categories:

• Avoidance (elimination)

• Reduction (mitigation)

• Retention (acceptance)

• Transfer (buying insurance)

Finest use of these strategies might not be possible. http://en.wikipedia.org some of them may involve trade-offs that are not acceptable to the organization or person making the risk management decisions

Direct Risk Management:

This approach discusses the risk in risk management policy framework as

Identify all possible and maximum number of risks an organization is expected to be exposed to.

After listing them along, determine their level of complexity and severity for each of the risks.

Gauge the risks through appropriate tools and methods and also ensure their constant monitoring throughout.

Make sure a constant evaluation and monitoring of each of the individual risks at hand and ensure that appropriate decisions are taken to control, reduce and transfer each of the risks.

http://www.clusif.asso.fr

Indirect Risk Management:

This involves the identification of all the precursors and elements causing the risks to occur and happen in unexpected ways and times

Systematically classification of the enlisted elements in a way they are being handled, the highly prioritized being handled first.

Determine the security goals and policy

Ensure using appropriate tools to manage and mitigate these risks and restricting them to a confined limit.

Assignment # 2

All the Main drivers of business risk

Team experience and depth risk. Now Here I’m talking about both the knowledge and track record of the founders in starting a business, their knowledge and knowledge of the business domain.

Market and opportunity risk.  People in China are a large and growing market, but the people with tumor is much more well-defined.

Competitive risk: Believe seriously about the number and power of your business competitors. Having none is a red flag but having greater than a couple of large ones may mean this is a crowded space.

Financial risk: Extremely few businesses can be started without money. You as the founder will be predictable to put your own "skin in the game."

Market entry strategy risk: The collection of an inappropriate price, marketing, or distribution strategy is a large potential risk. For example, a lot of new social websites proclaim that they will offer a free service, and live on adventure (not likely in the first year without a huge marketing investment).

Political and economic risk: From time to time founders are just in the wrong place at the wrong time. Recessions are a rough time to sell luxury goods.

Technology risk: Novel technologies such as "paradigm shifts" or "disruptive" may have long and costly acceptance cycles, or may scamper into unpredictable performance or manufacturing problems.

Businesses with high attrition rate risk. Assured company sectors have historical high failure rates and are routinely avoided by investors and many founders. These include food, retail, consult, work at home, and telemarketing.

Operational risk: A number of businesses require huge support or administrative infrastructures. For example, fuel improvements require service stations and maintenance shops nationwide before they are viable.

Environmental risk: Nuclear reactor built on an earthquake fault line is a huge risk. Assess your business and location for sensitivity to floods, hurricane, and catastrophic pollution problems, like the oil fall in the Gulf of Mexico.

http://www.examiner.com

Drivers of Business Risk

http://www.lloydstsb-annualreport.com

Impact of the different types of risk

Hazard impact analysis is a plan for identifying, quantify, analyzing, extenuating, and reporting project risks. This sector includes descriptions of risks and corresponding mitigation actions that have been identified. It tells the project-wide risk reduction efforts. It is appropriate to all projects and its requirements affect all functions of a project management office.

The questions "How Much?" and "How Long?" must be answered by every organization before specific project risk information is known. Risk management helps to align the expectations of the project stakeholders and the Project Manager regarding scheme process, issue motion, and project outcome. Clients frequently have involuntary risks or constraints imposed winning them. They often are taking scheme risks they don't even be acquainted with they are taking due to poor articulation of the risks and their possible impact on the project.

Types of risk

What are the varieties of risks a company can face?

The Economist Intelligence Unit divides risks into four broad categories.

• Hazard risk is related to natural hazards, accidents, etc. that can be insured.

• Financial risk has to be with volatility in interest rates and exchange rates, default on loans, asset-liability disparity, etc.

• Operational risk is linked with systems, processes and people and deals with areas like succession planning, human resources, information technology, control systems and regulatory compliance.

• Strategic risk stems from an inability to adjust to changes in the environment such as changes in customer priorities, spirited conditions and geopolitical developments.

While this is a useful and standard way of grouping risks, the way of classifying risks is not as important as understanding and analyzing them. The very nature of uncertainty implies that it is difficult to identify all risks, depart alone classify them. Each company should carefully examine its business and its own value chain and come up with its own way of categorizing the uncertainties associated with its important value adding activities.

Other risks

Excessive dependence on a single or few products, or a single or a few areas for generating revenues results in risk. A diversified product case or geographical base can stabilize revenues and profits. When the obtainable business is underperforming or reaching a point of saturation, it may build sense to look for new business opportunities in a related area. At the same time, vast also makes management tasks more complex.

Technology risk has become important in this age of rapid innovation. Industries which cannot cope with changing technology will find themselves at a severe disadvantage. But laying bets on an innovative technology is not an easy decision.

Many companies today look at mergers and acquisitions as a way of generating fast growth by gaining quick access to resources such as people, products, technology and facilities. Post merger integration involves special challenges especially if there are cultural differences between the acquiring and acquired entities. Integration may take up much of the attention and time of top management.

In up to date times, legal risks have also become important. Product accountability class action suits by employees or shareholders can pose grave problems. Likewise, anti-trust proceedings by the government can take a company’s attention away from its center business.

Political risks also need to be managed vigilantly. Government may hastily change their policies or may intervene in the company’s operations. Understanding the scenery of political instability and anticipating problems is important, especially for international corporations operating in emerging markets.

Example of an Organization

The Indian software services company Polaris faced a crisis a few years ago, when Arun Jain (CEO) was arrested in Indonesia. Similarly, a senior manager of another leading Indian software industry, iflex (now a part of Oracle) was held in the Netherlands. Though reason was given by the authorities to justify the arrests, there is little hesitation that political considerations played an important role. Sometime reverse, we saw a backlash against Indians in Malaysia. And more recently, Indian IT service providing companies are coming under attack from American politicians for the jobs lost due to off shoring.

Question: Analysis of severity and likelihood of risk

http://www.fao.org

Classify Risks by Type

Categorize risks the length of the lines shown in a risk classification document, to aid in subsequent strength of mind of risk controllability and assortment of appropriate risk mitigation actions.

Assess Risks

Step 1: Assess the likelihood of occurrence (probability of occurrence) by eliminating any risks which, on mirror image, you believe will not occur. Roughly categorize the remaining risks as high, medium, or less probability of occurrence.

Step 2: Review the extent of severity of impact by:

Evaluate all risks in terms of its possible impact on the project baselines of effort, cost, time (agenda), and requirements (range, performance, acceptance, quality)

Eliminating any threats which you consider have no or only small impact on the baselines

Roughly categorize the remaining risks as high, medium, or low severity of impact.

Step 3: Set the identified risks on the basis of the rough assessments. The causal factors are the likelihood of occurrence and severity of impact.

Step 4: Quantify the risk based on probability by assigning numerical values to various aspects of each risk to provide a consistent basis for combining them into an overall Risk Profile and determining risk mitigation opportunities and actions. Allocate a value from "1" to "5" to each risk (based on the likelihood of occurrence) using the scale below:

Table - Scaling Risk

Assessment of Likelihood

Value SCALE

Very unlikely

1

Somewhat unlikely

2

50/50 chance

3

Highly likely

4

Nearly certain

5

Step 5: Quantify the risk (base on severity of impact) using the table below:

Table - Assessment of Risk Severity

Assessment of Severity

Value

Minor impact on cost, schedule, performance

1

Moderate impact on cost, schedule, activity

2

Significant impact on project baselines

3

Very significant impact on project baselines

4

Disastrous impact, probable project failure

5

Step 6: Quantify risk (in the terms of level of controllability) using the table below:

Table - Risk Controllability Assessment

Assessment of Controllability

Value

Essentially unacceptable through selected risk mitigation actions

1

Highly controllable through company or project actions

2

Moderately controllable through Company or project actions

3

Largely not controllable by the organization or the project

4

Uncontrollable by the organization or the project

5

Step 7: Determine risk mitigation actions. Identify and evidence potential actions that could be taken in order to avoid or mitigate the individual risks (based on their level of controllability) using the table below:

www.epmo.scio.nc.gov

Risk Management Strategies:

Risk avoidance

It includes not performing an action that can carry risk. An instance would be not buying a property in order to not take on the legal responsibility that comes with it. Another will be not flying in order to not take the risk that the airplane was to be hijacked. Avoidance can seem the respond to all risks, but avoiding threats also means behind out on the possible gain that accepting (retaining) the hazard may have allowed.

Risk reduction

Engage methods that decrease the harshness of the defeat or the likelihood of the loss from occurring. Examples comprise sprinklers designed to put out a fire to reduce the risk of loss by fire. This technique may grounds a greater loss by water injure and consequently may not be suitable.

Nowadays software expansion methodologies reduce risk by developing and delivering software incrementally. Untimely methodologies suffer from the verity that they only delivered software in the final phase of growth; any problems encountered in earlier phase meant costly rework and often jeopardized the whole project. By developing in iterations, software project can limit effort wasted to a single iteration.

Risk retention

It involves tolerant the loss when it occurs. True personality indemnity falls in this category. Threat maintenance is a viable plan for small risks where the price of insuring beside the risk would be greater over time than the total losses sustained. (http://en.wikipedia.org ) All risks that are not avoided or transferred are preserved by evasion. These include risks that are so large or catastrophic that they whichever cannot be insured against or the premiums would be infeasible.

Risk transfer

Signify causing other party to accept the danger, typically by concord or by prevarication. Insurance is one nature of risk transfer that uses contracts. Other times it may engage contract speech that transfers a risk to another party without the expense of an indemnity premium. Liability among building or other contractors is very often transferring this way. Conversely, taking offsetting positions in derivatives is typically how firms use hedging to financially manage risk.

http://en.wikipedia.org

Approaches to Crisis Management:

Crisis management is the method by which organization agreements with a major occasion that threatens to harm the organization, stakeholders, or the population.

Structural and practical systems theory

On condition that information to an organization in an occasion of disaster is critical to effective crisis management. Structural and functional scheme theory addresses the intricacies of information networks and heights of command making up organizational communication. The structural-functional assumption identifies in sequence run in organizations as "networks" made up of members and "links". Information in organization run in prototypes called networks.

Diffusion of innovation theory

One more theory that can be applied to the distribution of information is Diffusion of Innovation Theory developed by Everett Rogers, the hypothesis describe that how innovation is disseminated and communicated through certain channels over a period of time. Diffusion of novelty in communication occurs when an individual communicates a new idea to one or several others. At its most basic form, the process involves: (1) a modernization, (2) a body or other factor of adoption that has awareness of or experience with using the innovation, (3) an extra individual or other unit that does not up till now have knowledge of the modernization, and (4) a contact guide connecting the two units. A contact channel is the means by which messages get from one individual to another.

Example of Crisis Management

Pepsi Corporation looked a disaster in 1993 which started with claims of needles being found in cans of diet Pepsi. Pepsi urged amass not to take away the product from shelves while it had the cans and the state investigated. This led to apprehend, which Pepsi made public and then chased with their first video news release, showing the manufacturing process to demonstrate that such interfering was impractical within their factories. A 2nd video news release displayed the man arrested. A third tape information release showed observation from a convenience store where a woman was caught replicating the tampering incident.

The group all together widely worked with the FDA throughout the crisis. The corporation was totally undone with the public throughout, and each workers of Pepsi was reserved attentive of the details. These complete public messages effective throughout the crisis. After the disaster had been resolved, the big business ran a series of special campaigns designed to be grateful the public for standing by the corporation, along with tickets for more compensation. www.caritasuni.edu.ng

Impacts of Breaks in Business Continuity

Risk management is basically an application of systematically selecting cost effective approaches for minimizing the effect of threat insight to the organization. All risks can by no means be fully avoided or mitigated simply because of financial and practical limitations. Therefore all companies have to accept some level of residual risks.

While managing risk has a tendency to be preventative and business stability planning was invented to compact with the consequences of realized residual risks. The necessity to have this BCP in place arises because even extremely unlikely events will happen if given a sufficient amount time. Managing risk and BCP are often mistakenly seen as rivals or overlapping practices.

In fact these techniques are so tightly tied together that such partition seems artificial http://en.wikipedia.org

Business Continuity: The commerce specific plans and actions that enable an organization to respond to a crisis event in a manner such that business functions, sub-functions and method are recovered and resumed according to a predetermined plan, previous by their criticality to the economic viability of the business. Business continuity has the functions of business resumption and business (disaster) recovery.

Business Recovery: Preparations and actions to recover essential business systems that support business resumption and eventual business restoration and change. The substitute term of "disaster recovery" is often used interchangeably with business recovery and carries with it an information technology connotation. Production recovery applies to all business systems and not just those related to IT.

Business Resumption: Maps and actions to resume the most time sensitive business functions, sub-functions, methods and procedures essential to the economic viability of a business.

Restoration and change: Maps and actions to restore and transition a business to "new normal" operations following a crisis event.