The History Of The Risk Management Strategies

Published Date: 02 Nov 2017

This unit has two intentions, firstly, to raise up business risk awareness and develop skills to assess, monitor and control business risks. Secondly, to develop an appreciation of the implications of business risks. But in order to achieve these, We need to understand the risk management function in business; understand how business risk is assessed and manage; understand the effects of business risks and how they can be manage; and lastly understand approaches to crisis management and business continuity planning. In order for to achieve these; assignment one and two must be met.

In assignment one, we are given a task to give an advice about risk assessment and how it should be managed in their new business. In setting up a new business, we need to give importance to risk assessment and how to manage. And to start with, let me define first what risk is. The risk is the chance, high or low, that somebody could be harmed by these and other hazards, together with an indication of how serious the harm could be. Risk is a probability or threat of damage, injury, liability, loss, or any other negative occurrence that is caused by external or internal vulnerabilities, and that may be avoided through pre-emptive action. In all types of undertaking, there is the potential for events and consequences that constitute opportunities for benefit or threats to success. Risk Management is increasingly recognised as being concerned with both positive and negative aspects of risk. Therefore we should consider risk from both perspectives. In the safety field, it is generally recognised that consequences are only negative and therefore the management of safety risk is focused on prevention and mitigation of harm. In addition to these, the roles of the risk management function in business are setting policy and strategy for risk management basically; policies allow management to guide operations without constant management intervention. Through this as well it can direct link between an organisation's "Vision" and their day-to-day operations. Building a risk aware culture within the organisation including appropriate education; establishing internal risk policy and structures for business units; designing and reviewing processes for risk management; co-ordinating the various functional activities which advise on risk management issues within the organisation; developing risk response processes, including contingency and business continuity programmes; preparing reports on risk for the board and the stakeholders. Knowing all the role of risk management provide a rational basis for better decision making in regards to all risks.

Furthermore, risk management plays a serious role in many organisations. As a result, the department must be aligned with corporate objectives and direction. To that end, the risk management function should be part of the strategic decision-making team. This means that it should play an essential role in merger and acquisition due diligence, and be engaged in any decisions regarding investments in technology platforms, expansion, plant upgrades, facility closures, workforce reductions and supply chain management. The focus of good risk management is the identification and treatment of these risks. Its objective is to add maximum sustainable value to all the activities of the organisation. It marshals the understanding of the potential upside and downside of all those factors which can affect the organisation. It increases the probability of success, and reduces both the probability of failure and the uncertainty of achieving the organisation’s overall objectives. Risk management should be a continuous and developing process which runs throughout the organisation’s strategy and the implementation of that strategy. It should address methodically all the risks surrounding the organisation’s activities past, present and in particular, future. It must be integrated into the culture of the organisation with an effective policy and a programme led by the most senior management. It must translate the strategy into tactical and operational objectives, assigning responsibility throughout the organisation with each manager and employee responsible for the management of risk as part of their job description. It supports accountability, performance measurement and reward, thus promoting operational efficiency at all levels.

Adding to this, other benefits of risk management is to protect and adds value to the organisation and its stakeholders through supporting the organisation’s objectives by providing a framework for an organisation that enables future activity to take place in a consistent and controlled manner.

Improving decision making, planning and prioritisation by comprehensive and structured understanding of business activity, volatility and project opportunity/threat is also one of it. Contributing to more efficient use/allocation of capital and resources within the organisation is another positive outcome. Reducing volatility in the non essential areas of the business; protecting and enhancing assets and company image; developing and supporting people and the organisation’s knowledge base and lastly optimising operational efficiency are just the good ways of management of risk.

On the other hand, business functions is a process or operation that is performed routinely to carry out a part of the mission of an organisation. So how risk management affects different business functions? On strategic aspect; these concern the long-term strategic objectives of the organisation. They can be affected by such areas as capital availability, sovereign and political risks, legal and regulatory changes, reputation and changes in the physical environment. Another thing is the operational; these concern the day-today issues that the organisation is confronted with as it strives to deliver its strategic objectives. In terms of financial; these concern the effective management and control of the finances of the organisation and the effects of external factors such as availability of credit, foreign exchange rates, interest rate movement and other market exposures. Like wise with knowledge management; these concern the effective management and control of the knowledge resources, the production, protection and communication thereof. External factors might include the unauthorised use or abuse of intellectual property, area power failures, and competitive technology. Internal factors might be system malfunction or loss of key staff. What’s more is the compliance; these concern such issues as health & safety, environmental, trade descriptions, consumer protection, data protection, employment practices and regulatory issues. These are the role of business functions in the management of risk. We need to assess these most of the time to lessen and even prevent the occurrence of harm to the people and to the organisations.

The first thing to do is to identify the hazards. First you need to work out how people could be harmed. When you work in a place every day it is easy to overlook some hazards. Walk around your workplace and look at what could reasonably be expected to cause harm. By doing so, you can ask the employees or their representatives what they think. They may have noticed things that are not immediately obvious to you because they are the one working on the floor. There is much information on the hazards that might affect your business. That is why be observant and sensitive while working. Second is to decide who might be harmed and how. For each hazard you need to be clear about who might be harmed; it will help identify the best way of managing the risk. That doesn’t mean listing everyone by name, but rather identifying groups of people like those people working in different departments (HR department, storage area, kitchen area, healthcare department). In each department, identify how they might be harmed; think what type of injury or ill health might occur. For example, ‘healthcare provider may suffer back injury from incorrect handling of service users’. Remember: some workers have particular requirements, like new and young workers, new or expectant mothers and people with disabilities may be at particular risk. Extra thought will be needed for some hazards; cleaners, visitors, contractors, maintenance workers and others, who may not be in the workplace all the time; members of the public, if they could be hurt by your activities; if you share your workplace, you will need to think about how your work affects others present, as well as how their work affects your employee– talk to them; and ask the staff if they can think of anyone you may have missed. The third one is to evaluate the risks and decide on precautions. Having spotted the hazards, then you have to decide what to do about them. The law requires you to do everything ‘reasonably practicable’ to protect people from harm. You can work this out for yourself, but the easiest way is to compare what you are doing with good practice. So first, look at what you’re already doing; think about what controls you have in place and how the work is organised. Then compare this with the good practice and see if there’s more you should be doing to bring yourself up to standard. In asking yourself this, consider: Can I get rid of the hazard altogether? If not, how can I control the risks so that harm is unlikely? When controlling risks, try a less risky option; when ordering chemicals, use the less hazardous once for example. Prevent access to the hazard; by ‘always on the watch.’ Organise work to reduce exposure to the hazard like putting barriers or signage on areas that could cause harm to others. Issue personal protective equipment is another thing good example of these are the clothing, footwear, goggles and aprons if needed in the area. Provide welfare facilities which are the first aid and washing facilities for removal of contamination. Always think of health and safety in the area and do precautionary measures. Failure to take simple precautions can cost you a lot more if an accident does happen. Keep in mind to involve the staff or employee, so that you can be sure that what you propose to do will work in practice and won’t introduce any new hazards to the work place. The fourth one is to record your findings and implement them. Putting the results of your risk assessment into practice will make a difference when looking after people and your business. Writing down the results of your risk assessment, and sharing them with your employee, encourages you to do this. It is useful to write down your result so that you can review it if something changes happen. When writing down your results, keep it simple and direct to the point, for example ‘Tripping over rubbish: bins provided, staff instructed, weekly housekeeping checks’. We do not expect a risk assessment to be perfect, but it must be suitable and sufficient. It needs to be able to show that: a proper check was made; think who might be affected; dealt immediately with all the significant hazards, and also taking into account the number of people who could be involved; the precautions are reasonable, and the remaining risk is low; and of course involved your staff or their representatives in the process. Sometimes you can find lots of improvement along the way. Make a plan of action to deal with the most important things first. Health and safety inspectors acknowledge the efforts of businesses that are clearly trying to make improvements. A good plan of action often includes a mixture of different things such as: a few cheap or easy improvements that can be done quickly, perhaps as a temporary solution until more reliable controls are in place; long-term solutions to those risks most likely to cause accidents or ill health; arrangements for training employees on the main risks that remain and how they are to be controlled; regular checks to make sure that the control measures stay in place; and clear responsibilities must be observe – who will lead on what action, and by when. Bear in mind, prioritise and tackle the most important things first all the time. The fifth and last is to review your risk assessment and update if necessary. Most of the workplaces are bringing in new equipment, substances and procedures that could lead to new hazards. It makes sense, therefore, to review what you are doing on an ongoing basis. Every year or so formally review where you are, to make sure you are still improving, or at least not sliding back. Look at your risk assessment again. Keep asking questions in mind; have there been any changes? Are there improvements you still need to make? Have your workers spotted a problem? Have you learnt anything from accidents or near misses? Make sure your risk assessment stays up to date. They say, in business it’s all too easy to forget about reviewing your risk assessment – until something has gone wrong and it’s too late. Before it will happen, set a review date for risk assessment. Make a note to have a regular check or review. During the year, if there is a significant change, don’t wait for the date. Check your risk assessment and, when necessary, amend it right away. If possible, it is best to think about the risk assessment when you’re planning your change – that way you leave yourself more flexibility and reasonable in doing so.

There are different approaches in managing risk. To start with, the first step is to identify risks. Risks are about events that, when triggered, cause problems. Hence, risk identification can start with the source of problems, or with the problem itself. When either source or problem is known, the events that a source may trigger or the events that can lead to a problem can be investigated. Next step is to analyze the risk; it is a technique to identify and assess factors that may jeopardize the success of a project or achieving a goal. This technique also helps to define preventive measures to reduce the probability of these factors from occurring and identify countermeasures to successfully deal with these constraints when they develop to avert possible negative effects on the competitiveness of the company. The third step is to prioritize and map the risk. Prioritize different risks as serious, moderate or mild. You can use a color coding system for easy graphical analysis. Once you have all this data laid out in front of you, you will be in a position to rank individual risks. If risks are improperly assessed and prioritized, time can be wasted in dealing with risk of losses that are not likely to occur. Spending too much time assessing and managing unlikely risks can divert resources that could be used more profitably. That is why in this stage prioritizing is critical. The fourth step is to resolve the risk. In resolving risk it is vital from the perspective of enterprise risk management. What will you do if the risk materializes? Can you do something to overcome the risk? Can you take some measures to lessen its impact? You should think about all these questions and come up with a risk treatment and contingency plan for the same. It should include ways in which to control as well as overcome the risk conditions. The fifth and the last step is to monitor the risk. In monitoring there should be proper communication between the different departments involved in the process. Communication is vital because it can affect the entire process both negatively as well as positively. After knowing all the process; a key to effective execution of a process is an efficient means of identifying problems beforehand and an inescapable methodology for taking action proactively against your most serious risks.

ASSIGNMENT TWO

Risk assessment

There are many drivers of business risk. The first driver is the strategic risk it is the threats or opportunities that materially affect the ability of an organisation to survive. Every fast-growing business starts with an idea, which turns into the business plan. Due to business competitions, strategy might revolve around bringing a new product to market, or be based on an existing product or service applied or delivered in a new way so that risk may overcome. I have been working to the health care organisation; I have noticed that they are using a positive strategy in encouraging older people to stay in the nursing home that they are running. Example of which is the different kinds of activities that they are giving to the residents. The management is taking risk in introducing new activity for the residents. And they are getting a positive feedback from the residents itself and even from the relatives.

On the operations side, operational risk represents another key driver. Operational risk in the organisation drives endeavours to strengthen safe, reliable and compliant operations. They use capability and judgement to identify, assess and manage operating risks and seek to assure there are robust action plans in place to control or mitigate them. In the nursing home that I’ve been to, they are very particular in the safety of the service users and the service providers, they do risk assessment first before they introduce new equipment to the service users to deliver ever-better results and also through this harm or accident can be prevented.

Clearly no business can grow without the right funding, and so financial risk is another driver. Financial risk is the possibility of the organisation defaulting on its bonds, which would cause those bondholders to lose money. Finding the right form of financial backing, and at the right time, is critical.

Last but not least is the information risk driver. Information, in whatever form, is a valuable asset to any organisation. It is the basis on which strategic decisions are made and daily tasks are performed. There are many ways that good information can be undermined. Corrupted or compromised information can cause a wide range of problems, from those that are simply annoying to those that could have a major impact on an organisation’s future. Information Risk encompasses all the challenges that result from an organisation’s need to control and protect its information.

Managing all drivers can be a complex challenge. As the business grows, so new approaches may be required in each area; a different form of capital injection, a new type of staff reward structure, an improved financial reporting system and specially training for health and safety procedures. And in terms of information risk the organisation’s success depends on the trust and goodwill of staff, suppliers, customers, and the public at large, so it is essential that all its information is properly managed, controlled and protected.

Different types of business risk exist in the economic market. Each risk carries different implications for business owners to overcome. Business risk can also result from overall economic conditions. Changes in government monetary or fiscal policy often create riskier situations for businesses.

Strategic business risk occurs from the amount of competition in the economic market. Increasing competition can create lower market share and fewer profits for a company. Business owners must also spend more time and money educating consumers on why their product is superior to a competitor. Larger business organisations may be able to withstand higher amounts of competition than smaller business organisations.

Financial risk involves losing money from consumer sales or facing strict credit requirements. Business owners may sell inventory or other items to consumers at reduced prices in an attempt to make money to pay business expenses. Sales on account can also create difficult business situations. Not only most companies find ways to collect their money, but the company may also lose money from consumers who cannot pay future bills. Strict credit requirements may limit loan amounts, increase interest rates or create other unfavorable financing terms for businesses.

Operational business risk is the possibility of a company will face deteriorating situations in their production process. Inefficient facilities, broken equipment or theft represent a few operational business risks. Business owners with high operational risks face decreasing production output, low-quality consumer products and poor production efficiency. These situations can allow a competitor to step in and take away the company and market share. Companies can also face increases and financial risks if they must continually spend money to repair or correct operational issues.

On the other hand, there are high-risk areas in the business. Like the data; it is an important business asset. Locate, identify, and classify sensitive data to reduce data privacy risks, lower potential data sharing exposure, and improve compliance. To operate its day-to-day business fruitfully, a company must be proficient at collecting, storing, processing, and transforming data. These capabilities allow a company to efficiently bill customers, create new products and services, and analyse sales trends to devise targeted marketing plans. This critical information should be protected like any other valuable asset. One more thing is the system integrity begins with selecting and deploying the right hardware and software components to authenticate a user’s identity and help prevent others from assuming it. In doing so, it needs to offer efficient administrative functions to restrict access to administrator-level functions, and give administrators processes and controls to manage changes to the system. There are many individual components to system integrity, such as vulnerability assessment, antivirus, and anti-malware solutions. However, the ultimate goal from an access control standpoint is to prevent the installation and execution of malicious code while protecting valuable data from the beginning. More over, reputational risk is a type of risk related to the trustworthiness of business. Damage to a firm's reputation can result in lost revenue or destruction of shareholder value, even if the company is not found guilty of a crime. Reputational risk can be a matter of company trust, but serves also as a tool in crisis prevention. This type of risk can be informational in nature or even financial. Extreme cases may even lead to bankruptcy due to this matter. According to Warren Buffett famously said that a "reputation takes twenty years to build and five minutes to ruin," and this is really true. Another high risk is the financial theft. In doing so, they will steal your identity. And identity theft happens when fraudsters access enough information about someone’s identity (such as their name, date of birth, current or previous addresses) to commit identity fraud. If you’re a victim of identity theft, it can lead to fraud that can have a direct impact on your personal finances and could also make it difficult for you to obtain loans, credit cards or a mortgage until the matter is resolved.

Risk Management Strategies

Risk management is the way in which adverse effects from risk are managed and potential opportunities are understood. The potential cascade effect of a failure to address a safety issue may affect the level or type of risk experienced in all areas of the organisation. It is essential that all your risk management processes and systems compliment one another, acceptable within your organisation’s culture and work in collaboration towards the same goals.

In terms of health and safety policy; this has been driven by the need to meet legislative requirements and the recognition that risk management is good practice. An effective work health and safety management program is an integral part of any successful organisation. It ensures that the health and safety needs of your employees are properly addressed and can offer a range of benefits including reduced injuries and illnesses, compliance with legislation, reduced workers compensation costs, improved operational efficiency, and better corporate governance.

Employment practices are steps that your organisation takes to ensure that written policies, procedures, records, employer-employee relations, leaves of absence, and other management practices are handled consistently, fairly, and in compliance with the local law. Since one of the organisation’s most valuable assets is its employees, it is important to find the best in the field.  Hiring the right employees, motivating them, and providing training and development opportunities are of strategic significance.

In fraud prevention measures, in every department in the organisation have to be responsible. The management is in charge for assessing the risk of fraud and implementing appropriate anti-fraud programs and controls to reduce that risk to an acceptable level. Executives also play an important role in determining the ethical tone of the company by setting the proper example. Employees have a right to expect that their leaders set high standards. In the absence of management integrity, fraud can pervade the company. That is why the management should provide a mechanism for employees to report concerns about unethical behaviour, actual or suspected fraud, or violations of the entity's code of conduct or ethics policy.

There are different approaches in crisis management. Let me define first what crisis management is; it is the process by which an organisation deals with a major event that threatens to harm the organisation, its stakeholders, or the general public. One way of approaching the crisis is by business continuity planning; it is an essential part of any organisation’s response planning. It sets out how the business will operate following an incident and how it expects to return to ‘business as usual’ in the quickest possible time afterwards. The plan itself sets out the agreed arrangements for bringing events under control, the necessary resources for maintaining critical business functions and the staff required for co-ordinating actions. It also needs to be clearly presented, avoiding vague internal references and abbreviations, and structured in such a way that people can quickly find and understand what is expected from them.

A well-designed business continuity plans and crisis management processes will recover the business in a methodical way and within specified timeframes. Such plans are serious to ensuring that essential operations can carry on in the event of an interruption, and that damage to your business’s reputation, employees, assets and commercial viability is kept to a smallest possible.

In the organisation they do have control risks’ business continuity and crisis management advisors. They provide support throughout the entire business continuity lifecycle. How they do it? First the business impact analysis; identify your key business processes, people, systems and dependencies, and the impact their interruption would have on the business. Second is the risk assessment; organise and run convincing simulations to test your plans and systems and help your people to develop the knowledge and skills they need to manage crises. Third is the strategies; advisors will work to investigate and develop strategies for regaining before any serious impact is suffered. Fourth is the document plans; document agreed strategies, implement crisis management structures and create clear lines of growth and communications. The fifth one is the exercise and implementation; exercises clients' business continuity teams give them a chance to practice their roles and responsibilities when the plan is put into action. In this stage too, they offer awareness training to a broader group of employees to build their knowledge of the plans. Sixth is to review and maintain; control risks helps clients review and maintain their business continuity plans to ensure they continue to reflect changing threats. And the seventh one is to manage an interruption; in the event of an interruption, expertise from control risks can help keep the impact, costs and reputational damage to a minimum.

After answering assignments one and two, I was able to understand the risk management function in business, how business risk is assessed and managed, and the effects of business risks and lastly the approaches to crisis management and business continuity planning. I can now impart my knowledge in the said unit to the organisation I am into. And in the future if I was given a chance to put up my own business this assignment was really a great help in doing risk assessment and management.