Reviewing Organisational Processes, Procedures, And Requirements For Risk Management Essay.

Estimated Time

30 Minutes

Objective

To provide you with an opportunity to review organisational processes, procedures and requirements for undertaking risk management in accordance with current risk management standards.

Activity

What is the difference between the new ISO13000 and AS/NZS 4360:2004?

The main difference between the ISO 13000 and AS/NZS 4360:2004 is that the first one aims to align uniformity between risk management systems whereas the latter one does not care about enforcing uniformity in risk management systems.

Briefly outline the legal framework.

The legal framework requires a project or organization risk management system to follow certain legal guidelines. In many of the risks, certain legal aspects are related and it is important to ensure the legal rules or guidelines are followed while managing the risks.ase study: Christine Finkel worked 13 hours a day, six days a week for three months. She noted that the floor was slippery but decided to help a customer before taking steps to clear the area. By the time that Christine returned to the area, she had forgotten that the floor was wet. Christine fell and broke her leg.

What unsafe behaviour have you identified here?

The identified unsafe behaviour is that Christine preferred to serve the customer rather than prioritizing the safety of herself or the other staffs and customers i.e. she failed to address a risk before continuing her daily duties that resulted in disaster.

What could be the impact of Christine’s situation to the organisation?

Christine’s situation will result in the loss of an important staff of the organization for a considerable amount of time that will affect the daily operations of the organization.

What would you do if you took a job as a supervisor and walked into a similar situation?

If I was in the similar situation, I would have emphasized on first addressing the risk before continuing the daily operations at the store. This is because the risk should always be on the top of priority list that should always be identified and addressed as early as possible.

Estimated Time

30 Minutes

Objective

To provide you with an opportunity to determine scope for risk management process.

Activity

Do you believe understanding the different types of risk can assist you in defining the scope?

Understanding different types of risk can definitely assist one to define the scope. This is mainly because the scope of a project generally defines a boundary or limit of a project and with understanding the different risks, the boundary can be set accordingly such that the risks are not encountered or the chances of encountering the risks are minimized.

When writing the scope, what should the writer consider?

When writing the scope, the writer should consider a number of points as follows.

      The main requirements that are to be fulfilled in the project

      The assumptions that have been made in the course of the project

      The exclusions and limitations that are applicable for the project

      The available budget for the project

      The proposed schedule for the project

      Number of human resources available for the project

      Various external factors like market condition associated with the project

What needs to be evaluated and why?

Based on your outline in the previous question, use your knowledge of your own organisation, or an organisation that you know, to write a brief scope of risk management. (Note: if you work or have worked in a large organisation, you can use this question to write a scope for a project you work on or have worked on) – In your answer, briefly explain the organisation or project.

For defining the scope of a project or risk management process, it needs to be evaluated whether the organization has sufficient resources to bypass the risk and how much the risk can affect the organization if encountered at any point of time.

As an instance, a case study of Starbucks has been chosen and the selected project is opening a new store in a new country in Asia. Starbucks is an American company that sells coffee and other similar drinks to the customers. Due to the high quality of coffee and the high brand value, the cost of a coffee drink in the company’s stores is generally high. If the company wants to open store in a new country in Asia, there are several risks associated. The scope of risk management for such a case can be defined as follows.

Ø  Evaluation of the new market where the company is entering to determine the extent of competition in the same

Ø  Evaluation of the maximum price limit of each product that will be accepted by the customers in the new market

Ø  Evaluation of feasibility of the business in the selected market

Estimated Time

30 Minutes

Objective

To provide you with an opportunity to identify internal and external stakeholders and their issues.

Activity

List three internal stakeholders that you may find in an organisation.

Three internal stakeholders that can be found in an organization and their roles are as follows.

Project Manager – Management, control, change and supervision of any project

Finance Manager – Management of finances and project funds

Human Resources Manager – Management and recruitment of human resources

List four external stakeholders that may be associated with an organisation.

Four external stakeholders that may be associated with an organization are as follows.

Sponsor – Providing funds for a new venture or project

IT Assistant – Introduction and implementation of new IT related projects

Marketing Manager – Marketing of business of the organization

Procurement Manager – Procurement of the required supplies for a project of the organization

In the chart below, identify three stakeholders, state their objectives towards your organisation, or an example organisation, in terms of risk management (i.e. supplier believes goods loaded onto an unsafe delivery dock). Who is your contact with the supplier and how would you consult with them? What are the recommended feedback and consultation procedures with them?

Case study: In recent months, your organisation has grown as demand for the product has increased. In turn, the number of deliveries from one of your suppliers has increased. Your organisation has established a strong relationship with one driver, Nick, and he is the only one able to deliver goods to the organisation due to the volatility of the goods delivered. Do you believe that the driver is put at risk? Why?

The driver is at risk due to the regular transportation of volatile goods that may cause a significant risk to the health of the driver. Since there are no back up drivers, Nick is daily exposed to such volatile goods that will affect his health in the long run.

What could the impact of the increase of deliveries have on the supplier?

With the increase of deliveries, the supplier has to keep up by constantly updating his inventory in order to maintain or increase the rate of the supply.

The supplier contacts you and asks you to change your driver policy as the driver has complained. What is this called? How would you resolve this problem?

This is a negative feedback from the part of the driver who does not feel the driver policy is suitable for him.

In order to resolve this problem, some changes are to be made in the driver policy and new drivers are to be recruited with the alternate shifts.

Estimated Time

30 Minutes

Objective

To provide you with an opportunity to review political, economic, social, legal, technological and policy context.

Activity

Gather into small groups for the following group activity:

Choose an example organisation and make a list of at least one change in the following areas that will impact on the organisation’s risk management processes. What steps would you take to ensure that your work area is safe in regard to risk?

An example organization for analysis is Apple Inc.

The areas are:

Political

Apple Inc. has been developing some features in their devices that may have political implications and some policies of some countries may brand these features as politically inappropriate.

Economic

Apple products are generally extremely expensive and hence, the acceptability of the products is low in certain countries.

Social

The device features are attractive to gather social interest around the world.

Legal

Apple Inc needs to abide by legal guidelines regarding development, research, branding and marketing of its own products.

Technological

Apple utilizes latest technology to develop the latest features that are included in the devices like smartphones and macbooks.

The policy context

Apple needs to revise its policy that considers all the above points and manage the business processes accordingly.

Estimated Time

30 Minutes

Objective

To provide you with an opportunity to review strengths and weaknesses of existing arrangements.

Activity

Complete a SWOT analysis of an organisation that you know well.

The chosen organization is Apply Inc.

Is the organisation internally or externally driven? Why?

The organization is internally driven as it has its own research and funding structure with the development of one of its kind features.

Estimated Time

45 Minutes

Objective

To provide you with an opportunity to document critical success factors, goals or objectives for area included in scope; obtain support for risk management activities; and communicate with relevant parties about the risk management process and invite participation.

Activity

Use the following critical success factors and document how you would ensure that your organisation’s (or example organisation’s) performance improves. The CSFs are:

Trust

The employees must trust each other and the management must have trust on its employees.

Organisational culture

There should be an appropriate organizational culture that promotes trust and team work rather than conflicting roles.

Management support

Management must support the employees at all times for ensuring success in any operation.

Communication

There should be a well defined communication system so that the stakeholders and employees can freely interact with each other.

How can you know if you have handled the CSFs correctly?

If the CSFs are handled correctly, the overall performance of the organization will increase with the increase in happiness and morale of all the employees.

For one of the CSFs ask the relevant personnel (or trainer, if not working for an organisation) for support in managing associated risks and briefly document this.

For the management support, there is a risk that the management may not have complete faith in the employees. This is required to address in order to establish a suitable organizational culture.

Discuss the associated risks for the CSF, as mentioned in the last question, with those involved, or with two other persons from your training group, and note the outcome of this.

Some risks and their outcomes are as follows.

Conflicts – Personal fights between employees affecting organizational performance

Lack of Faith from Management – Low morale and performance of the employees

Misunderstanding due to lack of communication – Information not reaching the right persons

Estimated Time

40 Minutes

Objective

To provide you with an opportunity to identify risks.

Activity

Identify a risk in your work area or example work area (this can be a possible risk if there are no risks requiring improvement).

What is the risk?

A risk may be cyber security risk as the work involves constant usage of the internet.

Provide details of the problem.

With continuous internet usage, the system is prone to be affected to external attacks and security issues.

Who would you discuss this problem with?

This problem should be discussed with the IT Assistant.

What type of research would you do to measure the level of risk?

To measure the level of the risk, detailed analytic and technical research is necessary.

What documentation could you use?

The relevant IT implementation documentations can be used.

What literature would you research?

Literature related to cyber security risks can be researched.

Invite other members of your team/training group to also help identify any risks and note down the outcome of this.

Consultation is an important part of the risk analysis; in what ways can you gather information from stakeholders in this instance?

For gathering information,  a team meeting can be called where all the stakeholders will have to participate and discuss the risks identified by them during planning and evaluation.

Estimated Time

45 Minutes

Objective

To provide you with an opportunity to analyse risks.

Activity

Using the research from Activity 2.1.1-2.3.1, complete the following:

Likelihood

Ø  Probability of a given risk occurring, such as:

o   Almost Certain (exposed to hazard constantly)

o   Likely (exposed to hazard occasionally)

o   Unlikely (could happen but only rarely)

o   Highly unlikely (could happen but probably never will).

Moderate Injury consequences & possible likelihood form part of standard Risk Management but you can decide if they meet your requirements.

Consequences may be rated as:

a)      A fatality

b)      Major or serious injury (serious damage to health that may be irreversible, requiring medical attention and ongoing treatment). This is likely to involve significant time off work;

c)       Minor injury (reversible health damage that may need medical attention but limited ongoing treatment). This means that it is less likely to spend more than a day off work.

d)      Negligible injuries (might sustain slight injury and may require only primary first aid) and no time off work

Assess the risk

What is the likelihood of this problem arising again?

The likelihood of this problem arising again is high.

What are the possible consequences of this risk?

The possible consequence is that secure information and data from the workstation and the server connected to it may be stolen or damaged.

Evaluate and priorities risks for treatment?

Risk priority is an order in which the risks are arranged as per their chances of occurrence and the consequences of the risk.

What risk priority would you consider?

The chosen risk should be considered in the highest priority.

What opportunities do you think there are in your case? How can these opportunities be used?

In the chosen case, there is opportunity to learn more about cyber security risks such that there can be better preparations in the near future.