Q1 Implementation of BYOD Policy by Commonwealth Bank
A risk is an anticipated positive or negative outcome. A risk scenario is a series of events and activities that have the potential of leading to a positive or negative outcome. Different organizations are faced with numerous risk scenarios which require mitigation strategies. A risk scenario combines multiple factors to create both opportunities and threats (Arnoldi, 2009). A good example of an organization facing a risk scenario is the Commonwealth Bank of Australia. This risk scenario can be viewed regarding the Banks adoption of a Bring your Device (BYOD) policy in their operations. BYOD policy is set of rules focused on providing support to employee’s use of personal devices such as tablets, smart phones, and Laptops at the workplace. Although such a move by the bank can be viewed at a positive angle through their functionality and ability to increase efficiency in the Banks operations, personal devices will also present numerous challenges for the various stakeholders including employees the Bank or the employer and Clients as well as Governmental institutions. Recent statistics have shown an increasing trend in the number of organizations implementing the use of BYOD policy. There has been an increase in the number of organizations in both Australia and other parts of the world. The percentage is expected to hit 40% mid-2018 (Wells, 2007).
Commonwealth Bank of Australia is intending to be among these organizations through its attempt to implement the policy to allow their employees to carry and use their devices in their business undertakings. There are various implications of implementing this policy for the organization and its shareholders. The policy implementation presents a risk scenario in that it presents the Bank with advantages, disadvantages, Vulnerabilities, opportunities as well as legal implications. The policy also presents technological constraints for the company is that it will be required introduce regular technological changes to address privacy and data security issue that may arise therein. These threats and vulnerabilities will come in that by implementing the policy in its operations the bank will be subjecting itself to legal implications that may arise as a result of the violations of the provisions governing data security and privacy at the workplace by its employees (Rausand,2011).
Q2. (A) Discuss the benefits that could be generated by applying a method of risk scenario analysis
Numerous advantages could accrue to an organization through the application of risks analysis.
Providing greater insights
One of the benefits that could be achieved through the use of risk scenario analysis.By enabling the concerned parties to look at the various outcome of a given situation, the method enables the creation of more insight about the numerous disparate factors that combine to create both vulnerabilities and opportunities. Risk scenario analysis provides an opportunity to understand the possible risks, the relations that exist between these risks as well as the complexities involved in the implementation of various mitigation strategies. Risk scenario analysis, therefore, provides an opportunity for the stakeholder's group involved in a risk situation to better understand their responsibilities, roles, and interactions to enable them to identify the most effective ways of responding to these risk events (Popov, Lyon &Hollcroft, 2016)
Helps in overcoming Organizations resistance to discussions
Unlike under other methods of risk assessment, risk scenario analysis presents an opportunity of engaging various stakeholders and putting into considerations their opinions and views. It offers an opportunity to explore all the possible situations that can lead to adverse outcomes and facilitates identification of the unfavorable outcomes that can result from all the situations including the low probability events or events that are yet to occur in an organization that the management has little regard for or under normal risk assessment methods. It also helps in identification of the controls that are in place to mitigate the possible undesirable outcomes, whether these controls are used independently for each outcome or if they can be used in multiple outcomes as well as their chances of failure. Scenario analysis also helps in the identification of the frequency of occurrence of the identified negative outcomes as well as the severity of such outcomes. With these multiple perspectives, the analysis enables the management to pay attention and allow discussion of all events including the low probability events that have not occurred within an organization setting (Olson & Wu,2008).
Better Understanding of decision making complexities
The analysis also enables the participants who include organizations, business partners, employees, and customers to better understand the complexities that may arise in the process of decision making as well as the useless and overlapping responses that come from various stakeholders and from which the best most effective decisions are supposed to be implemented. Risk scenario, therefore, enables the various participants of the complexities that are involved in the decision-making process (Siegris, Earle & gutscher,2010).
(B) Critically evaluate the methodologies for risk scenario analysis discussed in the article concerning your chosen organization.
Analysis of risk causes and consequences
With any serious issue arising in any given situation, it is always important to identify all the factors that could be the cause of a problem to facilitate the adoption of the most appropriate solution. With the adoption of this methodology by the Commonwealth Bank of Australia, the Bank will be able to identify the causes of the possible risk situations and the possible repercussions of each risk situation. Analysis of cause of an unfavorable situation will help in the development of the appropriate mitigation strategies. It is also important in that it will facilitate contemplation on the possible strategies that could be put in place to reduce the impact of the risk consequences. The methodology could, however, be affected by user biases as well as incorrect assumptions by the stakeholders involved. Another weakness with this methodology is that in some instances is that the cause and effect relationship may not be in existence (Merna & AL-Thani,2008).
Identification and mapping of risk interrelationships
This methodology is first concerned with the identification of possible risks in a given situation and the possible interrelationships that exist between them. This can be achieved through geographical mapping of risk interrelationships. Mapping of interrelationships between risks is important in facilitating identification of critical scenarios and themes to enable further analysis. Among the benefits that Commonwealth Bank of Australia can draw from Risk mapping is the communication of the specific risks that are imminent for the organization and improving the stakeholders understanding of risk profile. It will also help the organization in gaining insight into the nature and impact of the identified risks besides strengthening the Bank’s model of assessing risks. The method is however focused on an idealistic future with some set objectives which in most instances which might not be realistic (Beleiu, Crisan and Nistor,2015.)
Risk scenarios and simulations
The analysis would potentially be focused on determining the factors that would potentially have an impact on the organization and which to be managed with priority Risk scenarios and simulations are therefore offer a general attempt to understand the possible consequences of a risk. Such an insight will, therefore, be helpful in the initiation of mitigation strategies to counter the risk. Their main advantages include the provision of results that are accurate, helping to identify unexpected phenomena and the fact that they are easy to perform. One of its main drawbacks is delayed outcome in that results are not readily available after the simulation exercise has been completed (Beleiu, Crisan and Nistor, 2015)
Risk measurement to validate estimates of risk impact and likelihood
Risk measurement is the evaluation of the likelihood of a risk occurring together with its magnitude. This method of Risk measurement is advantageous in that it allows identification of the most integral risks as well as their likelihood of occurrence. The methodology is also simple to use and understand and can allow comparison of the likelihood of various risks. However, the output from the measurement is dependent on the assumptions and input and may not provide accurate results in all instances (Davis & Jarvis, 2007).
Management capabilities analysis
Under any risk scenario, the management has the biggest responsibility in the mitigation efforts. Management capabilities analysis tries to analyze the ability of the management to deal with different risk scenarios to put in place more strategies to improve the capability of the management.
Q3. Different stakeholders with interest in the risk scenario outlined above and their different interests and likely responses to the risk scenario and consider how far these interests and responses conflict or coincide with each other.
A stakeholder refers to a person, a group of people an organization, the entire or a section of the society having a stake in business. Stakeholders can be either internal or external. There are various internal and external stakeholders in the Commonwealth Bank risk scenario identified above including the Employees, Banks Clients, the management and Government institutions (Schroeck,2012).
An employee is a person working either on full-time or part-time contract for wages or salary. Employees are the main beneficiaries of the implementation of a BYOD Policy. Employees naturally have an interest in working in an environment with minimal threats and maximum opportunities. The implementation will have a direct impact of on their operations both regarding its advantages and disadvantages. The major input of this project is that it will increase the mobility of the employees which is likely to appease to them. It is also likely to increase job satisfaction among the employees. The main interest of the employees, therefore, has to do with the implementation of changes allowing them to work from devices that they are more familiar with and even from outside the premises of the bank hence breaking the office monotony. The possible response by the employees is acceptance of the risk through a decision to embrace the risk or through mitigation by taking action to reduce chances of risks occurring. Their interests and responsibilities, therefore, seem to coincide (Frenkel, 2015).
The management of the Bank is the brainchild behind the implementation of the project. It is an interest of the management to at all times keep its workforce fully motivated and having an optimum level of job satisfaction. Through the implementation of the policy, the Management of the Bank is aiming at increasing the engagement levels and productivity of its employees. Among the benefits that are likely to accrue to the bank as a result of the implementation include reduced operational costs for buying and maintain office devices, increased productivity as a result of increased levels of engagement and satisfaction among the employees. The policy will also support Mobile and Cloud-centric IT strategy which is likely to come with numerous benefits for the bank. The company will, therefore, work towards safeguarding these interests. Any potential risks emanating from the adoption of the policy will, therefore, have a direct impact on the Company’s objectives. The possible responses by the management would include Contingency, sharing the risks involved with the adoption of BYOD policy with third parties, or mitigate against the possible risks. Both the interest of the management and its responses, therefore, coincide (Khatta,2008).
A customer is a party that buys goods or services from a business and which can decide between different products suppliers of products. They are the main beneficiaries of the output resulting from both the management’s and employee’s efforts. They are the sole reason for the existence of the bank. Any efforts by the management are therefore directed at improving the experience of the customers with the bank. The Bank’s client base is composed of individuals, institutional investors organizations and retail clients who come in as who act as financiers or debtors. The interests of the clients are therefore to be attended to promptly and with much efficiency as well as to have their security guaranteed. Their interests are therefore having their various needs and desires satisfied by the company even in the face of any looming risk. Customers naturally will not have at their disposal various options to deal with the risk hence their possible responses will include accepting to live with the risk (Fitrijanti, 2015.)
Q 4: Critical analysis of Risk assessment models
Risk assessment is the process of identifying hazards and risk factors that can cause harm and their overall impact on a given activity or situation. It is the process through which possible risks in a given situation are identified, analyzed and evaluated to establish risk levels that are acceptable to help in the prevention of possible negative outcomes associated with the risks. Numerous techniques are used in risk assessment including:
Brainstorming technique refers to interaction among a group of people in which there is a free-flowing conversation involving all the members of the group. In brainstorming all members make known their ideas and opinions which leads to the generation of multiple risks factors together with their possible negative outcomes. The technique pushes members of the group to identify as many possible risks as possible. It can be used in collaboration with other techniques in various risk assessment stages. Among the strengths of Brainstorming is that it can improve the working atmosphere by encouraging free interactions where all opinions are put into consideration. It also results in a high number of generated ideas which significantly aids the risk assessment process. Brainstorming helps in the identification of possible risk situations as well as their possible positive and negative impacts which is a major input in the risk assessment process. The technique might, however, prohibit introvert participants from making their weird opinions known. It is also a little difficult to control a group process without causing friction among the group members (Wheeler,2011).
Hazard and operability study Technique
Hazop study can be defined as a logical examination of existing operations and processes to establish inherent risks as well as their possible mitigation strategies. HAZOP study involves soliciting input from members of different professional fields to identify the possible modes that can lead to failure, their causes as well as the impact on a given process or activity in a series of meetings involving the group members. Risks so identified are those that have the potential of having a negative impact on the personnel, organizational objectives, environment, and equipment. Its strengths include the fact that it includes inputs from experts in multiple disciplines, is vigorous and systematic; it is led by an independent person and can be applied in a wide range of situations. Its major strengths are that it consumes time and requires many preparations, it only focuses on a single event at a time and requires training for optimum results. Inputs from people in various professional areas facilitate a multidisciplinary approach towards risk assessment (Hester & Harrison, 2008).
Q5 Outline and critically discuss the human resource and organizational culture implications and constraints confronting the effective management of risks within a large organization
Human resources are the people working within an organization. They are responsible for the adoption and implementation of any policies or strategies within an organization. Without a sufficient number of human resources in organizations, there is the possibility of multiple challenges in its operations. The area of risk management also requires organizations to have a sufficient number of employees with the requisite skills and attributes, without which it becomes quite difficult to confront risks. Human resources can be viewed in both positive and negative terms in as far as risk management. They can be viewed as a source of risk and solution to risk They can be a source of risk when their numbers are not sufficient, or when those available within an organization do shoddy work, resentment of additional responsibilities, the unprecedented departure of a key employee from an organization (Juul,2007).
Apart from being the cause of risks, human resources can also be viewed as an important player management of risks. Under this role, employees use their skills and competencies to provide solutions to unexpected problems, doing all they can for the betterment of their organization including persuading a talented friend to apply for a position within an organization, going an extra mile to make things right and redesigning their jobs to avoid unnecessary delays. Failure by human resources to act as per expectations can, therefore, have serious implications for risk management (ALlen,2013).
Organization culture is a system of shared beliefs and assumptions that govern the behavior of individuals within an organization. Each organization has its corporate culture that distinguishes it from other organizations. The organization culture within an organization is responsible for regulating how people behave and perform their jobs. The Organization culture adopted by an organization usually has an impact on the organization’s risk management.Some organizations have adopted what is called risk culture in which the employees within such organizations are required to uphold a customer first principle. The input of the management can help in the development of a strong risk culture within an organization which can have a significant impact on an organization’s ability to manage risk. Among the various organizational cultures that facilitate effective risk management in an organization are corporate governance and performance management and compensation. However while a positive organizational culture can have a positive impact on an organization, a negative organization culture can be a serious threat towards effective risk management in large organizations (Alias et al,2016)
Arnoldi, J. (2009). Risk: an introduction. Cambridge, UK, Polity.
Adeleke, A.Q., Bahaudin, A.Y. and Kamaruddeen, A.M., 2016. Moderating Effect of Regulations on Organizational Factors and Construction Risk Management: A Proposed Framework. International Journal of Economics and Financial Issues, 6(7S).
ALlen, S. (2013). Financial risk management: a practitioner's guide to managing market and credit risk (with CD-ROM). Hoboken, N.J., J. Wiley & Sons.
Alias, Z., Zawawi, E.M.A., Yusof, K. and Aris, N.M., 2014. Determining critical success factors of project management practice: A conceptual framework. Procedia-Social and Behavioral Sciences, 153, pp.61-69.
Arnoldi, J. (2009). Risk: an introduction. Cambridge, UK, Polity.
Beleiu, I., Crisan, E. and Nistor, R., 2015. Main factors influencing project success. Interdisciplinary Management Research, 11, pp.59-72.
Davis, A. E., & Jarvis, P. R. (2007). Risk management: survival tools for law firms. Chicago, Ill, American Bar Association, produced jointly by the Law Practice Management Section and Center for Professional Responsibility.
Frenkel, M. (2015). Risk management: challenge and opportunity ; with 125 tables. Risk Management. Berlin [u.a.], Springer.
Fitrijanti, T., 2015. Index of the Company's Stakeholders Welfare. Procedia-Social and Behavioral Sciences, 211, pp.1023-1027.
Garbharran, H., Govender, J. and Msani, T., 2012. Critical success factors influencing project success in the construction industry. Acta Structilia, 19(2), pp.90-108.
Hester, R. E., & Harrison, R. M. (2008). Risk assessment and risk management. Cambridge, Royal Society of Chemistry.
JUUL Andersen, T. (2007). Perspectives on strategic risk management. [Frederiksberg], Copenhagen Business School Press.
Khatta, R. S. (2008). Risk management. New Delhi, Global India Publications.
Merna, T., & AL-Thani, F. F. (2008). Corporate Risk Management. Hoboken, Wiley
Olson, D. L., & Wu, D. D. (2008). Enterprise risk management. Singapore, World Scientific
Popov, G., Lyon, B. K., &Hollcroft, B. (2016). Risk assessment: a practical guide to assessing operational risks.
Rausand, M. (2011). Risk assessment: theory, methods, and applications. Hoboken, N.J., Wiley.
Schroeck, G. (2012). Risk management and value creation in financial institutions. Hoboken, N.J., John Wiley. https://www.123library.org/book_details/?id=6974.
Siegrist, M., Earle, T. C., & gutscher, H. (2010). Trust in risk management: uncertainty and scepticism in the public mind. London, Earthscan.
Wheeler, E. (2011). Security risk management: building an information security risk management program from the ground up. Waltham, MA, Syngress. https://www.books24x7.com/marc.asp?bookid=41881.
Wells, G. L. (2007). Hazard identification and risk assessment. Rugby, Warwickshire, UK, Institution of Chemical Engineers.