Direct risk management indirect risk management information technology essay

ABC

Submitted By:

XYZRoll No. ContentsDirect Risk Management: 7Indirect Risk Management: 711Classify Risks by Type11Assess Risks12Structural-functional systems theory15Diffusion of innovation theory15SUMMARY17Conclusion17Bibliography18

Assignment

Question: What is Risk Management?

Risk management is a agreed approach to managing uncertainty related to a threat, through a sequence of human activities including: risk assessment, strategies development to manage it, and mitigation of risk using managerial resources. The strategies comprise transferring the risk to another party, avoiding the risk, reducing the negative effect of the risk, and accepting some or all of the consequences of a particular risk. Some traditional risk managements are focused on risks stemming from physical or legal causes (e. g. natural disasters or fires, accidents, death and lawsuits). www. whatisriskmanagement. net/ Financial risk management, conversely, focuses on risks that can be managed using traded financial instruments. The objective of risk management is to reduce different risks related to a preselected domain to the level accepted by civilization. It may refer to numerous types of threats caused by environment, technology, human, organizations and politics. Conversely it involves all means available for human, or in particular, for a risk management entity (person, staff, and organization). www. marquette. edu/riskunit/riskmanagement/whatis. shtml In ideal risk management, a main process is followed whereby the risks with the greatest loss and the greatest probability of occurring are handled first, and risks with lower likelihood of occurrence and lower loss are handled in descending order. In practice the route can be very difficult, and matching among risks with a high probability of occurrence but lower loss versus a risk with high loss but lower probability of occurrence can often be mishandled. Intangible risk management identifies a new type of risk – a risk that has a 100% probability of occurring but is ignored by the organization due to a lack of identification ability.

Question: How risk management affects different business functions

Business risk management can become a strategic competitive advantage if it is used to identify specific action steps that enhance performance and optimize risk. It can also influence business strategy by identifying potential adjustments related to previously unidentified opportunities and risks. Used appropriately, ERM thus becomes a means of helping the organization shift its focus from crisis response and compliance to evaluating risks in business strategies proactively, to enhancing investment decision-making and to improving shareholder value. Organizations that develop an ERM framework for linking critical risks with business strategies can become highly formidable competitors in the quest to add value for shareholders. Disaster Planning in the Private Sector: A Look at the State of Business Continuity in the U. S. 2005. http://www. atti. com/presskit/_business_continuityAs business leaders seek new ways to build shareholder value, they have begun to think in new ways about how risk management is tied to value creation. Across industries and organizations, many are recognizing that risks are no longer merely hazards to be avoided but, in many belongings, chances to be embraced.

How best it is to manage the risk to derive that value has become the critical question:

In this context, business risk management has emerged as an important new business manner. BRM is a structured and disciplined approach aligning strategy, processes, people, skill, and information with the purpose of evaluating and managing the uncertainties the business faces as it creates value. ” Business-wide” means the exclusion of traditional purposeful, divisional, departmental, or enlightening barriers. A truly holistic, included, future-focused, and process-oriented move toward help an organization manage all key business risks and opportunities with the intent of maximizing shareholder value for the business as a whole. As a means of identifying, prioritizing, and managing such risks across a business or division and linking them to value creation BRM has the potential to provide organizations with a new competitive advantage. Most organizations, however, are uncertain about how, exactly, to translate the concept of BRM into concrete action steps that will help them enhance shareholder value. Leaders agree that as important as BRM might be in theory, it will never be valuable in practice unless it enables organizations to use risk information to drive business value in a way they could not do otherwise. FigureASIS Business Continuity FrameworkASIS International Web Site Business Continuity Guideline: A Practical Approach for Emergency Preparedness, Crisis Management, and Tragedy Recovery. http://www. asisonlines. org/guidelines/guidelines. htmBusiness Impact Analysis – Applying the results of the risk assessment to the business area analysis to analyze the potential consequences/impacts of identified risks on the business and to identify preventive, preparedness, reply, recovery, continuity and reinstatement controls to protect the business in the event of business disruption. This impact analysis requires consideration of the following questions: 1. How do potential hazards impact business functions, sub-functions and course? 2. What controls are currently in place? Once risks have been identified, they should then be assessing as to their potential severity of loss and to the probability of occurrence. These quantities can be moreover simple to measure, in the case of the charge of a lost building, or not possible to know for sure in the case of the probability of an unlikely event occurring. Therefore, in the appraisal process it is critical to make the best educated guesses possible in order to properly prioritize the implementation of the risk management plan. The fundamental difficulty in risk assessment is determining the rate of occurrence since statistical information is not available on all kinds of past incidents. Also, evaluating the severity of the consequences (impact) is often quite difficult for immaterial assets. Asset assessment is another question that needs to be addressed. Thus, best refined opinions and available statistics are the primary sources of information. Nevertheless, risk appraisal should produce such information for the management of the organization that the primary risks are easy to understand and that the risk management decisions may be prioritized. Thus, present have been several theories and attempts to quantify risks. Numerous dissimilar risk formulae exist, but perhaps the most extensively accepted formula for risk quantification ishttp://www. pwc. com/en_US/us/risk-performance/assets/pwc-risk-performance-2009. pdf

Question: Evaluation of methods of assessing risk in business

Management can derive considerable power from augmenting its knowledge about risk likelihood and impact. Through this procedure they will make judgments on the likelihood and impact of various risks, creating an examination such as that depicted above.

Strategic Risk

Strategic risk is the current and prospective impact on earnings or capital arising from adverse business decisions, rude implementation of decisions, or lack of receptiveness to industry changes. This risk is a area of the compatibility of an organization’s strategic goals, the strategies developed to achieve those goals, the resources organized against these goals, and the quality of implementation. www. strategic-risk. eu/ The resources needed to carry out business strategies are both tangible and intangible

Operational Risk

Operational risk encompasses a broad range of risks that can interfere with achieving business objectives. It often stems from deep within the heart of the business, in its systems, events, or management controls and practices. In straightforward words, operational risk is the risk of doing the right things the wrong way. http://www. deloitte. com/view/en_GR/gr/services/enterprise-risk-services/risk-consulting-services/operational-risk-assessment/index. htm

Reputation Risk

Reputational risk, often called reputation risk, is a type of threat related to the trustworthiness of business. Damage to a firm’s status can result in lost revenue or destruction of shareholder value, even if the business is not found guilty of a crime. Reputational threat can be a matter of corporate trust, but serve also as a tool in crisis preventionhttp://en. wikipedia. org/wiki/Reputational_risk

Regulatory or Contractual Risk

Regulatory risk separation is the process used by a regulatory authority (the regulator) to systemically treat entities differently based on the regulator’s assessment of the risks of the entity’s non-compliance.

Financial Risk

The possibility which shareholders can lose money when they invest in a company that has debt, if the company’s cash flow proves insufficient to meet its financial obligations. When a business uses debt financing, and its credit persons will be repaid before its shareholders if the company becomes insolvent. http://www. investopedia. com/terms/f/financialrisk. asp#axzz2JKzi92hwFinancial risk too refers to the possibility of a corporation or government defaulting on its bonds, which would cause those bondholders to lose money.

Market Risk

This is the risk which results from adverse movements in the prices of interest rate instruments, stock indexes, commodities and currenciesInterest rate risk arises when the income of a company is sensitive to interest rate fluctuations. Consider a company which is going to be in need of funds, a few months from now. Currency risk is the uncertainty about the value of foreign currency assets, liabilities and operating income due to fluctuations in exchange rates. Commodity risk is of course the uncertainty about the value of widely used commodities such as gold and silver

Question: evaluation of approaches to managing risk in business

Once risks have been identified and assessed, all these approaches are used to manage the risk fall into one or more of these four major categories:•Avoidance (elimination)•Reduction (mitigation)•Retention (acceptance)•Transfer (buying insurance)Ideal use of these strategies may not be possible. http://en. wikipedia. org/wiki/Risk_management some of them may involve trade-offs that are not acceptable to the organization or person making the risk management decisionsDirect Risk Management: This approach discusses the risk in risk management policy framework asIdentify all possible and maximum number of risks an organization is expected to be exposed to. After listing them along, determine their level of complexity and severity for each of the risks. Measure the risks through appropriate tools and methods and also ensure their constant monitoring throughout. Ensure a constant evaluation and monitoring of each of the individual risks at hand and ensure that appropriate decisions are taken to control, reduce and transfer each of the risks. http://www. clusif. asso. fr/production/ouvrages/pdfIndirect Risk Management: This involves the identification of all the precursors and elements causing the risks to occur and happen in unexpected ways and timesSystematically classification of the enlisted elements in a way they are being handled, the highly prioritized being handled first. Determine the security goals and policyEnsure using appropriate tools to manage and mitigate these risks and restricting them to a confined limit.

Assignment # 2

All the main drivers of business risk

Team experience and depth risk. Here I’m talking about both the knowledge and track record of the founders in starting a business, as well as their knowledge and knowledge of the business domain. Market and opportunity risk. There is always less risk with a well-defined problem in a large and growing market. All the people in China are a large and growing market, but all the people with tumor is much more well-defined. Competitive risk. Think seriously about the number and clout of your competitors. Having none is a red flag, but having greater than a couple of large ones may mean this is a crowded space. Financial risk. Very few businesses can be started without money. You as the founder will be predictable to put your own ” skin in the game.” Market entry strategy risk. The selection of an inappropriate price, marketing, or distribution strategy is a large potential risk. For example, a lot of new social websites proclaim that they will offer a free service, and live on adventure (not likely in the first year without a huge marketing investment). Political and economic risk. Sometimes founders are just in the wrong place at the wrong time. Recessions are a rough time to sell luxury goods. Technology risk. New technologies such as ” paradigm shifts” or ” disruptive” may have long and costly acceptance cycles, or may scamper into unpredictable performance or manufacturing problems. Businesses with high attrition rate risk. Certain company sectors have historical high failure rates and are routinely avoided by investors and many founders. These include food, retail, consult, work at home, and telemarketing. Operational risk. Some businesses require huge support or administrative infrastructures. For example, fuel improvements require service stations and maintenance shops nationwide before they are viable. Environmental risk. A nuclear reactor built on an earthquake fault line is a huge risk. Assess your business and location for sensitivity to floods, hurricane, and catastrophic pollution problems, like the oil fall in the Gulf of Mexico. http://www. examiner. com/article/ten-high-risk-drivers-every-entrepreneur-faces

Drivers of Business Risk

http://www. lloydstsb-annualreport. com/businessreview/risk_management/risk_drivers/principal_risks/

Impact of the different types of risk

Risk impact analysis is a plan for identifying, quantify, analyzing, extenuating, and reporting project risks. This section includes descriptions of risks and corresponding mitigation actions that have been identified. It tells the project-wide risk reduction efforts. It is appropriate to all projects and its requirements affect all functions of a project management office. The questions ” How Much?” and ” How Long?” must be answered by most organizations before specific project risk information is known. Risk management helps to align the expectations of the project stakeholders and the Project Manager regarding project process, issue motion, and project outcome. Clients frequently have involuntary risks or constraints imposed upon them. They often are taking scheme risks they don’t even know they are taking due to poor articulation of the risks and their possible impact on the project.

Types of risk

What are the varieties of risks a company can face?

The Economist Intelligence Unit divides risks into four broad categories.•Hazard risk is related to natural hazards, accidents, etc. that can be insured.•Financial risk has to be with volatility in interest rates and exchange rates, default on loans, asset-liability disparity, etc.•Operational risk is linked with systems, processes and people and deals with areas like succession planning, human resources, information technology, control systems and regulatory compliance.•Strategic risk stems from an inability to adjust to changes in the environment such as changes in customer priorities, spirited conditions and geopolitical developments. While this is a useful and standard way of grouping risks, the way of classifying risks is not as important as understanding and analyzing them. The very nature of uncertainty implies that it is difficult to identify all risks, depart alone classify them. Each company should carefully examine its business and its own value chain and come up with its own way of categorizing the uncertainties associated with its important value adding activities.

Other risks

Excessive dependence on a single or few products, or a single or a few areas for generating revenues results in risk. A diversified product case or geographical base can stabilize revenues and profits. When the obtainable business is underperforming or reaching a point of saturation, it may build sense to look for new business opportunities in a related area. At the same time, vast also makes management tasks more complex. Technology risk has become important in this age of rapid innovation. Industries which cannot cope with changing technology will find themselves at a severe disadvantage. But laying bets on a innovative technology is not an easy decision. Many companies today look at mergers and acquisitions as a way of generating fast growth by gaining quick access to resources such as people, products, technology and facilities. Post merger integration involves special challenges especially if there are cultural differences between the acquiring and acquired entities. Integration may take up much of the attention and time of top management. In recent times, legal risks have also become important. Product accountability class action suits by employees or shareholders can pose grave problems. Likewise, anti-trust proceedings by the government can take a company’s attention away from its core business. Political risks also need to be managed carefully. Governments may abruptly change their policies or may intervene in the company’s operations. Understanding the scenery of political instability and anticipating problems is important, especially for international corporations operating in emerging markets.

Example of an Organization

The Indian software services company Polaris faced a crisis a few years ago, when Arun Jain (CEO) was arrested in Indonesia. Similarly, a senior manager of another leading Indian software industry, iflex (now a part of Oracle) was held in the Netherlands. Though reason was given by the authorities to justify the arrests, there is little hesitation that political considerations played an important role. Sometime reverse, we saw a backlash against Indians in Malaysia. And more recently, Indian IT service providing companies are coming under attack from American politicians for the jobs lost due to off shoring.

Question: Analysis of severity and likelihood of risk

http://www. fao. org/docs/up/easypol/785/risk_analysis_a_tool_for_biosecurity_slides_078en. pdf

Classify Risks by Type

Categorize risks the length of the lines shown in a risk classification document (table 4), to aid in subsequent determination of risk controllability and selection of appropriate risk mitigation actions.

Assess Risks

Step 1: Assess the likelihood of occurrence (probability of occurrence) by eliminating any risks which, on mirror image, you believe will not occur. Roughly categorize the remaining risks as high, medium, or less probability of occurrence. Step 2: Review the extent of severity of impact by: Evaluating each risk in terms of its possible impact on the project baselines of effort, cost, time (agenda), and requirements (range, performance, acceptance, quality)Eliminating any threats which you believe have no or only trivial impact on the baselinesRoughly categorize the remaining risks as high, medium, or low severity of impact. Step 3: Prioritize the identified risks on the basis of the rough assessments. The causal factors are the likelihood of occurrence and severity of impact. Step 4: Quantify the risk based on probability by assigning numerical values to various aspects of each risk to provide a consistent basis for combining them into an overall Risk Profile and determining risk mitigation opportunities and actions. Allocate a value from ” 1″ to ” 5″ to each risk (based on the likelihood of occurrence) using the scale below: Table – Scaling Risk

Assessment of Likelihood

Value SCALE

Very unlikely

1

Somewhat unlikely

2

50/50 chance

3

Highly likely

4

Nearly certain

5Step 5: Quantify the risk (base on severity of impact) using the table below: Table – Assessment of Risk Severity

Assessment of Severity

Value

Minor impact on cost, schedule, performance

1

Moderate impact on cost, schedule, activity

2

Significant impact on project baselines

3

Very significant impact on project baselines

4

Disastrous impact, probable project failure

5Step 6: Quantify risk (in the terms of level of controllability) using the table below: Table – Risk Controllability Assessment

Assessment of Controllability

Value

Essentially unacceptable through selected risk mitigation actions

1

Highly controllable through company or project actions

2

Moderately controllable through Company or project actions

3

Largely not controllable by the organization or the project

4

Uncontrollable by the organization or the project

5Step 7: Determine risk mitigation actions. Identify and evidence potential actions that could be taken in order to avoid or mitigate the individual risks (based on their level of controllability) using the table below: www. epmo. scio. nc. gov/library/docs/riskanal. docRisk Management Strategies:

Risk avoidance

Include not performing an activity that can carry risk. An example would be not buying a property or business in order to not take on the liability that comes with it. Another will be not flying in order to not take the risk that the airplane was to be hijacked. Avoidance can seem the reply to all risks, but avoiding threats also means losing out on the potential gain that accepting (retaining) the risk may have allowed.

Risk reduction

Involve methods that reduce the severity of the loss or the likelihood of the loss from occurring. Examples comprise sprinklers designed to put out a fire to reduce the risk of loss by fire. This method may grounds a greater loss by water damage and therefore may not be suitable. Modern software development methodologies reduce risk by developing and delivering software incrementally. Early methodologies suffer from the fact that they only delivered software in the final phase of development; any problems encountered in earlier phases meant costly rework and often jeopardized the whole project. By developing in iterations, software project can limit effort wasted to a single iteration.

Risk retention

Involve accepting the loss when it occurs. True self indemnity falls in this category. Threat retention is a viable strategy for small risks where the cost of insuring against the risk would be greater over time than the total losses sustained. http://en. wikipedia. org/wiki/Risk_management All risks that are not avoided or transferred are retained by default. These include risks that are so large or catastrophic that they either cannot be insured against or the premiums would be infeasible.

Risk transfer

Mean causing another party to accept the risk, typically by agreement or by hedging. Insurance is one nature of risk transfer that uses contracts. Other times it may engage contract language that transfers a risk to another party without the payment of an insurance premium. Liability among building or other contractors is very often transferred this way. Conversely, taking offsetting positions in derivatives is typically how firms use hedging to financially manage risk. http://en. wikipedia. org/wiki/Risk_management

Approaches to Crisis Management:

Crisis management is the method by which an organization deals with a major event that threatens to harm the organization, its stakeholders, or the general public.

Structural-functional systems theory

Providing information to an organization in a time of crisis is critical to effective crisis management. Structural and functional system theory addresses the intricacies of information networks and levels of command making up organizational communication. The structural-functional assumption identifies information flow in organizations as ” networks” made up of members and ” links”. Information in organization flow in patterns called networks.

Diffusion of innovation theory

Another theory that can be applied to the sharing of information is Diffusion of Innovation Theory developed by Everett Rogers, the theory describe that how innovation is disseminated and communicated through certain channels over a period of time. Diffusion of novelty in communication occurs when an individual communicates a new idea to one or several others. At its most basic form, the process involves: (1) an innovation, (2) an entity or other element of adoption that has knowledge of or experience with using the innovation, (3) an extra individual or other unit that does not yet have knowledge of the innovation, and (4) a contact channel connecting the two units. A contact channel is the means by which messages get from one individual to another.

Example of Crisis Management

The Pepsi Corporation faced a crisis in 1993 which started with claims of syringes being found in cans of diet Pepsi. Pepsi urged store not to remove the product from shelves while it had the cans and the situation investigated. This led to apprehend, which Pepsi made public and then followed with their first video news release, showing the manufacturing process to demonstrate that such tampering was impossible within their factories. A 2nd video news release displayed the man arrested. A third video information release showed surveillance from a convenience store where a woman was caught replicating the tampering incident. The company all together publicly worked with the FDA during the crisis. The corporation was totally open with the public throughout, and every workers of Pepsi was kept aware of the details. These complete public communications effective throughout the crisis. After the disaster had been resolved, the business ran a series of special campaigns designed to thank the public for standing by the corporation, along with coupons for more compensation. www. caritasuni. edu. ng/pro/management/Mc12

Impacts of Breaks in Business Continuity

Risk management is simply a practice of systematically selecting cost effective approaches for minimizing the effect of threat realization to the organization. All risks can by no means be fully avoided or mitigated simply because of financial and practical limitations. Therefore all companies have to accept some level of residual risks. Whereas managing risk tends to be preventative and business continuity planning was invented to deal with the consequences of realized residual risks. The necessity to have this BCP in place arises because even very unlikely events will occur if given enough time. Managing risk and BCP are often mistakenly seen as rivals or overlapping practices. In fact these methods are so tightly tied together that such separation seems artificialhttp://en. wikipedia. org/wiki/Risk_managementBusiness Continuity – The business specific plans and actions that enable an organization to respond to a crisis event in a manner such that business functions, sub-functions and method are recovered and resumed according to a predetermined plan, preceding by their criticality to the economic viability of the business. Business continuity has the functions of business resumption and business (disaster) recovery. Business Recovery – Plans and actions to recover essential business systems that support business resumption and eventual business restoration and transition. The substitute term of ” disaster recovery” is often used interchangeably with business recovery and carries with it an information technology (IT) connotation. Production recovery applies to all business systems and not just those related to IT. Business Resumption – Plans and actions to resume (continue) the most time sensitive (critical) business functions, sub-functions, methods and procedures essential to the economic viability of a business. Restoration and change – Plans and actions to restore and transition a business to ” new normal” operations following a crisis event.

SUMMARY

The background of this assignment make a sound business case for having a strong risk management program has long been an elusive challenge for many organizations. The query still remain unrequited, that How much worth should be placed on preventing loss from a disaster that it never happened  However it is generally agreed that the consequences of risk management failure can be terrible. There is a clear imperative for lots of companies to develop a strong, consistent, project wide risk management program, as most prevalent to business risks will either remain at current levels or increase. In pursuing this goal the companies now doing well to begin by identifying their top drivers, then highlighting the top threats to those revenue drivers, & distinguishing between those that are predominantly downside risks & those that are predominantly variable risks. While both categories of risk justify attention, companies may discover the effectiveness of their risk management programs are most effective if they devote more of their attention to controlling risk rather than transferring it to insurance companies. And the risks which can be most directly controlled are downside risks, the risks that are much likely to threaten company’s top revenue drivers. When lower risks are dealt with first through prevention & control, it enables senior management to deal more aggressively with variable risks. In short they become more proactive & strategic with their risk management approach.

Conclusion

This assignment is the perceived need for effective Production management & negotiation to reduce business risks associated with Production & management violations. Once the decision makers are aware of the embedded obligations, liabilities & risks, they can make qualified judgment regarding the best alternatives as well as other risk mitigating actions that they would like to be included in the contract. The stepwise method guides a user in analyzing the production & identifying the obligations, their fulfillment requirements, & their temporal dependencies. This analysis helps in computing the possible risks & violations that could occur & for each of them, possible outcomes, & suggestions for their avoidance. Useful work has been done in this area. Also more attention is needed for the handling of indirect, less tangible risks, such as those having to do with the partnership & strategic benefits.