1. Explain why you would review the existing risk management processes, procedures and requirements before updating and renewing the risk management process.
2. Explain why it is essential that the scope of your risk management is clearly identified. List 5 reasons.
3. List 4 specific types of documentation that should be reviewed during the `establishing risk context` stage of the risk management process.
4. Reword the following into a goal (or two) for your risk management process:
`We are conducting risk management at this time to assure our shareholders and investors maintain confidence that the board is comfortable with its current risk exposure`.
5. Why is it important to gain support for risk management activities within your organisation?
List the stakeholders you would need support from. How would you get this support?
6. Describe the following elements of a risk management plan:
Explain the need for each and give an example for each
A. The scope of your risk management process.
B. The internal and external stakeholders, their priority ranking and their issues.
C. The political, economic, social, legal, technological and policy context for your risk management strategy.
D. The goals and objectives for the areas in your scope.
E. Goals and objectives: should be clearly expressed as SMART objectives
F. How you will communicate with all parties.
7. CASE STUDY
In 2008, XYZ Corp, a clothing retail company from NSW, launched into the Queensland and Victorian markets simultaneously.
The company had conducted its own risk management process, which was minimal: a one-time process with very limited scope that included only the financial aspects of competition and was not evaluated.
The company continued to struggle against competition and local government issues in Victoria, that led to the stores closing and XYZ Corp withdrawing from the market in that state.
The case highlights a lack of understanding of the risk context faced in Victoria, but may have also been a case of over-exuberance on behalf of the management where perhaps the risks of moving into two markets simultaneously were too great when combined.
A. Make a list of the steps in the process that should have highlighted to senior management that there may be higher risks in the Victorian market. Briefly explain your answer.
B. Describe 2 strategies that senior management could have used or set in place at the outset to ensure a better understanding of the risks in both markets. Explain your strategies using references.
8. Explain why it`s essential all stakeholders are involved in identifying risks. List 5 kinds of information stakeholders can provide.
9. List five research methods that may be used in determining operating risks relevant to a small car-tyre retailer.
Briefly describe each research method and describe what general type of information may be retrieved or gained from these methods.
10. What is a scenario analysis? List 5 advantages of using a scenario analysis to identify risks.
11. CASE STUDY
Emergency Management Queensland (EMQ) fire service personnel have conducted a risk assessment for fire risks at a Western Brisbane distribution centre that is adjacent to chemical plants and virgin bushland on two sides. The process is handed to new staff as an exercise to help their learning and understanding of the assessor`s roles.
The scope of the assessment is to determine health and safety risks to workers within the distribution centre should a bushfire come through the area.
From the information provided:
A. List the personnel the EMQ staff should invite to participate in the risk identification and research process. Briefly explain your answer.
B. List 5 methods you would use to collect the information for the risk assessment.
C. What methods could be used to ensure all possible risks have been identified?
12. The following is a list of risks that may commonly face a business enterprise.
Product malfunction causing injury to a consumer
Worker injured on-the-job from tripping on loose carpet square
Interest rate rise increases repayment costs on business borrowings
One of your product component suppliers goes into receivership
Staff fraud due to possible software loopholes/backdoors
Complete the following three tasks using appropriate matrices.
Apply a risk rating scale to the likelihood of the risks listed above occurring (A-E; extremely likely to rare).
Assign a consequence or level of impact value (1-5; insignificant to catastrophic/ outstanding) to each of the risks.
What overall risk priority would you assign these risks for treatment (high, medium, low)?
Create the table below in a word document to answer this question and upload your results.
Risk - Likelihood rating - Impact rating - Overall priority - Influencing factors
Product malfunction causing injury
Interest rate rise
13. CASE STUDY
In analysing risk at General Motors (GM) for the upcoming 2007 model range (in late 2005), risk management specialists had become somewhat blase about the American automobile buyer.
SUV-type trucks and pick-ups remained big-sellers, as did inefficient fuel guzzling V8 sedans and sports cars.
The likelihood of sales lost to hybrid and fuel-efficient vehicles (even though these had just been released to the market and were already making an impact) was assessed as very low, as were the consequences of these lost sales.
This was exacerbated by the lock of appreciation of the looming financial trouble.
A. Knowing now that GM suffered massive losses as a result of badly misjudging the mood of the US consumer and the impact of the global financial crisis, what basic rule of thumb for assessment of consequence should GM have applied in this case? List 5 strategies that may have helped GM.
B. With rising oil prices, falling confidence in the finance markets and raised environmental concerns among the general public, what likelihood and consequence would you assign to this situation, and what resultant overall risk priority would you generate?
14. What risk control options might you select for the following risks. Explain your answers using workplace references.
a. Increased competition
b. Decline in demand for the organisation`s services.
c. Expenditure exceeds budget forecast
d. IT system doesn`t meet company requirements
e. High staff turnover
15. List 5 risk reduction or risk sharing strategies that may be applied or are available if you are looking to address the risk of litigation from the actions or inactions of you or your staff.
Give a brief description for each and explain their use.
16. In a workplace some documents need to be retained and others destroyed.
Make a list of 3 types of documents that need to be retained and explain why they need to be kept.
Make a list of 3 types of documents that need to be destroyed and explain why they need to be destroyed.
17. Make a list of the information you would include in your risk management action plan.
Explain the purpose of this information.
18. Explain the role a manager plays in monitoring and evaluating their risk management action plan and storing the information.
Make a list of 5 tasks they may perform in monitoring the risk management action plan and 5 tasks they may perform in evaluating it.
19. Describe why you need to maintain communication with stakeholders and/or participants throughout the risk management process.
20. List 5 difficulties you think may arise when implementing the plan.
Provide solutions to the difficulties you have identified.
21. Read the case study and answer the questions that follow.
Case study The company
PolyMake Pty Ltd is a medium sized (250+ staff, publicly listed NSW-based plastic forming company that makes components for the automotive industry. They ore well established in their Costlereogh HQ, and have iust finished upgrading to a new warehouse and forming machinery that will allow them to take on extra capacity.
The Board of PolyMoke Pty Ltd has approached several large boat builders with the intention of expanding into marine plastics, a relatively mature sector (particularly in Sydney).
The approaches were well received, with some reservations regarding the company’s experience in the salty, full UV-exposure of the marine environment.
PolyMoke is well financed (underwritten) but is carrying some debt (around the sector overage) and has minimal cash reserves.
There is a quality leadership team in place, but together they have little experience with marine plastics.
The risk management team at PolyMake Pty Ltd conducted a risk assessment and found several areas of risk that could affect their move into the new market.
1. Technology risk - although they have upgraded their plant, is it suited to marine plastics?
2. Product risk - will the products from the new player be embraced by the market?
3. Financial risk - with minimal reserves and some debt from the upgrades, if they are unable to produce a competitive product quickly they may face financial difficulties.
4. Reputation risk - what effect will the move to diversify have on their brand?
5. Commercial/market risk - the most obvious risk, moving into a saturated market, how will they perform?
6. Management risk - does management have sufficient experience to be able to adjust should the marine sector reject their new product?
A. List the risk control options that might be used and explain them in the context of the case study. Research the different types of risk treatments available to the business to provide risk coverage for the identified risks.
a. Technology risk
b. Product risk
c. Financial risk
d. Reputation risk
e. Commercial/market risk
f. Management risk
B. Determine which risk treatment would best suit each risk, with a brief explanation for your decision.
C. Prepare this as a written report outlining the options and suggesting an implementation plan (including time line) to the CEO of PolyMake Pty Ltd.
Implementation plans may include the following key elements:
· Key risk areas: outline the individual risks in each area and assess the associated risk levels.
· Risk treatments: discuss recommended treatments and outline the actions required
· Responsibilities: assign actions appropriately
· Time lines: set deadlines for each of the key actions, including review and adjustment
· Monitoring processes: outline how each action will be measured and define targets for success.
· Documentation requirements: outlining what records must be kept.
Upload your final reports and any relevant supporting documents
Conduct research for a risk assessment project in your organisation or an organisation you are familiar with
Your risk management plan should be presented in a report format and should include the following information.
Explain how the following will be applied.
· duty of care
· company law
· contract law
· environmental law
· freedom of information
· industrial relations law
· privacy and confidentiality
· legislation relevant to organisation`s operations
· legislation relevant to operation as a business entity
· access and equity to risk management processes and resources for people with a disability.
Upload your completed report and any relevant supporting materials
You may use this risk management plan as an example:
1. The sector your organisation operates in (for example, construction or mining), and in what capacity (for example, specialised equipment leasing or contract catering).
2. The process to be undertaken, referencing the standard, and citing the seven main elements of the risk management process as identified in the AS/NZS ISO 31000:2009.
1. Areas of legislation, codes of practice and national standards which are applicable to the conduct of risk management with your organisation.
2. The organisation policies or procedures your organisation has that may provide guidance to the risk management process.
3. Whether there is a current risk management action plan in place.
4. A context review for the current operational context of your division or business unit.
Identification and analysis
1. The broad risk areas that have been identified, with a proposed scope.
2. The risks that have been identified with a rating for likelihood and consequence and a priority for each risk.
3. A detailed list of stakeholders and participants.
4. Options identified for treating the risks.
5. Methods selected for managing the risks, including specific insurance policies you will use where appropriate.
6. How you will communicate the process.
1. A plan for implementation including a proposed review/evaluation schedule.
2. How the information will be stored.