Beruflich Dokumente
Kultur Dokumente
Marking Criteria:
We expect the learners to write minimum one well expressed point in three lines against each
allocated mark. This means one needs to write 15 lines with 5 well expressed points to get high
grades for a 5 marks question.
There are, of course, further factors which will influence the risk elements of
an organization, but it is these which are key to understand for any business.
With each element of the PESTLE acronym, it is important to consider: trends,
external stakeholder relationships or impact, drivers affecting the
organizations’ objectives, and contractual relationships and agreements.
Understanding the internal context could include the mission, vision, values
and the alignment of strategic goals and objectives; standards or regulations
adopted by the organization (which are not required by legislation – that falls
under external); and impact of resource.
Complexity of networks
Knowledge resource, sharing, and management
Contractual agreements and internal dependencies, and
Information systems including technological resource or reliance
• risk management takes place in the context of the goals and objectives of
the organization.
• the major risk for most organizations is that they fail to achieve their
strategic, business or project objectives or are perceived to have failed by
stakeholders.
• organizational objectives, policies, and processes help define the
organization’s risk management policy, specific objectives and criteria of a
project.
2. Risk tolerance is defined as “an organization’s readiness to bear the risk, after
treatments in order to achieve its objectives'. How would you establish risk
tolerance for an organization and will define its risk tolerance levels? (10
Marks)
Once the risk management context is understood and established, a key
output of the process is risk tolerance. Risk tolerance is defined as “an
organization’s readiness to bear the risk, after treatments in order to achieve
its objectives.”
• the ability and willingness of the board and executive to take and manage
risks
• the size and type of organization
• the maturity and sophistication of risk management processes and control
environments
• the financial strength of the organization and its ability to withstand shocks
• the sector in which the organization operates.
The typical steps involved in establishing and implementing risk tolerance are
as follows:
1. Complete an analysis of the organization’s ability to physically and
financially recover from a significant event (e.g. risk such as human influenza
pandemic, loss of major plant or facility, inability to supply or manufacture
product, loss of major business partner, credit crunch, etc).
2. The above analysis will highlight the need for and importance of
contingency plans, financial, physical and human resources, and controls.
From the analysis, determine the tolerance the organization can bear or
accept.
3. Management determines the level of tolerance that should then be
endorsed by the board.
The risk tolerance levels set by the organization will be reflected in the risk
rating scales used to assess organizational risks.
Risk tolerance levels can be defined by dividing risks into a number of bands
as appropriate for the organization (four in this example):
• An upper band where adverse risks are intolerable, whatever benefits the
activity may bring, and risk reduction measures are essential whatever their
cost
• Middle bands where costs and benefits are taken into account and
opportunities are balanced against potential adverse consequences
• A lower band where positive or negative risks are negligible, or the costs
associated with implementing treatment actions outweigh the costs of the
impact of the risk, should it occur.
These levels of risk tolerance will help determine the type and extent of
actions required to treat risks and the level of management/board attention
required to manage and monitor the risks. Risk tolerance levels can be
practically defined through the color coding of a risk likelihood/consequence
matrix. This is illustrated in the following sample risk matrix (or heat map):
3. Culture is defined as “the way we work around here”. It is the collective way
of doing things, through accepted behaviors and processes. Why risk
management culture is important for a risk management framework? Discuss
the main drivers of culture. (10 Marks)
The appropriate risk management culture will vary depending on the unique
context of the organization. To determine this, a starting point is to understand
the key drivers of culture.
Drivers of culture
There are various drivers within an organization that shape its culture. These
drivers influence how well risk management is embedded throughout the
organization.
4. ABC Limited is a construction company. Why and how ABC Limited should
identify its risks? (10 Marks)
In identifying risks, it is also important to consider the risks associated with not
pursuing an opportunity, e.g. loss of market share. In case of ABC Limited,
with the use of risk identification it will prevent the company to avoid such
hazardous events.
Here are the key steps necessary to effectively identify risks from across the
organization.
• design effectiveness – is the control “fit for purpose” in theory, i.e. is the
control designed appropriately for the function for which it is intended? •
operational effectiveness – does the control work as practically intended?
To understand the level of residual risk remaining after controls have been
taken into account, it is essential as part of the risk analysis process to be
able to estimate the effectiveness of existing controls.
A stakeholder consultation plan helps to ensure that “all bases are covered”
when it comes to understanding perceptions around risk and risk
management, identifying and assessing risks, and developing treatment
options. The plan is also useful for ensuring that the consultation is as
inclusive as is appropriate.
Student Statement:
By submitting this assignment, I confirm that this is my own work.