IVY BSBRSK501 Assessment 3
docx
keyboard_arrow_up
School
Texas Woman's University *
*We aren’t endorsed by this school
Course
123
Subject
Information Systems
Date
Nov 24, 2024
Type
docx
Pages
6
Uploaded by rozaliawong
1
|
P a g e
BSBRSK501 Assessment Task 3
Updated: April 2018 V 1.0
BSBRSK501 Manage Risk
Assessment 3
BSBRSK501 Manage Risk
Assessment: 3 - Research and Questioning
Submission details
The Assessment Task is due on the date specified by your trainer. Any variations to this
arrangement must be approved in writing by your trainer.
Students will use their online study time to prepare for answers to the following
questions and submit softcopies of the answers.
See instructions below for details.
Instructions:
To be prepared on an individual basis.
Assessment will only be accepted if they have an assignment cover
sheet on them signed by the student.
Students must provide detailed answer for every question along with relevant
examples.
There is no word limit, but answer for every question should be
reasonable in size, preferably ½ a page.
The Trainer/Assessor may also ask from these questions and the students must
adequately explain them according to their submitted answers.
The Trainer/Assessor may further prompt and question in order to receive answers
of appropriate quality and to verify the authenticity
Please answer all the questions:
What is Risk Management process? Explain from an organisational point of view
A
systematic application to minimize an organization's exposure to risk ix called Risk management.
A risk management system comprises several strategies, procedures and practices that work in
unison to identify, analyses, evaluate risk. Installing security systems, purchasing insurance,
maintaining cash reserves and diversification are very common examples of risk management.
Traditional risk management assists to reduce liabilities that are associated with accidents, deaths
and lawsuits while financial risk management focuses on minimizing risks through the use of
financial tools and instruments.
2. What is important about managing Risk from the same Organizational point of view?
Risk management is hugely important on numerous different points. Risk management is a central
senior management responsibility. Risk management has been centrally important to financial
institutions for some time; it’s becoming centrally important for all other major organizations in our
society. Also, risk management makes a great deal of individual business sense. One of the most
serious mistakes one made as a manager was a failure to look closely at the risks associated with the
project plan one of his people proposed.
3. Discuss in short sentences, how scopes can be defined in the risk management process as
mentioned in questions 1 & 2?
Risk Identification:
A more disciplined process involves using checklists of potential risks and
evaluating the likelihood that those events might happen on the project. Some companies and
industries develop risk checklists based on experience from past projects.
Risk Evaluation:
After the potential risks have been identified, the project team then evaluates the
risk based on the probability that the risk event will occur and the potential loss associated with the
event. Not all risks are equal. Some risk events are more likely to happen than others, and the cost of
a risk event can vary greatly.
Risk Mitigation:
After the risk has been identified and evaluated, the project team develops a risk
mitigation plan, which is a plan to reduce the impact of an unexpected event. The risk mitigation plan
captures the risk mitigation approach for each identified risk event and the actions the project
management team will take to reduce or eliminate the risk. Contingency Plan: The project risk plan
balances the investment of the mitigation against the benefit of the project. The project team often
develops an alternative method for accomplishing project goals when a risk event has been identified
that may frustrate the accomplishment of that goal.
4. Is Risk is a known factor in every business organization? Discuss.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Business risks
imply uncertainty in profits or danger of loss and the events that could pose a risk
due to some unforeseen events in the future, which causes business to fail.
For example, an owner of a business may face different risks like in production, risks due to irregular
supply of raw materials, machinery breakdown, labor unrest, etc. Thus business risks may take place
in different forms depending upon the nature and size of the business.
Business risks can arise due to the influence of two major risks:
internal risks
(risks arising from
the events taking place within the organization) and
external risks
(risks arising from the events
taking place outside the organization).
Internal risks arise from factors:
Human factors (talent management, strikes),
Technological factors (emerging technologies),
Physical factors (failure of machines, fire or theft),
Operational factors (access to credit, cost-cutting, advertisement).
External risks arise from factors:
economic factors (market risks, pricing pressure),
natural factors (floods, earthquakes),
political factors (compliance and regulations of government)
5. What strategies can you put in place to minimize organizational risks? And what methods of
risk management can be used to implement these strategies?
1. Review the existing system of internal controls
, which provide checks and balances for
every aspect of a company. With regard to safety issues, internal controls can be as simple as
implementing a checklist of precautions before entering a work zone. With regard to
finances, it can be placing different employees in charge of approving payments and signing
checks. Limiting the number of employees with Internet access represents another internal
control. This reduces the operational risk of too many employees circumventing
technological firewalls to conduct personal online business during work hours.
2. Develop a risk management plan.
Having sufficient insurance to protect against losses is
only one aspect. Taking proactive steps to cross-train is another key way to avoid risk. For
example, if you have an employee on Job A suddenly quit without providing notice, it is likely
that performance on Job A will suffer. However, a suitable risk management plan will provide
for two employees always on each job. Thus, the second can step in when the first vacates. If
having double coverage is not possible, another alternative is having an extra weekly staff
meeting to keep employees more up-to-date.
3. Employ the services of an internal control consultant.
This is an outside professional
specializing in investigating weaknesses in a company’s processes. An outsider completely
unconnected to a company's daily operations can view the situation more objectively and
more readily identify areas in need of improvement.
6. Discuss what should be included in risk management policies for an organization?
These procedures may include equipment upgrades, extensive employee training, or the provision of
a cleaner work environment. Organizational policies and procedures for risk management are like
the rules governing the game of football. Organizational policies and procedures for risk
management are player guidelines that tell each employee what the company they work for expects
of them, and what the company will do to protect them from harm while they are at work.
7. What are the key areas for an organization to identify and manage properly in order to have
successful risk management policies and processes?
Assessment
Identifying risk is the first and most important element to determine when creating the risk
management strategy. Having a clear overview of the possible challenges allows the leadership team
to create an effective action plan. Here the three main questions that should be answered are: “What
could happen?”; “How it may happen?”; and “What is the worst possible outcome?”. The risk
assessment process is of critical importance and provides quality information to the decision-makers
in start-up management.
Measurement
It is difficult to measure risk, but it is even more challenging to create a strategy to manage
something that can’t be or isn’t properly measured. The entrepreneurs must concentrate on
embracing the most suitable for their business situation measurement methodologies. The
evaluation of the likelihood of a certain situation to occur and the estimation of the possible
extension of its occurrence are key components of every risk management strategy.
Monitoring
Risk monitoring is very important because it gives information about the execution of the plan and
its effectiveness and gives a good insight into the way the risk has developed or changed over time.
By monitoring and evaluating the strategy, the entrepreneurs are able to get better insights into their
work that will help them to adopt an adequate course of action that fits their company goals and
specific circumstances.
8. Why is clarity in communicating risk management plans important among stakeholders?
To ensure that projects run smoothly, effective project managers communicate their plan to the
project sponsors, stakeholders, and team members. This sets expectations to people who provide
funding and are affected by the outcomes. It ensures that the project runs smoothly so one step
proceeds to the next without disruption. By identifying, avoiding and dealing with potential risks in
advance, you ensure that your employees can respond effectively when challenges emerge and
require intervention.
9. Why is it important to have support from all key stakeholders in risk management process
and how that can be obtained?
The main objective is defined as a strategy to increase support, reduce resistance and minimize
negative impacts of stakeholders throughout the project life cycle.
Method:
Brainstorming - is a technique commonly used to identify a range of ideas from many different
perspectives. Remember to take all responses from participants.
The results are then filtered to
eliminate duplicates and each suggestion is further refined
for clarity
10. Discuss what you understand as a Risk management framework.
The
Risk Management Framework
(RMF), illustrated at right, provides a disciplined and
structured process that integrates information security and
risk management
activities into the
system development life cycle.
The RMF steps include:
Categorize
the information system and the information processed, stored, and transmitted by
that system based on an impact analysis.
Select
an initial set of baseline security controls for the information system based on the security
categorization; tailoring and supplementing the security control baseline as needed based on an
organizational assessment of risk and local conditions.
Implement
the security controls and describe how the controls are employed within the
information system and its environment of operation.
Assess
the security controls using appropriate assessment procedures to determine the extent
to which the controls are implemented correctly, operating as intended, and producing the
desired outcome with respect to meeting the security requirements for the system.
Authorize
the information system operation based on a determination of the risk to
organizational operations and assets, individuals, other organizations, and the Nation resulting
from the operation of the information system and the decision that this risk is acceptable.
Monitor
the security controls in the information system on an ongoing basis including assessing
control effectiveness, documenting changes to the system or its environment of operation,
conducting security impact analyses of the associated changes, and reporting the security state
of the system to designated organizational officials.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help