Bsbrsk 501 - MANAGE RISK PDF

Preview

Summary

MANAGE RISK...

Description

BSBRSK501 MANAGE RISK

Submission details Candidate’s name

Id no.

Assessor’s name

Assessment Task 1 Risk review REVIEWING THE MACVILLE RISK MANAGEMENT POLICY I reviewed the case study and then studied the RISK MANAGEMENT POLICY of the company and I found some improvement areas and some loopholes which need immediate plugging. I shall discuss the policy in the following steps :

1. Scope In the present case study, the areas of the scope of the risk management are following : 1) Cash Management 2) Policies and procedure in document form and easily accessible by employees. 3) Too much family oriented and managed business and hence the need for a professional face of the company. 4) Assessing the impact of external factors 5) Ensuring compliance 6) Risk in relation to functions –human resources management, financial operations, OHS, supply chain, local governance and compliance issues. 2. Goals Goals setting is quintessential for the success of a risk management plan. Goals should be aligned with the policies of the company. Macville’s business goals are : 1) Expanding customer base by providing quality customer service 2) Increase the number of stores across Australia 3) To appropriately manage the risks involved with the operation of store 4) To give the new manager significant insights into the store’s operations. 5) To ensure there is a smooth transition to the Mac Ville systems. 6) To encourage the new manager to give ongoing support for risk management.

BSBRSK501 MANAGE RISK

3. Stakeholders: Stakeholder is an employee, manager, vendor, society, and even government who affect or can be affected by an organization's actions.

Stakeholder Vendors supplying pastries and other materials

Internal/external External

Role in process Responsible for the quality of food products

Stake in process More business with the company

Store Manager

Internal

Driving operations Increase in profit profitably and business

Customers

External

Reason for our existence

Best Quality, cheap price

Top Management

Internal

Running the business

More stores, more business, more revenues

Regulatory Bodies

External

Compliance

Actions of business should not be against law of land

Analysis Risk analysis is the phase where the level of the risk and its nature are assessed and understood. This information is the first input to decision makers on whether risks need to be treated or not and what is the most appropriate and cost-effective risk treatment methodology. We have two types of risk analysis methods:PEST A PEST analysis is an effective tool for investigating external environmental factors. PEST stands for the Political, Economic, Social and Technological.

BSBRSK501 MANAGE RISK ▪ Political Proposed laws that may affect organisation. In this case study compliance standards in WHS, privacy and industrial relation laws. Others are Taxation policy, Merit/demerit goods, and employment regulations. ▪ Economical according to the case study dealing with banks, borrowing from the banks etc . Business has strong economic growth potential. ▪ Social population is increasing which is good for business; ageing population has better access facilities. ▪ Technological National broadband network scheme is coming in the are very soon which would The SWOT Matrix SWOT analysis (alternatively SWOT Matrix) is a structured planning method used to evaluate the Strengths, Weaknesses, Opportunities, and Threats involved in a project or in a business venture. A SWOT analysis can be carried out for a product, place, industry or person. In this case study the result of the SWOT analysis could be the classified in the following manner: ▪ STRENGTHS: good location of the business, increasing population of the area, no other competitor in the near locations etc. ▪ WEAKNESS: On time delivery of food, difficulty for managers to access due to long driving, no written policy and procedures manual, improper use of water, no proper security systems etc. ▪ OPPORTUNITIES: because of the easy access to busses and the stores central location there is a plenty of business opportunities, there were opportunities for opening more cafes in the surrounding shopping centers like Wilsonton, Clifford Gardens and K-Mart Plaza ▪ THREATS: Introduction of legislation that backs up the local by-law concerning efficient water usage, particularly by industries, representatives of a large international chain of coffee shops had been making enquiries around town about opening a store in the Toowoomba CBD.

Research

BSBRSK501 MANAGE RISK In this case study it is clearly evident from the following findings that the considerable amount of research has been done. ▪ After research it has been found that two hour delivery would make fresh pastry deliveries from the company’s central bakery plant impractical. ▪ Regarding the population and age research it has been found that the café is attracting a large percentage of retirees because of its easy access to buses and the stores central location ▪ Having conducted the area research it was found that there were opportunities for opening more cafes in the surrounding shopping Centre’s.. ▪ The research of upcoming laws and policies revealed that the current law was due for implementation on the 1st of next month allowing cafes to expand their footpath.

Describe: The process of identification can be aided by various tools and techniques, which should be selected based on the purpose and context of the risk management activities being undertaken. Some of these tools include: ▪ Checklist: It helps to ensure consistency and completeness in carrying out a task Human resources management risk. i. No written policy and procedures manual and limited staff training –could lead to errors and inappropriate actions. ii. Authorisation system not clearly defined –could lead to fraud. iii. Lack of sales promotion techniques –impacts of the stores financial viability. Financial operations risk i. No separation of duties –could lead to fraud. ii. The banking was not done every day and was kept on the premises overnight without a safe –assets not protected could lead to thief. iii. Not all takings from the cash register by family staff members were recorded – unacceptable behaviour in a company store and could lead to misappropriation of funds. OHS risk i. Manager two-hour drive to and from weekly manager’s meeting –could lead to physical injury. ii. Unstable and broken chairs –customers injured –compliance breach and customer suing, reputation loss iii. No established process for dealing with injuries happening at work –staff need a quick and organised response to injuries –staff work loss, unions suing, reputation loss. Supply chain risk

BSBRSK501 MANAGE RISK i Impractical to deliver fresh pastry from the company’s central bakery plant in timely manner –brand loss, quality service loss. ii. Supply of company branded supplies –brand loss. Local governance and compliance risk over I. Wateruse –company could be fined –reputation/brand loss. ii. Incomplete employment records –unions could sue –government penalties – reputation/brand loss, $50,000 fine. iii. Confidentially of records not guaranteed –privacy law breach

▪ Fishbone diagrams: Fishbone diagrams are cause and effect diagrams. Use of fishbone diagram encourages a systematic approach to identifying risks that looks beyond the obvious causes of a problem. ▪ Flowcharts: A flowchart is a type of diagram that represents an algorithm or process, showing the steps as boxes of various kinds, and their order by connecting them with arrows. Flowcharts use various symbols and shapes to represent different facts of a process and arrows to show flow of information, communication and control. Summary of meeting with the manager After having visited the new store in Toowoomba a written report was prepared according to the risk management policies of MacVille. This report defined and identified the environment, characteristics and stakeholders, their goals and objectives, and the scope of the specific risk management process. . Later, this report was discussed with the manger. Some of the things and factors discussed with the manger are as following ▪ Discussion on the issues raised by James Mansfield and Ron Langford ▪ Discussion on the report on previous NSW expansion, which head office had given you ▪ Discussion on privacy and industrial relations law. ▪ Discussion on the Lack of written policy and procedures to guide staff in carrying out their duties. ▪ Discussion on the lack of a professional business culture in the family runs business. ▪ Discussion about the methods to communicate with stakeholders. After having discussion on the all aspects of the research on the risk assessment my Manager suggested me to contact stakeholders through a written form of communication i.e. either Email or letter

Draft of the communication for consultation with stakeholders.

BSBRSK501 MANAGE RISK From: ManagerTo: FARM committee Ref: New Toowoomba store I have been assigned the task of managing risks involved in the operational takeover of the Toowoomba store. I conducted research as per the Macville risk assessment policies and prepared a report regarding the threats and opportunities the takeover of business could bring to the company. I want to bring forward to the committee the highlights of the research and want suggestions and inputs from the committee. Following are the some of the findings of the research: The following are four broad areas where potential for risk to MacVille has been identified. Under each area, examples of possible risks are detailed.

Operational/Organizational ● Legal and regulatory compliance: there were no written policy and procedures manual, no proper cash handling rules, chances for break-ins due to nonexistence of proper security system, no OHS policy and improper use of water is violating the state law. ● Logistics and Product quality: The two hour delivery would make fresh pastry deliveries from the company’s central bakery plant impractical. The pastries would arrive after the morning rush. These are a key part of the MacVille assortment there is also a concern about getting the company branded supplies through as quickly. ● Infrastructure, plant and equipment: The fit-out in parts looked old and unattractive, with some chairs unstable and broken and some parts of the worn carpet was simply taped over with gaffer tape. ● Customer interaction: unskilled staff, not properly trained about the customer interaction skills Financial ● Accountability: cash is not handled properly, too much cash is kept at the premises, no proper policy of doing day to day banking and financial records are not password protected and anyone could access the information. ● Fraud or theft: no proper cash handling rules, chances for break-ins due to non-existence of proper security system, ● Loss of income, funding/finance

BSBRSK501 MANAGE RISK Governance: business is a family run business. In family run business work ethics and professionalism is always a big issue. Project Management The long drive from Toowoomba to Brisbane would make attending the weekly managers meeting difficult considering many meetings did not finish until into the evening after refreshments. There is also manager training sessions that need to complete over the next 6 months in conjunction with a few other assistant managers. These were highlights from the research I wanted bring forward to the committee and inputs regarding how the committee wants to address these issues are sought.

Regards, Manager, Toowoomba store

BSBRSK501 MANAGE RISK Assessment Task 2 Risk analysis and management plan A) Likelihood :Once risks are identified, the next step is to determine the likelihood that the potential vulnerability can be exploited. Several factors need to be considered when determining this likelihood. First, the auditor needs to consider the source of the threat, the motivation behind the threat, and the capability of the source. Next, auditors need to determine the nature of the vulnerability and, finally, the existence and effectiveness of current controls to deter or mitigate the vulnerability. The likelihood that a potential vulnerability could be exploited can be described as high, medium, or low. Rare risk means that highly unlikely, but it may occur in exceptional circumstances. It could happen, but probably never will. Unlikely risk means that not expected, but there's a slight possibility it may occur at some time. Possible risk means that the event might occur at some time as there is a history of casual occurrence at the University &/or similar institutions. Likely risk means that there is a strong possibility the event will occur as there is a history of frequent occurrence at the University &/or similar institutions. Frequent risk means that very likely. The event is expected to occur in most circumstances as there is a history of regular occurrence at the University &/or similar institutions/Organizations。 According to the Case Study, there are: i.

ii.

iii.

Banking Risk – There is possibility of theft of cash that is left on premises as the banking in Café was not done every day and often $4000 was kept on the premises overnight in the cash register. It is a possible risk. Manager’s Travel Risk – It is an unlikely risk that the manager would involve in an accident in spite of being a competent driver because of the steep narrow climb up the range with trucks blocking the way that is quite difficult in daylight hours. By-law Compliance Risk – It is an unlikely risk that if the employees or the manager use more water, they could get the fines for excessive usage of water and consequently breaching the current by-law will occur.

B) Consequence: Failing to address risk can lead to consequences that span the spectrum from mere inconvenience to grave danger. The general level of consequence is Catastrophic, Major, Minor, and Insignificant. Catastrophic Risk like multiple injuries, regulatory intervention, net revenue loss or asset damage exceeds $x, damage to reputation at international level and long-term environmental damage.

BSBRSK501 MANAGE RISK Major Risk such as single stakeholder, breach of licenses, legislation, regulation or mandated standards; net revenue loss or asset damage between $xxx, damage to reputation at national level and medium-term (1-5yr) environmental damage. Minor Risk like breach of internal procedures, net revenue loss or asset damage between $x-$xx, adverse news in local media and environmental damage which requiring up to $250,000. Insignificant Risk like no breach of licenses, standards, guidelines or related audit findings; net revenue loss or asset damage $x, public awareness may exist, but there is little public concern and negligible environmental impact.

According to the Case Study, there are i. Banking Risk – There is a possibility for theft of cash left on the premises and it is also dangerous to the employees in the Café. So, it is a major risk of not banking money every day. ii. Manage Travel Risk - There is a possibility for the manager to have an accident because of the long drive and also the navigating the steep narrow climb up the range. If there is any accident occurs, the company has to insure the manager as well as to find a substitute for the manager and this will slow down their Café business. So, it is major risk. iii. By-law Compliance Risk – If the company didn’t use the water effectively,they will end up paying the fines up to $50,000 according to the current by-law and it would be a loss for the company as well as a drawback for their organization. So, it is a minor risk. C) Priorities: Now that you have determined both the likelihood and consequence of risk, the two are combined to determine the rating. The most effective method of risk analysis is to generate a risk matrix. A risk matrix is shown below, where the identified consequence meets the identified likelihood, a risk rating is given. The allocation of a risk rating should prompt a decision to be made about the action to be taken, as below. Extreme – immediate senior management action, e.g. multiple deaths of employees. High – Action plan needed, allocated responsibilities, e.g. damage to valuable assets. Medium – Risk requires only monitoring and review, e.g. loss of assets due to staff theft. Low – Risk accepted – but not ignored, e.g. a paper cut. Extreme – Banking risk: keeping cash of $4000 on the premises is an extreme risk as there is possibility for theft and dangerous to employees. High – Manager’s travel risk: because of the long drive. Then the company has to substitute for the manager as well as to do the insurance for the manager in order to

BSBRSK501 MANAGE RISK support the manager. Medium – By-law compliance risk: it is important to use the water effectively; other wise the company will end up paying the fines up to $ 50000.

D) Options: The options for treating the risk which is likely to be effective and feasible for the organization are action plan early and internal control procedures. The following need to be considered when choosing an appropriate treatment for a risk: acceptability to all, administration efficiency, capacity compatibility, continuity of effects, contracts, cost effectiveness, economic and social environment, equity, individual freedom, jurisdictional authority, objectives, regulatory, risk creation and timing. Develop an action plan for treating risks Plan Early Experienced operators know that risk management is a proactive process. It is not the thing you do when a risk emerges because by then it may be too late. Effective risk action plans are those that are part of the operations of the organization. Problems that start small can escalate into large threats, or a risk may appear suddenly that threatens the reputation of the entire organization. Having risk management processes and planning in place when these happen could stop the escalation and minimize the impact from the sudden disaster. The risk action plan outlines how the risk is to be managed and a timeline for this process to take place. It should include: the risk, risk rating, treatment activity or controls, roles and responsibilities for those involved, timeline, and monitoring arrangements. Internal Control Procedures Risk Management and Internal Controls The Company is committed to the identification, monitoring and management of risks associated with its business activities. Management is ultimately responsible to the Board for the Company’s system of internal controls and risk management. The Company’s risk management policies and procedures cover regulatory, legal, property, treasury, financial reporting and internal controls. A clear organizational structure exists detailing lines of authority and control responsibilities. Each business unit is responsible and accountable for implementing procedures and controls to manage risks within its business. Company management has established within its management and reporting systems a number of risk management controls. These include: • Formal operating and strategic planning processes for all businesses within the Company;

BSBRSK501 MANAGE RISK • Annual budgeting and periodic reporting systems for all businesses which enable the monitoring of progress against financial and operational performance targets and metrics and evaluation of trends; • Guidelines and limits for approval of capital expenditures and investments; • Policies and procedures for the management of financial risk and treasury operations; and • Standards of Business Conduct which are applicable to all employees. Certain risks cannot be mitigated to an acceptable level by internal controls. Such risks are transferred to third parties in the international insurance markets to the extent consider...