BUSINESS ADMINISTRATI.docx

BUSINESS ADMINISTRATION I:
RISK MANAGEMENT
READ THIS BEFORE YOU DO ANYTHING ELSE!
1.
TUTORIAL INTRODUCTION
We trust that you will find your studies towards this
qualification rewarding.
It is very important that you work through the study material
in each guide and in the
prescribed text books, as this will prepare you for the
assignments at the end of each Module. In
order to complete the Qualification you need to be found
competent against all the Assessment
Criteria of the Topics in this Module.
2.
HOW DOES THIS MODULE WORK?

Chapters start with a title followed by the lessons for that
chapter. At the beginning of
every chapter is a list of the outcomes for the particular chapter.
YOU ARE NOT REQUIRED TO ANSWER THESE
STATEMENTS. We are only
informing you of WHAT you will learn and be assessed on in
this module.
The study guide fulfils the purpose of a tutor, and will
effortlessly guide you through the
training material. Each lesson teaches you about a specific
topic.
Make sure you understand the topic of the lesson before you
proceed to the next lesson.
If at any time you require assistance, please contact one of the
study advisors at BMT
College who will promptly assist you with any queries.
REMEMBER: IT IS IMPORTANT TO STUDY AND WORK
THROUGH
ALL THE LESSONS IN THIS GUIDE BEFORE
ATTEMPTING THE
ASSIGNMENT. IF YOU UNDERSTAND THE WORK IN
THIS GUIDE,
THE ASSIGNMENT WILL BE EASY.

STUDY INSTRUCTIONS
3. ICONS USED IN THIS MANUAL
LESSON 1
Indicates the start of a new lesson
Indicates the start of a Chapter (also top left of STUDY
chapters) Usually an explanation
or definition of a specific word or concept Examples of a
specific topic or concept
Important information.
Take a break from your studies!
Making notes while you study is very important. Spaces have
been allocated throughout this manual for this purpose
Indicates self assessment and self assessment answer section
THESE SHOULD NOT BE SUBMITTED FOR ASSESSMENT

Outcomes for this Module (What you will learn)
Steps to be followed in order to complete/execute/do a specific
action or task.
Prescribed textbook
No textbook required for this module.
READ THIS BEFORE YOU DO ANYTHING ELSE!
HOW TO COMPLETE YOUR ASSIGNMENT
4.
COMPLETING THE QUESTIONS:
Answers to review questions must preferably be typed as this
eliminates the possibility
of an assessor marking the answers incorrect due to the
illegibility (unclearness) of the
handwriting.
You need to complete ALL the formative questions. Unless the
Col ege granted you
RPL exemption from that topic or subject, you need to do all the
questions. If you do not
understand a question, phone or e-mail your assessor to get
assistance. ALL
questions need to be completed in order to be found
competent.
Each question must be marked clearly. The question numbers

must not be placed in the
left margin but at the top of the answer.
Question 1.1
An example of a breakfast cereal is Kellogg’s.
Only attempt the summative assignment after you successfully
worked through the
module and completed all the formative questions for the
particular module/s.
Diploma learners are required to complete a Summative
assignment on completion of a
subject (provided in the yellow assignment covers).
Use single sheets, front side only. (Double pages must be cut
loose on the sides)
Learners who received exemption from certain topics or
subjects through RPL
(recognition of prior learning) must attach the official letter
from the College stating the
exempted topics or subjects.
5. SUBMITTING YOUR FORMATIVE AND SUMMATIVE
ASSIGNMENTS:
Make sure your name, surname and student number is on every
page.
Place the answers to your formative assessment inside the
BLUE Formative Assignment

cover provided.
Place the answers to your summative assignment inside the
YELLOW
Summative Assignment cover provided.
Use a file binder and bind the cover around your answer sheet.
Always keep a copy of your assignment (should your
assignment be lost in the post) as
the BMTC can take no responsibility for assignments lost in the
post.
STUDY INSTRUCTIONS
PLEASE NOTE: You can only submit the Formative
Assignment once! That
means, you only have one attempt for the formative
assessment. If you fail
the formative you need to make up the marks in the
summative. You have
three attempts to pass the summative assignment successfully.
6.
RESULTS OF YOUR FORMATIVE AND SUMMATIVE
ASSIGNMENT:
Your formative and summative assignment results will be
outlined in a results letter at the
end of each module.

Your formative assessment will count 25% toward your final
result for the module and
your summative assessment will count 75% of your final result
for the module.
To pass and to be advanced to the next module, you need a
final result of 50%.
If you do not obtain a pass mark of 50%, you will be required
to re-do sections of the
summative assignment where you did not obtain a success
Assignment (tests) structure for the 1st year of the Diploma
qualification Study
Formative
Summative
Next Action from the college?
Process
STUDY COMPONENT 1
Management Principles (a)
College will mark module 1
NO SUMMATIVE DUE
Step 1
Complete and submit
formative assignment and posts
after module 1
Module 1 questions
module 2.
Management Principles (b)
NO SUMMATIVE DUE
Step 2
Complete and submit

after module 2
Module 2 questions
module 3.
Management Principles (c)
Complete and submit the
formative and summative of
Complete and submit
Step 3
summative assignment on
component 1. Learner receives
Module 3
Module 1, 2 and 3.
results of component 1. The College
formative questions
posts module 4.
STUDY COMPONENT 2
Business Admin (a)
NO SUMMATIVE DUE
Step 4
Complete and submit
after module 4
Module 4 questions
module 5.
Business Admin (b)
NO SUMMATIVE DUE
Step 5
Complete and submit
after module 5
Module 5 questions
module 6.

Business Admin (c)
Complete and submit
Step 6
Module 6
Module 4, 5 and 6.
results of component 2. The College
formative questions
posts module 7.
STUDY COMPONENT 3
Entrepreneurship (a)
NO SUMMATIVE DUE
Step 7
Complete and submit
formative assignment and post
after module 7
Module 7 questions
module 8.
Entrepreneurship (b)
College will assess module 8
Complete and submit
Step 8
Module 8
Module 7 and 8

formative questions
results of component 3.
END OF 1ST YEAR
STUDY PLANNER
Expected
Suggested
time of
Type
REF
Heading/Description
Duration
completion
(in hours)
(learner to
complete)
1. RISK MANAGEMENT
Lesson
1.1
Introduction to risk management
4
Lesson
1.2
Types of Risk
2
Lesson
1.3
Risk Assessment and Evaluation
3
Lesson
1.4
Risk Mitigation and Response

2
Lesson
1.5
Impact of Legislation on Risk Management
3
Formative
1
Complete formative answer sheet (Blue Cover)
3
CHAPTER 1
RISK MANAGEMENT
IN THIS CHAPTER:
LESSON 1.1 : INTRODUCTION TO RISK MANAGEMENT
LESSON 1.2 : TYPES OF RISK
LESSON 1.3 : RISK ASSESSMENT AND EVALUATION
LESSON 1.4 : RISK MITIGATION AND RESPONSE
LESSON 1.5 : IMPACT OF LEGISLATION ON RISK
MANAGEMENT

AT THE END OF THIS CHAPTER YOU WILL BE ABLE TO:
1. Understand
business
risks;
2. Identify the broad factors driving risk;
3. Understand the interrelationship between elements
responsible for success and the risk
of failure;
4. Advise on preventative measures and contingency planning;
5. Explain risk
management.
LESSON
1.1
LESSON 1.1
INTRODUCTION TO RISK MANAGEMENT
In this Lesson:
Management expert Peter Drucker argues that risk management
– the ability to manage
the unexpected – is as important as entrepreneurship and
business skills in propelling economic
growth.
A society that is able to control and cushion against disaster is
better able to deploy its
resources towards economic and social advancement.

One of the duties of the directors of a company is to take risk
for reward, which is the
essence of business. Risk governance is the responsibility of the
board, but the implementation of
processes relating to risk is a management function.
A company must have and maintain an on-going risk
assessment process, consisting of
risk identification, risk quantification and risk evaluation.
CONCEPTS AND VOCABULARY TERMS YOU NEED TO
UNDERSTAND:
the risks faced when
undertaking a course of action. Where possible and affordable,
the business might take out
insurance policies, though not all risks can be insured.
quantify any threats to the
firm’s continued operations.
threats to the
organisation's stability or profitability (see risk identification).
Manager can apply a long-term
strategy or risk minimisation by addressing each of the main
areas of risk.
9
© Business Management Training College (Pty) Ltd

1. UNDERSTANDING RISK
There are many meanings attached to "risk" and this means
that very different approaches
to risk management are taken in different fields.
For
example:
The ISO 31000 (2009) /ISO Guide 73 definition of risk is the
'effect of uncertainty on
objectives'. In this definition, uncertainties include:
events (which may or not happen) and
uncertainties caused by a lack of information
uncertainties caused by ambiguity.
This definition also includes both negative and positive
impacts on objectives.
Another definition is that risks are future problems that can be
avoided or mitigated,
rather than current ones that must be immediately addressed.
Risk can be seen as relating to the
probability of uncertain future events.
In
information security risk is defined as "the potential that a
given threat will exploit

vulnerabilities of an asset or group of assets and thereby cause
harm to the organisation"
Financial risk is often defined as the unexpected variability or
volatility of returns and
thus includes both potential worse-than-expected as well as
better-than-expected returns.
In general, we may think of risk as: A situation involving
exposure to danger.
Some examples of risks are:
Interruptions of the business cycle or business processes
arising from government
regulation, economic conditions, social conditions, weather
systems, natural disasters, and other
sources;
Unforeseen changes in existing strategic partnerships, key
business relationships, and
vendor/supply sources;
Changing labour market conditions affecting labour force
availability and costs;
Issues arising from integrations of computer systems,
communications networks,
accounting systems, and other systems;
Access to information may be prevented by government or
legal restrictions, privacy
concerns, or other frameworks that are put in place;

Security conditions might arise that affect operations.
10
LESSON
1.1
Example: Greenpoint Stadium
Two of the many factors that posed risks with the building of
the Greenpoint Stadium
were:
What will happen when the Soccer World Cup is over? The
cost of maintenance alone
means the city will continue to pour huge amounts of
ratepayers' money into the stadium for
years with no direct return.
Weather related risks.
Contractors building the multimillion-rand Green Point
Stadium were bracing themselves
for a few months of heavy rains and gale-force winds, seven-
and-a-half months ahead of the
deadline to complete the World Cup venue.
During a muddy walk-about on site one day, the project
managers could see why one of
the key risk factors facing stadium contractors was winter.

At that point the main concern was the external works, and
how they could seal the site to
make it "watertight" before the end of the month.
Following is a list of incidents that illustrate the devastating
effects of the consequences
of event risks and of the need to manage risk effectively.
(Source: ‘Risk Management’ –AD Valsamakis, RW Vivian,
GS du Toit)
Event
Cause
Consequence
Thalidomide was a widely
6 000 malformed babies
1959 -1961:
prescribed sedative drug that
were born in 20 countries.
Use of medical
caused genetic damage in the
The producer of the drug paid
drug Thalidomide babies of women who took the
compensation.
drug.
1960:
435 miners were trapped
A coal-mining disaster occurred

Coalbrook mining
underground and all attempts
when part of the mine collapsed.
disaster, SA.
to rescue them failed.
1988:
An explosion, resulting in fire and
165 men were killed, the
Piper Alpha off-
flowed by further explosions was
platform was destroyed and a
shore rig
caused by an operator error during total loss of approximately
explosion, North
restart after a safety valve had
R16bn was sustained.
Sea.
been removed.
1995:
A locomotive falls
A locomotive fell down a mine
down a mine
104 people killed.

shaft at speed
shaft, Vaal Reefs
mine, SA
A sophisticated terrorist attack was launched in the US when
four
2001:
aircraft were hijacked, two of which crashed into the World
Trade
Terrorist attack
Centre. This caused the twin towers to collapse and the deaths
of
thousands of people.
11
1.2 RISK AND UNCERTAINTY
Two of the factors that make up risk, are uncertainty and
levels of risk.
Uncertainty
implies
doubt about the future. We cannot predict the future, and we

therefore feel uncertain
due to a lack of information. Uncertainty is very important
when we talk about risk. If we are
sure that something is going to happen, it is not a risk, but a
certainty.
If we are certain that something is going to happen, we cannot
get insurance to cover it.
You may now ask, what about life assurance? We are all sure
that we are going to die at
some time, so how can we buy life cover?
The answer is that although we have certainty that we will die
at some time, we don’t
know when. It is due to this uncertainty that we can buy life
assurance
EXAMPLES of risk that can or can’t happen:
You drive your car to work every day. You cannot tell if an
accident is going to happen.
You have a house built, but it may burn down.
You work in an office, but it may be destroyed by a fire.
You feel OK today, but you don’t know if you are may suffer a
heart attack or a stroke or
an accident. You don’t know when, if ever, it may happen.
Interest rates may change (increase or decrease)

In the book ‘Risk Management’ by AC Valsamakis, RW
Vivian and GS du Toit, the
certainty-uncertainty continuum is illustrated as follows:
Level of uncertainty
Characteristics
Examples
Outcomes can be
Physical laws, natural
None (certainty)
predicted with precision.
sciences.
Outcomes are identified
Games of chance, cards,
Level 1:
and probabilities are
Objective uncertainty
dice.
known.
Outcomes are identified,
Level 2:
Fire, car accidents,
but probabilities are

Subjective uncertainty
investments.
unknown.
Outcomes are not fully
Level 3 :
Space exploration, genetic
identified an probabilities
Total uncertainty
research.
are unknown.
12
LESSON
1.1
A high degree of uncertainty, as at level 3, reflects a
significant lack of understanding and
knowledge of the situation, resulting in a low level of
confidence and assurance. Where there is
complete uncertainty, the prediction of possible outcomes is
impossible.
Uncertainty, which is a condition that results from an inability
to foresee future events,
has been recognised as affecting all walks of life. (Risk
Management Ed 4)
1.3 LEVELS OF RISK

We know that there is a bigger chance that certain things may
happen than others.
We can determine this in two ways:
Frequency
Severity
1.3.1 Frequency
Frequency
is
how often something happens.
Imagine a house that is situated next to a river that is known to
overflow its banks when
heavy rain occurs. Now, imagine a house that is situated on a
hill, 100
meters from the river. We do not know when the river will
overflow, but we do know
which house is more likely to be flooded should the river
overflow
Explanation:
If the river just overflows slightly, the possibility is greater
that the first house will be
damaged. The second house will only be damaged if the river
overflows severely. It is therefore
more likely that the first house will more often be flooded, due
to its position next to the river.

1.3.2 Severity
Severity
is
how serious will it be if something happens?
Think about the two houses. If the first house is worth R 50
000 and the second R
500 000, will that change our attitude towards risk?
Remember, the risk that the first house will be damaged more
frequently is higher, but,
should the second house be damaged, the costs of repair will be
much higher because of the
higher value.
13
1.4 COMPARISON BETWEEN FREQUENCY AND
SEVERITY
In many risk situations, there is a high frequency and a low
severity of loss.
This means there are a high number of small losses, and

relatively few big losses.
1.
Fire losses at houses
There are many more small fires at houses, but few big losses.
2. Vehicle
accidents
The average costs are relatively low, with a relatively small
number of big claims.
3.
The cost of personal accident claims normally the cost is low,
with few big claims.
Thousands of passengers make use of commercial airlines
every day. How often do you
hear of aeroplane accidents? Air travel is a relatively safe way
of travelling.
But, should an accident occur, it usually involves high costs,
both in financial terms and
in loss of life.
High frequency, low severity
Low frequency, high severity
Technology can be developed to restrict the number of
accidents. Automatic flying
equipment and electronic landing systems can serve as

examples.
1.5 WHAT IS RISK MANAGEMENT
Risk management is defined as a set of principles and
processes that help minimise the
negative impacts of risks and maximise the positive impacts.
Risk management should identify
risks, assess them, determine a suitable response, and
implement that response. In order for risk
management to be successful, it must be integrated into the
culture and the day-to-day activities
of the organisation.
It is a managerial function aimed at protecting the organisation
and its people, assets and
profits against the physical and financial consequences of risk.
It involves planning, coordinating
and directing the risk-control and the risk-financing activities in
the organisation. (Risk
Management Ed4)
The risk management process should be PACED:
Proportionate to the size of your organisation;
Aligned to your organisation’s mission;
Complete;
Embedded into the culture of the organisation and its day-to-
day activities; 14

LESSON
1.1
Dynamic and responsive.
Some examples of risk management processes and plans:
House insurance
Disaster recovery plans
Succession planning
In simple terms Risk Management reduces the likelihood of
project failure, be it
financial, schedule or performance based.
1.5.1 Why is Risk Management so important?
It is widely recognised that strategic, project and operational
failures are all too common:
Only 28% of IT projects deliver on time and on budget. More
than 25% fail to deliver at
all (source - PMI Risk symposium 2005)
According to the Project Management Institute, projects with a
sound risk process can
expect a 15% higher success rate than standard projects.
17% increase in cost efficiency;

15% increase in schedule efficiency;
A single averted risk can pay for all risk management activity
for that project.
By identifying and managing risks today, Project Managers
can plan well ahead of the
problem’s occurrence.
1.5.2 Benefits of risk management
Any organisation that effectively manages risk will experience
significant benefits
throughout a number of areas, including:
Improved strategic and business planning;
More effective use of resources;
Increased ability to deliver on time;
Reduced costs by limiting legal action or preventing
breakages;
Improved reliability leading to an enhanced reputation;
An ability to quickly grasp new opportunities;
Fewer breakdowns, fewer shocks and fewer unwelcome
surprises;
Enhanced communication between business units and
departments;
The ability to reassure key stakeholders throughout the

organisation;
The promotion of continuous improvement, leading to higher
quality of output
A more focussed internal audit programme;
Robust contingency planning.
15
1.6 ESTABLISHING YOUR RISK MANAGEMENT
CONTEXT
Each organisation is unique, and it is crucial that you identify
the context in which your
risk management framework must operate.
Consider:
The regulatory or legal environment you operate in with
respect to both internal
practices (e.g. labour laws and regulations, liability claims,
etc.) and how you relate to your
customers and vendors.

Communication methods you will use to notify and
communicate with your
stakeholders, as a range of techniques may be required to suit
different stakeholder groups.
The size of the organisation in terms of the number of
divisions, revenue of business
lines, size of markets, and budgets of functional groups.
Labour relations in the organisation.
The structure of the organisation, which can affect risk
analysis, planning, and
implementation.
The culture of the organisation with respect to risk tolerance.
Is your organisation a
conservative family business or an edgy risk-taker?
1.7 AREAS OF BUSINESS AFFECTED BY RISK
Risks are typically related to one of four areas:
The organisation’s long-term strategy (three years, five years,
and beyond);
The way that an organisation manages change (for example,
during mergers and
restructuring);
The day-to-day operations of the organisation;

The general financial health of an organisation.
Risk can be positive, negative, or neutral – simply a deviation
from the norm. Risk is
often defined as an event or a consequence.
What happens if one area of a business fails?
Risk management is important in all areas of business. It is of
no use if one area has all
the practices in place, while others neglect possible risks and
have no risk management plans in
place.
We will look at the effect on the organisation if certain areas
fail, for example product
development and project management.
16
LESSON
1.1
1.8 IMPACT OF RISK MANAGEMENT IN NEW PRODUCT
DEVELOPMENT
If for example, a company develops new products, they face a
number of risks and
challenges, some of which are:

Failure of the new product development process;
Failure of the product at the testing stage;
Problems in market acceptance;
Unsuccessful launch of the new product.
No one wants to see a new invention go sour when it hits the
commercial market.
Reasons for a new product not doing well include appearance
(people don't like the size,
shape or colour) and price (price too high for what they get) To
manage these types of risks, it is
important to remember that:
Commercial success happens long before a product is
completely finished or designed.
As an inventor of new products, you should always develop
ideas with
future commercialisation in mind. That way, you can avoid
costly errors. For
example, if you have an interesting shape you can add to your
invention, it will be more
marketable. You can file for what is called a design patent to
protect that aspect of your product.
File this as soon as you come up with your new design.
Know the power of a good logo. People are literally
bombarded with information and
products. How can you make yours stand out? And how do you

need to adjust its design to best
do that? What about a trademark? This is like a brand name. If
you come up with a good one, it
can be protected in a similar way as obtaining a patent for a
product. What about colour? Just
because you can get a ton of product made cheaply in a certain
colour doesn't mean you should.
Colour choice is critical in the developing of new products. Do
your research in this area.
Current trends and fashions. Last year’s ideas may not sell
well this year.
Last and maybe most important is pricing. You need to know
how much people will
pay for your invention before you perfect it. That way, you'll
make design and product
development choices that are in line with predicted mass
production costs.
1.8.1 Impact of risk management on project management
Let us look at the impact of risk management on a new project
in an organisation.
In project management, risk refers to future conditions or
circumstances that exist outside
of the control of the project team that will have an adverse
impact on the project if they occur.
Whereas an issue is a current problem that must be dealt with, a
risk is a potential future problem
that has not yet occurred.
17

A reactive project manager tries to resolve issues when they
occur. A proactive project
manager tries to resolve potential problems before they occur.
This is the art of risk management.
Not all issues can be seen ahead of time and some potential
problem that seems unlikely to
occur, may in fact occur. However, many problems can be seen
ahead of time and they should be
managed through a proactive risk management process.
Identify all
Respond to
Control risks during
possible project
important project
the project and look
risks
tasks
for new risks
Create risk
Analyse all project

management
risks to see which ones
Create contingency
plan
are important.
plans for high risks
High level process flow
Everything in life has some degree of risk. Walking across the
street can be risky.
Your projects have risks as well. The project manager should
perform a risk assessment
with the project team and the client to identify high, medium
and low level risks. If you are
lucky, you may find that you only have low risks. However, this
assessment will alert the client
and the project team to any medium and high-level risks that
may cause future problems.
Identifying risks on your project is not necessarily bad, since
risks are common to all
projects. All projects have some degree of risk. Projects with a
higher level of risk require more
rigorous risk management and more management focus.
Although not all risks can be eliminated entirely, most can be
anticipated and managed

ahead of time.
The purpose of risk management is to identify the risk events
for a project and then
establish a Risk Management Plan to manage the risk event and
minimise harm to the project.
18
LESSON
1.1
A ten step risk management process:
1.
Define the work
4.
Issues
10.
5.
Procure-
ment

scope
3.
Manage the
9.
schedule and
6.
Quality &
budget
Commu-
Metrics
nication
7.
8.
Risk
HR
2.
Build the schedule and budget
2. THE RISK MANAGEMENT PROCESS
The key activities in the Risk Management process are:
1. Recognise
risks;
2. Evaluate
risks;

3.
Respond to significant risk;
4. Resource
controls;
5.
Plan the reaction;
6.
Report and monitor performance;
7.
Review the risk management framework.
2.1. Recognise risks
A large, complex organisation will require a formal, detailed
risk identification process,
while for a small organisation, a short, informal process will be
sufficient.
A template can be used to track and record all relevant
information. Basic information
should include:
Risk identifier, such as a number;
Description of risk:
Classification (usually based on organisation’s business or
operating units, but should be
customized for each organisation)

Why is it a risk?
Is this a hazard, opportunity, or uncertainty?
Tangible impact (people, time, money, etc.)
Non-tangible impact (reputation, morale, objectives, etc.)
19
Data gathered or studies completed
Timeline:
When might the risk occur?
How long could it last?
Could it reoccur?
What signals or alarms will we see?
Scope of risk:
What could happen as a result of this risk?
What is the likelihood of the overall risk and each
consequence?
What data do we have about the consequences of this risk?

What other risks could occur from this risk?
Rate the impact (low, medium, or high) and the likelihood
(likely, neutral, not likely)
Previous experience with this risk
Risk attitude: Organisational tolerance for the risk
2.2
Rank and evaluate risks
One method to use is the 3x3 matrix, which we will discuss
later on in this module.
2.3. Respond to significant risks
There are generally four ways to respond to risks.
2.3.1 Risk avoidance is refusing to undertake, or abandoning a
venture in which the risk
seems too costly.
Many people who would like to be self employed don’t start a
business to avoid the risk
of loss.
Leasing rather than owning is a way to avoid ownership risk.
Using the corporate form of ownership is a way to avoid
unlimited liability.
2.3.2 Risk prevention, is the practice of taking measures to

minimise loss.
Smoke detectors and sprinkler systems help reduce fire
damages without avoiding the
fire.
Safety programmes are designed to prevent accidents. Running
a credit check helps
reduce bad debt expenses.
2.3.3 Risk assumption, Risk anticipation, or self insurance, is
the practice of putting
money aside to cover losses that might occur. The loss may not
occur, but if it does money is
available to help defer it. Self insurance is more common among
large businesses than small
ones, but a growing number of small businesses are joining
together to self insure.
2.3.4 Risk transfer or risk spreading is the practice of using
insurance to cover 20
LESSON
1.1
losses. The best form of protection against many risks is the
proper insurance. A
relatively small amount of money is required to insure against
great loss.
During a specified time period, the insured business pays a
premium to an insurance

carrier in return for a promise to receive a certain amount of
money in the event of loss as
specified in the insurance policy contract.
Key
Considerations
Keep the following points in mind when choosing a mitigation
strategy.
Any strategy should do as much as possible to ensure normal
business practices are not
interrupted or are delayed as little as possible.
In any larger company a risk materialising will almost
certainly require media
engagement to make announcements, clarify details, and
provide on-going information to
stakeholders and the general public about what your
organisation is doing. Managing the media
should be part of your plan.
Direct communication with stakeholders is critical. It should
be either general but
informative, or very specific to the impact the risk has on them.
If there is any chance that people may be injured or worse, you
should include medical
support in your planning. This can mean having an emergency
response team standing by or
simply providing emergency support numbers to your staff.

Depending on the risk, you may be required by law to obtain
insurance against it
occurring. If this is not the case but insurance is available you
should perform a cost/benefit
analysis to determine if insurance should be part of your risk
mitigation strategy.
2.4. Resourcing controls
Once a risk has been identified, and you have chosen to treat
it, it’s time to look at
controls that can be put into place to mitigate the risk.
Possible controls can include:
Re-allocating existing people or equipment;
Additional people;
New equipment;
Skills and training;
New information;
Your evaluation should look at:
21

Does the control meet laws and regulations?
How well does each control mitigate the risk?
What is the cost of the control vs. the implementation benefit?
What is the sustainability of the control?
What changes might have to be made to this control?
What other effects will this control have?
2.5. Reaction planning
You should build a contingency plan for each major risk that
has been identified.
What will you do if the risk does occur?
The plan should detail:
When:
How will we know when the risk will happen?
What will alarms look like?
When should we start acting?

Who:
Who has responsibility for this risk?
What other resources might they need?
Who else should be informed?
What:
What will happen when the risk occurs?
What will we do when the risk happens? (Depending on the
risk, this plan could be very
detailed or very simple. A step-by-step, timed plan may be
necessary.)
What consequences could the risk have?
What other risks might this event create?
Where:
Where is the risk going to happen?
2.6. Reporting and monitoring
When your organisation establishes its risk management
framework, a reporting
hierarchy should also be established. Your reporting structure
will differ depending on the
complexity of your risk management program. Some common
setups include:

A part-time risk manager;
A risk management committee;
A full-time risk management champion;
A risk management team;
A risk management department with an internal audit team.
22
LESSON
1.1
Your organisation will need to develop a checklist of items
that will need to be reported
on and monitored on a regular basis.
This checklist should include:
What data is to be gathered;
What form it is to be presented in;
Templates to be used;
When data should be gathered and reported;
Who is responsible for measuring, reporting, and monitoring.

Items that will need to be reported on include:
Changes to risks;
Near misses and incidents;
Changes that will affect the risk management program, such as
legislative changes,
industry developments, and changes in supporting elements of
risk planning.
Items that should be monitored include:
Effectiveness of risk controls;
Cost of controls vs. benefit achieved;
Laws and legislation;
Industry climate;
Alignment of risk management plan with corporate goals.
2.7. Review and Evaluate
A plan for periodic review and evaluation of the risk
management framework is a critical
element of any risk management program. Typically a thorough
review is performed annually.

Things that should be covered in the review process include:
Analysis of risk response measures and whether they achieved
the desired result, and did
so efficiently;
Review of reporting and monitoring procedures;
Knowledge gap analysis for risk assessments (Were people
able to find the information
they needed?);
Compliance check with appropriate regulations and
organisations;
Opinions of key external and internal stakeholders;
Self-certification;
Risk disclosure exercise, to identify future risks;
Repeat of risk assessment;
Lessons learned;
23
Recommendations and implementation plan.
Remember, the review should be proportionate to your

organisation. If your organisation
is small, an afternoon meeting to review your risk management
program may be sufficient. For
larger organisations, the review process may take weeks or even
months and require outside
assistance.
3. PROBABILITY OF RISK
A business must determine the probability of a loss occurring
due to various perils.
This should be viewed in terms of:
The
crime situation in the country in case of theft, armed robberies
and hijacking. e.g.
Statistics could indicate the probability of suffering these types
of losses for similar types of
businesses like banks, retailers, and service providers like
Transport companies.
The
ethical values of a community can also play a role. In some
cases people may see it as
their right to “help themselves”
The
Legal System of a country. If people see the opportunity to
“get away with crime”
because the Law does not deal with criminals effectively, crime
may be rife.
E.g. in Moslem Countries, Islamic laws determine that thieves

have their right arms
amputated by the shoulder. This is an effective way to prevent
theft and create crime-free
societies.
The
Economic situation in a country. Poor and desperate people
may have no choice but to
resort to crime.
The
situation on our roads in South Africa poses a great risk for
accidents.
Research has recently indicated that South Africa may have as
many as 3.5
million illegal, unlicensed drivers on our roads.
The
situation in similar industries or businesses can also indicate
the probability of
suffering losses.
In case of natural disasters, certain areas or countries are more
prone to be 24
LESSON
1.1
subject to certain types of disaster. Hurricanes, tornados and
earthquakes could pose a

much higher risk in some countries than in others. South Africa
is fortunate to very seldom
experience such disasters. Our mining activities, however, do
cause earth tremors and
earth-moving activities.
25
NOTES:

LESSON
1.2
LESSON 1.2
TYPES OF RISK
In this Lesson:
The types of risks that should be considered includes
activities, decisions and events that
may impact on the operating profit and finance of the venture
and may lead to different levels of
failure.
Typical risk types to be considered include the following:
-making risks.
CONCEPTS AND VOCABULARY TERMS YOU NEED TO
UNDERSTAND:
identification,

analysing and responding to risks. It includes both
minimising the impact of adverse
events and maximising the likelihood of positive outcomes.
Project risk management includes the processes of risk
assessment, risk mitigation and
risk response.
infrastructure or resources) that a
particular phenomenon might cause.
to which the risk event is
likely to occur.
evaluation of the
probability of the occurrence of risk events and the impact of
the risk events on the
project.
ownership interest in an entity;
or a contractual right to receive, or deliver, cash or another
financial instrument.
is an investor's risk of loss arising from a
borrower who does not
make payments as promised.
either an investment portfolio
or a trading portfolio, will decrease due to the change in value
of the market risk factors.
27
TYPES OF RISK

1. RISK CAN BE QUANTITATIVE OR QUALITATIVE.
1.1 Quantitative
risks are those that can clearly be quantified. They have an
impact on time, people,
money, or other resources. An example could be lost revenue,
lost production, or delayed time.
1.2 Qualitative
risks are those that cannot easily be clearly quantified. This
may be because you do not
have sufficient historical data to determine the likelihood of the
risk and/or its impact is not
understood well enough for a qualitative impact to be associated
with it.
An example: Your organisation is opening an oil rig in a new
area. You have no concrete
data for this particular type of machinery in poor weather, but
you do know that other facilities in
the area have their production affected in varying amounts each
year because of weather.
You should always strive to make all qualitative risks
quantitative, if possible, by
collecting and analysing data.
2. RISK CAN FURTHER BE CATEGORISED ACCORDING
TO THE GROUP OR
ENVIRONMENT THAT IS AFFECTED.
2.1. People related risks

The workplace constitutes a dynamic environment consisting
of people who have
different personalities, values, cultures and ethical values.
It is vital that personnel should share common values and
goals that bind them together in
an attempt to achieve the organisation’s goals and objectives.
The corporate culture should provide guidance to personnel to
work together in order to
achieve these goals and objectives in an organised way.
The organisation faces great risks if sound relationships
amongst personnel are hampered
with inter-group conflict and stress.
In the end, it is not only the people, but the organisation too,
that will suffer from risks
associated with interpersonal relationships.
28
LESSON
1.2
2.1.1 Inter-group
conflict

Causes of inter-group conflict and collaboration are varied.
Some of the more significant
factors generating inter-group conflict are:
2.1.2 Personality
conflict
Different backgrounds, different management styles, religions
and values can cause
conflict.
2.1.3 Conflicting
ideas
Two different, but interrelated departments could have totally
different values, attitudes
and approaches to problem solution.
Conflict may be the result of workers believing that the
company is pushing productivity
for as little remuneration as possible, while management may
believe that the workers are lazy,
doing less than a fair day’s work for a fair day’s pay.
2.1.4 Empire
Building
Inter-group conflict can be the result of competition between
groups for power in the
organisation. Each group worked on the assumption that one
group’s gain was another group’s
loss.
Competition
between the groups is destructive and on-going, as information
may be jealously guarded,

and it is not uncommon to find one group deliberately
misleading the other group, in the hope to
gain some advantage.
2.1.5 Personal
Background
Dissimilar
groups, like accountants and advertising staff, do not only
have different backgrounds,
experience, values, beliefs etc., but they can even dress
differently.
Conflict regularly arises as a result of dissimilarities.
2.1.6 Group
Cohesion
It is not uncommon to find conflict within a particular group.
The disadvantage for the group will be that it will be forced to
devote energy to sustain
its own existence and be unable to take a united stand in the
face of opposition.
This conflict may cause the group to lose its sense of identity
and purpose.
Other groups may take advantage of the group in conflict.
For cohesion to endure, it is essential that the group resolves
its own internal conflict.
2.1.7 Authority and status

A common reason for inter-group conflict is inconsistency or
incongruence between the
authority and status of interacting groups.
29
TYPES OF RISK
Such conflict generally becomes totally dysfunctional and
destructive and is common
where there is an imbalance in the power of the leadership of
two interacting groups.
If a lower status group has a stronger leader than a higher
status group, conflict will
occur.
2.1.8 Work
flow
Work flow is the basis for organisation design.
The critical question in designing the structure is “who does
what, with whom, when,
where and how often”.
The emphasis is on the person-to-person flow of work.
The work flow which can be considered as a single supervisory
unit should be

consolidated and given to one person or one group to perform.
3. REDUCING THE RISK OF CONFLICT
Before considering methods of reducing inter-group conflict it
must be realised that not
all conflict is dysfunctional or abnormal. Under most
conditions, groups compete for scarce
resources, status, power, influence and authority. The
competition can be satisfying to the groups
and may improve productivity. Only when inter-group
competition becomes destructive does
dysfunctional conflict exist. When this occurs, a variety of
methods may be used to reduce
conflict.
An effective way of reducing inter-group conflict is through
the introduction of a
super ordinate goal.
This is a goal, which appeals equally to both conflicting
groups and is one that cannot be
achieved by one group acting alone or in opposition to the other
group. Normally, a super
ordinate goal transcends the lower level goals of the two
interacting groups.
However, it is frequently difficult to find meaningful super
ordinate goals, which are
more important to interacting groups, then their internal goals.
But this concept operates well in
companies that have been taken over. The acquired company

may have existing conflict between
sales and production, yet in the new circumstances both
departments may be in danger of
elimination. In order to survive they may start working together.
In this case, self-preservation
becomes the super ordinate goal for the two groups.
30
LESSON
1.2
Related to the concept of the super ordinate goal is the
strategy of defining a common
enemy for both groups. Confronted with an external threat, two
conflicting groups may begin
collaborating to destroy a common danger. This situation is
frequently observed in wartime when
two conflicting units in the same division unite in the face of
the enemy.
Effective
inter-group collaboration requires the existence of the norm of
reciprocity. Here
reciprocity means that the rights of one group against another
imply a duty of the first group to
the second group, and vice versa. Reciprocity is more than mere
obligation; it implies a
conscious recognition of moral duties between groups. When
the norm of reciprocity operates,

each group consciously strives to maintain debt and duty
obligations to ensure effective
interaction and avoid exploitation. This norm of reciprocity
means that all inter-group relations
should possess an element of continual indebtedness. In short,
favours should never be totally
repaid if the interacting groups are to continue to relate
effectively. This continual state of mutual
indebtedness is seen as a stabilizer of social systems.
A further method of reducing inter-group conflict is through
arbitration. This
requires the use of an outside judge to evaluate the nature of the
conflict and rule in favour of
one of the groups. The outside judge should be perceived as
impartial and should be respected by
both groups. This method of resolving inter-group conflict
seldom improves relations between
the two groups. The judge's decision must either be a
compromise verdict or a 'win lose'
decision. In the first case, both groups may be dissatisfied with
the decision, while in the second,
the losing group is likely to feel hard done by and the winning
group openly rejoices.
The main advantage of arbitration is that it can bring to a
conclusion a problem that has
plagued an organisation for a long period.
Finally
inter-group
conflict can be reduced through creating an environment in
which the conflicting groups meet to air their differences.

Sensitivity training or encounter sessions have been used
effectively by quite a number of
companies in recent years. The object of T-Groups is to allow
both the groups and their
individual members to provide feedback on their attitudes and
perceptions about each other.
Through frank discussion, groups come to understand and
resolve their conflict.
Disadvantages in this form of conflict resolution are that it can
be: a)
time-consuming and
b)
also may not necessarily improve understanding or resolve
conflict.
31
TYPES OF RISK
4. ROLE OF COMMUNICATION IN MANAGING PEOPLE-
RELATED RISK
A communication system that allows employees to be informed
about company actions is
a strong factor in creating high employee morale.
An effective two-way communication system provides
employees with the
opportunity to be involved in company matters.

It provides managers with insight into employee attitudes
toward the company.
In many small businesses, most communication is exchanged
on a face-to face basis
because the manager has direct, personal contact with
employees.
The manager plans the work, gives instructions, and evaluates
jobs to see that they are
done properly. Other forms of communication are non-personal
and may be written or visual
(posters, for example).
The manager must realise that effective communication does
not occur accidentally but is
the result of conscious effort by the manager to build an
effective communication system.
Some guides for creating effective communication are:
1.
The manager encourages employees to express their ideas and
opinions.
2
The manager listens with understanding to ideas, suggestions,
and complaints.
3.
The manager keeps people informed on changes in policies and
procedures and all other
matters affecting their work.
4.
The manager keeps informed on how employees are feeling
and what they are thinking.

5.
The manager encourages two-way communication.
6.
The manager gives recognition for good work and expresses
appreciation for jobs well
done.
7.
Communication messages should be accurate, definite, simple,
and suitable for the
occasion.
8.
The manager explains the "why" of decisions.
9.
Communication messages should not contain any hidden
messages. They should be
clearly and effectively stated.
10. The manager should create a climate of trust and
confidence by reporting facts
honestly to employees.
32
LESSON
1.2
4.1
Building Positive Employee Relationships
Small business managers should recognise the uniqueness of

their firms. They can
contribute greatly to improving employee relations by being
aware of the following specific
suggestions:
Improve your own general understanding of human behaviour.
Accept the fact that others do not always see things as you do.
In any differences of opinion, consider the possibility that you
may not have the right
answer.
Show your employees that you are interested in them and that
you want their ideas on
how conditions can be improved.
Treat your employees as individuals; never deal with them
impersonally.
Respect differences of opinion.
In so far as possible, give explanations for management
actions.
Provide information and guidance on matters affecting
employees' security.
Make reasonable efforts to keep jobs interesting.
Encourage promotion from within.

Express appreciation publicly for jobs well done.
Offer criticism privately in the form of constructive
suggestions for improvement.
Train supervisors to be concerned about the people they
supervise in the same way as
they would be about merchandise or materials or equipment.
Keep your staff up-to-date on matters that affect them.
Quell false rumours and provide correct information.
Be fair!
4.2
Risks associated with workplace skills include:
Financial risk;
Compliance;
International competitiveness and quality management;
Reputation.
It is clear that any organisation requires skilled and competent
employees to work
together to achieve the organisation’s goals and objectives.
In South Africa, labour legislation makes it compulsory for
organisations to train and

develop their workforces.
33
TYPES OF RISK
The strategy is based on the four most recent pieces of labour
legislation:
The Skills Development Act;
The Skills Development Levies Act;
The SAQA Act;
The Employment Equity Act.
Specialised skills are scarce, and companies face a huge risk in
loosing skilled workers to
competitors, other companies and to foreign companies.
Research shows that currently, 10 000 South African medical
personnel have left South
Africa. The prospects overseas are much more attractive than in
South Africa, and it is doubtful
if these skilled people will ever return.
The policy of Affirmative Action in South Africa makes it

even more unlikely that they
would ever return, as the prospects of employment for them are
very slim if they are not part of
the designated groups.
Companies wanting to retain skilled workers must develop a
plan of action to motivate
their workforce to stay. Good, healthy working conditions,
competitive remuneration packages,
fringe benefits, recognition, promotion opportunities and job
security rate amongst the most
important factors that ensure job satisfaction.
4.3
Financial risk (associated with workplace skills)
Companies can suffer great financial losses due to unsuitably
skilled and untrained staff.
A lack of knowledge and training can result in accidents that
not only involve the employee, but
also colleagues, customers and members of the public. Many
incidents have been reported where
the causes were contributed to human error.
These could have been as a result of ignorance, negligence or
incompetence.
These companies run the risk of being held liable for damage,
injury or death.
4.4 Compliance
(Associated
with people-related risks)

Competent and knowledgeable employees will know the legal
requirements and
obligations regarding registration, tax, employment, and safety.
Non-compliance may result in
hefty fines for the organisation.
34
LESSON
1.2
4.5
International competitiveness and quality management
Skilled, competent employees will know what is required to be
internationally
competitive. Quality standards must be adhered to, as the
company may suffer severe losses if
export consignments are returned due to quality discrepancies.
4.6 Reputation
Untrained employees may not realise the importance of their
actions regarding the
reputation of the company. Unqualified and untrained staff can
tarnish the image of an
organisation, which could result in a company losing customers,
and getting a bad reputation.
The Public Service Sector in South Africa is a good example of

this.
5.
FINANCIAL RISK
Financial risk includes insufficient funding to construct the
required infrastructure and
facilities, inaccurate (that is, underestimating) capital and
operating cost estimates, inaccurate
estimating (that is, overestimating) of possible revenue flows.
Financial Risk arises as a result of exposure.
Exposure to financial markets affects most organisations,
either directly or indirectly.
When an organisation has financial market exposure, there is a
possibility of loss but also an
opportunity for gain or profit. Financial market exposure may
provide strategic or competitive
benefits.
Financial risk is the likelihood of losses resulting from events
such as changes in market
prices. Events with a low probability of occurring, but that may
result in a high loss, are
particularly troublesome because they are often not anticipated.
Since it is not always possible or desirable to eliminate risk,

understanding it is an
important step in determining how to manage it.
Identifying exposures and risks forms the basis for an
appropriate financial risk
management strategy.
35
TYPES OF RISK
There
are
three main sources of financial risk:
1.
Financial risks arising from an organisation’s exposure to
changes in market prices, such
as interest rates, exchange rates, and commodity prices 2.
Financial risks arising from the actions of, and transactions
with, other organisations such
as vendors, customers, and counterparties in derivatives
transactions.
3.
Financial risks resulting from internal actions or failures of
the organisation, particularly
people, processes, and systems.

Example
It is easiest to understand these risks with an example. Assume
you have a financial
consulting business that is based in S.A. You advise individuals
on where you invest their
retirement money. You decide to expand globally, and look to
open a branch in the United
Kingdom.
- Currency Risk: Your business's primary operations are in SA
Rand, but in the UK you
will be paid in British Pounds. The exchange rate between a SA
Rand and British Pound
fluctuates daily, meaning your earnings in Pounds once
repatriated into Rand can vary
substantially over time. As an example, say 1 British Pound = R
10.00 when you invest your
money in pounds. If the value of 1 British Pound fell to R 5.00
Dollars over the time of your
investment, then your earnings (in Rand terms) would be
halved! Corporations frequently use
foreign exchange contracts to hedge against currency
fluctuations.
- Compliance/Regulatory Risk: You must comply with the
requirements of your host
country. In South Africa, your financial firm complies with
FICA and FAIS rules and the FSB.
(Financial Services Board). When you open a London branch,
you must comply with the FSA

regulatory body and the laws of the UK that govern your
business. All your employees must be
compliant with the local laws as well. Your compliance with
local laws and regulations makes
you subject to fines, litigation, and reputational risk in both
your host country and South Africa.
- Tax Risk: You must comply with the tax laws of South
Africa. You are subject to
changes in their tax code, which may adversely affect your
business. You may be "double taxed"
by both your host country and the country where your business
is based.
- Political Risk: If you decide to open a branch in country
where a newly-elected socialist
government decides that all financial firms should be state-
owned, your financial firm can be
seized by the government with no recourse to you. Political risk
is generally viewed to be a
bigger problem in emerging markets than in first world
countries.
Financial risk management is the practice of creating
economic value in a firm by
using financial instruments to manage exposure to risk,
particularly credit risk and market risk.
Note:
A
financial instrument is either cash; evidence of an ownership
interest in an entity; or a
contractual right to receive, or deliver, cash or another financial
instrument.
36

LESSON
1.2
Credit risk is an investor's risk of loss arising from a
borrower who does not make
payments as promised.
Market
risk
is the risk that the value of a portfolio, either an investment
portfolio or a trading
portfolio, will decrease due to the change in value of the market
risk factors
6.
STRATEGIC RISK
Strategic risk is the current and prospective impact on earnings
or capital arising from
adverse business decisions, improper implementation of
decisions, or lack of responsiveness to
industry changes. This risk is a function of the compatibility of
an organisation’s strategic goals,
the business strategies developed to achieve those goals, the
resources deployed against these
goals, and the quality of implementation. The resources needed
to carry out business strategies
are both tangible and intangible. They include communication
channels, operating systems,
delivery networks, and managerial capacities and capabilities.
The organisation’s internal
characteristics must be evaluated against the impact of

economic, technological, competitive,
regulatory, and other environmental changes.
6.1
Common Strategic Risks
External
Risks
Competition
Market changes
Human Resource Risks
Knowledge
Staffing
Employee theft
Financial
Risks
Cash flow
Capital
Price pressures
Structural
Resource

Risks
IT systems
Proprietary information
Regulatory actions
37
TYPES OF RISK
Physical Resource Risks
Disasters
Bottlenecks
Relationship Risks
Reputation
Supply chain
6.2
A Real-World Example of Strategic Risk
To get past the theory, it is helpful to consider one real-life
example of compounding
strategic risks that derailed a successful community hospital.
Note that this hospital suffered for

two reasons - it did not identify and monitor risk and it had no
systems in place to adapt to
uncertainty.
A Real-World Example of Strategic Risk
Medi-Serve Medical Centre (MSMC) was the market leader in
a small community.
It held a sizable advantage in both market share and
community perception relative to its
competitor, Central Hospital (CH). MSMC was recognised
regionally for its ability to provide
cutting edge technology, attract leading specialists, and adopt
new management techniques. It
had a clear strategy based on these factors and had held a
superior market position for years.
However, this strategy—like all others—was based on
assumptions.
In this case, two key assumptions revolved around competition
and physicians. CH
tended to compete on customer service and had a competent
medical staff that was
mostly loyal and did not practice at MSMC. CH did not pursue
higher-end specialty services.
The physician assumption at MSMC revolved around physician
satisfiers; MSMC specialists
were assumed to value access to cutting-edge technology and

the reputation that a practice based
at MSMC afforded. These assumptions drove MSMC
strategies: continue to be a full service provider, continue to
invest in technology, and
emphasize research and productivity. Unfortunately, CH did not
operate as MSMC
assumed it would and set in motion changes that introduced
significant strategic risk for
MSMC.
CH was not content to be an afterthought in market share or
profitability. It realized that
to compete, the organisation would have to begin offering
higher-end specialty services and take
share from MSMC. CH decided to upgrade its technology in
select areas and approached MSMC
physicians with a different “value proposition.”
This value proposition was based upon quality of life. CH
offered better call
arrangements and greater convenience as only a select number
of specialties were targeted.
Because of this focus, specialists were able to obtain better OR
times, could secure convenient
office space, and were generally treated with better
customer service. The result was that over a matter of months,
a number of key
physicians left MSMC for CH. Patient volume followed and CH
gained financially. In a short
period of time, CH had pulled close to even in market share for
key services.
This clearly surprised MSMC, which had not considered
possible risks and was therefore
not evaluating and monitoring these uncertainties. Even worse

was their response after the shift
in physician practice. At a trade group meeting, an MSMC
executive mentioned to the crowd
that his organisation had faced a downturn, adding that MSMC
would address the situation
during its next strategic planning cycle (four months away).
Meanwhile, MSMC continued to implement its original
strategies, despite knowing the
assumptions upon which those strategies were built had
drastically changed. MSMC
never did recover lost share.
38
LESSON
1.2
Strategic risk includes new technologies that can render your
products obsolete, and
sudden shifts in customer tastes that could radically change
your industry. A company that does
not have a proper framework for strategic risk could be in
danger.
To avoid this, aim to apply effective countermeasures for each
form of strategic risk. For
example, to protect against dangerous shifts in customer
preferences, gather and analyse
proprietary information to detect signs of change. Then conduct
fast, cheap experiments to
identify attractive offerings for different customer micro-

segments.
The heart of Strategic Risk is the capture of information about
the organisation and its
operations. This includes the company's aims and objectives.
Once the information has been
captured it must be organised and the risks associated with each
part thoroughly assessed.
Once the risks have been assessed, work can begin on planning
the management of the
risks. This often leads to a fresh approach to strategic planning
within the organisation.
7.
COMPLIANCE RISK
Regulatory compliance describes the goal that corporations or
public agencies aspire to in
their efforts to ensure that personnel are aware of and take steps
to comply with relevant laws
and regulations.
The Compliance Institute of SA Institute has developed a
Generally Accepted
Compliance Practice framework (GACP) - a set of principles,
standards and guidelines that act
as a benchmark for compliance best practice that organisations
and their Compliance Officers
should apply. A first of its kind in the world.

Compliance risk is the current and prospective risk to earnings
or capital arising from
violations of, or non-conformance with, laws, rules, regulations,
prescribed practices, internal
policies, and procedures, or ethical standards. Compliance risk
also arises in situations where the
laws or rules governing certain bank products or activities of
the Bank’s clients may be
ambiguous or untested.
This
risk exposes the institution to:
Fines;
Civil money penalties;
Payment of damages;
The voiding of contracts.
39
TYPES OF RISK
Compliance risk can lead to diminished reputation, reduced
franchise value, limited
business opportunities, reduced expansion potential, and an
inability to enforce contracts.
7.1

Quantity of Compliance Risk Indicators
The following indicators should be used when assessing the
quantity of compliance risk.
Low
Violations
or
noncompliance
issues are insignificant, as measured by their number
or seriousness.
The institution has a good record of compliance. Compliance
management systems are
sound and minimise the likelihood of excessive or serious future
violations or noncompliance.
Moderate
The frequency or severity of violations or noncompliance is
reasonable.
The institution has a satisfactory record of compliance.
Compliance management systems
are adequate to avoid significant or frequent violations or
noncompliance.

High
Violations or noncompliance expose the company to
significant impairment of
reputation, value, earnings, or business opportunity.
The institution has an unsatisfactory record of compliance.
Compliance management
systems are deficient, reflecting an inadequate commitment to
risk management.
7.2
Quality of Compliance Risk Management Indicators
The following indicators should be used when assessing the
quality of compliance risk
management.
40
LESSON
1.2
Strong

Management fully understands all aspects of compliance risk
and exhibits a clear
commitment to compliance. The commitment is communicated
throughout the institution.
Authority and accountability for compliance are clearly
defined and enforced.
Management anticipates and responds well to changes of a
market, technological, or
regulatory nature.
Compliance considerations are incorporated into product and
system development and
modification processes, including changes made by outside
service providers or vendors.
When deficiencies are identified, Management promptly
implements meaningful
corrective action.
Appropriate controls and systems are implemented to identify
compliance problems and
assess performance.
Training programs are effective, and the necessary resources
have been provided to

ensure compliance
Compliance management process and information systems are
sound, and the Bank has a
strong control culture that has proven effective.
The Bank privacy policies fully consider legal and litigation
concerns.
Satisfactory
Management reasonably understands the key aspects of
compliance risk. Its commitment
to compliance is reasonable and satisfactorily communicated.
Authority and accountability are defined, although some
refinements may be needed.
Management adequately responds to changes of a market,
technological, or regulatory
nature.
While compliance may not be formally considered when
developing products and
systems, issue are typically addressed before they are fully
implemented.

41
TYPES OF RISK
Problems can be corrected in the normal course of business
without a significant
investment of money or management attention. Management is
responsive when deficiencies are
identified.
No shortcomings of significance are evident in controls or
systems. The probability of
serious future violations or noncompliance is within acceptable
tolerance.
Management provides adequate resources and training given
the complexity of products
and operations.
Compliance management process and information systems are
adequate to avoid
significant or frequent violations or noncompliance.
Privacy policies adequately consider legal and litigation
concerns.
Weak

Management does not understand, or has chosen to ignore, key
aspects of compliance
risk. The importance of compliance is not emphasized or
communicated throughout the
organisation.
Management has not established or enforced accountability for
compliance performance.
Management does not anticipate or take timely or appropriate
actions in response to
changes of a market, technological, or regulatory nature.
Compliance considerations are not incorporated into product
and system development.
Errors are often not detected internally, corrective action is
often ineffective, or
Management is unresponsive.
The likelihood of continued violations or noncompliance is
high because a corrective
action program does not exist, or extended time is needed to
implement such a program.
Management has not provided adequate resources or training.

Compliance management processes and information systems
are deficient.
42
LESSON
1.2
Privacy policies are non-existent or do not consider legal and
litigation concerns.
Careful consideration must be given to legislation that
regulates a particular industry,
and how non-compliance may affect the organisation.
The different categories of legislation are:
General Regulating Legislation;
Financial Regulating Legislation;
People Regulating Legislation;
Sector Regulating Legislation.
Company Policies, Practises and Systems must ensure
compliance to all applicable
legislation, and risk management must be applied.

Risks that cannot be mitigated should be avoided as far as
possible. Insurance cover must
be adequate to provide cover for any eventuality that may occur.
We will discuss the impact of legislation on the management
of compliance risk in lesson
1.5.
7.3
The following categories of liability may arise from non-
compliance in specific
areas:
7.3.1 Legal
liability
Injury or harm to customers due to your negligence may result
in a public liability claim
against your company. You may be sued by a customer for harm
caused by a product, that you
provided to them, whether you only sold the product, or
manufactured it. As a professional
practitioner, like a doctor, you may be held liable should an
operation go wrong due to your
negligence.
Legal Liability Cover provides protection against Public
liability.

Product liability and Professional liability claims against the
company.
The Personal Liability policy offers indemnity to the insured
or a member of his family
who stays with him, regarding legal liability claims
7.3.2 Personal
liability
You cross a road without looking to see if there is oncoming
traffic. In an attempt to
avoid hitting you, a car crashes into a wall. The owner can
claim from you for his damages. Your
Personal Liability cover will pay for his damages. The Insured
will therefore be identified.
43
TYPES OF RISK
This liability cover is included in the house owner’s policy. It
can be specifically for
something that happens at the Insured’s property, but can also
include other liability that may
occur away from the Insured’s property. You may be sued by a
customer for harm caused by a
product that you provided, whether you only sold the product,
or manufactured it. Restaurants

and companies selling food are especially vulnerable
7.3.3 Public
liability
A company may be held liable if negligence can be proven
against it by a member of the
public for death, injury or harm.
The premises of a company may pose risks to the public. The
surface of the floor in a
store is very slippery due to cleaning the floor, but no warning
is given. An elderly lady falls, and
breaks her hip. She needs a hip replacement operation. The total
cost amounts to R200 000. She
can hold the Company liable for these costs.
7.3.4 Professional Indemnity
Professionals like doctors, need to have professional
indemnity cover to protect them
from liability claims against them.
Dr. A is a very competent doctor. He performs an amputation
of a patient’s right arm,
instead of the left arm. The patient sues him for negligence. His
Professional Indemnity cover
should pay the claim.
7.3.5 Contractual
Liability

Co-Contractors
Where
co-contractors
are liable on a contract their liability may be 'joint' or 'joint
and several'.
a) ‘Joint’
liability (or pro rata liability) is the liability of each co-
contractor to pay only his
proportionate share of the debt.
Where two persons have bought land together , but without
specially rendering
themselves liable in solidum, and one of the purchasers leaves
the country, the other, who has
paid his ful share of the purchase price, cannot be compelled to
pay the balance due by the
absentee purchaser'
44
LESSON
1.2
b)
'Joint and several' liability (or liability in solidum) is the
liability of each co-contractor
to make the full performance of the obligation himself So the
creditor can recover the whole
amount of the debt from whichever co-debtor he wishes.

If the creditor gives a personal discharge to any one of the co-
debtors, the debt is not
extinguished. The remaining co-debtors remain liable, but their
liability is now reduced to the
amount of the debt, less the proportionate share of the released
co-debtor.
To clarify the position, suppose A, B, and C are co-contractors
liable in terms of a
contract to pay R3 000 to X.
Since the general rule is that co-debtors are jointly liable in
the absence of any special
provision, X can recover only R1 000 from each of A, B, and C.
But if they are jointly and severally liable to X, X may recover
R3 000 from either A, B,
or C (of course not from each). If X recovers the sum from A, A
may claim the proportionate
share (R1 000) from each of B or C.
Should X release one of the co-debtors, say A, from his
obligation, X will then, on the
principle of Dwyer v Goldseller (supra), be able to recover only
R2 000 from either B or C.
Should either pay, he will, of course, be able to recover R1 000
from the other.
The
following
co-contractors

are automatically jointly and severally liable (unless
agreed otherwise): joint acceptors, drawers; and endorsers of
bills of exchange sureties
partners.
Negligence is a wrongful act that injures the person, property
or reputation or another,
and entitles the person who suffers from the wrong to claim
damages in compensation from the
person who caused the injury.
A while ago a supermarket received threats that certain of the
products on their shelves
had been poisoned. These brands were identified.
They however, continued to sell these products to an
unsuspecting public. Only after
people got sick, did they go public and admitted that this has
happened.
This was pure negligence, and the supermarket (or their
Insurers) would have been liable
if someone had died.
45

TYPES OF RISK
Negligence
It is when someone else becomes liable in place of somebody.
Mr. X falls asleep behind the wheel of his car. He not only
crashes into another vehicle
that is worth R500 000, but both cars end up in the living room
of a house.
Both cars are completely destroyed, and extensive damage is
caused to the house and its
contents.
Fortunately, Mr. X had insurance. The Insurance Company of
each party will become
vicariously liable for the damage. If the 2 innocent parties were
not Insured, they will be able to
claim from Mr. X’s Insurer.
Code of good practice
A code of conduct is a set of principles based on an
organisation's core values and their
business philosophy.
Codes of conduct are written in the manner of company
policies. The code of conduct is

usually brief and provides general guidelines. Individuals can
also interpret the code of
conduct differently from one another. A code of conduct is a set
of ethical rules, which
employees must abide by so that they know what is acceptable
and non-acceptable behaviour in
the work place, where they are currently employed.
Look at the following examples:
Some people will never steal stationery from a store, but will
not think it is stealing when
they take stationery from the office for themselves.
Some people will take time off work and say that they are ill,
but they are actually in
good health.
In compiling a code of conduct for employees, the following
aspects must be included
and thoroughly thought of by the organisation before putting
such a code of conduct in place:
1. Define
the
moral and professional behaviour of employees.
2. Define
the
standards of employees' performance to be met in delivering a
product or a service.
3. Define
the
manner in which perks, gifts and favours are accepted.
4. Define
the limits of the employees' private interests.

5. Define
the
manner
in which employees treat the public and the organisation's
clients.
6. The
accepted
norms and values of the community in which the business
operates must be honoured.
46
LESSON
1.2
7.
The code of conduct must be specific and not vague.
Management must ensure that employees adhere to the code of
conduct.
Employees must also make sure they understand and adhere to
this code of conduct.
If not, employees must understand that they will face
disciplinary action
Employees must have a clear understanding of what will
happen if they disobey the code.
Employers must also ensure that when employees are not sure
what ethical behaviour is
expected of them in certain situations that they (employees) are
briefed.

8. OPERATIONAL RISK
Operational risk is the risk of direct or indirect losses
resulting from:
Inadequate internal processes or systems
Failed internal processes or systems,
Human factors
External events
Operational risk is thus the risk of failure, or near failure, of
critical business processes
and their underlying operational systems and data. Operational
risk is typically not taken in
return for expected reward, but exists in the natural course of
corporate activity.
The most important types of operational risk involve
breakdowns in internal controls and
corporate governance. Such breakdowns can lead to financial
losses through error, fraud, or
failure to perform in a timely manner or cause the interests of
the company to be compromised in
some other way. Other aspects of operational risk include major
failure of information
technology systems or events such as major fires or other
disasters
Major

sources of operational risk include:
Fraud;
Regulatory compliance;
Recruitment;
Training and retention of talent;
Operational process reliability;
Information technology security;
Outsourcing of operations;
Dependence on key suppliers;
Implementation of strategic change;
47
TYPES OF RISK
Integration of acquisitions;
Human error;
Customer service quality;
Regulatory compliance;

Social and environmental impacts.
The term Operational Risk Management (ORM) is defined as a
continual cyclic process
which includes risk assessment, risk decision making, and
implementation of risk controls,
which results in acceptance, mitigation, or avoidance of risk
Operational Risk Management
analyses and manages the firm's risk of monetary loss resulting
from inadequate or failed internal
processes, people, and systems, or from external events.
Operational Risk Management
procedures will be discussed later on in this module.
9. OTHER GENERAL RISKS ARE:
Political risks. These include official support and guarantees
promised that do not
materialise, the use of the company as a political ‘football'
between parties in order to garner
votes, takeovers of a privately run company by authorities when
political gain seems likely.
Minority or majority exclusion risks. These are derived from
a need to provide for
empowerment, skills training and capacity building, affirmative
action dictating the selection of
key personnel, and procurement procedures that may lead to
increases in the price of supplies

and in cost of construction.
‘White elephant’ risks. These are incurred through the building
of inappropriate, over
scaled structures necessary for some event but unsustainable
after it.
After-the-ball-is-over ‘hangover’ risks. These are incurred
when people wake up to
the fact that the party is over and that life as usual must be
resumed, coupled with the on-going
need to manage many new and upgraded facilities and
infrastructure.
Sport facilities erected for the World Cup that may be
underutilised after the event.
Environmental impact risks. Problems experienced include
over-loading of the
capacity of infrastructure and bulk services, water, waste, air
and noise pollution, and
despoliation of natural and cultural resources.
48
LESSON
1.2
Transport system/infrastructure risks. An event may result in
development of new
infrastructure and demand management systems that cannot be

managed after the event when
staffing levels will go back to normal.

49
NOTES:
LESSON
1.3
LESSON 1.3
RISK ASSESSMENT AND EVALUA

EV
TION
ALUA
In this Lesson:
Risk assessment is the identification, quantification and
evaluation of the probability of
the occurrence of risk events and their impact of the risk events.
Risk assessment addresses issues such as: What can go wrong?
How likely is this to
happen? If it does happen, what are the consequences? In
essence risks assessment is both
proactive and reactive measures to risk management.
1. IDENTIFYING OR RECOGNISING RISKS IS THE FIRST
STEP OF THE RISK
MANAGEMENT PROCESS.
1.1 Identifying
Risks
How do you identify risks?
Using real or hypothetical case studies
Drawing on personal and organisational experience
Looking at similar projects and learning from their experience
Consulting experts

Mind mapping or brainstorming techniques
Considering points of failure
Extrapolating from past incidents reports or complaints
Interviewing and/or surveying stakeholder groups
Using systems analysis techniques like flow charting
Operational modelling
Formal auditing or inspections
Conducting new studies or consulting previous studies
Work breakdown structure analysis
Formal analyses such as:
SWOT: Stands for Strength, Weakness, Opportunities, and
Threats. A good system to
create a broad picture of any situation.
51
RISK ASSESSMENT AND EVALUATION
PESTLE: Stands for Political, Economic, Social,
Technological, Legal, and
Environmental. Used to assess the current market conditions
and create a strategic plan.
HAZOP: Stands for HAZard and OPerability study. Provides a

structure and system to
examine a process or operation to identify risks.
FMEA: Stands for Failure Mode and Effects Analysis. A
system that analyses system
failures and their effects.
1.2 Evaluation
Methods
Risk evaluation can be defined as expressing risk in numerical
terms. (Risk Management
Ed 4)
One of the popular tools used in the risk assessment process is
a risk matrix or severity
matrix.
A risk matrix is a table in which rows show the risks and
columns show their likelihood
(probability) of occurrence and their impact.
The risk is then determined as the total of all the hazards that
contribute to it.
2. RISK CALCULATION
The risk of any particular hazard ( H) can be defined as its
probability (p) multiplied

by its consequence ( c). In layman's terms: how likely it is to
happen and how
bad will it be, should it happen.
Hazard = PH * CH
Therefore the total risk (R) of an event (e) is the sum of the
(n) potential hazards that
would result in that event:
52
LESSON
1.3
An example of a Risk Matrix:

Low
Medium
High
Probabilit
Low
Medium
Medium
y
Low
Low
Low
Impact/Consequence
This is an example of a 3 x 3 matrix, with both probabilities
and consequences consisting
of three levels namely low, medium and high.
Using the matrix we see that, for example:
The severity of a risk with a high probability but low
consequence or impact is low.
The severity of a risk with a high consequence but medium
probability is medium.

The severity of a risk with a high probability and high impact
is high.
This matrix can be customised and expanded to include
additional levels of severity and
likelihood. For example the consequences can be defined as
catastrophic, critical, marginal and
negligible. The probability can be identified as
'Certain', 'Likely', 'Possible', 'Unlikely' and 'Rare'. Very low
probabilities may not be very
reliable.
An example of such a Risk Matrix would be as follows:
Negligible
Marginal
Critical
Catastrophic
Certain
High
High
Extreme
Extreme
Proba

Likely
Moderate
High
High
Extreme
bili
ty
Possible
Low
Moderate
High
Extreme
Unlikely
Low
Low
Moderate
Extreme
Rare
Low
Low
Moderate
High

Impact
53
Risks that are identified are plotted in the matrix according to
probability and impact.
2.1
Problems with a Risk Matrix
In his article 'What's Wrong with Risk Matrices?', Tony Cox
argues that risk matrices
experience several problematic mathematical features making it
harder to assess risks. These are:
Poor Resolution. Typical risk matrices can correctly and
unambiguously compare only a
small fraction (e.g., less than 10%) of randomly selected pairs
of hazards.
They can assign identical ratings to quantitatively very
different risks (“range
compression”).
Errors. Risk matrices can mistakenly assign higher qualitative
ratings to quantitatively
smaller risks. For risks with negatively correlated frequencies
and severities, they can be “worse
than useless,” leading to worse-than-random decisions.
Suboptimal Resource Allocation. Effective allocation of
resources to risk-reducing

countermeasures cannot be based on the categories provided by
risk matrices.
Ambiguous Inputs and Outputs. Categorisations of severity
cannot be made objectively
for uncertain consequences. Inputs to risk matrices (e.g.,
frequency and severity categorisations)
and resulting outputs (i.e., risk ratings) require subjective
interpretation, and different users may
obtain opposite ratings of the same quantitative risks. These
limitations suggest that risk matrices
should be used with caution, and only with careful explanations
of embedded judgments.
3. RISK ASSESSMENT FORMS
A risk assessment form is a form or report that shows an
organisation's vulnerabilities
and the estimated cost of recovery in the event of damage. It
also summarises defensive
measures and associated costs based on the amount of risk the
organisation is willing to accept
(the risk tolerance).
This form is used to identify, evaluate and estimate the levels
of risks involved in a
situation, their comparison against benchmarks or standards,
and determination of an acceptable
level of risk.

54
LESSON
1.3
3.1
An example of a risk assessment form:
Project:
Nr: Risk
Title:
Date:
Probability of risk event
P
Description of risk event
Impact of risk event
I
Expected value of risk
E=p*I
Cost of preventative action
PA

Preventative action
Residual probability of risk event
pr
Expected value of action
EA=PA+pr*I
Corrective action
Cost of corrective action
CA
Decisions:
If EA <E, or p “very high”, or I “very high”, then integrate
Preventative Action into
Work
Breakdown Structure (WBS). Integrate Cost of Corrective
Action CA into project risk
contingency
plan.
Follow-up Policy
Example
TopCar is a large car manufacturer with a series of well-
known brands including
extended overseas operations. They experienced a peak in their
market share in 2000. They then
suffered 5 years of a downward spiral, after which they picked
up their heads and saw three

straight years of increase in 2006, 2007 and 2008. They planned
to continue this gain by
launching 30 new ‘real value for money’ vehicles in different
ranges.
Possible risks facing TopCar’s approach are:
Volatile financial markets;
Change in emissions standards;
New technologies such as hybrid and electric vehicles;
New vehicle manufactures in the market;
Changing currency rates;
New hazard standards (such as a reduction in asbestos use);
Labour strikes and work stoppages;
Political instability in overseas manufacturing areas;
Fuel shortages and price changes;
Increased pressure to produce may result in quality decrease;
More new products increases the possibilities of defects and
problems.
55

A completed risk assessment form for one of the risks would
look like this: Description:
The marketplace is beginning to ask for hybrid vehicles but
these products are not
included in our line-up.
Area:
Legal
Regulatory
Marketplace
Financial
Operating
Other
(describe)
Possible Tangible Effects (such as money, time, and
resources): Loss of market share,
reduced profit.
Possible Intangible Effects (such as morale and reputation):
Could affect TopCar’s
reputation as a cutting-edge auto manufacturer and industry
leader.
Impact:
Low

Medium
High
Likelihood:
Unlikely
Neutral
Likely
When might this occur?
How long could it last?
Rival car manufacturers have their product launch These
vehicles will likely be slow to
catch on scheduled for the last tem of next year.
but will quickly rise in popularity.
What other risks could result?
If we are required to start manufacturing these new vehicles,
we will face significant
challenges in worker knowledge, manufacturing equipment, and
product sourcing.
If this risk had to be plotted on the risk matrix, it would
probably be plotted as high
probability and medium consequence, making it a medium risk.
Low
Risk One
High

Probabilit
Low
Medium
Medium
y
Low
Low
Low
Impact/Consequence
56
LESSON
1.3
4. FORMAL RISK ANALYSIS MODELS AND METHODS

A "risk analysis" is the process of arriving at a risk
assessment, also called a
"threat and risk assessment." A "threat" is a harmful act such
as the deployment of a
virus or illegal network penetration.
4.1
Work Breakdown Structure (WBS)
The idea of a Work Breakdown Structure (sometimes called
Product Breakdown
Structure) is to break larger tasks (milestones) down into
smaller tasks (activities) or individual
components that are more manageable. Each item in the WBS is
generally assigned a unique
identifier; these identifiers can provide a structure for a
hierarchical summation of costs and
resources. A typical numbering system is where a section, for
example section 3 is subdivided
into 3.1, 3.2, and so on; section 3.1 is subdivided into 3.1.1,
3.1.2, and so on until the
decomposition has been carried as far as is needed. The items at
the lowest level of the WBS are
referred to as work packages.
Here is an example Work Breakdown Structure for a
newsletter project.
1.0

Newsletter
Project done
2.0
3.0
4.0
5.0
6.0
7.0
8.0
Design
Articles
Photos &
Mechanical
Printing
Newsletter
Questionnaire
complete
done
illustrations
done
done
mailed
done
complete

Designer
Ideas
Ideas
Layout stones
Printer
Put mailing
Questionnaire
selected
submitted
approved
with computer
selected
list together
drafted
Final changes
Concepts
Ideas
Photos
Label
Questionnaire
&
Film to printer
submitted
approved
submitted
newsletters

approved
proofreading
Blueline
Design
Photos
mail
Questionnaire
1st draft
Final sign-off reviewed and
approved
approved
newsletters
mailed
approved
Type output
Responses
Stories
Newsletter to
at image
tailed and
reviewed
office
setter
report made

Final
draft
Stories
57
It is always a good idea to post the WBS where all team
members can see it to help
people keep on track.
Questions to ask to determine if each deliverable has been
broken down sufficiently are:
Am I able to clearly define the component?
Am I able to clearly state what will be done to complete the
work and what will NOT be
done?
Am I able to estimate the time needed to complete the
component?

Am I able to assign an individual or organizational unit who
will be responsible for
completing the work?
Am I able to assign a rand value to the cost of completing the
work?
If the answer to any of these questions is ‘No’, that particular
component needs to be
further broken down. This decomposition exercise assists staff
to better understand and properly
document the scope of their task. It also provides information
needed for budget revision.
4.2
SWOT analysis (Strengths, Weaknesses, Opportunities and
Threats) SWOT is
commonly used as part of strategic planning and looks at:
Internal strengths;
Internal weaknesses;
Opportunities in the external environment;
Threats in the external environment.
In risk management, SWOT can help management in a
business discover:

What the business does better than the competition;
What competitors do better than the business;
Whether the business is making the most of the opportunities
available;
How a business should respond to changes in its external
environment.
A
SWOT Analysis is a strategic planning tool used to evaluate
the Strengths,
Weaknesses, Opportunities, and Threats involved in a project or
in a business venture or in any
other situation of an organisation or individual requiring a
decision in pursuit of an objective. It
involves monitoring the marketing environment internal and
external to the organisation or
individual.
Albert Humphrey led a research project at Stanford University
in the 1960's and 1970's
and developed the SWOT analysis technique based on data used
from the Fortune 500
companies.
58
LESSON

1.3
The SWOT analysis looks at two main environments that can
pose risks organisation and
asks a number of questions:
The internal (within organisation) environment (SW)
What are the strengths and weaknesses of the enterprise
regarding human resource skills?
Strengths would entail the skills that employees possess and
weaknesses would entail the
training needs within the enterprise.
The external environment (OT)
Which threats and opportunities arising from changes outside
the enterprise will affect
human resources performance? A threat will be construed as not
having the necessary skills
within the enterprise to cope with the external factors, while an
opportunity will be a particular
skills base in the enterprise to cope with external factors.
Finally the researcher should compare the present strengths
and weaknesses to future
threats and opportunities and choose a long-term organisational
strategy for human resource
management that will assist individuals as well as the
organisation in general to prepare for the
future.
4.2.1 Performing the SWOT Analysis

First identify a clear objective before you start with the SWOT
analysis. Once the
objective has been defined, SWOT can be used to assist in the
attainment of the objective.
SWOT is:
Strengths : Internal attributes that is helpful to obtain the
objective;
Weaknesses: Internal attributes that is harmful to obtaining the
objective;
Opportunities: External conditions that is helpful to achieving
the objective;
Threats: External conditions that is harmful to achieving the
objective.
Diagram of a SWOT analysis:
Internal →
Strengths
Weaknesses

External →
Weaknesses
Threats
59
When the SWOT analysis has been completed, decide if the
objective is attainable given
the SWOT. If not, change the objective an repeat the SWOT
analysis.
If the objective is attainable, answer the following questions to
generate possible
strategies:
How can I Use each Strength to eliminate or reduce potential
risks?
How can I Stop each Weakness that create opportunities for
risk?
How can I Exploit each Opportunity to maximise my risk
management activities and
plans?
How can I Defend against each Threat to minimise risk.
4.2.2 Examples of Strengths and Weaknesses:

Resources: financial, intellectual, location
Customer service
Efficiency
Competitive advantages
Infrastructure
Quality
Staff
Management
Price
Delivery Time
Cost
Capacity
Strong relationships with key industry customers
Examples of Opportunities and Threats
Political/Legal
Economic condition

Expectations of stakeholders
Technology
Public expectations
Competitors and competitive actions
Errors to be avoided
The
following errors have been observed in published accounts of
SWOT
analysis :
Conducting a SWOT analysis before defining and agreeing
upon an objective (a desired
end state). SWOTs should not exist in the abstract. They can
exist only with reference to an
objective.
60
LESSON
1.3
If the desired end state is not openly defined and agreed upon,
the participants may have
different end states in mind and the results will be ineffective.
Opportunities external to the company are often confused with
strengths internal to the

company. They should be kept separate.
Another error is to confuse SWOTs with possible strategies.
SWOTs are descriptions of
conditions, while possible strategies define actions. This error
is made especially with reference
to opportunity analysis. To avoid this error, it may be useful to
think of opportunities as
"auspicious conditions".
4.3 HAZOP
The HAZOP process is an analysis tool that systematically
analyses each part
of a system or activity.
It is quite popular because of its ease of use, the ability to
organise and structure the
information, minimal dependence on the experience of the
analysts, and the high level of results.
It provides a more complete identification of the hazards,
including information on how hazards
can develop as a result of operating procedures and operational
upsets in the process, hence the
incorporation of the word operability in the name. The basic
idea is to “let the mind go free” in a
controlled fashion in order to consider all the possible ways that
process failures can occur.
The essence of the Hazop analysis approach is to review
procedures in a series of
work-sessions or meetings. During these meetings, a multi-
discipline team performs a systematic

study of a process using guide words to discover how deviations
from the design intent can occur
in equipment, actions, or materials, and whether the
consequences of these deviations can result
in a hazard.
The results of the HAZOP analysis are the team's
recommendations, which include
identification of hazards and the recommendations for changes
in design, procedures, etc. to
improve the safety of the system. Deviations during normal,
start-up, shutdown, and maintenance
operations are discussed by the team and are included in the
HAZOP. It must be remembered
that HAZOP is an identifying technique and is not intended as a
means of solving problems.
Although Hazop is essentially a qualitative technique, it can be
used to identify areas which
must be subjected to comprehensive quantitative analysis.
61
A block flow diagram of the HAZOP process looks like this:

Select a process or
operating step
Explain design
Repeat for all process
intention of the
sections or operating
process section or
steps
operating step
Select a process
Repeat for all process
variable or task
variables or tasks
Apply guide word to
Repeat for all
process variable or
guide words
task to develop
meaningful deviation

List possible causes
Develop action items
and deviations
Examine
Develop acceptability
consequences
of risk based on
associated with
consequences,
deviations
causes and
(assuming all
protection
protection fails)
Identify existing
safeguards to prevent
deviation
4.3.1 The following terms are used in the HAZOP process:
Design Intent - the way a process is intended to function.
Deviation - a departure from the design intent discovered by
systematically applying

BUSINESS ADMINISTRATI.docx

Recommended

Recommended

More Related Content

Similar to BUSINESS ADMINISTRATI.docx

Similar to BUSINESS ADMINISTRATI.docx (20)

More from joyjonna282

More from joyjonna282 (20)

Recently uploaded

Recently uploaded (20)

BUSINESS ADMINISTRATI.docx