Case Study

Organisations face a range of risk types. The overall risk profile can contain a complex and dynamic range of risk types, which are interrelated and which vary as a function of time. In addition there are overlaps between some of the risk types. A scope risk is also a management risk. A decision on which parts of the organisation to insure and which not to insure is a scope risk decision and is also clearly a management decision. In turn, the consequences of this decision could indeed be considered as a direct financial risk. There are both multiple and discrete interrelationships between numerous risk types in most complex risk assessment processes. The significance of different combinations of risk types can be very different. On Monday 17 September 2001 the Dow Jones index fell 7 per cent. This was an all-time record in terms of the number of points lost on the Dow Jones Industrial Average, which is the main blue chip index in New York, although there was a larger percentage drop (22.6 per cent) on 19 October 1987. The fall was caused by the World Trade Center terrorist (political risk) attack (the attack being an external risk as far as Dow Jones companies were concerned). There were large sales (shareholder risk) in companies directly affected such as leisure, tourism, airlines and hotels (specialisation risk), although shares in defence and weapons such as Sturm Ruger (handguns) went up significantly in value. These losses occurred despite the US Government Federal reserve (the Fed) dropping interest rates to the lowest levels since the 1960s (interest rate risk). Not all of the overall losses were directly attributable to the attacks, nor were they regarded as truly representative. The Dow Jones represents only 30 stocks, all of which are 'old economy' companies. The corresponding fall on Nasdaq, which represents newer high-tech companies (IT and technology risk) was considerably smaller. In addition, many analysts reflected that Wall Street was only coming into line with Europe and the Far East, where average values fell by some 10 per cent over the six days that the New York Stock Exchange was closed (complexity risk). Hopefully it can be seen that the risk influences on individual companies are complex and interrelated, and change dynamically over time.

Case Questions:

a. Given the range of risks that can impact on an organisation, and the complexity of the linkages between these risks?

The primary challenge for organizations is to identify and assess the interrelated risks that could impact their operations. These risks can vary depending on the nature of the business, and some risks may be more significant than others. It is important for organizations to have a comprehensive risk management framework in place that can identify, evaluate, and manage these risks to minimize their impact on the organization.

b. What are the primary performance characteristics of an appropriate organisation-wide risk management system?

An effective organization-wide risk management system should have the following performance characteristics:

• Comprehensive coverage of all relevant risks.
• Clear identification and assessment of risk exposures.
• Formal processes to manage and mitigate risks.
• Regular monitoring and reporting of risks.
• Continuous improvement of risk management processes.

Q:2 As a CEO of an online B2C business what categories of risk would cause you most concern?

As the CEO of an online B2C business, the categories of risk that would cause the most concern are cybersecurity risks, operational risks, reputational risks, and regulatory risks. These risks could impact the business's ability to operate, damage its reputation, and result in significant financial losses.

Q:3 What examples can you think of for risks that would need to be avoided (rather than accepted, reduced, or transferred), and how would you avoid each of them?

Examples of risks that would need to be avoided include:

• Legal and regulatory risks that could result in significant penalties or legal action against the company. To avoid such risks, the company needs to comply with all applicable laws and regulations and regularly monitor and update its compliance processes.
• Catastrophic events such as natural disasters, could disrupt the company's operations and result in significant losses. To avoid such risks, the company could invest in disaster recovery and business continuity plans and maintain backup systems and facilities.

Q:4 What criteria should determine how uncertainty of the impact of disruptive events should be factored into a supply chain?

The criteria that should determine how the uncertainty of the impact of disruptive events is factored into a supply chain include:

• The likelihood of the event occurring.
• The potential impact on the supply chain, including the financial impact, reputational damage, and disruption to operations.
• The ability of the supply chain to recover from the event, including the availability of backup systems and alternative suppliers.
• The cost of mitigating the risk, including the cost of insurance or other risk transfer mechanisms.

These are my answers but my tutor commented below. Could you please help me with updating?

The questions have been answered but in-depth research and connect to theories is missing. I also dont see any referencing which indicates that a variety of sources have not been studied prior to answering the questions.