Tag Archives: risk management

Risk Management-Insurance and Insurance Policy


Small to medium businesses are exposed to risks on a daily basis. The impact of these risks could cause a decrease in

revenue and/or an increase in expenses. As we all know, every business is subject to risks at any time. The potential losses as a result of unmanaged risks could be catastrophic. As discussed in the unit lesson, insurance policies can be purchased that can help protect businesses from risks caused by certain events and from risks to their employees’ personal security. BBA 4226, Risk Management .You have been given the task of persuading your business’s board of directors to purchase insurance policies that will help manage the risks mentioned above. The insurance policies have already been chosen, but now you must explain the details of the insurance policies, including the contracts involved in the policies, to the board and convince the board that these policies really will protect the business from risks. In addition, you must describe what the terms in the insurance contracts mean and how they can be applicable to each business area.

In order to this, you will need to create a PowerPoint presentation consisting of at least 10 slides, and complete the following tasks:

Define insurance and an insurance policy.

Identify the two basic types of insurance.

Describe how insurance policies can be used to protect the business from risks caused by certain events and from risks

to their employees’ personal security while on the job.

Define the four essential elements of a valid insurance contract: offer and acceptance, consideration, legal capacity, and


Identify the common terms found in insurance contracts that specify exactly what risks an insurer will cover.

Define catastrophe theory and how it differs from risk management principles.

Discuss how catastrophe theory can be utilized by your organizations to manage and recover from risks.

Sample paper

Risk Management

Insurance and Insurance Policy

Insurance refers to a means of protecting businesses from financial loss. In other words, it is a risk management approach whereby businesses protect themselves against loss occurring from uncertainties in the business environment. Insurance occurs when people facing similar risks pool resources together to create a common fund from which compensation can be paid to those who undergo losses. This transfers the risk from the individual to the entire group, making it easier for the group to compensate losses. An insurance policy is a document that provides contract details between the insurance company and the insured. An insurance company issues the policy document to the insured during contract agreement.

Two Basic Types of Insurance

There are two main types of insurance namely life insurance and general insurance. Life insurance is a contract between an insurance company and an individual to transfer financial risks to the insurer in case of premature death of the insured. In turn, the insured makes certain premiums or payments to the insurance company on specified basis. General insurance refers to all other types of insurance other than life insurance.

How Insurance Policy can Protect the Business from Certain Risks

Insurance policies can be used to protect the business from certain risks caused by certain events. One way of protecting the business is by providing compensation in the even that the loss insured against occurs. For instance, a business might take property insurance to safeguard the business in case of accidental fire, damage due to storms, and theft (Madura, 2016). In the event that one of these risks occurs, the insurance company provides compensation to the insured. Businesses can protect themselves from risks to the employee’s personal security by taking workers’ compensation insurance. The workers’ compensation insurance ensures that the employee gets compensation in the result of death, disability, or sickness resulting from his/her work. In case of death of the employee, the insurance company compensates the beneficiaries.

Essential Elements of a Valid Insurance Contract

Offer and acceptance is one of the key element of a valid insurance contract. Offer and acceptance means that the person who wants to take an insurance cover tenders or offers his risk using a proposal form to the insurance company (Gulati, 2007). The insurance company may either accept or decline to insure the risk. The offer may come from the insurer or the insured. Consideration is the amount that the insured pays as premium for the insurance contract to become binding (Gulati, 2007). The consideration may be of any amount. Once the insurance company receives premium, the contract becomes legally binding.

Legal capacity means that the purpose for which the insurance agreement is entered should not contravene the laws of the country (Gulati, 2007). A valid insurance contract is one that does not involve immoral activities, contraband goods, or anything else forbidden under the law. Purpose refers to the specific reason for which the insured takes the insurance cover. There must be a clearly established reason why the insured takes the cover. In addition, the insured must have insurable interest in the thing he/she wishes to insure.

Catastrophe Theory

Catastrophe theory is a method for predicting or describing reality (Chen et al., 2012). Catastrophe theory investigates discontinuous catastrophes or changes affecting an organization. Catastrophe theory differs from risk management principles in certain ways. The most important difference is that catastrophe theory investigates discontinuous changes affecting the organization while risk management principles are concerned with the day to day changes occurring within the organization.

How Organizations can Utilize Catastrophe Theory

The catastrophe theory can help in developing computerized models leading to a set of simulated events (Chen et al., 2012). This enables individuals to assess the losses that might occur from particular events. Businesses can also apply catastrophe theory during forecasting. The organization can thus apply catastrophe theory in predicting the risks of loss relating to a particular event. Catastrophe theory can enable a business tell  the risk levels of various events and the probability of occurrence of the particular events.


  • Booker, J. (2007). Comprehensive practices in risk and retirement planning. Toronto: CCH Canadian Limited.
  • Chen, Y., Song, G., Yang, F., Zhang, S., Zhang, Y., & Liu, Z. (2012). Risk assessment and hierarchical risk management of enterprises in chemical industrial parks based on catastrophe theory.International Journal of Environmental Research and Public Health, 9(12), 4386-4402. doi:10.3390/ijerph9124386
  • Gulati, N. C. (2007). Principles of insurance management: A special focus on developments in Indian insurance sector – pre and post liberalisation. New Delhi: Excel Books.
  • Madura, J. (2016). Financial markets and institutions. Boston, MA: Cengage Learning.


How risk management contributes to conducting business more effectively

1.Risk management can be thought of as a strategic process in organizations. Reflect on how you think risk management contributes to conducting business more effectively.

Any investment has a degree of risk that comes with it.  A risk is often described as the potential of gaining or losing something of value. To reduce the risk of losing their investment, most investors have turned their attention to risk management.  Risk management largely involves the identification, evaluation and acceptance or mitigation of uncertainty in investment decisions. Risk management helps to improve the performance of business my instilling confidence in investors and employee of a company or an institution. Risk identification assists in fostering the vigilance in times of discipline and calm at the time of crisis.  By identifying and evaluating risks in advance gives an organization enough time to prepare mitigation strategies that minimize the negative impacts of the hazards if not fully eliminating (Valsamakis, Vivian, & Du, 2010). Moreover, assessing risks, the organization generates ideas and concepts aimed at identifying the solutions to the hazards associated with the operations of the business.  Risk solutions are often discussed together with all stakeholders to identify the best solution thus promoting organizational culture.  Finally, risk management saves costs and time in the sense that investors are always prepared in advance to take the necessary steps and precaution to protect their business from loss.

2.Think about a recent project/endeavor that you have participated in. Do you agree with the following statement: “With proper planning it is possible to eliminate most/all risks from a project/endeavor”? Why, or why not?

Planning is the key to success of every endeavor.  A good plan lays the blue prints and guidelines of activities and processes that are necessary to make sure that a project or business is successful.  Therefore, the planning process comprises of activities such as thinking about and organizing ideas and activities necessary to achieve the desired objective.  I fully agree with the statement that with proper planning it is possible to eliminate most of the risks associated with a business. When making any business associated decisions, it is necessary to measure the associated risk. A good plan should be in a position to identify the opportunities that are associated with a project while at the same time identifying all the risks associated with it.  Therefore, a good and appropriate planning process should identify, assess and quantify business risks, then take measures to control or minimize their impacts on business operations (Hopkin & Management, 2014).  Additionally, a good plan should establish the distinct types of risks linked with each selection and thus give assurance that a company can design and adopt an effective program to prevent losses or minimize the impact if a loss takes place.  A good program should comprise of systematic plans and methods for identifying  and confronting these threats, treatment and indicates financial opportunities.

3.Describe an event (or a thing) that you have personally experienced in your own life that could be a hazard to some and a threat to others.

Businesses may face different types of risks in its daily operations depending on the industry and the nature of the business.  Notably, some of these risks faced by organizations can be managed by insurance while others other cannot, and the organizations are forced to absorb them and integrate them with business operations.  One of the major risks that I have recently faced in my place of work is the tool breakdown in the company.  In recent times, the internet has become an integral part of all business operations as most of the organization’s operations are conducted over the web.  Therefore, the moment the company loses the internet connection, most, if not all business operations comes to a standstill and this significantly affects the operations of the company.  At the beginning, the company had not installed a backup plan that could help save the company operations at such time (Choate, 2008).  However, in recent days, the company has designed a manual backup plan that helps to keep the operations going even when the internet is down.  Loss of internet is one of the major risks facing most online companies considering that with no web connection the company cannot complete its transactions.

4.In the organization in which you work, or have worked previously, describe how you would implement a strategy for risk tolerance. Provide an example of tolerable risks.

Despite the fact that risks are often associated with a loss in an organization, some of the risks facing an organization can be accepted and tolerated in the organization.  A tolerable risk is that risk that remains after suitable and sufficient control measures have been applied to significant hazards that have been identified, evaluated and controlled. The best way to implement a strategy for risk tolerance in an organization is fully and opened communicating and sharing of information with all stakeholders to make sure that they are aware of any emerging and collateral risks that may affect the company operations.  Stakeholders are an important part of a business and should be fully engaged in all business operations, particularly when it comes to identifying, evaluating and treating risks in the company (Hartmann, H, Thomas, & Scharpf, 2012). Discussions and consultations with the management team are critical to helping ensure that the company’s strategy remains appropriate given the market and economic conditions. A good example of tolerable risks is when an employee loses a day’s work as a result of equipment or tool breakdown. However, the probability of the risk occurring and the severity of the resulting harm must be low.

5.Think about the company you work for currently or one for whom you have worked previously. At that company, did you notice an overlap between operational and physical security? Explain your response.

Employee safety and well-being in any organization should be given the first priority in all organizational operations.  However, there are two major forms of securities in an organization that includes operational security and physical security.  Operational security largely focuses on the identification of critical information to determine the actions and activities of competitors and rivals. Additionally, operational security focuses on protecting an organization’s information and resources from competitors.  On the other hand, largely involves the protection of staff, tools, software, networks, and information from physical activities that could cause serious loss or damage.  Notably, both types of securities are important to the operations of an organization, but from time to time they overlap.  For example, employers always demand that employee should keep the interest of the company ahead of their personal interests.  Therefore, in the event of an accident, employees should try to save as much company assets as possible even if it means risking their lives (Salloum, Al-Abdullah, Vittal, & Hedman, 2016). On other occasions, especially in security and military organizations, employees are required to protect sensitive information about the company from falling into the hands of the wrong people at all costs even if it means losing their lives.  Therefore, in such situations, the two forms of securities overlap.

6.thinking about your current cyber security setup for your Internet-enabled devices at home, what steps would you or do you take (if necessary) to protect your home network from cyber attacks?

Despite making life easier as well as making it easy to transfer information and data from one point to another, the internet has its share of disadvantages especially when it comes to cyber attacks and cyber crimes.  Cyber attacks comprise of any offending activity carried out by states, persons or even groups that target computer information systems, structures or even personal computer devices by various means of malicious acts.  Cyber attacks often lead to identity theft or loss of sensitive information that might contain confidential details.  However, to protect a home or personal network from cyber attacks, one should ensure that they change the name of their home wireless network as it helps to make it harder for hackers to know the type of router and network one is using. It becomes easy for a cyber criminal to hack a router or a network once he or she identifies the manufacturer of a router (Loukas, 2015).  After changing the name of the network, it is prudent for an individual to choose a strong and unique password for the wireless network.   In most cases, wireless rooter come with pre-set with a default password that might be easy to hack or crack.  Therefore, it is necessary to change this default password to a strong and unique password of at least 20 characters including numbers, letters, and symbols.

7.Looking back at a current or former job, what risks do you notice now that you did not notice before taking this course? After learning strategies for dealing with these risks, what would you do to help manage or mitigate them?

Businesses face all kinds of risks, some of which can lead to significant loss of profit or in the worst case lead to bankruptcy. However, different companies deal with different kinds of risks depending on the location of the business, industry and the nature of the product they manufacture and produce.  After studying this course, I have to know some risks that I did not know that existed there before.  One of the notable risks that I have learned is the compliance risks, especially at the international level.  When an organization decides to expand its operations to other countries, it should fully understand the legal environment of the host country to avoid trouble with the host government (Hopkin & Management, 2014).  To mitigate this type of risk, it is advisable for the company to research and learn about the legal environment of the new country by consulting with the authorities of the country. They should also seek the help of risk management manager in the new country to provide information about the legal requirements as well as the best way to mitigate this risk in this new environment.

8.Take a few minutes to reflect on the material that was covered in this course. Do you feel this course has prepared you for your career? Explain your response.

The material gained from the study of this course has significantly prepared me for my future career as a risk manager by clearly identifying and describing the duties of a risk manager while at the same time identifying the different types of business risks. According to the course, a risk manager should be open minded and flexible enough to allow changes in the risk management plan with changes in the nature and type of risk. However, it is necessary for them to fully understand the risk management process that comprises of identifying, assessing and treating the risks.  Additionally, it is prudent for the risk management team to have an open and free flow of information between the company officials, employees and all stakeholders to make sure that they are all on the same page when it comes to treating risks.  Additionally, the course has helped me to understand that there are both internal and external business risks (Choate, 2008).  Internal risks can be avoided or treated within the organization since a company has control over internal risks, but has no control over external risks which might affect the entire industry in a country or even the entire country.  Therefore, it is necessary to differentiate between those risks that can be treated and mitigated and those that can be tolerated in the organization.


Choate, P. (2008). Dangerous business: The risks of globalization for America. New York: Alfred A. Knopf.

Hartmann, H, Thomas, H., & Scharpf, D. E. (2012). Practical SIL Target Selection: Risk Analysis per the IEC 61511 Safety Lifecycle. Sellersville, PA: Exida.

Hopkin, P., & Management, I. R. (2014). Fundamentals of Risk Management: Understanding, Evaluating and Implementing Effective Risk Management. London: Kogan Page.

Loukas, G. (2015). Physical-Cyber Attacks. Cyber-Physical Attacks, 221-253. doi:10.1016/b978-0-12-801290-1.00007-2

Salloum, A., Al-Abdullah, Y. M., Vittal, V., & Hedman, K. W. (2016). Impacts of Constraint Relaxations on Power System Operational Security. IEEE Power and Energy Technology Systems Journal, 3(3), 99-108. doi:10.1109/jpets.2016.2560119

Valsamakis, A. C., Vivian, R. W., & Du, T. G. (2010). Risk management. Sandton: Heinemann.

Project for installation of a new Internet security suite-Risk Management


Project for installation of a new Internet security suite-Risk Management

For this assignment, you have been assigned as the project manager for a project involving the installation of a new Internet security suite for your company.

Complete the following tasks for your project:

Provide a brief overview of your project.

Describe positive and negative risks within your project.

Discuss how each of the identified risks can affect the success or failure of the project and rank each risk in terms of

impact to the project.

Propose risk mitigation and management approaches for each identified risk.

Describe the role policy plays in the planning and performing of risk management processes.

Sample paper

Risk Management

Brief Overview of the Project

Installing an internet security suite for the company is critical during this period of increased cyber-attacks targeting businesses. A new internet security suite for the company will help in protecting the company’s computer system from spyware, viruses, malware, email and IM scams, and from hackers. This project aims at improving the information security solutions utilized by the company by ensuring the installation of a new internet security suite that can detect and deter security threats facing the company’s computer system. The new internet security suite should not affect the performance of the company’s computers. Some of the features that come with the new internet security suite include anti-virus engine, content security and parent control, application control, USB device control, and among others.

Positive and negative risks and how they affect the success or failure of the project

Possible positive impacts

  • Reduced cyber attacks

A new internet security suite will reduce the possibility of successful cyber-attacks within the organization. According to Szewczyk (2012), antivirus programs and firewalls can be able to deter about 90 percent of malware.

  • Early detection of attacks

The new internet security suite will help in early detection of malware attacks. This will ensure that the management acts quickly by taking the appropriate steps to stop the spread or further damage. Early detection of attacks ensures the elimination of the threat before it cause significant loss.

  • Protection while surfing the internet

Installation of internet security suite will ensure that employees can surf the internet without hackers being able to access personal data such as bank account access details and credit card information.


Negative risks

  • Employees and other end-users risk

There is a significant risk posed by end-users of a particular system. Although the new internet security suite will thwart most of the cyber-attacks, its effectiveness partly depends on the behavior of the end-users. End-users should be able to understand how the internet security suite works, its importance, and how they can maximize the protection mechanism. Failure of end-users to adhere to protocol increases security threat. For instance, the new internet security suite may identify potential threats and warn the user from downloading a particular file. The user may ignore this and download a malicious file thus compromising the system. Employees may share passwords with their colleagues, which may increase security risk. This may compromise the effectiveness of the project.

  • Dynamic nature of cyber-threat

According to Szewczyk (2012), anti-virus vendors are able to protect organizations from about 90 percent of new malware. This leaves organizations at risk of about 10 percent of newly released malware. Malware developers may devise sophisticated malware that employ anti-detection techniques, hence lending the security systems vulnerable to attacks. This threat may compromise the efficacy of the project by making the internet security suite less effective in preventing attacks.

  • Targeting devices other than the company’s computer systems

The installation of the new internet security suite might not eliminate the security threat posed by cyber criminals. The internet security suite is designed purposely to protect the company’s computer system. In the recent period, however, hackers are targeting other devices that connect to the company’s computer system or that are used in some way. For instance, there have been malware attacks targeting smart phones and Asymmetric Digital Subscriber Line (ADSL) routers (Szewczyk, 2012). This may cause losses especially to customers who may lose money through illegal mobile banking transactions. Such losses may cause the management to lose faith concerning the internet security suite.

  • Failure to patch or upgrade the operating system and the internet security suite

Failure to patch the operating system and the new internet security suite may increase the security vulnerabilities. The IT department should ensure that there is regular updating of applications in order to reduce vulnerabilities. However, most organizations do not keep their applications up to date due to various complexities in updating or upgrading their systems. A good example is the recent ransomware named “WannaCry” which has affected thousands of computers running on the older versions of Windows operating system (Scott & Wingfield, 2017). In this case, free security patches were available but most organizations had not installed them, making their computer systems vulnerable to the ransomware.

Risk mitigation and management approaches

The first risk is employee and other end-users risk. The management can mitigate this risk by developing training programs for employees on cyber security (“Internet Security Threat Report (ISTR),” 2016). The training program should focus on identifying and preventing threats. The second risk concerns the dynamic nature of cyber threats. The organization can mitigate this risk by ensuring frequent updating of the new internet security suite. The organization should also update other applications including Windows operating system. The other threat involves cyber threats that target devices other than the company’s computer systems. The company can mitigate these threats by educating consumers and other third parties involved. Lastly, the organization should develop a policy to keep all applications and internet security suite updated.

Role policy plays in the planning and performing of risk management processes

Policy plays a critical role in planning and performing risk management processes. Policy provides guidance concerning the way in which the organization deals with cyber security threats. Policy provides guidelines that help in the implementation of strategies to deal with cyber security threats. Another role of policy is that it provides a mechanism under which the management can control the behavior of individuals within the organization.


Internet Security Threat Report (ISTR). (2016). Retrieved from             https://www.symantec.com/content/dam/symantec/docs/reports/istr-21-2016-en.pdf

Scott, M., & Wingfield, N. (2017, May 13). Hacking attack has security experts scrambling to     contain fallout. The New York Times.

Szewczyk, P. (2012). An australian perspective on the challenges for computer and network         security for novice end-users. The Journal of Digital Forensics, Security and Law:       JDFSL, 7(4), 51-72.

Risk Management Strategies


You have been asked to present information to your company’s board of directors regarding each of the following items:

business continuity plan (BCP),

disaster recovery plan (DRP),

business impact analysis (BIA), and

operational risk management strategy (ORM).

Create a written report consisting of at least three pages in which you describe the purposes and benefits of each one, the

challenges involved in creating each one, and how each one fits into a risk management strategy. Also, assemble and

present a policy for planning and performing each of the processes above.

Sample paper

Risk Management Strategies

Business Continuity Plan (BCP)

A BCP helps in establishing business continuity plans and processes that entail how the organization assesses risks, conducts risk mitigation practices, and how it can resume critical functions when faced by disasters or disruptions in operations (Eccleston, 2008). The main purpose of the BCP is to identify ways in which the business can resume critical business functions following a disaster. The BCP provides numerous benefits to the organization. One of the key benefits is that it provides business continuity even in the face of disasters that significantly affect operations. A BCP helps in building customer confidence. When other organizations fail to deliver in face of disasters, a business with a BCP can continue providing essential services. Another benefit tied to this is its role in creating a competitive advantage (Eccleston, 2008). This is because customers may prefer the firm’s products to others. BCP reduces the risk of financial loss. Another benefit is that developing a BCP enables the business to meet legal and statutory obligations. It is also a way of complying with the international business continuity standards.

There are a number of challenges involved in developing a BCP. The first challenge is high costs in developing the plan. Implementation of a BCP plan requires installation and maintenance of equipment, hardware, software, and allocation of human resource, which is costly (Stewart, Chapple, & Gibson, 2015). The second challenge is that the BCP process is complex to develop, implement, and maintain. This is because it involves making complex plans about mitigating potential disasters. The third challenge is the tendency of the management to make incorrect assumptions in the development of the plans. This may erode its effectiveness. Lastly, the senior management may fail to allocate enough time in the development of the BCP due to demands for other things in the organization (Stewart, Chapple, & Gibson, 2015). The BCP fits is a way of risk management. Risk management, just like the BCP, is involved in assessing the impacts of possible risks, developing mitigation plans, and settling on possible plans of actions if the risk occurs.

Policy for Planning and Performing the BCP

The following is a policy for planning and performing of the BCP

  1. Initiation – This involves establishing a team responsible for business continuity planning. At this level, one highlights the milestones, develops the executive report, and outlines the master schedule.
  2. Organizational impact analysis – this involves examining the potential impacts of system failure or disasters on the core business operations.
  • Contingency planning – This stage involves identifying contingency plans. In addition, the specific triggers are established. Presence of these triggers marks the implementation of the contingency plans.
  1. Testing – This involves ensuring that the business continuity plan is workable (Stewart, Chapple, & Gibson, 2015).

Disaster Recovery Plan (DRP)

A Disaster Recovery Plan (DRP) is similar to a BCP. While BCP ensures the continuity of all critical business functions, DRP ensures the restoration of damaged IT systems in the business through assessments, repair, and other activities. DRP is more of an effort to recover the business’ IT systems as well as applications (Gregory, 2010). There are several benefits in DRP. The key benefit is that it ensures the possibility of a business surviving a disaster. DRP reduces risk through threat analysis as well as through implementation of mitigation procedures. DRP improves reliability and availability of IT systems and business processes, meaning production can go on uninterrupted even in the face of disasters. DRP contributes to organizational maturity, since the organization can cater to its customers even during disasters. Lastly, DRP enables the organization to gain marketplace advantages through enhancing reliability.

Challenges are present in implementing a DRP. The first challenge involves high costs of implementing a DRP. This is because a business has to set aside money for backup IT systems and applications. The second challenge involves having a wrong or inadequate DRP. The plan is wrong if it is too complicated or too simple to handle the organization’s demands. The third challenge involves relying on wrong technologies such as outdated technologies. Another challenge is failure to test the DRP to ensure it is working. This may come because of a reactive IT department that fails to anticipate problems (Gregory, 2010). The DRP fits into a risk management strategy because it involves assessing the impacts of possible risks, developing mitigation plans, and settling on possible plans of actions if the risk occurs.

Policy for Planning and Performing the DRP

The DRP includes critical application assessment, back-up and recovery procedures, implementation procedures, test procedures, and the plan maintenance. The following are the steps involved in planning.

  1. Data collection
  2. Plan development
  • Testing of the plan
  1. Monitoring and maintenance processes.

Business Impact Analysis (BIA)

A Business Impact Analysis (BIA) helps in the examination of risks, threats, and exposures facing a business (Wallace & Webber, 2011). A BIA is a form of risk analysis, but includes calculations. A BIA provides an overview of critical business functions within an organization. A BIA has a number of benefits to the business. First, a BIA helps in quantifying costs associated with the loss of a particular vital function. It line with this, it helps in assessing intangible costs associated with a vital function. BIA helps organizations to establish the most vital functions that they ought to safeguard. Organizations can use a BIA to prioritize the application of scarce resources to multiple business functions (Wallace & Webber, 2011). BIA can help in establishing the vital records and the possible impacts in case of a loss. BIA can help in identification of major business losses such as loss of market share, customer loss, and others. Lastly, it can help in matching resources and business functions.

There are a number of challenges in a BIA. One of the challenges relates to cost implications of the plan. Since the analysis touches on departments, some departmental heads may be adamant to share sensitive information to the project manager. This influences the quality of the BIA. Another challenge is data overload. It might be difficult for the analyst to handle too much unstructured data. A business should perform a BIA prior to implementing risk management strategies. A BIA helps to identify areas in businesses that are most crucial. As such, risk management strategies can focus on the identified areas.

Planning and Performing

  1. Gathering information
  2. Analyzing the collected information
  • Documentation of findings
  1. Presentation of the findings to the leadership for decisive action (Heng, 2002).

Operational Risk Management Strategy (ORM)

Operational risk is the risk of loss emanating from failed business processes (internal processes), failed systems, external events, and people risks (Lather & Gakhar, 2011). This includes legal risks as well. The purpose of Operational Risk Management (ORM) is to identify and implement mitigating measures against operational risks. Some of the specific risks include high cost of energy, high employee turnover, legal risks, high cost of waste, and others. The benefits of ORM include identification of risks factors (internal and external); evaluation of risk drivers; implementation of internal controls to mitigate operational risks; aid in developing budgets for operational risk; and in strengthening of decision support system (Lather & Gakhar, 2011).

There are several challenges in implementing ORM. ORM results in high costs of compliance due to its complexity. There challenges in implementing the right risk management systems to support the needs of the organization. Another challenge is accessing the relevant information required in risk analysis. Another challenge is lack of management support to implement ORM. Operational risk management is a form of risk management strategy (Lather & Gakhar, 2011).

Policy for Planning and Performing

The policy for planning and performing include the following.

  1. Identification of risk
  2. Implementation of core risk management process
  • Capital evaluation
  1. Assessing risk appetite.


Eccleston, C. H. (2008). NEPA and environmental planning: tools, techniques, and approaches   for practitioners. New York, NY: CRC Press.

Gregory, P. (2010). Cissp guide to security essentials. Boston, MA: Course Technology. Boston,             MA: Course Technology.

Heng, G. M. (2002). Conducting Your Impact Analysis for Business Continuity Planning.            Retrieved from    https://books.google.co.ke/books?id=LMPOAgAAQBAJ&dq=business+impact+analysis            +(BIA)+challenges+in+implementation&source=gbs_navlinks_s

Lather, A. S., & Gakhar, D. (2011). Contemporary issues in corporate finance. New Delhi:          Excel Books.

Stewart, J. M., Chapple, M., & Gibson, D. (2015). CISSP: Certified information systems security             professional study guide. Hoboken, NJ: Sybex, a Wiley Brand.

Wallace, M., & Webber, L. (2011). The disaster recovery handbook: A step-by-step plan to          ensure business continuity and protect vital operations, facilities, and assets. New York: AMACOM.

Measuring Risk-Risk management


Measuring Risk

Organizations must be able to manage risk, but in order to do so, companies must be able to measure it. The terminology used to measure risks include risk, tolerance, and sensitivity as well as assessment, measure, and perceptions. prepare an essay of at least two pages outlining how risk measures have developed and evolved over time. Your essay should also outline qualitative and quantitative measures of risk and discuss how cultures, structures, and process impact the risk management process.

Sample paper

Risk management

When investors and companies decide to invest in any business, they usually take a great risk and a leap of faith in the unstable market.  Therefore, any investment is always associated with a form of risk. A hazard is the likelihood or the probability of harm, damage, obligation, misfortune or negative event brought on by both inside and outside elements in organizations.  Due to the increased number of risks associated with investments in recent times, investors are increasing creating and implementing safety measures to reduce the impact of the negative impact that may hit their businesses (Jordão & Sousa, 2010). As a result, risk management focuses on forecasting and projecting financial liabilities and losses together with identifying the best procedures to make sure these losses are minimized, or their impacts are minimized. Management policies, procedures, and practices are implemented to analyze, communicate and treat these threats.

With the evolution of risk in recent years where they are becoming complex, risks managers have also developed evolved and high standard risks measures to match the risks.  Some of the widely used risk measures in this era are qualitative and quantitative risk measures.  Qualitative risk measure focuses on identifying and communicating the profitability of a risk event occurring and the projected impact the threat will have a business. According to risk managers, all risks have both positive and negative impacts, and it is upon the management to identify and communicate the level of both impacts on the business in the case they occur. There are different techniques used to conduct qualitative risk assessment such as interviews, brainstorming, and risk rating scales and well as analysis of past data to identify a pattern on how risks occur (Valsamakis, Vivian, & Du, 2010,). On the other hand, quantitative risk measure help in assigning a forecasted value or costs to a risk that has already been identified.  Therefore, project managers can use this technique to numerically analyze the impact on overall investment of the established risks. However, for this technique to yield the best results, the risk manager must prioritize the threats and assign numerical values to these liabilities.

Organization cultures, which are frameworks and subsystems of shared assumptions and values governing the behavior of employees in an organization, have a significant influence on the risk management process adopted by a particular organization. Organization culture influences the conviction and corporate state of mind in an organization to persuade them to take the necessary well-informed risk decisions out of their own will but not because they are forced to take. Therefore, an effective risk management culture pays little emphases on the level of compliance compared to the willingness of the people to make the right decision.  On the other hand, and the organization framework of a company which holds a firm together.  Therefore, the organizational rules and policies put forth by the structure of an organization that outlines the roles and responsibilities of different organs can either promote or hinder risk assessment and management processes (Hopkin, 2017,). Each organ and department should be given independent and clearly defined power and roles to assist in identification of threats in their departments.  The top management should then design and create risk treatment procedures and processes to help in avoid and minimizing these threats.  Therefore, the organization structure should be flexible enough to allow changes in the designed processes and procedures of identifying and treating threats by urgency, need, and magnitude.


Hopkin, P. (2017). Fundamentals of risk management: Understanding, evaluating and implementing effective risk management.

Jordão, B., & Sousa, E. (2010). Risk management. New York: Nova Science Publishers.

Valsamakis, A. C., Vivian, R. W., & Du, T. G. (2010). Risk management. Sandton: Heinemann.

Risk Management


Risk Assessment

The purpose of this assignment is for you to initiate a risk assessment of a business of your own choosing. Use the provided Word template to complete the assignment. Once you have completed the template, please upload it into the assignment area within Blackboard. Please be sure to properly cite and reference any outside resources that you may use,Please explain, in a paper of at least 500 words, how you determined whether each risk was low, medium, or high impact, and include a more detailed plan for improvement.

Sample paper

Risk Management

Risk Description Risk Type Risk Impact Potential Action for Improvement
Failure to attract top talent  Human resource risk High  Provide benefits and good remuneration
Fluctuation in currency exchange rates  Marketing risk  Low  Currency hedging
Economic recession  Financial Low  Downsizing
High debt whose maturity is in the near future  Financial  High  Efficient administrative system
Changes in legislative or regulatory environment  Legal  Medium  Regulatory risk management program
 Data loss through hacking  Process risk  High Ensuring the information systems and related software are up-to-date
 Damage to physical property  Process risk  High  Improve the security network
 High staff turnover  Human resource  Medium  Improve working conditions


Failure to attract top talent is in the category of human resource risk. Failure to attract top talent is a high impact risk. The determination of risk impact examines the possible consequences of the risk occurring in the organization. Failure to attract or retain top talents can negatively affect the business’ competitiveness. This because businesses rely on the talent of their employees to develop innovative products that meet customer needs. Businesses can overcome this challenge by offering attractive benefit packages and remuneration to employees. This can reduce poaching of top talent by other businesses. Another risk is fluctuation in currency exchange rates since the business is international (Aubert, 2012). The risk impact is low. The impact of risk was determined through a qualitative assessment. In qualitative assessment, the risk manager looks at the probability of occurrence and the possible impacts. Although the probability of currency fluctuation is high, it might not have a significantly high impact especially in the long-run. Action for improvement involves currency hedging, which acts like some kind of an insurance against the impacts of currency fluctuations.

Another risk is economic recession, whose impact is low. Determining the risk of economic recession involves examining the probability of occurrence and possible impacts. Incidences of economic recession are infrequent, meaning the risk is less likely to occur. Furthermore, businesses can be able to take measures to cushion themselves from the impacts. Potential action for improvement is downsizing the scale of operations. For instance, the business may reduce benefits or lay-off some employees. High debt is a financial risk with high impact (Aubert, 2012). In determining the risk of high debt, it is important to analyze the risk to business if the maturity date is reached. One possible consequence is receivership, which indicates that the risk of bad debts is high. It is also important to consider the impact on the business reputation. Bad debts damage the reputation of the business. A business can avoid bad debts by ensuring there is an efficient administrative system. This can help examining the cash flow estimates to determine if the business can be able to pay its creditors.

Changes in the legislative and regulatory environment present a medium risk to the business. This risk is medium because it has a low probability of occurring. Furthermore, the regulatory risk can only affect a business only in circumstances where it is unable to respond appropriately to the new regulations or laws. A plan for improvement entails implementing a regulatory risk management program that can help in scanning, assessment, and monitoring of risks. Data loss through hacking or cybercrime presents a high risk to the business. This is a high impact risk since there is a high probability of occurrence and the potential for loss is high. Cyberattacks can lead to damage to the reputation and customer confidence. The potential action for improvement is the use of up-to-date information systems. Legacy systems have a higher chance of experiencing cyberattacks.

Another high impact risk is damage to physical property, which is under process risk (Aubert, 2012). Modern commercial buildings are equipped with expensive machinery and other technologies, which may be difficult for the business to replace. Damage to physical property is high risk because of the high loss that can arise in the event that the risk occurs. The risk of damage is also high, which may result from fire, burglary or theft, natural disasters, and other reasons. A potential action is improving the security around business premises through hiring guards and installing CCTV. High staff turnover presents a medium risk to the business. The costs of replacing staff may be relatively higher. However, the management can be able to take action to prevent high staff turnover, which makes it a medium risk. A potential action is to improving the working conditions.


Aubert, N. (2012). A world of danger. Retrieved from http://www.artscouncil-ni.org/images/uploads/business-support-documents/risk_guide_for_board_members.pdf

What are the benefits an organization can receive from the adoption of a risk management program?


What is risk management?

What are the benefits an organization can receive from the adoption of a risk management program?

Describe the risk management process. What roles do security and capacity play within the risk management process?

What is the purpose of a risk management methodology?

Describe the various risk management methodologies used for risk assessment.

Sample paper

Risk management

What is risk management?

For any businesses to succeed in the market, they have to take the leap of faith and invest in their area of interest. All investments have to overcome risks for them to realize volumes of revenue and satisfy the needs of their customer.  A risk is often described as a threat that can affect the revenue and the return of the investment which in turn leads to loss. Risks are often divided into different categories such as basic risk, capital risk, and delivery risk.  However, to reduce the impact of the risk, investment companies have to deduce a way to manage these risks (Jordão & Sousa, 2010,). Risk management encompasses the identification, assessment, and control of liabilities and threats to a company’s capital and revenue. These liabilities could be triggered by a wide range of sources that includes financial liability and legal liability.

What are the benefits an organization can receive from the adoption of a risk management program?

As the risks and threats to business are increasing every single day, businesses are finding it necessary to implement some formal risk management system. Some of the benefits that are likely to accrue to a business that has adopted a risk management system include:

  1. Creation of a more risk-focused culture for a firm
  2. Efficient use of resources
  3. Effective coordination of regulatory and compliance matters
  4. Improved focus and perspective on risk
  5. Standard risk reporting
  6. It enables the management of a company to have a more consistent view of an approach to risk.

Describe the risk management process. What roles do security and capacity play within the risk management process?

Most of the risk management processes follow the same basic procedure and process to curb the negative impacts that may impact the business. The first step in the risk management process is the identification of the risk. Risk identification starts with uncovering, recognizing and describing the risks. The second step involves the analysis of the risk already identified to determine the likelihood of the risk occurring. The next step involves the ranking or prioritization of all the risks identified in the order of their urgency and magnitude (Valsamakis, Vivian, & Du, 2010). The fourth step involves the treating of the risk by creating a plan on how to modify these threats to make them acceptable. The final step involves the monitoring and reviewing of the risk to determine whether the risk management adopted by the management is effective. The security and capacity of information in a company ensure that the management has the necessary information, data, and statistics before they can adopt a risk management strategy.

What is the purpose of a risk management methodology?

The primary purpose of risk management methodology is to identify the best technique and method that can be implemented to identify and treat a risk to respectable levels.  Through different risk management methodologies such as risk acceptance and risk avoidance, a company has a chance to reduce the adverse effects of the risk.

Describe the various risk management methodologies used for risk assessment.

There are four major methodologies used to manage risks. These methods include:

Risk acceptance – risk acceptance does not reduce the adverse effects of a threat to a company. It is widely used when the cost of other risk management methods are too high or too expensive for a company.

Risk avoidance – involves the implementation of an action that completely avoids any exposure the identified risks. As a result, the company may talk an alternative just to avoid liability.

Risk limitation – this strategy limits the exposure f a firm to the risk through alternative action. It often combines risk acceptance and risk avoidance to decide on the best action to be taken (Saunders & Cornett, 2017).

Risk transfer – this strategy involves handing over the risk from one party to another especially a third party that is willing to accept the risk.


Jordão, B., & Sousa, E. (2010). Risk management. New York: Nova Science Publishers.

Saunders, A., & Cornett, M. M. (2017). Financial institutions management: A risk management approach. Dubuque: McGraw-Hill Education.

Valsamakis, A. C., Vivian, R. W., & Du, T. G. (2010). Risk management. Sandton: Heinemann.

Risk Management Process


Identify the steps of the risk management process. 

Sample paper

Risk Management Process

Just like individuals, all business organizations face some degree of probability or threat of damage.  In most cases, risks and losses are caused by both internal and external vulnerabilities that can be avoided if the company adopts defensive measures. The probability that the real return on the investment will be lower than expected can also refer to risk. However, a business organization can adopt a risk management that can help to reduce if not fully eradicate the adverse effects of risk. Risk management process comprises of forecasting and evaluating financial risks and identification of necessary processes and procedures to minimize their impacts (Larson, 2011). Different sectors of the economy face different risks and this call for different risk mitigation strategies. There is no one accepted risk management strategy. As a result, each risk should be investigated independently to determine the perfect strategy to use based on the prevailing conditions. This paper seeks to elaborate the necessary steps in risk management process.

As a team manager or a member of any business organizations, individuals manage risks in their daily operation. Learning the 5 step process of risk management is very crucial and is a necessity to each member.  Mitigation of risk ensures smooth running of the project and a positive and friendly experience for all stakeholders.

  1. Identification of risk – the very first step involves the identification and uncovering of risk as well as description of its nature that might adversely affect the business. However, there are some techniques that can be used to identify the risk depending on the nature of the risk and the sector of the economy it affects.
  2. Analyzation of the risk – after the identification of the risk, the risk manager should try to determine the likelihood and impacts of each risk associated with the business. It is always prudent to develop a correlation between the risk and the goals of business through understanding the nature of the risk in question.
  3. Evaluation and ranking of the risks – considering that risks are inevitable, a business may face more than one risk at a single period. In such situation, a risk manager should evaluate each risk independently before ranking them by their likelihood and impacts. After ranking, the manager should decide whether to treat or accept the risk associated with the risk(Aloini, 2007).
  4. Treat the risk – this step is widely known as risk response planning. At this process, the risk manager sets out on a mission to mitigate or fully eradicate the negative consequences of the high rated risk one by one. Treatment of risk comprises of several techniques that include risk acceptance, risk ignorance, the spread of risk and risk insurance. Creation of risk mitigation strategies is very important to any organization to ensure that it is not affected by the occurrence of the risk.
  5. Monitoring and reviewing the risk – this is the final step in the risk management process that a manager should involve in. After the treatment of the risk, the manager should monitor the risk to establish whether the treatment technique and policy has effectively worked. In case, the treatment was not effective, the manager goes back to the drawing board and finds another treatment technique that should help in mitigating the risk. At times, a risk may require the use of more than one risk management strategies for it to be fully nullified.


Aloini, D. D. (2007). Risk management in ERP project introduction: Review of the literature. Information & Management, 44(6), , 547-567.

Larson, E. W. (2011). Project management: The managerial process.