Role of Risk Assessment for Business

Risk management plays a critical role in any organization, for it is paramount to be able to cope with adverse events should they occur, or the consequences might be rather severe. Therefore, the process of risk assessment is crucial, for it permits developing countermeasures to address potential risks. This paper explains which variables should be considered when estimating the level of a risk, and what their relative importance is.

Generally speaking, when carrying out the process of risk assessment, it is pivotal to take into account two main variables: the probability of occurrence of a risk and the severity of its impact (McNeil, Frey, & Embrechts, 2015). It is often convenient to create tables or graphs so as to be better able to assess the level of a particular risk, and, consequently, to develop steps and countermeasures that should be taken in order to decrease the level of danger that this risk poses (Linkov, Anklam, Collier, DiMase, & Renn, 2014). However, when creating such tables or graphs, it is important to decide the level of relative importance of the two variables. That is, it should be decided whether the probability of occurrence of a risk or the severity of its impact takes priority when assessing the level of the risk.

However, even though the relative importance of each of the two variables may vary to a certain extent from case to case, the severity of impact of a risk plays a far greater role than the probability of that risk occurring (Erbschloe, 2003). This is due to the fact that when dealing with risks that are of high probability, but of low severity of impact, an entity (e.g., an organization) should be capable of dealing with that adverse impact without significant losses if the situation in question occurs (Linkov et al., 2014). On the other hand, even if the probability of a risk is low, but the potential losses are staggering, this risk should be considered a high-level risk, because it might be impossible to recover from its consequences should the situation take place.

For instance, if there is a high risk of a blackout (e.g., due to windy weather) in a language school where teachers use printed books and blackboards for teaching, the impact will be minor: the teachers will still be able to give their lessons because they do not need electricity much. At worst, the school will have to cancel the classes in the evening, when it is dark. Nevertheless, if the risk of an adverse event is high, it would still be wise to try to decrease its probability, and/or to negate its impact. In the given example, it may not be possible to decrease the probability of a blackout, because the school does not control the weather or the resilience of power lines; so the school ought to lower the consequences of a risk, for instance, by purchasing some lamps working on batteries, so that the impact of the blackout would be nullified, the classes would not have to be cancelled, and there would be virtually no losses at all.

On the other hand, a risk that may have a profoundly severe impact should be taken seriously and considered high-level, even if its probability of occurring is very low (McNeil et al., 2015). For example, in some organizations (e.g., on factories), there might be a risk of injury or death of a member of the personnel. On a nuclear power plant, there might be a very low risk of an event that can lead to a contamination of the environment with radioactive substances. Even though there might be a very low probability of such an event occurring, it should still be considered a high-level risk, and all the possible measures ought to be taken in order to further lower its probability, as well as to decrease its potential impact (Erbschloe, 2003). For instance, in a factory, workers might have to wear protective clothes and helmets to decrease the severity of injury they might gain; the equipment they work on should have some safeguards to reduce the probability of a traumatic event. On a nuclear power plant, all possible measures should be taken to prevent any malfunction and to decrease the probability of a risk of radioactive contamination (Kim, Cho, & Jeong, 2014). Also, numerous reliable safeguards should be put in place in order to lower the potential impact of a malfunction; for instance, some type of protective shell should be built around the reactor so as to contain radioactive materials if some leak or burst of these takes place.

Clearly, the risks that are of high probability and of high impact ought to be considered critical. In such situations, it is often better not to take risk at all (Erbschloe, 2003). For instance, miners should not work in an underground mine with a high probability of a cave-in. On the other hand, risks of low impact and low probability can often be ignored. For example, if in the above-mentioned school, the probability of a blackout is very low, it is perhaps unnecessary to purchase lamps working on batteries.

On the whole, when assessing risks, the severity of a risk is, in general, much more important than its probability. This is because for low-impact risks, it is possible to cope with their adverse consequences and simply go on, even if they occur rather frequently. However, for high-impact risks, the consequences might be disastrous, and it may be impossible to cope with them should they occur, so they cannot be ignored, even if the event in question is unlikely.

References

Erbschloe, M. (2003). Guide to disaster recovery. Mason, OH: Course Technology.

Kim, J. W., Cho, D. K., & Jeong, J. (2014). A methodology for a risk-based approach to complex scenarios in a long-term safety assessment of a radioactive waste repository. Nuclear Engineering and Design, 268, 58-63.

Linkov, I., Anklam, E., Collier, Z. A., DiMase, D., & Renn, O. (2014). Risk-based standards: Integrating top-down and bottom-up approaches. Environment Systems and Decisions, 34(1), 134-137.

McNeil, A. J., Frey, R., & Embrechts, P. (2015). Quantitative risk management: Concepts, techniques and tools. Princeton, NJ: Princeton University Press.

Making Business Decisions: Kenya Risk Assessment

A country risk assessment (CRA) is an evaluation by the firm that assesses a country’s economic situation, policies and politics to determine how much risk exists of losing an asset or not being paid. Therefore, risk assessment is a powerful tool for making business decisions. Following is a risk evaluation of the country, Kenya. Kenya is located in East Africa bordering Central Africa to the East and the Indian Ocean to the west.

This country forms a connection to other countries. For a long time, Kenya was recognized as a beacon of peace in Africa. The country had experienced peace and stability for a long time rivaled by only a few countries in Africa (Coombes et al., 2013). However, the recent political events have immensely cast a different image of this country on the foreign investors. The events of the country’s 2007 elections did not only scare away investors but also led to a significant drawback in the country’s economic growth.

Its proximity to Somalia, a country which has been under no proper governance for some time, only worsens Kenya’s security case. Additionally, there have been cases of the terror attack targeting the country’s business hub, Nairobi.

Kenya has a proper framework for collection of tariffs and duties. The country has a trade ministry that controls and oversees all the trading activities in the country. The trade ministry licenses companies and enforces the country’s trade regulations. The country through the Ministry of trade collects import duties on all import goods and services, a task which is carried out by the Kenya Ports and Authorities (KRA) (Kenya Revenue Authority, 2014). Additionally, the Kenya Revenue Authority ensures that all the goods entering into the country through the ports are up to standard. The duties that KRA charge on commodities has a given structure that considers the nature and cost of the import goods.

Shilling is the Kenya’s currency. Generally, the country’s currency is stable. The shilling’ money value has been fairly constant against other currencies. In the East Africa region, this currency has the highest money value. The drop in the shilling’ money value over time is as a result of inflation that has hit many countries in Africa. The country also enjoys a fairly stable banking system, which is controlled by the ministry of finance. Like other countries in Africa, Kenya is still developing.

This country is hence experiencing industrialization and civilization simultaneously. Kenya majorly has unskilled labor. However, with renewed investment in education and training seen over the last decade, the country boasts a good supply of skilled labor that can greatly influence the production industry. Kenya also has labor organizations, which are under the umbrella of the national labor union. The interactions between the labor unions and the employers are usually healthy and inclusive.

Kenya has a legal framework for the acquisition of intellectual properties. The country provides for licensing and copyrights for individual properties. The trade ministry has clearly outlined procedures and requirements for doing business, which includes licensing, payment of tariffs and procumbent procedures. While there has been a general outcry on the country’s judicial system, the country has since initiated a rapid judicial reform process, aimed at regaining the public trust through public acquisition of the judiciary stuff. Companies and investing groups have protection of the constitution that was recently promulgated.

Additionally, there are trade acts that provide for the protection of the companies. The recognition of companies as separate entities from the owners provides the companies with the legality to associate with other companies or individuals. The existence of the industrial law courts provides a means of settling the legal disputes that may arise in the course of executing the business operations.

Kenya also boasts a large number of tribes, approximately 42. These 42 tribes contribute to the country’s joint population of about 42 million (Kenya National Bureau of Statistics, 2014). The 42 tribes have different cultural practices. These cultural practices influence the business practices. Some cultural practices across the country outlaw consumption of some products. Therefore, companies looking forward to setting up their branches in areas occupied by such communities should ensure that their products are acceptable to the immediate community. Most Kenyan communities have friendly cultures which encourage foreign investment.

The official national language of Kenya is Kiswahili, which is also used across the East African countries. Kenya being a British colony; English is also used extensively across the country. However, majority of the people especially in the rural areas still suffer from the language barrier. Most companies, therefore, like to set up their base in the urban centers before spreading out to the in rural areas. Since most communities in Kenya are conservative, business organizations should concentrate on delivering commodities that suit their culture. Providing acceptable commodities will ease penetration into the market more so in areas where there is stiff competition.

Putting all factors under consideration, Kenya remains a good investment region for companies and investment groups planning to expand their operations internationally. While there is a general concern about security and the justice system in the country, the overriding factors such as good transport network, hospitality, readily available market, and stable currency are a useful pointer towards better performance in the trade industry.

References

Coombes, A. E., Hughes, L., & Munene, K. (2013). Managing heritage, making peace: history, identity and memory in contemporary Kenya. IB Tauris.

Kenya National Bureau of Statistics. (2014). Kenya Facts and Figures. Web.

Kenya Revenue Authority. (2014). The Purpose of KRA. Web.

Lifting Equation in Ergonomics Risk Assessment

Introduction

The assessment tool chosen for this paper is the NIOSH Lifting Equation for Single Tasks. This tool is often used by occupational health and safety professionals for assessing manual material handling risks “associated with lifting and lowering tasks in the workplace” (Middlesworth, n.d.b, para. 1). In order to use the NIOSH equation, it is imperative to follow these steps:

  • Determining task variables is required. The job task of lifting consists of a starting point (origin) and the ending point (destination) (Middlesworth, n.d.b).
  • Measuring and recording task variables, which include the horizontal distance at the origin of the lift and the horizontal distance at the destination, the height of the lift origins and the height of the lift at the destination, the travel distance between the origin and destination, etc. (Middlesworth, n.d.b).
  • Conducting a risk assessment using the NIOSH lifting equation calculator.

When using the NIOSH lifting equation calculator in a specific system, no adaptations should be made. The system chosen for the analysis is the warehouse of a large aircraft parts manufacturer. The assessment tool was selected for identifying any possible risks associated with manual handling of stored products. It is expected that the usage of the assessment tool will subsequently reduce the identified risks and allow the employees of the warehouse to exercise their full potential.

System Description

The warehouse chosen for the ergonomic risk assessment is a commercial building that an aircraft parts manufacturer uses for the storage of goods. It has both manual handling systems that include human workers (for smaller parts) and automated systems for handling larger parts. For warehouse management, workers use Windward System Five, which is complete Inventory Management Software designed for tracking, increasing productivity, and reducing the flow of paper documentation (Windward Software, 2017). The environmental characteristics of the manufacturer’s warehouse are the following:

  • Indoor facility in a rural area, equipped with a large parking lot for enhanced logistics;
  • Bright lighting to ensure visibility at all times of the day;
  • Preservation of the same temperature inside the warehouse to ensure staff’s comfort;
  • Low noise levels due to the rural location.

The key task of the warehouse is associated with the smooth operation of the supply chain that ends with delivering the desired product to its customers.

Current Controls for Reducing Ergonomic Risks

Currently, the warehouse implements solutions for Workplace Evaluations of Musculoskeletal Disorders Outlined by NIOSH, Ergonomic Guidelines for Manual Material Handling, and Solutions for the Prevention of Musculoskeletal Injuries. Moreover, the management focuses on following the hierarchy of controls over musculoskeletal disorders, which consists of elimination, equipment change, job rotation & schedule, work instruction & coaching, and other measures (Humantech, Inc., 2016). The introduction of the NIOSH Lifting Equation for Lifting and Lowering Tasks will become a useful contribution to the workplace program targeted at the prevention of work-related musculoskeletal disorders among the workers of the warehouse (Centers for Disease Control and Prevention, 2014).

Findings: Pros and Cons

If to mention the positive points of ergonomic risk management in the warehouse, it is important to state that the overall environment can be considered as positive for the work of employees. Moreover, the integration of automated tools allows employees to perform less manual tasks when handling large and heavy objects. On the other hand, a storage warehouse is a stressful environment where employees are forced to perform tasks as quickly as possible in order to meet the established deadlines. Such pressure can lead to traumas associated with lifting and handling goods.

Recommendations

In order to mitigate the hazards of possible traumas, it is recommended to use the NIOSH Lifting Equation for Single Tasks for conducting risk assessments and developing a plan for their reduction. Reduction of workplace risk factors linked to lifting can be achieved through the following steps:

  • Reduction of awkward postures, highly repetitive motions, and forceful exertions (Middlesworth, n.d.a).
  • They are making sure that the members of the team are included in a pre-shift warm-up. The introduction of these work readiness systems will ensure that employees are physically ready for their lifting and lowering tasks in the warehouse.
  • They are ensuring appropriate body mechanics and work techniques. This step can be achieved by educating employees on how to use their body mechanics to avoid additional MSD hazards effectively.

Role of Stress and Fatigue

Different stressors, such as long duration of physical and mental effort, can have an adverse impact on the overall condition of employees (Reimann & Guzy, 2017). If they are not provided with adequate work conditions that account for their needs, it is highly likely that workers will experience increased stress and fatigue, especially when it comes to manual tasks. Climate, light, noise, and workstation design are all factors that can either increase or decrease the possibility of ergonomic risks.

Hazardous fatigue in a warehouse setting will decrease employees’ performance and lead to possible trauma due to lack of awareness, memory lapses, and absent-mindedness (HSE, n.d.). For this reason, it will be potentially beneficial to introduce the NIOSH Lifting Equation for Single Tasks to reduce worker’s fatigue and increase their operations.

References

Centers for Disease Control and Prevention. (2014). . Web.

HSE. (n.d.). . Web.

Humantech, Inc. (2016). Hierarchy of controls for musculoskeletal disorders. Web.

Middlesworth, M. (n.d.a). . Web.

Middlesworth, M. (n.d.b). . Web.

Reimann, M., & Guzy, J. (2017). Psychological contract breach and employee health: The relevance of unmet obligations for mental and physical health. Journal of Occupational and Organizational Psychology, 33(1), 1-11.

Windward Software. (2017). . Web.

Berkshire Hathaway Company’s Risk Assessment

Protecting personal data from cyber attacks is a significant problem faced by the specialists of the Berkshire Hathaway company. According to Amoroso, many data are stored on cloud-based servers, and it increases the risk of information theft. Therefore, it is necessary to develop a specific protection plan and assess the efficiency and quality of the implementation of the technology used.

The plan is based on several points:

  • Berkshire Hathaway potential and capabilities are sufficient to develop its activities successfully.
  • The potential risk of severe problems caused by the leakage of valuable data is significantly increasing.
  • The calculation of the possible range of threats should be carried out.
  • The development of a particular policy may help to protect the company from possible troubles and withstand hacker attacks on an electronic network.

The theft of corporate data is dangerous from different points of view.

A short-term outlook:

  • Regular attacks on an electronic database will have an adverse impact on the company’s performance.
  • Hackers’ activities will adversely affect employee safety.

L A long-term outlook:

  • The loss of credibility in the market.
  • Severe material losses and the lack of clients and partners caused by mistrust.
  • The loss of skilled specialists.
  • The problem of hiring new insufficiently experienced and qualified specialists.

Thus, it is important to assess the risk and potential impact of cyber attacks on the company’s operations, as well as offer an approach for risk assessment modeling. The presented tables show the relationship between the impact of the negative consequences of hacker attacks on the state of the company and its development.

Protecting access to personal data is essential. The procedure should be clear for all participants of the plan:

  • Any approach should take into account the possibility of implementing a particular technology to protect each employee.
  • A probable hypothesis is the theory that risk can occur at any time.
  • The calculation of potentially problem areas may help to avoid data theft.
  • Monitoring and observation are rather effective ways to identify vulnerable areas.
  • Each employee should be aware of the importance of the work carried out.
  • The team of specialists is better than one person.
  • The rationale for risks should be logical and understandable for all stakeholders.
  • Security will cost you less than restoring company’s prestige.

Works Cited

Amoroso, Edward. Cyber Attacks: Protecting National Infrastructure. Elsevier, 2012.

Berkshire Hathaway. Berkshire Hathaway Inc., 2017. Web.

Finkle, Kim, and Skariarchan, Dhanya. “Reuters. Web.

Johnstown, Alice. “The Economist. Web.

Rogers, Jerry. Global Risk Assessments. 4th ed., Global Risk Assessments, 2012.

Scoldra, Paul. “The 9 Worst Cyber Attacks of 2015.” Business Insider. Web.

Risk Assessment of a Language Learning Process

All activities related to business involve different types of risks that should be taken into account to improve development strategies and maximize profits. The universal principles of risk assessment apply to a range of spheres of life since they focus on the prevention of any unwanted events. This essay is devoted to the use of a five-step risk assessment model in personal goals such as language learning.

Risk Assessment Stages

The assessment of hazards can be listed among the most effective practices ensuring the positive outcomes of work-related or personal situations. To conduct a thorough assessment of risks, an individual or a working group is required to have well-developed analytical and systematization skills and pay attention to details (Luko, 2014). In addition, given that many unwanted events can be described quantitatively, people who conduct assessments are expected to work with numbers and make reliable predictions based on statistical data. Due to the seeming complexity of risk assessment processes, such techniques are commonly used in business, whereas many people do not dare to transform them to make them applicable to personal life situations.

Risk assessment cannot be called a well-developed discipline because there are many disputes around the best practices that shape the process of analyzing potential negative events. The approaches taken to fulfill this task greatly vary “depending on the position one has in an organization” and inter-industry differences (Luko, 2014, p. 382). The risk assessment choices can be different because of the peculiarities of business activities and the degrees of project complexity (Williams, 2017). There is a step-by-step approach recommended to employers, and it can be applied to conduct personal risk assessments. The aforementioned model includes the following steps: the identification of hazards, the identification of vulnerable people and the ways of how they can be harmed, and risk evaluation followed by the development of precautionary measures (SETON, 2016). The fourth and the fifth steps are presented by the documentation of findings for further implementation and the use of post-implementation reviews to define the need for updates (SETON, 2016).

Risk Assessment in Language Learning

I have a range of plans such as starting my own small business, becoming a good leader and learning new foreign languages. When it comes to the acquisition of new linguistic knowledge, the key risks include the ineffective use of time such as focusing on passive listening instead of improving speaking skills. Also, the decision to buy some language courses, books, or video lectures for language learners can result in unnecessary expenses.

To apply the first stage of risk assessment before learning a new language, it would be necessary to identify hazardous areas. In this situation, they include teachers’ levels of competence, the quality of study guides, the effectiveness of teaching methods, the presence of free time for independent work, and the relevance of learning some language for future career development. The next stage of risk assessment would involve the detailed analysis of the potential impact of these factors on my well-being and educational outcomes. Thus, it would be important to analyze each area to identify a range of unwanted outcomes related to its impact on the learning process. For instance, teachers’ amateurism can result in students’ pronunciation and grammar mistakes or poor knowledge of informal style, which runs counter to the goals of language learners (O’Dowd, 2015). Having singled out all unwanted outcomes associated with the previously identified areas, I would be able to design some preventive measures to eliminate the risks.

The third step, risk evaluation and deciding on precautions, would be quite difficult to implement in the case of language learning. In business, it is possible to quantify many types of risks and calculate their approximate costs. As for the case being discussed, potential risks would be related to the ineffective use of two types of resources, money and time. To analyze the situation, it would be possible to list all risks and compare them regarding probability and the amount of harm. Having classified the risks concerning the factors above, I would design a few sets of recommendations helping to eliminate each of them. For example, to avoid using the services of incompetent teachers, it would be beneficial to use friends’ recommendations, check the presence of language proficiency certificates, analyzing the reviews of former students, etc.

Within the frame of the fourth step, the documentation of findings, it would be necessary to structure the information on the ways to reduce risks. As is clear from the nature of this step, it would be more applicable to business activities, where clear action plans are required. However, when it comes to language learning, the ability to present all risk mitigation strategies in an easy-to-read format would be helpful for implementation. Having documented the tips, I would implement them to evaluate different options and exclude the least effective approaches to learning new languages. In the end, it would be possible to combine the remaining options to create an effective strategy. Finally, sometime after the implementation, I would use my goal statements and language proficiency tests to define the success of the strategy. In case of unsatisfactory results, it would be obligatory to review the findings and correct mistakes.

Conscious Processes and Evaluation Criteria

The process of risk assessment should be conscious and practice-oriented to provide credible results. After the development of a risk assessment strategy, I understand that my choices would be defined based on objective criteria. Due to that, the process of evaluating various options would be conscious. As a result, it would be beneficial for the desired outcomes. The potential impact of subjective factors such as attitudes to teachers would be analyzed to improve the credibility of findings. Having outlined the risk assessment strategy for language learning, I realize that I can use the information of different quality to weigh potential options. The choice of information sources should depend on potential losses.

As for the activity discussed in the paper, it would be possible to use academic articles on language learning techniques. At the same time, the use of more subjective information from reviews, recommendations, and school ratings would also be helpful. In terms of the criteria used in the decision-making process, they can vary depending on the nature of planned activities. If an activity is related to my duties as a professional, I will focus on relevant policies or ethical standards. The need to acquire new knowledge in the field of languages and culture is among my personal development goals. Thus, the key criteria would include the results of my research combined with other people’s recommendations.

Conclusion

Despite the importance of proper risk assessment techniques for financial and reputational outcomes for companies, various approaches to risk evaluation can be used not only in commercial activities. By using a five-step model for the identification of risks, it is possible to improve the practical results of language learning activities. The mentioned approach is beneficial in this case since it involves the systemization of unwanted outcomes, which adds to the objectivity of findings.

References

Luko, S. N. (2014). Risk assessment techniques. Quality Engineering, 26(3), 379-382.

O’Dowd, R. (2015). The competences of the telecollaborative teacher. The Language Learning Journal, 43(2), 194-207.

SETON. (2016). Web.

Williams, T. (2017). The nature of risk in complex projects. Project Management Journal, 48(4), 55-66.

Project Monitoring and Control and Risk Assessment

Introduction

Carrying out a risk assessment presupposes addressing every single factor that may affect a project in any possible way; in other words, economic, political, financial, cultural, and social issues need to be taken into account so that the members of the project could feel secure. Drilling for oil, which is the subject of Moylan’s article, showcases the complexity of risk assessment, as it is one of the projects that are fraught with numerous risks. Particularly, the risk of failing to obtain the required amount of oil to cover the expenses taken deserves to be mentioned; however, the specified threat also entails other risks, such as the threat of significant damage to people’s health and the environment in the light of the fact that “only a fraction of the 100 billion total would be recovered” (Moylan par. 2).

Main Body

First and most obvious, the members of the organization as the key stakeholders deserve to be mentioned. In case the project turns out to be a failure and the environmental hazard is unleashed, the company will suffer significant financial losses for covering the damage and compensating the people involved (Hunter 37).

Additionally, the government authorities should be mentioned as the stakeholders in the specified case. According to Brouthers and Bamossy, governmental institutions are affected significantly in the instances of international significance: “strategic choice that firms [SOEs] make is inherently affected by the formal and informal constraints of the institutional framework” (Brouthers and Bamossy 286). The subject matter, in its turn, can be related to the problems of an international scale, seeing that the process of oil retrieval may pose a threat of a global scale due to the fractures in the crust and, therefore, the threat of an oil spill (Moylan par. 20).

Finally, the entire community can be viewed as stakeholders in the light of the fact that damage to the environment, particularly, to the soil and, possibly, the groundwater (in case of an oil spill) will affect the evolution of species and cause the contamination of groundwater. Although drilling will occur in an area that is not currently inhabited by people, it still contains the land resources that may be affected to a huge degree if an accident occurs (Suslick and Schiozer 3).

The risks, therefore, vary from environmental (groundwater contamination) and health-related increase in disease rates and possible epidemics caused by polluted water) to societal (the stress caused by the possible relocation, people’s fear for their health and even life) and economic (significant drop in the amount of workforce due to the effects that drilling may have on the local population) and political (the state’s refusal to support the company’s further operations due to the problems that oil drilling may cause) (Tainter and Patzek 87).

The risks listed above can be defined as external and relate to the company, particularly, the threat of a financial loss that the organization may take if its leaders decide to pursue the goal of drilling for oil in the designated area. However, apart from the organization, other stakeholders may suffer. As it has been stressed above, people living in the vicinity may face health and environmental risks, as well as economical and societal ones related to their possible relocation. Local entrepreneurship, particularly, SMEs, which depend on the local workforce, as well as the local customers, will also be affected in case pollution makes people move; therefore, a significant drop in the economic stability of the region can be expected if the process of drilling for oil gets out of hand (Lerche viii).

Conclusion

Every entrepreneurship or project involves a certain amount of risks; however, when these risks affect the community and concern not only economic but also environmental issues, the adequacy of further encouragement of the company’s actions should be doubted. Therefore, drilling for oil in the designated area should be postponed until further identification of all avenues available for managing the risks listed above and preventing a possible environmental, economic, and social catastrophe. Therefore, it is highly recommended that UCOG should reconsider its current risk management strategy and reinforce it.

Works Cited

Brouthers, Keith D., and Gary T. Bamossy. “The Role of Key Stakeholders in International Joint Venture Negotiations: Case Studies from Eastern Europe.” Journal of International Business Studies 28.2 (1997), 285–308. Print.

Hunter, Nick. Off-Shore Oil Drilling. London, UK: Raintree, 2012. Print.

Lerche, Ian. Oil Exploration: Basin Analysis and Economics. New York City, New York Academic Press, 2013. Print.

Moylan, John. “BBC News. 2015. Web.

Suslick, Steven B. and Daniel J. Schiozer. “Risk Analysis Applied to Petroleum Exploration and Production: An Overview.” Journal of Petroleum Science and Engineering 44.1 (2004): 1–9. Print.

Tainter, Joseph A., and Thomas W. Patzek. Drilling Down: The Gulf Oil Debacle and Our Energy Dilemma. New York City, New York: Springer Science & Business Media.

Financial Management: Risk Assessment

In today’s business environment the management often has to participate in the business’s capital budgeting process. They may have the capacities of a sponsor, a reviewer or an approving authority. Their tasks are to analyze cash flows, income statements, balance sheets etc. also it is important that they assess the risk the company may face. Capital budgeting investment resolutions are crucially important because they affect the company’s present and future assets. To make sure that the investment decisions will not lead to unpredictable consequences the managers of the company have to analyze thoroughly the potential risks.

In many companies the Capital Asset Pricing Model (CAPM) is used to measure the possible risk. This model was invented by William F. Sharpe. In it a heretical notion of investment risk is developed. Many years later, in 1990, Sharpe was awarded by the Nobel Prize committee (Burton, 1998, 3).

According to the CAPM model, two risks are possible in every investment. The so-called systematic risk is they risk which a company faces being in the market. This risk was later called “beta”; it is considered to be common to all securities. The other one, unsystematic risk, depends on a company’s fortunes. It is associated with individual assets. This model helps assess portfolio risk and helps to understand what the investor has to expect for taking this particular risk. Including more assets in the portfolio, this risk can be differentiated to smaller levels.

The CAPM is used in many companies to compensate the investors in two ways. The first way is time value of money, the second one is risk itself. As for the first one, this principle means that the faster the sum is invested the more the money is worth in the future. But this compensating for risk may prove to be not very reliable because usually the investors want to see the calculations in order to know that the chance for their money to return is good. But the other way round the investors can refuse to take risks because of fear to lose their investments (Mcmenamin, 1999, 186).

Often investors do not take any diversifiable risk, because only non-diversifiable risks prove to be rewarded when it comes to this model. That is why the return on the asset must be connected with the riskiness in the portfolio context. In the context of CAPM the portfolio risk is denoted by less predictability.

Jonathan Burton writes

The CAPM was and is a theory of equilibrium. Why should anyone expect to earn more by investing in one security as opposed to another? You need to be compensated for doing badly when times are bad. The security that is going to do badly just when you need money when times are bad is a security you have to hate, and there had better be some redeeming virtue or else who will hold it? That redeeming virtue has to be that in normal times you expect to do better. The key insight of the Capital Asset Pricing Model is that higher expected returns go with the greater risk of doing badly in bad times. Beta is a measure of that. Securities or asset classes with high betas tend to do worse in bad times than those with low betas (Burton, 1998, 4).

For Strident Marks it is important to demonstrate the investors that their priority is owner’s wealth maximization. It is necessary that Strident Marks shows the investors reliable financial results and consistent forecasting. If they fail to optimize their financial practices, they may face the risk of losing the confidence of their investors; this can of course create troubles in the future.

The biggest risk one can face investing money is losing one’s capital. Risk can be defined as a chance for suffering a financial loss. A mutual fund which every month goes up by different amounts is considered to be more risky than one which goes down by a specific amount.

Standard deviation is and easily understood statistic; this tool helps to understand how often the event analyzed strays from the norm. Risk is a very important factor when it comes to determining the variation is the returns on the asset. It provides the investors with a mathematical basis for the further investment decisions. The standard deviation measurement is used to measure the risk of a stock portfolio. It is a measure of volatility of a mutual fund. Volatility indicates the risk of a mutual fund in comparison with the average mutual fund of the class. The higher the standard deviation is, the higher the risk and the anticipated return are. As the risk increases, the return on the asset increases too because of the earned risk premium (Mcmenamin, 1999, 190).

The standard deviation is a widely used risk measurement tool, but still it is not perfect.

It is a measurement of variability and volatility with a fund price. If the fund is a consistent high performer or a consistent low performer, the standard deviation is low. (Gallagher, 2003, 68). But it is not always like this. So to make accurate calculations it is important to consult a fund’s consistency over the period of some calendar years. In our case it is impossible.

To use standard deviation correctly we can only use it for funds of comparable returns.

But standard deviation is of great help when it comes to assessing the cost of possible accidents, health costs or workplace injuring. It provides the ability to study the population and to assess the possibility of certain events. This all makes the basics of the insurance industry.

As for the coefficient of variation (CV), it is a measure of dispersion of a probability distribution. This tool is useful, because as for the standard deviation it can be used with the mean of the data. The coefficient of variation is useful because it is a dimensionless data. The coefficient of variaiton is used to expresses the standard deviation in the form of the percentage of the sample mean. It can be useful when we are interested in the size of variation corresponding to the size of the observation (Gallagher, 2003, 117).

Its advantage is that the coefficient of variation does not depend on the units of observation. If the value of the standard deviation of is for example a set of weights the standard deviation will be different. It will depend on whether the weights are measured in pounds or kilograms. As for the coefficient of variation it will be the same in these cases because it does not depend upon the unit of measurement.

One of its disadvantages is that CV is sensitive to all the changes in the mean, and this fact limits its usefulness.

So we come to the conclusion that it is very important to estimate the risks the company may face. But the choice of tools for such measurements depends on many factors.

Reference

Burton, J. (1998). . Dow Jones Asset Manager. 2008. Web.

Gallagher & Andrew, 2003, Financial Management Principles & Practice, Pearson Education, Inc., Upper Saddle River, New Jerse

Mcmenamin, J. (1999). Financial Management: An Introduction. London: Routledge. (p186).

Risk Assessment of Stickley Furniture Company

Stickley Furniture Company, based in Syracuse, New York was evaluated for its risk management practices based on utilitarian and deontological considerations. This company was selected because it deals with light and heavy machinery, used in its operations, from woodcutting, preparation, jointly, finishing, inventory and storage. The riskiest job in the factory is the management and running of the woodcutting machine that requires an employee to manually feed wood logs into the machine.

To reduce the risk of accidents associated with this job, Stickley management has made sure only skilled and trained employees work with the machine. Additionally, they have posted in bold letters on a wall next to the machine, rules governing the use of the machine. The first rule is that workers should make use of mechanical feeding whenever possible by the use of push sticks rather than hands. Secondly, only authorized employees should work with the machine. Thirdly, dangerous parts like cutters, saws, nips, and blades must be enclosed at all times. Fourthly, workers must be in protective gear involving gloves, helmets, masks, hearing protection, boots, eye shields, and workshop overalls at all times. Additionally, safety procedures must be followed and machines must be switched off when not in use. Machine operators must pay attention and not get distracted while working and should not work if fatigued. By interrogating the wood-cutting machine operators and observing them at work, it is evident that employees at Stickley are well informed of the risks involved.

The rules given by the company concerning the use and management of this machine are utilitarian (Waller, 2005). This is because by employees following these rules they will reduce the risks of getting wood and machine cuts and amputations, they avoid grazing, piercings, and gouging out of eyes. Moreover, these rules are utilitarian for they provide positive results to employees and the company, as they significantly reduce the risks of employees getting caught in rotating parts, and reduce the risk of having sharp wood pieces flying in the workshop. Moreover, by having unused parts covered at all times, they reduce the risk of amputations, cuts, and even death caused by the sudden movement of parts. Lastly, employees that follow these rules enjoy positive utilitarian results, for they significantly reduce the risk of getting their hands chopped off when they feed wood with a push stick rather than their hands. The company also reduces the cost of running, in terms of medical payments arising from accidents, while employees enjoy a healthy working environment.

Taking into consideration the business function of the company and the risks involved in their workshop, Stickley furniture must have a deontological moral duty to protect employees from risks (Waller, 2005). Towards this, the company has dutifully made sure only skilled employees work with machines. Employees are only allowed to work with the wood cutting machine after they have been trained adequately. The company provides safety gear, protective clothing, emergence aid, and healthcare for employees. The company also adheres to the government’s occupational health and safety standards for woodwork.

In conclusion, by deontological ethics, the company has dutifully done its moral duty in protecting employees from risks of injury and death from the wood cutting machine. Additionally, by utilitarian ethics, since employees understand and follow laid down rules, they enjoy the benefits of reduced injury while the company has lower medical costs. Therefore, by deontological and utilitarian principles, the risks involved with the wood cutting machine are acceptable and reasonable.

Reference

Waller, B.N. (2005). Consider Ethics: Theory, Readings, and Contemporary Issues. New York: Pearson Longman.

MasterCard Company’s Risk Assessments

Concerns

Regardless of the volume of MasterCard exchanges, the company could be subject to severe penalties if PCI regulations are not followed. Insider attacks have eroded public confidence in the organization’s capacity to safeguard sensitive information. Non-compliance can lead to a variety of consequences, including penalties, information leaks, legal activity, a damaged reputation, and even a loss of income. Payment for services can be fraudulent. Payment procedures and card data security go hand in hand.

Goals

Performing risk assessments on a regular basis allows an organization to stay abreast of emerging threats and make informed decisions about when and where to implement relief controls in the event of a change in the operating environment (Durkin, 2020). In an ideal world, a risk assessment would reveal emerging threats and weaknesses that could have a negative impact on cardholders’ CDE, allowing an association to address them in a proactive and timely manner.

Recommendations

  • Assess a wide variety of possible hazards.
  • Methods and controls should be revealed with confidence, and they should be put into practice with the same level of confidence.
  • Establish security measures in the workplace.
  • Any necessary security software should be installed and activated.

Background

In light of the gravity of the threat posed by trusted insiders in Anne Arundel County and Odenton Township, scandals and threats against public officials are understandable. To combat this danger, we must continue to increase the amount of data that is shared and made available to the public. Keep in mind that your employees are just like any other human beings. And mistakes are made by people. Secret words and passwords are shared across administrations and stored in insecure locations. Insiders are also known to approach highly sensitive information.

Critical considerations

Customers will stop doing business with you if they have any reason to believe that their payments will not be handled securely as a result of a data breach. This can lead to a loss of business. It is obvious that protecting the privacy and safety of customers is critical (HASpod, 2021) Because of this, credit card security is so important to any business, no matter where its customers are located. It’s critical to discover the cardholder’s personal information and adhere to established business practices when processing and evaluating transactions.

The issue of insider threats extent

Creating and maintaining an insider threat moderation system necessitates meticulous preparation, forethought, and even mistakes. These moderation procedures necessitate the support and commitment of leaders at all levels to continue improving a company’s ability to distinguish and realize, evaluate, and oversee insider dangers.

The Concerns and clarification of standards

An emphasis on insider threats is just as important as ensuring the safety of payment transactions. Everyone who uses, processes, or transfers funds a cardholder’s personal information must pay for their services. PCI security standards treat security payments and other threats differently.

Action steps

Anne Arundel County must protect its residents and infrastructure from insider threats by taking the following measures: The term “insider threat” refers to threats that originate from within an organization, such as former employees and construction companies hired for the purpose of hacking into the network (What is an Insider Threat?, 2021). Individuals with direct connections to organizations and assets could potentially misuse their access to gain access to or erase sensitive information. There are programs in place that can help organizations identify and track individuals who may portray an insider threat. It is possible to observe and report all who exhibit these behavior patterns because they put themselves at greater risk of becoming a danger.

References

HASpod. (2021). .

. (2021).

Durkin, K. (2020). .

Asset-Based Risk Assessment and Control

Executive Summary

Asset risk and identification play a crucial role in organizational threat mitigation. The type, level, and potential impacts of treatment are understood through risk identification and classification. This report demonstrates how the risks associated with each department were analyzed through a risk-value assessment based on qualitative and quantitative metrics. The threat mitigation technique is shown to be the most effective risk control approach in this case study.

Introduction

Risk assessment is the combined method of risk management, evaluation, and analysis. An asset-based risk evaluation analyzes threats by monitoring the assets of an organization. Developing an outline of relevant assets presents a foundation on which a thorough examination of threat levels is conducted, revealing the efficiency of the current controls. The risk assessment method aims to identify risks, eliminate them when needed, or reduce the threat level posed by implementing management approaches (Li, Zhou, Tian, Xiong & Qin, 2018). However, asset assessment is evaluated through different sections, including asset identification and classification, threat identification and classification, and risk analysis involving vulnerabilities and risk control.

Asset Identification and Classification

Assets identification is categorized according to their sensitivity level, and the consequences for the establishment in case the information is revealed, changed, or destroyed without permission. The potential of an organization to effectively correlate varieties of data assets is greatly influenced by asset identification (Li et al., 2018). The goal of asset classification and recognition is to obtain all needed details of an organization’s assets in advance so that they might be used to respond to a risk impacting that asset. Some identified asset categories are information/data, people, and hardware.

An information asset is an organized collection of information handled as a single variable. The number of individuals who can use the information directly correlates with the asset’s increase in value (Li et al., 2018). According to this report, the information asset has been identified through the liability factor. This has been done through the company’s customer purchase, human resources and financial data evaluations. Therefore, the information asset has been achieved whereby the asset value has exceeded the liabilities hence better economic outcomes.

Another recognized asset category was the people category, which was identified through the criticality technique. This asset is available to one individual or associated with a specific task. It is simple to determine and assess the business’ most crucial assets through criticality assessment, enabling people to manage advertisements, inventory, and threats (Li et al., 2018). Hardware assets are any actual, physical corporate technology asset, such as those that are in use right now, those that are in packaging, and support facilities. It has been recognized from sales through personal classification schemes. The identification has been achieved through individual desktops, laptops and mobile phone assessments.

Threat Identification and Classification

The method of identifying threats looks at weaknesses and assesses how likely they are to damage a system. The ability to recognize risks enables an organization to conduct prevention measures. The business can get the data required to block illegal users and stop system intrusions. Threat classification enables the identification and organization of security risks and categories to examine their effects and to implement measures to prevent or minimize the risks threats to the system (Li et al., 2018). The primary goal of risk classification is to help clarify the aspect of threats. Some threat assets categories are; espionage or trespass, human errors and failures, and software attacks.

Human errors and failures are significant threats in identifying and classifying assets. This threat has been identified through analysis of intentional sabotage, illegal access, information gathering, intentional data theft, the threat of information sharing, damage of system applications or knowledge, and deliberate theft. Espionage or trespass is another threat involving an unauthorized person trying to acquire unauthorized access to the company’s information. According to Li et al. (2018), it is mainly used to collect confidential and sensitive information, company secrets, and other kinds of intellectual property that the attacker can exploit to achieve a competitive edge or sell for profit. It has been identified based on industrial espionage and cyberstalking.

Another identified threat is software attacks, which involve an unverified participant’s complete profile of all operations in any applications running on a particular process. The more surface area there is, the greater the possibility that a hacker will be able to acquire the target machine and run code via several vulnerabilities (Li et al., 2018). It exploits a security flaw to damage, destroy, or otherwise adversely impact a thing or subjects. The threat has been identified through attacks like Trojan Horses, worms, and viruses. Software attacks have the potential to crash networks, freeze computer and phone systems, and destroy information.

Risk Analysis

Risk analysis identifies and mitigates numerous threats that can significantly cripple businesses. It is crucial to begin with a risk assessment to have a basis for estimating the likelihood of risk occurrence to develop a practical risk measurement. Qualitative and quantitative risk assessment techniques are adopted for threat value evaluation in a bid to identify the most appropriate mitigation plan, which should be based on the risk level and available resources.

Top Five Vulnerabilities from Quantitative Analysis

The impact of a risk on business processes provides a framework for selecting an evaluation technique. A quantitative analysis is an evaluation that assesses threats using precise financial descriptions (Li et al., 2018). It is carried out with an emphasis on the data variables of the existing threats. One can determine a program’s possible threat using quantitative risk analysis. This can assist in determining whether a project is worthwhile. Based on the report’s research, the top vulnerabilities from the quantitative analysis are cyber-warfare, lack of a recovery plan, evolving malware, ransomware, and the sale of stolen data. These risks are valued based on the potential impact on the business, including its financial and technical aspects. For instance, cyber-warfare is identified as the most significant risk in terms of quantitative impact since an organization may lose its financial resources and be rendered incapable of operating again.

Top Five Vulnerabilities from Qualitative Analysis

Some business risks may not be classified under quantitative terms, although they grossly impact corporate performance. Li et al. (2018) assert that a qualitative evaluation reveals how some threats may remain undetected due to their immeasurable effects while damaging an entire organization’s information system. According to the analysis, intellectual property theft, which entails wrong access to and use of other people’s resources, has the highest threat level (Li et al., 2018). Strategy and product exposure are rated second, while information leakage takes the third position. These two risks are significant because they expose the business to exploitation by competitors and malicious individuals who could use the information to extort and blackmail key business stakeholders. Spoofing and social media engineering take the fourth and fifth positions, respectively, in order of threat value. This ranking shows that information theft is extremely risky to business operations as it affects all its departments and creates a rift between stakeholders, potentially crippling its sustainability in the market.

Differences between the Qualitative and Quantitative Analysis

The main distinction between quantitative and qualitative data is that quantitative data refers to easily measurable or calculated information, such as the total number of product purchases. Representing ideas or thoughts through qualitative data is impossible through a numerical figure like the average. According to Li et al. (2018), how data is examined is another distinction between quantitative and qualitative research. While rates, means, and other statistical data points can be determined from quantitative data using statistical assessment, a more extensive method is required for qualitative data analysis.

Advantages and Disadvantages of Qualitative and Quantitative Analysis

User research techniques, including qualitative and quantitative methods, are crucial for developing new products. Each of these strategies has advantages and disadvantages, and it can be advantageous to mix them. The most significant advantage of quantitative research is that they exclusively concentrate on precise, dependable, and solid data rather than views. As Li et al. (2018) explain, the information collected is more trustworthy and less subject to debate. A disadvantage of quantitative research is the data the result shows cannot be accurately generalized. Current events may influence the thoughts and final result. It is part of the community context; as society advances, so do people’s perceptions, and the quantitative study does not consider this movement.

Qualitative research focuses more on words and meanings than quantitative research on numbers. Because qualitative research focuses on human experiences and observations, it has a more authentic feel. Li et al. (2018) explain that the researcher can collect accurate data with a more solid base. Another benefit is that the study can build on the initial information by asking follow-up questions regarding the responses. One disadvantage of qualitative analysis is the wrong emphasis on numbers. Researchers may miss more significant themes and connections due to quantitative research’s potential limitations in pursuing specific, statistical linkages. Researchers risk overlooking unexpected information that could help the organization if they only concentrate on the numbers.

Risk Control

Risk control is known as the collection of techniques used by businesses to assess possible losses and make efforts to lessen or remove them. Different organizations employ risk control techniques as protective ways to minimize vulnerabilities and control threats to a manageable level. As a form of defence, several approaches can be used. One of the best strategies to protect high-risk information assets is the mitigation technique, which uses safeguards to restrict a successful attack to lessen the harm caused by a vulnerability. Li et al. (2018) state that this can be accomplished by correcting a defect that exposes a project to danger or by implementing compensatory measures that lessen the probability that the flaw might eventually cause damage. It also reduces the effects of the threat connected with the fault materializing. The mitigation technique is vital for all the quantitative and qualitative risks analyzed in this case study. It protects data from theft and safeguards intellectual property while minimizing cyber-warfare chances.

Conclusion

The first and most crucial step in a security plan and security monitoring execution is managing risk and valuing an organization’s valued assets. The assessors’ careful planning and evaluation are vital for accurately assessing terms like vulnerability, risk, consequences of the risk, reduced risk, and applied control of an asset. Cyber-warfare and intellectual property theft are the most significant risks valued under quantitative and qualitative approaches. Threat mitigation techniques are the best methods for controlling high-risk issues since they entail identifying the likelihood of occurrence and initiating appropriate blocking methods.

Reference

Li, X., Zhou, C., Tian, Y., Xiong, N., & Qin, Y. (2018). IEEE Transactions on Industrial Informatics, 14(2), 608-618.

Appendix

VULNERABILITY
ASSET BASED RISK ASSESSMENT
Quantitative Qualitative
Unique ID Vulnerability Description Asset Impact rating Likeli-hood Current risk control Estima-tion error Risk value Consequence Likelihood Risk Calc Risk
Rating
T1V1A1 Intellectual property theft 70 0.6 50 20 29.40 Major Moderate 12 High
strategy and property exposure 65 0.5 50 20 32.5 Major major 11 High
spoofing 62.5 0.5 60 15 27.4 moderate Moderate 11 High
social media engineering 60 0.49 70 16 25 moderate Moderate 10 moderate
information leakage 55 0.6 70 18 20 moderate Moderate 10 moderate

Qualitative Risk Assessment Matrix