Description
RSK4801 Assignment 4 Semester 2 2024 | Due 4 October 2024. All question answered.
CASE STUDY: RISK MANAGEMENT – THE ROLE OF A RISK MANAGER
Since 2020, many incidents and events have caused organisations to adopt a focused approach towards risk management and the role of risk managers. Examples of these events are the COVID-19 pandemic and its severe effects on many countries, economies, and businesses. South Africa was not excluded from the pandemic and was further hampered by severe power interruptions and inadequate service delivery. These are all risk-related incidents/events involving risk managers to assist in the management thereof. According to an article in Enterprise Risk Magazine (2023), uncertainty also boosted the profile and role of risk managers. Large-scale risks are happening more often, which requires sound risk management to cope with the increasingly unclear business and physical environments. As such, it seems imperative that the role of risk managers and appropriate risk management tools is clear. The classic three lines of defence in the risk governance model endeavour to demarcate the various roles regarding the management of risks. Although there are many issues surrounding this model, it provides a foundational guideline for the roles of the main role-players in risk management.
Regarding the tools for operational risk management, it seems that there are concerns over the predictive powers of key risk indicators (KRIs), the value of risk and control self-assessments (RCSAs), and the subjectivity of scenario analysis to manage operational risks (Enterprise Risk Magazine, 2023). In addition, embedding an operational risk management framework is becoming essential. However, it appears that there is only a vague understanding of the exact role of a risk manager. Furthermore, according to Enterprise Risk Magazine (2023), excessive effort is being expended on issues that generate too little value when using operational risk management tools. For example, RCSAs are tools that should
provide value to organisations by identifying the primary inherent risks, which can be used for analysing risk scenarios and determining and managing KRIs. In addition, RCSAs can determine control weaknesses in managing the residual risks effectively. Enterprise Risk Magazine (2023) mentioned that organisations should focus their RCSA efforts on the effectiveness and adequacy of controls in mitigating low-, medium-frequency/medium and high-impact operational risks. Risks leading to high-frequency and low-impact operational loss incidents should be managed by means of more real-time monitoring of KRIs. This could ensure obtaining value from the RCSA activity.
According to the Institute of Risk Management (IRM, 2023), the year 2024 will see certain risk events escalate, requiring a more “aggressive” and formal approach by risk managers to assist organisations in coping with these risk events. Some of these risks, specifically for South Africa, were identified by various risk managers as follows:
•
future disasters, such as ongoing floods, global warming, and drought
•
the constant negative influence of the energy crisis on the economy
•
the slow pace of sustainability and investment projects
•
poor maintenance and development of infrastructure
•
increasing cyber risks and cybercrimes
•
inadequate handling of fraud and corruption
General comments on the above points seem to indicate a lack of effective business continuity processes and disaster management to manage future disasters. This is true of both the public and private sectors. Fraud and corruption are creating a negative view of the country, causing investors to be unwilling to invest in a deteriorating economy. This, in turn, leads to unemployment, poverty and social inequalities. Technology also needs to be insourced because of a lack of adequate expertise, which makes the country more vulnerable to cyber risks. Qualified people are emigrating to other countries because of the uncertainties surrounding South Africa’s well-being. The energy crisis is also playing a large role in undermining the country’s economy. Loadshedding is causing businesses to fail and is hampering service delivery. This, in turn, leads to the poor maintenance of infrastructure and a shortage of water and sanitation services. Unmaintained infrastructure also affects the environment, economy, and society, creating a negative impact on sustainability and investment projects.
Note: For training purposes, some fictitious information has been included in this case study.
Analyse the case study and answer the related questions.
Question 1 (24 marks)
You are appointed as an operational risk manager for a large investment company in South Africa. The company is reliant on foreign investors to ensure an acceptable profit margin. The CEO requested you to analyse the country’s six operational risks which could influence the company based on the details in the case study and in terms of the following:
3.1
Identify external risks that could influence the company and the potential consequences of the company’s main business and determine risk control/mitigation measures for each risk. Complete Table 1 below to answer the question.
Table 1: External risks
#
Risk/Cause
Consequence
Control measure
3.2
Use the evaluation matrix (Table 2) to draft a risk and control self-assessment for the company. Using the 6 identified inherent risks, rate the control measures to determine the priority to manage the residual risk. Complete Table 3 for your answer. (12)
Table 2: Evaluation matrix
IMPACT
≤ 5%
6%-10%
11%-15%
16%-20%
> 20%
1 = Negligible
2 = Can easily recover
3 = High profile loss
4 = Will take several years to recover
5 = Substantial threat to the survival of business
LIKELIHOOD
Likelihood of occurrence over12-month planning cycle
Highly Unlikely
Unlikely
Likely
Highly
Likely
Certainty
1 = 0%-20%
2 = 21%-40%
3 = 41%-60%
4 = 61%-80%
5 = 81%-100%
CONTROLS
Inadequate = 3
Medium = 2
Adequate = 1
Table 3: RCSA
Inherent risk
Impact
Likelihood
Probability
Control rating
Priority to manage Residual risk (1 – 6)
Question 2 (11 marks)
Risk-based decisions are dependent on accurate risk information. Key Risk Indicators are an operational risk management tool/methodology which generates risk information. The power outages could negatively influence the company’s operations, especially regarding system downtime. As such, it is imperative to monitor the effectiveness and efficiency of the system’s operations. A lower threshold of 25 minutes and an upper threshold of 30 minutes per day were identified. The system downtime for a week was monitored and indicated in the table. Explain the concept of using Key Risk Indicators, determine the time of the system downtime per day and illustrate it by means of a line graph. Indicate which day(s) the company must ensure that a backup system operates.
System downtime
Day 1
Day 2
Day 3
Day 4
Day 5
Day 6
Day 7
09h00 – 09h05
10h00 – 10h10
11h00 – 11h05
09h00 – 09h15
08h00 – 08h10
09h00 – 09h15
10h00 – 10h05
12h00 – 12h10
13h00 – 13h10
12h00 – 12h10
12h00 – 12h30
13h00 – 13h30
12h30 – 13h00
13h00 – 13h05
22h00 – 22h05
16h00 – 16h05
19h00 – 19h10
14h00 – 14h05
17h00 – 17h05
16h00 – 16h05
18h00 – 18h05
Question 3 (15 marks)
The continuous monitoring of operational risk is essential to ensure the effectiveness of an operational risk management process. Explain what should be included in a risk monitoring programme and the role of monitoring during each component of a risk management process.
TOTAL MARKS: 50
Reviews
There are no reviews yet.