Risk Management Exam Q2

2) (a)

Raz Dutta contends that the allocation of resources on risk assessment by thinking that risks are static majorly and are rarely realized. This kind of view is misleading because it belittles the dynamic nature of the business environment and overblows the amount of stability that is perceived to be present in the face of potential and actual changes. This stand can create major risks that can impact the organization. It is worth noting that risks are not static; they change with the internal and external factors manipulating the organizational sphere. Not considering the dynamic nature of risks can result in old and new threats having archaic and incompetent responses. Constant occurrence of risk assessments helps the entities stay ahead of possible threats and fight them better.

Risks are inherently dynamic due to several factors. First of all, rapid technological advancement can cause existing products or services to be outdated thus creating huge risks for organizations that are left behind. A good example of this can be seen in Kodak where the company failed to embrace digital photography, as a result of which the company could not withstand and gradually collapsed. Secondly, regulation changes can bring in new risks or alter the old ones. A case in point is the General Data Protection Regulation (GDPR) adopted in the European Union, which has greatly changed the way companies around the world deal with personal data and has introduced risks in terms of compliance and data management. Moreover, the 2008 financial crisis represented how just in a moment the economic conditions could change having an effect worldwide on industries. Companies that evaluated on a regular basis the risk associated with their financial market exposure could react faster than those that did not. Events such as Brexit or trade wars bring uncertainties, which can influence market entry, taxes, and currencies, thus affecting international supply chains and the financial markets. Since political events are unpredictable risk assessments are required on a regular basis. On top of that, internal changes are usually experienced in the strategy, structure, processes, or technology of organizations. Every change will probably lead to new risks or modification of existing ones. For example, introducing a new IT system will result in enhanced operational effectiveness but will also establish a new set of cybersecurity threats. Regular risk assessments will aid in identifying and addressing such problems on time.

In addition, there are several academic theories supporting dynamic risk assessment. Firstly, complexity theory perceives organizations as being part of complex systems where even the smallest changes can lead to a large effect. The use of a risk evaluation routine would help to understand such complexities and interrelations that do not necessarily appear to be obvious. Furthermore, the Management Theory by Cyert and March (1963) argues that organizations should continuously adapt to their environment which contains changing preferences, technologies, and competitors. The strategy that frequent risk analysis can play the tool of this theory, as it enables organizations to be ready to act in response to environmental changes before they turn into issues.

Besides, the high-reliability theory is a concept that is used in industries like nuclear operations or air traffic control, which states that organizations should always be alert and ready to deal with unanticipated incidences. It puts an accent on risk assessment as a part of disaster prevention.

Raz Dutta's standpoint concerning risk management, which sees strategic risk reviews as no longer a priority, clearly disregards the point that risk is by its very nature transitory and keeps changing at the pace of an ever-changing world. As explained, real-world examples and academic theories both demonstrated the importance of continuously monitoring and assessing risk. Companies that practice a regular risk assessment more often are able to better deal with unfolding risk and, at the same time, can take advantage of their competitors through their more expedient response to newly created challenges. It is opined that this proactive approach is beneficial as it does not merely identify possible risks but also takes advantage of new opportunities should there be any changes in the business environment.

In addition, there are several academic theories supporting dynamic risk assessment. Firstly, complexity theory perceives organizations as being part of complex systems where even the smallest changes can lead to a large effect. The use of a risk evaluation routine would help to understand such complexities and interrelations that do not necessarily appear to be obvious. Furthermore, the Management Theory by Cyert and March (1963) argues that organizations should continuously adapt to their environment which contains changing preferences, technologies, and competitors. The strategy that frequent risk analysis can play the tool of this theory, as it enables organizations to be ready to act in response to environmental changes before they turn into issues.

Besides, the high-reliability theory is a concept that is used in industries like nuclear operations or air traffic control, which states that organizations should always be alert and ready to deal with unanticipated incidences. It puts an accent on risk assessment as a part of disaster prevention.

Raz Dutta's standpoint concerning risk management, which sees strategic risk reviews as no longer a priority, clearly disregards the point that risk is by its very nature transitory and keeps changing at the pace of an ever-changing world. As explained, real-world examples and academic theories both demonstrated the importance of continuously monitoring and assessing risk. Companies that practice a regular risk assessment more often are able to better deal with unfolding risk and, at the same time, can take advantage of their competitors through their more expedient response to newly created challenges. It is opined that this proactive approach is beneficial as it does not merely identify possible risks but also takes advantage of new opportunities should there be any changes in the business environment.

The above text continues with further discussion and references to theories and examples, leading into section (b) with the TARA framework.

(b)

The TARA framework, which stands for Transfer, Avoid, Reduce, and Accept, is a strategic approach used in risk management to decide how to deal with identified risks based on their likelihood and impact. The flexibility of the framework makes it adaptable to the given situation and the risk appetite of an organization. It is especially effective when resources are scarce and risks need to be ranked so that the most important threats are addressed with the required intensity.

Application to YGT's risks:

Risk A: Unlikely and low impact

• Strategy: Accept

• Justification: As for Risk A, its low probability and impact mean that active efforts to mitigate or transfer the risk may be more expensive than the potential benefits. The approach here is to manage the risk albeit with some level of monitoring to prevent unexpected escalation. This choice is consistent with the principles of risk management according to which not all risks require active treatment if they do not exceed the acceptable threshold of concern.

Risk B: High likely and high impact

• Strategy: Reduce

• Justification: There are considered risks associated with B mainly because these risks are more likely and their impact is high, calling for a proactive response to minimize the potential effects. Methods of reducing this risk include strengthening internal controls; amendments of processes to eliminate risk triggers or implementation of risk-mitigating technology solutions. For instance, if Risk B is connected with data breaches, utilization of state-of-the-art cyber security tools and regular IT audits could significantly reduce both the likelihood of the risk and its potential impact.

Risk C: Low probability and high impact

• Strategy: Transfer

• Justification: Risk C by its nature makes it a candidate for risk transfer. Its chance is low but the impact is deadly which makes it intolerable. Such a risk transfer can be insured or effected by contractual arrangements with third parties to protect YGT. This approach is especially appropriate for situations such as natural disasters or huge liability risks, where insurance products are intended to protect against the most extreme outcomes.

Risk D: High likely and low impact

• Strategy: Accept

• Justification: Like Risk A, Risk D is probable, however, its effects are controllable within the operational boundaries of the company. The cost of an aggressive decrease in or transfer of this risk might not be reasonable. The situation could be well addressed by monitoring and minor procedural adjustments. As an example, risk D arises when compliance with the new but minor requirements is necessary, adjustments to existing processes would suffice to effectively manage the risk.

The TARA framework provides an organized manner in which to handle risks by classifying them according to their features and directing the choice of risk control options. This framework allows YGT to make critical decisions on how to allocate the limited resources wisely to manage risks. By choosing to transfer, avoid, reduce, or accept risks depending on strategic evaluation, YGT would be able to keep the operational stability and protect the assets, reputation, and stakeholders optimally. Such proactive risk management aligns with the whole business principle and prevents potential negative consequences.