Risk Management Exam Q2

2) (a)

Raz Dutta contends that the allocation of resources on risk assessment by thinking that risks are static majorly and are rarely realized. This kind of view is misleading because it belittles the dynamic nature of the business environment and overblows the amount of stability that is perceived to be present in the face of potential and actual changes. This stand can create major risks that can impact the organization. It is worth noting that risks are not static; they change with the internal and external factors manipulating the organizational sphere. Not considering the dynamic nature of risks can result in old and new threats having archaic and incompetent responses. Constant occurrence of risk assessments helps the entities stay ahead of possible threats and fight them better.

Risks are inherently dynamic due to several factors. First of all, rapid technological advancement can cause existing products or services to be outdated thus creating huge risks for organizations that are left behind. A good example of this can be seen in Kodak where the company failed to embrace digital photography, as a result of which the company could not withstand and gradually collapsed. Secondly, regulation changes can bring in new risks or alter the old ones. A case in point is the General Data Protection Regulation (GDPR) adopted in the European Union, which has greatly changed the way companies around the world deal with personal data and has introduced risks in terms of compliance and data management. Moreover, the 2008 financial crisis represented how just in a moment the economic conditions could change having an effect worldwide on industries. Companies that evaluated on a regular basis the risk associated with their financial market exposure could react faster than those that did not. Events such as Brexit or trade wars bring uncertainties, which can influence market entry, taxes, and currencies, thus affecting international supply chains and the financial markets. Since political events are unpredictable risk assessments are required on a regular basis. On top of that, internal changes are usually experienced in the strategy, structure, processes, or technology of organizations. Every change will probably lead to new risks or modification of existing ones. For example, introducing a new IT system will result in enhanced operational effectiveness but will also establish a new set of cybersecurity threats. Regular risk assessments will aid in identifying and addressing such problems on time.

In addition, there are several academic theories supporting dynamic risk assessment. Firstly, complexity theory perceives organizations as being part of complex systems where even the smallest changes can lead to a large effect. The use of a risk evaluation routine would help to understand such complexities and interrelations that do not necessarily appear to be obvious. Furthermore, the Management Theory by Cyert and March (1963) argues that organizations should continuously adapt to their environment which contains changing preferences, technologies, and competitors. The strategy that frequent risk analysis can play the tool of this theory, as it enables organizations to be ready to act in response to environmental changes before they turn into issues. Besides, the high-reliability theory is a concept that is used in industries like nuclear operations or air traffic control, which states that organizations should always be alert and ready to deal with unanticipated incidents. It puts an accent on risk assessment as a part of disaster prevention.

Raz Dutta's stand concerning risk management, which sees strategic risk reviews as no longer a priority, clearly disregards the point that risk is by its very nature transitory and keeps changing at the pace of an ever-changing world. As explained, real-world examples and academic theories both demonstrated the importance of continuously monitoring and assessing risk. Companies that practice a regular risk assessment more often are able to better deal with unfolding risk and, at the same time, can take advantage of their competitors through their more expedient response to newly created challenges. It is opined that this proactive approach is beneficial as it does not merely identify possible risks but also takes advantage of new opportunities should there be any changes in the business environment.

()b

The TARA framework, which stands for Transfer, Avoid, Reduce, and Accept, is a strategic approach used in risk management to decide how to deal with identified risks based on their likelihood and impact. The flexibility of the framework makes it adaptable to the given situation and the risk appetite of a company and is an important instrument for strategic management. It is especially effective when resources are scarce and risks need to be ranked so that the most important threats are addressed with the required intensity.

Application to YGT's risks:

Risk A: Unlikely and low impact

• Strategy: Accept

• Justification: As for Risk A, its low probability and impact mean that active efforts to mitigate or transfer the risk may be more expensive than the potential benefits. The approach here is to manage the risk albeit with some level of monitoring to prevent unexpected escalation. This choice is consistent with the principles of risk management according to which not all risks require active treatment if they do not exceed the acceptable threshold of concern.

Risk B: High likely and high impact

• Strategy: Reduce

• Justification: There are considered risks associated with B mainly because these risks are more likely and their impact is high, calling for a proactive response to minimize the potential effects. Methods of reducing this risk include strengthening internal controls; amendments of processes to eliminate risk triggers or implementation of risk-mitigating technology solutions. For instance, if Risk B is connected with data breaches, utilization of state-of-the-art cyber security tools and regular IT audits could significantly reduce both the likelihood of the risk and its potential impact.

Risk C: Low probability and high impact

• Strategy: Transfer

• Justification: Risk C by its nature makes it a candidate for risk transfer. Its chance is low but the impact is deadly which makes it intolerable. Such a risk transfer can be insured or effected by contractual arrangements with third parties to protect YGT. This approach is especially appropriate for situations such as natural disasters or huge liability risks, where insurance products are intended to protect against the most extreme outcomes.

Risk D: High likely and low impact

• Strategy: Accept

• Justification: Like Risk A, Risk D is probable, however, its effects are controllable within the operational boundaries of the company. The cost of an aggressive decrease in or transfer of this risk might not be reasonable. The situation could be well addressed by monitoring and minor procedural adjustments. As an example, risk D arises when compliance with the new but minor requirements is necessary, adjustments to existing processes would suffice to effectively manage the risk.

The TARA framework provides an organized manner in which to handle risks by classifying them according to their features and directing the choice of risk control options. This framework allows YGT to make critical decisions on how to allocate the limited resources wisely to manage risks. By choosing to transfer, avoid, reduce, or accept risks depending on strategic evaluation, YGT would be able to keep the operational stability and protect the assets, reputation, and stakeholders optimally. Such proactive risk management aligns with the whole business principle and prevents potential negative consequences.

(c)

Related risks are two or more risks linked by correlation which simply implies that the occurrence of one risk can affect the occurrence or impact of another. In risk management, considering related risks is crucial as it allows creating more of a holistic approach when it comes to how mitigating one risk affects another. These relationships can either be positive correlated risks; when one risk eventuates to increase the likelihood or impact of another, or, negatively correlated risks; where the occurrence of one risk diminishes the likelihood or

impact of another. The identification of related risks necessitates a thorough comprehension of the business activities, external environment, and possible factors that might interconnect different risks.

The risks E and F at YGT are positively correlated, which implies that if the environmental risk (Risk E) occurs this will considerably enhance the reputation risk (Risk F). YGT will suffer a significant loss of public and regulatory goodwill should it encounter an environmental challenge like a spill or emissions breach. Modern-day consumers are very sensitive to environmental issues and if a company’s environmental misdeeds, they are likely to lose their trust, boycott, or protest. Environmental issues are often the subject of thorough media coverage and that can amplify the reputation damage. The media spotlight makes the reputation risk more acute and urgent. In the long run, continuous environmental negligence can redefine the public attitude toward the brand, making it an environmental hazard, which can be very harmful to the brand equity of the company and may deter future prospective customers. The ESG factors are becoming increasingly important to investors as they make investment decisions. Environmental blunders could see investor confidence decreasing and the share value taking a plunge.

It is worth noting that the correlation between Risks E and F at YGT indicates the challenge involved with managing related risks in the current business environment. These connections are of key importance for establishing effective risk management strategies that prevent and resolve risks effectively in an organized way. By analyzing and responding to the root causes and potential impacts of related risks, YGT can reinforce its resilience, preserve its reputation, and build trust with the stakeholders, therefore, it can ensure the long-term success and sustainability of the organization.