Risk analysis
RISK ANALYSIS AND MANAGEMENT PLAN
1
A) Likelihood :Once risks are identified, the next step is to determine the likelihood that the potential vulnerability can be exploited. Several factors need to be considered when determining this likelihood. First, the auditor needs to consider the source of the threat, the motivation behind the threat, and the capability of the source. Next, auditors need to determine the nature of the vulnerability and, finally, the existence and effectiveness of current controls to deter or mitigate the vulnerability. The likelihood that a potential vulnerability could be exploited can be described as high, medium, or low.
Rare risk means that highly unlikely, but it may occur in exceptional circumstances. It could happen, but probably never will.
Unlikely risk means that not expected, but there's a slight possibility it may occur at some time.
Possible risk means that the event might occur at some time as there is a history of casual occurrence at the University &/or similar institutions.
Likely risk means that there is a strong possibility the event will occur as there is a history of frequent occurrence at the University &/or similar institutions.
Frequent risk means that very likely. The event is expected to occur in most circumstances as there is a history of regular occurrence at the University &/or similar institutions/Organizations。
According to the Case Study, there are:
B) Consequence: Failing to address risk can lead to consequences that span the spectrum from mere inconvenience to grave danger. The general level of consequence is Catastrophic, Major, Minor, and Insignificant.
Catastrophic Risk like multiple injuries, regulatory intervention, net revenue loss or asset damage exceeds $x, damage to reputation at international level and long-term environmental damage.
Major Risk such as single stakeholder, breach of licenses, legislation, regulation or mandated standards; net revenue loss or asset damage between $xxx, damage to reputation at national level and medium-term (1-5yr) environmental damage.
Minor Risk like breach of internal procedures, net revenue loss or asset damage between $x-$xx, adverse news in local media and environmental damage which requiring up to $250,000.
Insignificant Risk like no breach of licenses, standards, guidelines or related audit findings; net revenue loss or asset damage $x, public awareness may exist, but there is little public concern and negligible environmental impact.
According to the Case Study, there are
C) Priorities:
Now that you have determined both the likelihood and consequence of risk, the two are combined to determine the rating. The most effective method of risk analysis is to generate a risk matrix. A risk matrix is shown below, where the identified consequence meets the identified likelihood, a risk rating is given.
The allocation of a risk rating should prompt a decision to be made about the action to be taken, as below.
Extreme – immediate senior management action, e.g. multiple deaths of employees.
High – Action plan needed, allocated responsibilities, e.g. damage to valuable assets.
Medium – Risk requires only monitoring and review, e.g. loss of assets due to staff theft.
Low – Risk accepted – but not ignored, e.g. a paper cut.
Extreme – Banking risk: keeping cash of $4000 on the premises is an extreme risk as there is possibility for theft and dangerous to employees.
High – Manager’s travel risk: because of the long drive. Then the company has to substitute for the manager as well as to do the insurance for the manager in order to support the manager.
Medium – By-law compliance risk: it is important to use the water effectively; other wise the company will end up paying the fines up to $ 50000.
D) Options: The options for treating the risk which is likely to be effective and feasible for the organization are action plan early and internal control procedures.
The following need to be considered when choosing an appropriate treatment for a risk: acceptability to all, administration efficiency, capacity compatibility, continuity of effects, contracts, cost effectiveness, economic and social environment, equity, individual freedom, jurisdictional authority, objectives, regulatory, risk creation and timing.
Develop an action plan for treating risks
Plan Early
Experienced operators know that risk management is a proactive process. It is not the thing you do when a risk emerges because by then it may be too late. Effective risk action plans are those that are part of the operations of the organization. Problems that start small can escalate into large threats, or a risk may appear suddenly that threatens the reputation of the entire organization. Having risk management processes and planning in place when these happen could stop the escalation and minimize the impact from the sudden disaster. The risk action plan outlines how the risk is to be managed and a timeline for this process to take place. It should include: the risk, risk rating, treatment activity or controls, roles and responsibilities for those involved, timeline, and monitoring arrangements.
Internal Control Procedures
Risk Management and Internal Controls
The Company is committed to the identification, monitoring and management of risks associated with its business
activities. Management is ultimately responsible to the Board for the Company’s system of internal controls and risk management. The Company’s risk management policies and procedures cover regulatory, legal, property, treasury, financial reporting and internal controls. A clear organizational structure exists detailing lines of authority and control responsibilities. Each business unit is responsible and accountable for implementing procedures and controls to manage risks within its business. Company management has established within its management and reporting systems a number of risk management controls. These include:
Risk management plan
Risk |
Assess Risk |
Controls |
Monitoring |
Timelines |
Responsible |
Banking risk |
Extreme |
Depositing the money in the bank every day |
By getting the weekly bank statement |
2 weeks |
Financial controller |
Manager’s travel risk |
High |
Work should be finished before 3pm, so that the manager doesn’t have to drive at peak hours |
By checking the meeting times like what time the manager is finishing up the shift |
1 week` |
CEO New policy |
By-law compliance risk |
Medium |
Educating the employees about the effective usage of water |
By checking the water usage bills monthly |
1-2 weeks |
Goldsmith partners, Store manager |
Efficient water uses |
Medium |
Familiarize the employees with policies and procedures in cafe and educating them about the right usage |
By checking the water usage bills monthly and supervising the employees |
1-2 weeks |
Store manager |
Urgenthomework helped me with finance homework problems and taught math portion of my course as well. Initially, I used a tutor that taught me math course I felt that as if I was not getting the help I needed. With the help of Urgenthomework, I got precisely where I was weak: Sheryl. Read More
Follow Us