Assignment Cover Sheet

Student Name: Kabo Busanang

Student Number: 950978
Course: 1
Assignment NO: 1

Marking Criteria:
We expect the learners to write minimum one well expressed point in three lines against each
allocated mark. This means one needs to write 15 lines with 5 well expressed points to get high
grades for a 5 marks question.

For high grades use examples and illustrations where appropriate.

1) a) Risk is defined as an uncertain event or set of events that, should it occur, will have an
effect on the achievement of objectives. These possible event could cause harm or loss, or
affect the ability to achieve objectives. There are several types of risk and several ways to
quantify risk for analytical assessments. A risk is measured by the probability of a threat,
the vulnerability of the asset to that threat, and the impact it would have if it occurred.
Quantifiably, risk is usually assessed by considering historical behaviors and outcomes.
Risks can be managed by understanding the basics of risk and how it is measured.
Learning the risks that can apply to different scenarios and some of the ways to manage
them holistically will help all types of managers to avoid unnecessary and costly losses.

b) Risk management is a process that allows individual risk events and overall risk to be
understood and managed proactively, optimising success by minimising threats and
maximising opportunities and outcomes. Risk management is focused on anticipating
what might not go to plan and putting in place actions to reduce uncertainty to a tolerable
level. Risk management follow a process which reflects the dynamic nature of project
work, capturing and managing emerging risks and reflecting new knowledge in existing
risk analyses.

2) a) A risk management framework is the structured process used to identify potential

threats to an organisation and to define the strategy for eliminating or minimising the
impact of these risks, as well as the mechanisms to effectively monitor and evaluate this
strategy.

b) To maximise risk management benefits and opportunities, risk management

framework needs to be integrated with existing business processes. Linking risk
management framework to other business processes allows organizations to quickly
analyze gaps in enterprise-level controls and develop a roadmap to reduce or avoid
reputational risks.
3) a) How advanced should the risk management framework be? An organisation’s risk
management framework should ensure that key risks are effectively identified and
responded to in a manner that is appropriate to the organisation. Establishing the context
defines the scope for the risk management process and sets the criteria against which the
risks will be assessed. The scope should be determined within the context of
organisational objectives.

b) How effective are current risk management practices? When reviewing the
effectiveness of current risk management practices, it is necessary to consider both the
“hard” and the “soft” aspects of risk management. This leads to a realistic improvement
program for the organisation’s framework for managing risk and each application of the
risk management process.

c) What is the most effective and efficient way of closing the gap? This intention is purely
to increase business processes and performance. The first step is to establish target
objectives and take note of what you want to improve. This can adapt as your assessment
process continues and more data is gathered. Typically, by looking at developing a plan,
avoiding the common pitfalls, characteristics of high achievers, Public Sector Challenges
and improvement objectives you have a good starting point.

4) a) Records can be used to prove compliance, avoid potential penalties and fees, and inform
business decisions. For example, lack of financial records can lead to penalties and fines.
Records are more than just financial accounts they can be related to production, operational
and weather activities as well. Some of the reasons for documenting risk management frame
work are but not limited to:
 Demonstrating to stakeholders that the process has been conducted properly
 Providing evidence of a systematic approach to risk identification and analysis
 Enabling decisions or processes to be reviewed
 Providing a record of risks and developing the organisation’s knowledge database
 Providing decision-makers with a risk management plan for approval and subsequent
implementation.
b) The nature and number of documents will depend largely on the size of the organization.
Some documents may have a utilitarian purpose and incorporate many of the components
listed below.
 objectives and rationale for managing risk
 accountabilities and responsibilities for managing and overseeing risks
 processes and methods to be used for managing risks – i.e. how the IIRM Risk
Management process will
 be applied in the organisation
 commitment to the periodic review and verification of the risk management
framework and its
 continuous improvement
 the way in which risk management performance will be measured and reported
  resources available to assist those accountable or responsible for managing risks
 organisation’s risk appetite translated into risk-rating criteria
 links between risk management and the organisation’s strategic and operational
objectives
 links between risk management and other processes and activities
 scope and application of risk management within the organisation requirements for
recording and documenting the risk management process (e.g. communications plan,
 Stakeholder analysis, risk register, risk profile, and risk reporting).

5) The purpose of the risk management policy is to provide guidance regarding the
management of risk to support the achievement of corporate objectives, protect staff and
business assets and ensure organisation sustainability.
a) Commitment to the periodic review and verification of the risk management policy
and framework, and its continuous improvement. State how often and who will
review the risk management policy. Review of the risk management policy should
take into the account progress made against the risk management improvement plan,
which is a blueprint for how the risk management policy is implemented across the
organisation.
b) Links between this policy and the organisation’s objectives. Provide an overview of
the risk governance structure of the organisation. Indicate who is involved in risk
management and what their responsibilities are.
c) The organisation’s risk appetite: Articulate the organisations risk appetite through a
risk appetite statement. The risk appetite statement influences and guides decision
making, clarifies strategic intent and ensures choices.
d) Processes and methods to be used for managing risk. When undertaking a risk
management process the following steps must be taken: establish the context, identify
the risk, analyse the risk, evaluate the risk, treat the risk and monitor and review the
risk. Refer to the risk management procedure for details on how to perform each step
in the process.
e) The way in which risk management performance will be measured and reported.
Outline the risk reporting requirements. The purpose of risk reporting is to create
awareness of key risks, improve accountability for the management of risk and the
timely completion of risk treatment plans. Details as to who prepares reports, who
reviews reports and how often reports are reviewed should be included.

6) A number of factors should be considered when determining an organisation’s risk

management governance structure, including:
a) Current organisational structure and authorities. One of the most important aspects for
effective risk management is organizational structure. Organizational structure
provides the concept, guideline, direction and support to the employees that is
conducted by the steering committee.
b) The current level of understanding, appreciation, and commitment to risk
management by key individuals. The Company is committed to ensuring that all staff,
particularly those with management responsibilities, have a sound understanding of
the principles of risk management.
 c) The current level of change readiness within the organisation (often evolutionary
change works better than revolutionary change). Facing resistance to change in the
attempt to implement new risk management processes is a challenge and requires a
systematic change management effort. Leadership must prepare employee for new
changes, certain behavioral expectations of organizational personnel are necessary for
the systematic and effective execution of the methodology.
d) Key types of risks faced by the organisation and functions currently managing the key
risks. Without identifying risks, it is difficult to successfully define your objectives
and set out strategies for achieving them. It is best practice to integrate risk
management with your strategy formulation and planning processes.
e) The existence of logical “risk champions” within the organisation. Ensure that the
scoring techniques used by the organisation are consistently and accurately applied
and align with any corporate requirements.

7) The roles and accountabilities of each of the key parties to whom risk management duties
have been delegated are as follows:
a) Board: The board provides direction and oversight of risk management across the
organisation. Approve the organisation’s risk management documentation including
the strategic risk profile, risk appetite and tolerance, risk management policy and risk
management procedure.
b) Chief Executive Officer (and Secretary): The CEO’s / Secretary’s participate in the
review and update of the strategic risk profile. The also review key risk information,
identify key risk trends and assess the impact for the organisation as a whole.
c) Audit /risk committee: The audit /risk committee is accountable to the board, and
meets and reports to the board advising of its activities, findings and
recommendations, including risk management policies. The primary objective of the
audit / risk committee is to assist the board in discharging its responsibilities to
exercise due care, diligence and skill in relation to business operations and to advise
on any matters of financial or regulatory significance which may be referred to it from
time to time.
d) Executive and management: The executive and management are responsible for the
oversight of the risk management framework, including the consideration and review
of risk management policies and procedures on an annual basis.
e) Chief risk officer /risk manager: Chief risk officers, risk managers (or equivalent) are
typically employed to develop, enhance and implement appropriate risk management
policies, procedures and systems. They act primarily as advisors and coordinators for
risk and do not typically have a direct operational responsibility for specific categories
of risk.
f) Risk owners: Risk owners are typically line managers or functional specialists who
assume responsibility for designing, implementing and/or monitoring risk treatments.
They normally manage the risk for which they have accountability, review the risk on
a regular basis and identify where current control deficiencies may exist etc.
g) Staff and contractors: It is the responsibility of all personnel, stakeholders and
contractors to apply the risk management process to their respective roles. Their focus
should be on identifying risks and reporting these to the relevant risk owner. Where
possible and appropriate, they should also manage these risks.
8) Developing a risk management framework involves identifying the appropriate tools and
technology that will help the organisation capture, analyse and communicate risk-related
information.
a) A risk management information system helps to automate many manual processes
such as data consolidation and validation against business rules. This includes
transforming data into a single currency and language for reporting purposes.
b) Helps with data imports from existing systems, such as third-party administrator
systems or insurance carriers, data processing and data exports, and ERP and HR
systems.
c) Alerts and escalations, such as email notifications when a claim reaches a certain
threshold. Populating pre-built reports and dashboards.
d) A risk management information system will enable data to be entered from across
your organization into a single system, literally anytime and anywhere. So you’ll
have a live view of all your risks and exposures and the ability to proactively
manage and mitigate your risks.
e) One of the biggest benefits of a risk management information system is the ability
to build interactive reports that organize and interpret all your risk data. This will
enable Measure progress towards risk management goals

Student Statement:
By submitting this assignment, I confirm that this is my own work.

Student Signature Kabo Busanang Date 21 July 2021

For Tutor / Assessor Use Only

Total Marks
Marks Obtained
Percentage / Grade