See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/342212234

Risk Management for a Retail Business

Article · June 2020

CITATIONS READS

0 10,126

2 authors:

Md Haris Uddin Sharif Ripon Datta

University of the Cumberlands University of the Cumberlands
44 PUBLICATIONS 203 CITATIONS 15 PUBLICATIONS 61 CITATIONS

SEE PROFILE SEE PROFILE

All content following this page was uploaded by Md Haris Uddin Sharif on 16 June 2020.

The user has requested enhancement of the downloaded file.

 International Journal of New Technology and Research (IJNTR)
ISSN: 2454-4116, Volume-6, Issue-6, June 2020 Pages 13-16

Risk Management for a Retail Business

Md Haris Uddin Sharif, Ripon Datta

 and challenges which undermine the abilities of the

Abstract—when creating a new company, there are various respective entities from operating and undertaking their day
factors which should be considered by the management. Some to day operations. With the increased level of adoption of
of these issues range from the abilities to create a reliable technology, companies need to perform a high-level risk
approach for improving the insight into the operations carried
out on a day to day basis. There exist multiple factors which
assessment to seal the available weaknesses before an attack
may undermine the abilities of a new company to operate. Other or a disaster happens [4].
than the business risks, other factors which should be When considering the ideas of risk analysis and
considered may revolve around the technological challenges. management, companies should look at the aspects of
Companies today are operating in an environment which is resilience. To create a resilient operating environment, the
marked with various challenges such as cyber-attacks [5]. The company will need first to gain insight into the main
inability of the management to create a platform for improved
insight into the issues arising from cyber security may reduce weaknesses which its systems and architecture exhibits. To
the success rate of such a firm. Additionally, when considering build a reliable cybersecurity plan, it is crucial for the
the abilities of a company to maintain the desired level of management through the relevant stakeholders to create a
operations, the efficiency of the underlying systems remain reliable approach for identifying, analysing and mitigating the
critical [2]. potential risks and threats that may occur in the future [7].
Such an approach would help the company to prepare for the
Index Terms— management, cyber-attacks, efficiency.
occurrence of the unforeseen future events hence reducing the
impacts. There are four main approaches that the
management would need to implement after identifying and
I. INTRODUCTION
analysing the risks. These approaches are retained, share or
The success of such a firm may be undermined by the lack transfer, reduce or mitigate and avoid, which involves
of the right measures which would be used to support day to elimination. Therefore, this project will look at the case of the
day growth and operations. The continued occurrence of identification of the main risks which the new retail would
cyber threats may undermine the abilities of a company to need to handle in the preparation of a cyber security plan. The
continue and supports its business operations. Sometimes, failure to identify these risks will reduce the abilities of the
companies fail to implement the right measures which would firm to succeed in its operations.
be used to counter cyber threats and risks. In such a case, it is
worth noting that the reduced insight of companies as far as II. THE NEED FOR RISK MANAGEMENT
the level of knowledge about cyber threats is concerned
Before embarking on the establishment of the business, the
reduces the possibilities of firms to succeed in the industry
management needs first to understand some of the major
and markets. Successful companies over the years have
challenges which it may face in the future. The primary type
implemented measures which focus on the improvement of
of challenges which may arise comes from the risks
the level of operations [10]. One of the ways that have helped
associated with the use of the associated systems and
companies to achieve the desired level of growth and
information technology solutions. To perform its operations,
operations revolves around the introduction and
the business is likely to face a set of risks and challenges
implementation of technologies.
which will limit its abilities to achieve the desired levels of
There exist multiple technologies that the new retail shop
outcomes.
can use and apply to achieve better outcomes. The new firm
The primary role played by risk management comes from
may need to implement technologies which will help it to
the abilities of companies to identify the various perils which
manage data within each store. Further, the firm may benefit
may occur affecting their operations in the future. After
from technologies such as cloud computing. These
identifying the risks, the next step involves understanding the
technologies create a platform for the improvement of the
implications of such perils on the day to day operations. For
level of performance exhibited by the entity [3].
example, risk such as cyber-attack or hacking may involve
However, it is essential to note that the implementation of
unauthorized access of the internal systems and information
these systems may be subject to various challenges as far as
by external or internal players. The main effect that this risk
cybersecurity is concerned. Today, a lot of companies
may bring to the company is a loss of data and negative
continue to suffer from attacks which undermine their
perception by the general consumers as far as the corporate
operations. Cyber-attacks are some of the significant threats
image is concerned.
Through the analysis of the main risks which may occur, it
Md Haris Uddin Sharif, Information Technology, University of the
Cumberlands, Williamsburg, Kentucky is important to look at the best ways to handle such perils.
Ripon Datta, Information Technology, University of the Cumberlands, The creation of a conclusive cyber security plan requires a
Williamsburg, Kentucky

13 www.ijntr.org
 Risk Management for a Retail Business

company first to identify the main risks which may occur and ultimate platform for an improved level of insight into the
then define the best interventions to implement in the course major challenges and weaknesses that the underlying systems
of operations. Companies usually fail to create the right exhibit [13]. A SWOT analysis, for instance, helps to explore
mitigation strategies based on the lack of sufficient insight the internal and external strengths and weaknesses which a
and knowledge about the effects of the underlying risks. given firm exhibits. When applied in the context of risk
Primarily, the leading role of performing risk management management, this tool is essential in gathering the strengths,
and assessment process is to identify the potential challenges weaknesses, opportunities and threats that a given set of
that may occur, affecting the operations of the underlying systems exhibits. It is worth noting that the use of these
firm [14]. In this context, it is vital for the management first techniques and tools helps in the collection of data about the
to identify the main risks which may occur and then develop a possible risks that may arise in the course of operations of a
resilient plan. In the process, the ability of the company to company. Therefore, these techniques and tools are essential
create a reliable approach as far as risk management is in the risk assessment processes since they help to collect
concerned will come from the success in analysing some of sufficient data from multiple dimensions and stakeholders.
the major perils and hazards which can occur in the course of More information translates into better insight into the
operations affecting the underlying information systems. current state of the underlying systems as far as weaknesses
Failing first to identify these risks will undermine the abilities and vulnerabilities are concerned.
of the firm to create a reliable cyber security plan [11]. Other tools which can be used in risk assessment and
The need for a risk assessment and management plan helps management include qualitative, rankings and but not limited
to document the state of the current information systems as to probability and impacts. These tools help in the analysis of
far as the creation of a platform for improved preparedness is the collected risks, which, in the process, facilitate decision
concerned. Initial and prior preparations play a crucial role in making. For instance, a qualitative analysis helps to provide a
cybersecurity planning because it helps in the development of theoretical explanation of the context of the risks identified.
additional mechanisms for handling the potential challenges Further, ranking helps to assign the collected risks to a given
that may occur on the day to day basis. After looking at the rate based on the frequency of occurrence. Further, the impact
need for risk assessment and management, the following and effect are numeric metrics which help in further
section outlines some of the major risks which the firm may classifying risks according to their priorities. In this context,
encounter and then develops a set of recommendations which the collective use and application of these tools and
the management will need to document as far as the cyber techniques help to obtain a comprehensive report about the
security plan is concerned. nature of risks, rank, categories, potential impacts and
frequency of occurrence. This information plays a crucial role
since it helps to prioritize the risks identified to facilitate
III. ENCOUNTERED RISKS decision making on the best mitigation strategies to
When it comes to the identification of risks, it is vital to use implement. Addressing the risks
the right tools and techniques, which in turn will help in the
improvement of the overall level of operations for the
affected firms. There exist multiple enterprise risk V. IDENTIFYING THE RISKS
management techniques and tools that can be used to From the information given in the previous section, the
overcome these challenges. In this context, it is worth using company seeks to establish 10 new shops. However, the
the right tools and techniques to gather data about the management is concerned about the potential risks which
potential risks which may occur in readiness for the creation may occur affecting the company`s information systems. It is,
of a comprehensive cybersecurity plan. therefore, worth identifying some of the main risks which
may occur affecting the operations of the firm. This analysis
will help in facilitating the development of the corporate
IV. TOOLS AND TECHNIQUE cybersecurity plan to reduce the potential occurrence of
unforeseen future events in the workplace.
A. Figures and Tables
Some of the most common risks that the company will
Some of the most common tools and techniques which need to focus on include hardware and security failures,
have been sued over the years to aid in the collection of data malicious attacks, natural disasters, human error and but not
about risks that may occur affecting the operations of the limited to viruses. These risks may ring about diverse
underlying systems and hence organization. Some of the most challenges to the company in case they occur [8]. To gain an
common techniques are brainstorming, SWOT analysis, risk understanding of the occurrence of the risks, it is important to
questionnaires or surveys, scenario analysis and but not explain them in details and then create a register. A risk
limited to interviews as well as self-assessments. The primary register helps to combine various attributes such as the
role played by these techniques comes from the idea that they probability and impact of the perils identified to facilitate
all focus on the collection of data about the operations of a ranking according to the respective priorities. The risks with
given firm looking at the aspects of weaknesses which the the highest priority exhibit high probability and impacts in
underlying systems exhibit. case of occurrence.
These techniques play a crucial role in the creation of the

14 www.ijntr.org
 International Journal of New Technology and Research (IJNTR)
ISSN: 2454-4116, Volume-6, Issue-6, June 2020 Pages 13-16

VI. VIRUSES AND MALICIOUS ATTACKS IX. SOFTWARE AND HARIDWARE FAILURE
Each company which operates information technology From another dimension, the firm may suffer from
solutions and systems stands at a chance of suffering from challenges such as software and hardware failures. These
various forms of risks. These risks in this context may come issues may arise from the breakdown of hardware
from viruses and malicious attacks. Malicious attacks usually components such as servers, routers and but not limited to
involve the risks which come from unauthorized parties who workstations. When such an incident occurs, the company
try to gain access to a given information system or network may suffer losses in the form of financial gains since such an
for personal reasons and purposes. One of the leading event translates into downtime. Increased downtimes lead to
examples which represent malicious attacks is a virus loss of consumers. The reduced consumer brings about low
invasion. Viruses usually bring about diverse and adverse profits. This undermines the abilities of a company to succeed
effects on the operations carried out by the respective in the future. From another perspective, software failures may
companies. be as a result of the use of counterfeit products or
When such an incident occurs, it is likely to corrupt or steal compatibility issues. Such events may result in reduced
valuable corporate data. Attackers usually steal corporate abilities of the retail shops to operate according to the desired
data for their gains driven by diverse forces. Such an incident levels of operations hence undermining the profitability of the
may target sources such as the servers and databases for the firm [9].
company. The occurrence of this form of incident risks the
credibility and confidentiality of the corporate data. Many
companies have continued to suffer virus and malicious X. RECOMMENDED MITIGATION STRATEGIES
attacks over the years, leading to diverse challenges such as From the analysis given above, it is crucial to create the
loss of data, reputation and federal litigations [1]. right mitigation recommendations which will act as the
ultimate solutions to reduce or manage the occurrence of such
events. For instance, to mitigate the problems brought about
VII. HUMAN ERROR by malicious attacks and viruses, the company will need to
The second most common risk which may occur affecting implement solutions such as intrusion detection and
the operations of the retail store is human errors. Human protection as well as antivirus systems. These systems will
errors may either be intentional or accidental. For instance, help to reduce the chances of malicious attacks in different
human errors may include an employee holding the door forms such as malware and viruses [1]. The use of these
when entering restricted areas such as server rooms to approaches will help the company to reduce the risks of the
unauthorized personnel. In such a case, the main effects occurrence of malicious attacks. Malicious attacks have a
would be a loss of data or compromise of the internal high probability and high impact in case of occurrence.
systems, which affects the integrity of information and the On the other hand, human errors have a high likelihood of
corporate systems. From another perspective, human errors occurrence and a high impact on the operations of a business.
may occur when employees open malicious and phishing In case such an incident occurs, it may lead to a wide range of
emails sent by attackers unknowingly leading to data exposure of the corporate systems hence undermining the
breaches [8]. In such incidents, the company needs to create confidentiality of the company`s data and solutions. Further,
the right measures to prevent the occurrence of such an human errors may lead to adverse effects such as phishing
occurrence. In the data environment, every business needs to and intrusion from unauthorized personnel [8]. To overcome
put considerable focus on securing, creating a conducive this problem, the company will need to subject the employees
infrastructure, and ensuring that Information is efficiently and to a high level of training. Further, the firm will need to
accurately governed [15]. implement surveillance measures to continually monitor the
people entering crucial areas such as server rooms and data
centres.
VIII. NATURAL DISASTERS From another dimension, natural disasters can occur at any
Thirdly, the company may suffer from natural disasters. time affecting the normal operations of the company. It is not
Natural disasters may affect the operations of the company possible to prevent the occurrence of incidents such as
based on the magnitude of the effects and impacts of such hurricanes or floods. However, the company should ensure
occurrences. For instance, if a natural disaster such as floods, that it creates a backup of its data and information. Further, to
fires or earthquakes occur, they may negatively affect the ensure resilience, the firm should operate another site which
operations of the company and the associated shops due to the would be activated after the occurrence of a natural disaster.
massive destruction of equipment and systems. Natural Maintaining a regular backup mechanism would reduce the
disasters usually carry many magnitudes as far as the risks of loss of data [6]. It is important to note that natural
potential effects of damage are concerned on the underlying disasters have a low probability but high impact of
systems. Natural disasters usually require extreme care and occurrence.
attention when it comes to planning for the mitigation Finally, software and hardware failures may occur,
approaches to use and apply. affecting the operations of the firm. These failures have a
medium probability and medium impact on the operations of
a firm. Software failures can be prevented by obtaining
genuine copies of the products used. Further, maintaining a

15 www.ijntr.org
 Risk Management for a Retail Business

team of experts from within the company would help to [7] Kohnke, A., Sigler, K., & Shoemaker, D. (2017). Implementing
cybersecurity: A guide to the national institute of standards and
continually assess the potential risks of failures of the technology risk management framework. CRC Press.
software and hardware products used. Moreover, SaaS as a [8] Kumar, P., Gupta, S., Agarwal, M., & Singh, U. (2016). Categorization
stronger security can be use to build modern secure and standardization of accidental risk-criticality levels of human error
to develop risk and safety management policy. Safety Science, 85,
application [12]. 88-98.
[9] Saeidi, P., Saeidi, S. P., Sofian, S., Saeidi, S. P., Nilashi, M., &
Mardani, A. (2019). The impact of enterprise risk management on
competitive advantage by moderating role of information technology.
XI. CONCLUSION Computer Standards & Interfaces, 63, 67-82.
From the analysis given, some risks have a high probability [10] Soltanizadeh, S., Rasid, S. Z. A., Golshan, N. M., & Ismail, W. K. W.
(2016). A business strategy, enterprise risk management and
of occurrence. On the other hand, some of the risks have a organizational performance. Management Research Review.
high impact rate. The company should ensure that it [11] Tupa, J., Simota, J., & Steiner, F. (2017). Aspects of risk management
implements the right measures to reduce the potential implementation for Industry 4.0. Procedia Manufacturing, 11,
1223-1230.
occurrence of these risks. The company, in this context, [12] Sharif MHU, Datta R(2019). SOFTWARE AS A SERVICE HAS
should create measures which seek to avoid the occurrence of STRONG CLOUD SECURITY. Retrieved from URL:
the risks. Risk avoidance remains one of the best approaches https://www.researchgate.net/profile/Haris_Sharif/publication/335232
826_Software_as_a_Service_has_Strong_Cloud_Security/links/5d646
in the management of perils. The primary reason for this 6fc299bf1f70b0eb0f2/Software-as-a-Service-has-Strong-Cloud-Securi
conclusion is that risk avoidance reduces the chances of the ty.pdf
occurrence of the risks as opposed to building measures to [13] Sharif MHU, Datta R,. Valavala M.(2019). Biometrics Authentication
Analysis. International Journal of Mathematics Trends and Technology
handle such events. From another dimension, planning for the (IJMTT) – Volume 65 Issue 10 - Oct 2019
company as far as cybersecurity is concerned will require the http://www.ijmttjournal.org/Volume-65/Issue-10/IJMTT-V65I10P506
management to understand the majority of the risks which .pdf
[14] Sharif MHU, Datta R, (2019).BRING YOUR OWN DEVICE
may occur in the future. This project outlined that there are (BYOD)PROGRAM. International Journal of Engineering Applied
various risks which may occur inhibiting the operations of the Sciences and Technology, 2019 Vol. 4, Issue 4, ISSN No. 2455-2143,
firm. Pages 36-40. DOI :
http://www.ijeast.com/papers/36-40,Tesma404,IJEAST.pdf
After establishment, the management should focus on the [15] Sharif MHU, Datta R, (2019). Information Governance: A Necessity in
creation of the ultimate platform for improving the operations Today's Business Environment. IJCSMC, Vol. 8, Issue. 8, August
carried out on a day to day basis through first performing a 2019, pg.67 – 76. From url:
https://www.academia.edu/40224559/Information_Governance_A_Ne
detailed risk assessment of the underlying systems. Risk cessity_in_Todays_Business_Environment_
assessment helps to provide a platform for improved
knowledge about the main weaknesses which may arise in the
systems implemented. The ability of the company to
implement the proposed recommendations will determine its
success in the future. Therefore, this project concludes that Md Haris Uddin Sharif is a Ph.D. student of
Information technology at the University of the
for the new retail stores to operate according to the desires of Cumberlands. His research interest includes Cyber
the management and owners, it is crucial to perform a Security, Cloud Technology, Cloud Security,
high-level risk assessment and implement the proposed Application Development, Application Framework,
Blockchain and Data Security. In addition to these,
recommendations offered above. he engaged in research activities throughout his
Ph.D. program and has several research papers
(IJCIT, SCI-INT, IJERM, IJEAST, IJMTT,
Research Gate, IJEAS and other).
REFERENCES
[1] Apriliana, A. F., Sarno, R., & Effendi, Y. A. (2018, March). Risk
analysis of IT applications using FMEA and AHP SAW method with
COBIT 5. In 2018 International Conference on Information and Ripon Datta, Ph.D. candidate at the Department of
Communications Technology (ICOIACT) (pp. 373-378). IEEE. Information Technology, University of the
[2] Berry, C. T., & Berry, R. L. (2018). An initial assessment of small Cumberlands, Kentucky, United States of America.
business risk management approaches for cybersecurity threats. He is also a Senior Software Engineer in a Financial
International Journal of Business Continuity and Risk Management, Corporation in the United States. Mr. Datta’s
8(1), 1-10. research interest includes Software Development,
[3] Callahan, C., & Soileau, J. (2017). Does enterprise risk management Blockchain, Machine Learning, Application
enhance operating performance?. Advances in accounting, 37, Security, Algorithm, etc.
122-139.
[4] Fraser, J. R., & Simkins, B. J. (2016). The challenges of and solutions
for implementing enterprise risk management. Business Horizons,
59(6), 689-698.
[5] Hopkin, P. (2018). Fundamentals of risk management: understanding,
evaluating and implementing effective risk management. Kogan Page
Publishers.
[6] Javaid, M. I., & Iqbal, M. M. W. (2017, April). A comprehensive
people, process and technology (PPT) application model for
Information Systems (IS) risk management in small/medium
enterprises (SME). In 2017 International Conference on
Communication Technologies (ComTech) (pp. 78-90). IEEE.

16 www.ijntr.org
View publication stats