PART A

Risk management

A company is said to be taking a risk whenever it engages in any behavior — or refrains from
engaging in any behavior — that makes it more susceptible to the influence of external factors
that have the potential to lower its profits, bring it to the brink of financial ruin, or tarnish its
reputation. At the executive level of a corporation, the goal of risk management is to ensure that
the organization and its personnel take measures to lessen their vulnerability to the
aforementioned variables in issue (Crockford, 2016).

The act of considering the risks that executives are probably not going to contribute consistently
to the aims of the firm could be considered part of the decision-making process. In point of fact,
you may characterize the process of making decisions as the approach involved in calculating the
risks that will be played out by executives (Motarjemi, 2014). Even though there are many
people who are responsible for risk management in a confined space, an intelligent structure
assists them in doing so in a methodical manner so that agreements can be made with the
business risk, executive arrangements, and the administrative environment in which it operates.
This is necessary in order for the business to continue running smoothly.

Components of risk management

The process of risk management should be methodical, coordinated, shared, and cross-
authoritative so that it can be persuasive to executives. Although there are many different ways
to order the components that make up a feasible danger the executives interactions constituent
component, in general, it needs to combine the components that accompany the danger the
board. There are many different ways to order the components that make up a feasible danger the
executives interactions constituent component.

1. Risk identification

Identification of risks is by far the most common approach to gathering information about
potential dangers, which is followed by the organization of the actual threats that a company
faces after recording them. The total number of potential as well as existing dangers is frequently
referred to as the hazard universe. This term can also be used interchangeably. Additionally, it is

pg. 1
possible to use this phrase interchangeably. It is essential to make a concerted effort to
distinguish each and every potential risk since doing so lowers the probability that predicted
sources of risk will be disregarded. When doing a risk assessment, it is essential to take into
consideration not only the challenges that the organization is dealing with at the moment, but
also those that might emerge at a later point in time. The danger landscape is constantly evolving
as a direct result of progress made in technology as well as organizational reorganization.

2. Risk analysis

After differentiating between the many possibilities, the following stage is to evaluate the
possibility of each one as well as the impact that may be predicted as a result of it. An
organization can categorize potential risks as either serious, moderate, or small; high, medium, or
low, depending on the level of disruption that they are most likely to produce. It is less crucial to
recognize that certain threats constitute a more immediate threat than other threats than to take
them in the exact order that they are presented (Dionne, 2013). This is due to the fact that certain
dangers are capable of draining more resources than others. The assessment of dangers enables
organizations to concentrate their efforts more intently on delivering relief. For instance, a risk
may present a potentially large effect despite the fact that the possibility of it occurring is quite
low. This may be the case even if the risk is extremely unlikely to materialize. When contrasted
with a risk that has a high potential for occurrence as well as a significant associated cost, the
organization can determine that the relevance of relief as a priority should be lowered.

3. Risk planning

The method of reaction organising seeks to provide an answer to the question "what are we
going to do about it?" For instance, if you discovered during the process of identifying the culprit
and conducting the investigation that the company is susceptible to phishing attacks because its
employees are unaware of the best practices for email security, your response plan may include
training for security awareness and awareness of the best practices.

4. Risk mitigation

The process of reducing potential dangers is accomplished through the execution of your
reaction strategy. It is a term that describes the steps that your firm and its personnel take in
order to hide information from the public. Using the example that our earlier model offered as a

pg. 2
guide, the execution might include the design of onboarding materials to teach employees, the
preparation of security awareness training, etc. The organization is responsible for putting in
place protections that reduce the level of risk to a level that is within acceptable bounds. It is
essential to put these safeguards through their paces in order to demonstrate that they have been
meticulously prepared and are performing as expected.

PART B

ERM, which stands for enterprise-wide risk management, is a form of risk management that is
coordinated and places a greater emphasis on collaboration between divisions in order to manage
the whole risk profile of a company. ERM provides a framework that may be leveraged in order
to successfully manage uncertainty, respond to risk, and capitalize on opportunities as they
become available. Not only does the framework include policies and procedures, but it also
includes techniques, instruments, reporting, and the optimal structure for governance. Objective
setting, event identification, risk assessment, and risk response are the four components that
make up the ERM framework (Hubbard, 2009). Examples of risk responses include hazard
avoidance or elimination, risk transfer or sharing via insurance, a joint venture, or some other
arrangement; risk reduction or moderation via internal control frameworks or other danger
preventive activities; and risk transfer or sharing via insurance, a joint venture, or some other
arrangement. This assessment of significant dangers and the execution of suitable risk responses
are both examples of risk responses. Hazard reasoning, which is also sometimes referred to as a
hazard system, risk culture, and hazard seeking are three other crucial terms that are related with
ERM. These are indications of the organization's risk-taking mentality as well as the level of risk
that it is willing to tolerate. These are some of the most fundamental obligations associated with
administrative work.

PART C

Step 1: First, generate potential future scenarios

You must choose a timeline in the first step. As you determine the deadline, you should take the
following into account:

pg. 3
  Your product's life cycle
 Your nation's political climate
 Competition research
 Technological progress

Decide what expertise would be of significant use to your organization for a long time after
choosing a suitable time frame. Consider creating a scenario for a decade; you might use the
previous ten years as a point of reference. You must take into account the changes that have
taken place in your division, company, sector, locale, nation, and even the entire planet. In the
following ten years, comparable changes ought to be expected.

Step 2: Recognize patterns and motivating factors

When attempting to identify trends and driving forces, you should pay special attention to the
following criteria.

 Who has a stake in these choices?

 Who will they have an impact on?
 Who might have an impact on them?

Suppliers, customers, rivals, employees, shareholders, government, and many more seem to be
the current driving forces. It's also crucial to identify the following aspects of them.

 The current functions of the underlying forces

 Their preferences
 Their places in the industry
 Their development over time

For instance, you must maintain contact with journalists, individuals who can promote your
product, product suppliers, judges, lawyers, ministers, and many others in technical fields.

Step 3: Produce a template for scenario planning

pg. 4
Determine the environmental factors that are the essential factors you have outlined. The
following are some possible sources for these driving forces:

 The social structure, which includes variables related to the economy, politics, and public
opinion.
 Markets and Consumer Conduct
 Invention and Technology
 Your Industry's Structure of Competition
 Your organizational skills and fundamental abilities
 Focus on the consequences that are unlikely to happen and separate the highly predictable
forces.

Step 4: Develop a scenario

Creating the real scenario is a crucial step in scenario planning. You must construct a situation
taking into account each element we have assessed in the preceding steps as well as the
characteristics and market trends (Dionne, 2013). Writing a movie scene is akin to developing a
scenario properly. You must create a plot before developing your story around it. Finding the
strengths and weaknesses of your plan can help you design a scenario, so do so. You must decide
on the touchpoints your story will center around.

Step 5: Assess a Case Study

The scenario team can strike a balance between wild originality and free form imagination by
following a methodical, step-by-step process. And based on your knowledge and experience, you
may form an informed judgment. A group makes an effort to consider every factor that might
have an impact on the problem. Finding the focus concerns and level of ambiguity requires a
certain sort of segregation that is employed for finding methods. For instance,

 What will the cost of energy be?

 Will they advance or decline?
 What will the public's opinion of your product be?
 Will they lean more toward rationalization or modernization?
 What will be the rate of technological advancement?

pg. 5
  What will the government's strategy be? Etc.

Step 6: Update Policies and Strategies as Necessary

After a month or two of putting the scenarios into practice, you should review your strategic plan
and revise the policies to reflect the latest market changes. Periodically, this evaluation and
update should be performed. According to the above-described macro-environmental forces,
market conditions change often. Therefore, you require the assessment and update in accordance
with a predetermined interval. Consequently, scenario analysis provides you with a clearer vision
of the future. Based on the events from the past, it will predict what will occur in the future.

PART D

Figure-1 - Scenario planning exercise for the strategy venture from the point of Bubbles PLC

The Conditions of Demand

In the context of the diamond model, "demand conditions" refer to the types of domestic clients
and the total number of them. It is tempting to believe that businesses gain when their domestic
customers are willing to purchase inferior items since this lends credence to the idea that these

pg. 6
customers benefit the company. This would be an incorrect assumption to make! Instead,
businesses stand to prosper when the expectations of their domestic clients are high.

Aspects of the Situation

The nature of the raw materials and other inputs, such as competent labor, that businesses require
in order to produce their goods and services is referred to as the factor conditions. Land, labor
markets, capital markets, and infrastructure are some examples of this. When companies do not
have easy access to favorable factor conditions, they are put in a position where they must
contend with a number of difficulties.

Competition, Organizational Structure, and Business Tactics

If a company has been able to thrive despite heavy competition in its home market, then it is
likely that the company has created strategies and organizational structures that will help it
succeed while competing in international markets.

PART E

In order to facilitate the Group's proactive and dynamic risk management, Bubbles PLC has
established procedures for identifying risks and conducting scenario analyses. Forward-looking
risk identification processes consider the worries of both the business areas, which are close to
the reality of the various geographical areas, and the corporate areas and senior management in
order to seek the identification of new hazards (Mandelbrot, 2008).

Consistent approaches based on context are used to identify and quantify risks. In order to
quantify them, it's important to think about the controls that are in place and conduct scenario
analyses and stress tests.

To spot potential outliers, this procedure involves doing a forward projection of the Risk
Appetite Framework (RAF) variables in stress scenarios. Any time a variable's risk profile
deviates from the desired range, corrective action is conducted.

Early on, most goods for the human consumer and societal use emerged from centralized
instrumentation with a small number of regulators and were typically produced by a single
business. These days, an enterprise system is made up of a collection of interconnected systems
that work together to facilitate mass production, enhanced product quality, and reduced product

pg. 7
costs via efficient resource utilization in response to rising consumer demand, rising labor costs,
and a growing global population. To do this, cutting-edge applications of technology and
information systems are required. To keep the required level of system availability and
efficiency, new control mechanisms are being offered. Commonly, these approaches to control
are based on centralized process control for isolated systems or distributed control architectures,
which might introduce novel dependencies or amplify existing ones. Now, researchers are
digging deep into how these interconnections might affect the reliability of one system relative to
another (Rahman, 2019).

Today's enterprise systems are more difficult to manage and risky to implement than ever before
because of the proliferation of solutions, products, and standards that all seem to do the same
thing and overlap with one another. These exchanges typically result in linkages, dependencies,
and interdependencies between enterprise systems that would not exist without them. Thus, these
business systems or SOS are designed with dependencies, resulting in tighter coupling and
common-mode connectivity (Dorfman, 2007). The term "interdependency" is used to describe
the relationship between two or more enterprise systems, where one system (or set of nodes)
provides the resources necessary for another system (or set of nodes) to function at a certain level
of performance.

PART F

Risk transfer is a method of risk management in which the risk is passed on to a different party,
often known as a third party. To put it another way, risk transfer entails one party taking on the
responsibilities and obligations of another party. A typical example of moving risk from an
individual or corporation to an insurance firm is the purchase of insurance protection for that
risk.

It Is Efficient in That:

Risk transfer is a common method used in risk management, in which the potential loss that
could be incurred by an individual or institution as a result of an unfavorable outcome is passed
on to a third party. In most cases, the individual or the organization will make regular monthly
payments to the third party as a form of risk compensation for taking on the responsibility.

pg. 8
The most common form of risk transfer is through the purchase of insurance. When an individual
or an organization purchases insurance, they are shielding themselves from potential adverse
monetary consequences. When someone purchases automobile insurance, for instance, they are
acquiring financial protection against the possibility of suffering bodily harm or property damage
as a result of an accident involving a motor vehicle.

Risk Transfer Methodologies

In most cases, risk is transferred in either of these ways:

1. A piece of insurance coverage

As was said earlier, one of the most common methods of risk transfer is the purchase of
insurance. When an individual or a company purchases insurance, they are handing over the
responsibility of managing certain financial risks to the insurance company. To compensate
themselves for taking on such dangers, insurance companies typically demand payment in the
form of an insurance premium.

2. Indemnification provisions written into contracts

Contracts can also be used to help an individual or organization transfer risk from one party to
another. An indemnification clause is a provision that can be added to a contract. This provision
ensures that the other party will pay for any potential losses. An indemnity provision, in its most
fundamental form, is a clause in which the contracting parties agree to recompense each other for
any injury, liability, or loss that is incurred as a result of the contract. This could include
financial loss, legal liability, or other types of loss.

3) Insurance Companies Are Responsible for Taking the Risk

Although individuals and businesses regularly pass their risks on to insurance companies,
insurance companies also have the ability to pass risks on to third parties. The purchase of a
reinsurance policy will allow for the successful completion of this task. Reinsurance firms are
organizations that offer secondary insurance coverage, or reinsurance, to primary insurance
providers.

pg. 9
References

1) Crockford, Neil (2016). An Introduction to Risk Management (2 ed.). Cambridge, UK:

Woodhead-Faulkner. p. 18.
2) Dionne, Georges (2013). "Risk Management: History, Definition, and Critique: Risk
Management". Risk Management and Insurance Review. 16 (2): 147–166.
3) Dorfman, Mark S. (2007). Introduction to Risk Management and Insurance (9 ed.).
Englewood Cliffs, N.J: Prentice Hall.
4) Hubbard, Douglas (2009). The Failure of Risk Management: Why It's Broken and How
to Fix It. John Wiley & Sons. p. 46.
5) Mandelbrot, Benoit (2008). The (mis)Behaviour of Markets: A Fractal View of Risk,
Ruin and Reward. London: Profile Books.
6) Motarjemi, Y.; Ross, T (2014), "Risk Analysis: Risk Communication: Biological
Hazards", in Motarjemi, Yasmine (ed.), Encyclopedia of Food Safety, Waltham:
Academic Press, pp. 127–132,
7) Rahman, Alfi; (2019). "Communicating Risk in Enhancing Disaster Preparedness: A
Pragmatic Example of Disaster Risk Communication Approach from the Case of Smong
Story". Iop Conference Series: Earth and Environmental Science. 273 (1)

pg. 10