ASSIGNMENT

Semester 2 2024
Module name Risk Management
Module code RIM262
Due date 20 September 2024
Total marks 75

©STADIO [RISK MANAGEMENT – RIM262] [ Assignment Feedback – Semester 2, 2024]

Page 1 of 11
 ARTIFICIAL INTELLIGENCE TRAFFIC LIGHT MATRIX (AIMat)
Question/Part RED AMBER GREEN
Part May NOT May MUST use AI Detail of AI use
use AI use AI
Section 1 You may use AI here. Ensure to
reference your work according
to the STADIO Referencing
Guide to acknowledge the AI-
generated content.
Section 2 You may use AI here. Ensure to
reference your work according
to the STADIO Referencing
Guide to acknowledge the AI-
generated content.
Section 3 You may use AI here. Ensure to
reference your work according
to the STADIO Referencing
Guide to acknowledge the AI-
generated content.
NOTE:
• STADIO employs AI writing detection tools to monitor AI use.
• Presenting work produced by AI as your own contravenes the STADIO Plagiarism
policy.
• Refer to the STADIO Referencing Guide for guidance.

©STADIO [RISK MANAGEMENT – RIM262] [ Assignment Feedback – Semester 2, 2024]

Page 2 of 11
Question 1 (25 marks)

1.1 Note to marker: Each element of risk named gets (1 mark per element) (4 marks
maximum); and the brief explanation of each element gets (1 mark per element) (4 marks
maximum). Anything that closely aligns with the below can be considered if the core of
the student’s explanation matches the core facts. Students can use their own wording for
the explanation. (Total of 8 marks)

Answer: Page 14-16 of the study guide, section 1.2 Concept of Risk
● Outcomes [1]: Loss of revenue and income [1] due to fines, lawsuits/legal liabilities from
environmental groups; Business interruption [1] due to staff illness, software bug from
ventilation technology, load shedding, economic slowdown; reputational damage [1]
from environmental group claims or lawsuits.
● Events [1]: A bug in the software meant the ventilation did not work properly;
loadshedding [1], economic slowdown [1], increased focus on ESG regulations [1]
economic slowdown [1]
● Sources [1]: Insufficient monitoring of the ventilation machine to pick up the bug in the
software sooner [1]. Cyberattack that led to the software bug [1], loadshedding [1], risky
nature of the coal mining industry should lead to more proactive risk management [1]
● Environmental factors [1]: Dangerous working conditions [1], loadshedding [1],
pollution and emission of greenhouse gases [1].

1.2 Note to marker: Anything that closely aligns with the below can be considered if the core
of the student’s explanation matches the core facts. Students can use their own wording
for the explanation. (Total of 4 marks)

Work with or hire expert consulting companies to find a way to reduce the impact of the
coal mine on the environment [1]. Consider ways to become more compliant with ESG
regulations and reforms [1]. Consider alternative solutions to reduce the impact of
loadshedding (i.e. solar panels; inverters; water solutions etc.) [1]. The mine should
perform regular checks and monitoring of its software, technology and other areas of
business operation [1]. Consider improving medical scheme benefits for workers as there
is a real health risk in working in a coal mine [1]. Increased visibility and responsibility
from management over the daily operations [1]. Improved communication across the
areas to reduce the impact of the risks [1]

©STADIO [RISK MANAGEMENT – RIM262] [ Assignment Feedback – Semester 2, 2024]

Page 3 of 11
1.3 Note to marker: (1 mark per risk type listed) (maximum 4 marks). (1 mark for each
example provided per risk type) (maximum 4 marks). Anything that closely aligns with the
below can be considered if the core of the student’s explanation matches the core facts.
Students can use their own wording for the explanation. (Total of 8 marks)

Answer: Page 19 of the study guide, section 1.2 Concept of Risk

● Compliance/mandatory risk [1]: Non-compliance with ESG or other regulations [1]. Non-
compliance with conditions of employment regulations [1]
● Hazard/pure risk [1]: Loadshedding [1]. Not having sufficient insurance for natural
disasters or employee claims [1].
● Control/uncertainty risk [1]: Software bug that went unnoticed for some time [1]
Elections [1]
● Opportunity/speculative risk [1]: Investing in software to improve automation and
operations [1]

1.4 Risk and uncertainty

Note to marker: There is only 1 mark allocated and can therefore be right or wrong. Students
can use their own wording, but anything that closely aligns with the below can be considered.
(Total of 5 marks)

1.4.1 Answer: Page 20 of the study guide, section 1.3 Risk and Uncertainty
Risk is where outcomes and impacts are known and can be measured using
statistical and probabilistic measures to make decisions i.e. quantitative methods.
Uncertainty is where outcomes and impacts are unknown or unpredictable i.e.
qualitative methods [1].

1.4.2 Note to marker: There is one mark allocated for an example of a risk, and one mark
allocated for an example. Students can use their own wording, but anything that
closely aligns with the below can be considered.

Answer: Page 20 of the study guide, section 1.3 Risk and Uncertainty
● Risk: Business interruption, financial losses, fines/lawsuits, environmental
risks, economic slowdown [1]
● Uncertainty: Loadshedding, elections [1]

1.4.3 Note to marker: Anything that closely aligns with the below can be considered if
the core of the student’s explanation matches the core facts i.e. the student should

©STADIO [RISK MANAGEMENT – RIM262] [ Assignment Feedback – Semester 2, 2024]

Page 4 of 11
 explain the upside (reward/opportunity) and downside (risk) to the example they
have selected. Students can use their own wording for the explanation.

Answer:
● Risk: The risk that investing in technology can result in bugs or cybercrime
activity, or that they may fail at some point leading to business interruption,
injury or financial losses. [1]
● Reward: Investing in technology can speed up and ensure more effective
operations and outputs, reduce the need for human intervention, replace
more dangerous activities with machines etc. [1]

Question 2 (25 marks)

2.1 Note to marker: Anything that closely aligns with the below can be considered if the core
of the student’s explanation matches the core facts. At least two of the above examples
should be used to allocate the (2 marks). The definition should not be a copy paste of an
already established definition. Students can use their own wording for the explanation.
(Total of 2 marks)

Answer: Page 16-17 of the study Guide Section 1.2 Concept of Risk
● any factor/event that could hinder the achievement/fulfilment of eskimo’s
objectives/goals
● uncertainty about objectives/goals, or the presence of uncertainty
● characterised by a particular event, a shift in circumstances or specific outcome
● the likelihood/probability of the event happening and the impact it would have
● negative outcomes or positive outcomes/opportunities
● variation of the actual outcome from the expected outcome
● comprehensive
● inclusive
● proactive

2.2 Note to marker: (Maximum of 6 marks to be allocated). Anything that closely aligns with
the below can be considered if the core of the student’s explanation matches the core
facts. Students can use their own wording for the explanation. (Total of 2 marks)

Answer: Page 23-24, Section 1.5 Importance of Risk Management

● By identifying, assessing, and strategically addressing potential threats and
opportunities, risk management creates resilience, promotes regulatory

©STADIO [RISK MANAGEMENT – RIM262] [ Assignment Feedback – Semester 2, 2024]

Page 5 of 11
 compliance, optimises operational efficiency, and increases stakeholder
confidence [1].
● Risk management provides a framework for identifying, assessing, and
understanding risks faced by Eskimo, allowing senior leadership to make more
informed decisions [1].
● By identifying, assessing, and addressing threats and opportunities, management
can make decisions proactively [1].
● With the increase in cyber and technological threats, regulations and legislation
and the slowdown of the global economy, having a robust risk management
process in place can increase Eskimo’s resilience in the face of danger. It helps
prepare for and anticipate potential disruptions, ensuring business
continuity/sustainability even during crisis scenarios [1].
● Effective risk management can lead to cost saving. By identifying potential threats
early, Eskimo can take measures to prevent or mitigate losses, reducing the
financial impact of risk events. [1]
● To obtain the FSP licence, risk management is not only a legal requirement but
good practice. Regulatory bodies demand that businesses identify, assess, and
manage risks, particularly in the fintech industry of Eskimo. [1]
● As a new company, Eskimo is reliant on investors to grow and fund the business.
Risk management can also build stakeholder confidence. By demonstrating that
the organisation is proactively managing its risks, stakeholders – including
investors, customers, and employees – can have greater confidence in Eskimo’s
sustainability and integrity. [1]
● By identifying potential inefficiencies or hazards in processes, risk management
can lead to improved operational efficiency. Preventative actions can be taken to
avoid future problems. [1]

2.3 Note to marker: (Maximum of 8 marks). MADE2 reasons and PACED principles should
receive the same amount of attention, with the reasons making sense in the context of
the case study. (Total of 8 marks)

Answer: Page 24-27, Section 1.5 Importance of Risk Management & Section 1.6 Principles
of Risk Management
● Mandatory: The primary objective of the Eskimo risk management function is to
ensure compliance with applicable rules, regulations, and mandatory obligations.
[1]
● Assurance: The board and audit committee require assurance that risk
management and internal control activities adhere to certain principles. [1]
● Decision-making: Risk management activities should provide the necessary risk-
based information to support decision-making. [1]
©STADIO [RISK MANAGEMENT – RIM262] [ Assignment Feedback – Semester 2, 2024]
Page 6 of 11
 ● Effective and efficient core processes: The risk management framework will aid
in achieving efficient strategy, tactics, operations, and compliance. This ensures
optimal outcomes with reduced volatility of results. [1]
● Proportionate: Risk management activities should correspond with the level of
risk faced by the organisation to add the most value. [1]
● Aligned: Risk management efforts must be synchronised with all other business
areas in the company. [1]
● Comprehensive: A holistic risk management approach is necessary for complete
effectiveness. [1]
● Embedded: Risk management activities must be integrated within all business
procedures and protocols. [1]
● Dynamic: Risk management strategies must be flexible, iterative, and responsive
to emerging and changing risks. [1]

2.4 Process of risk management in the risk management framework:

2.4.1 Note to marker: (Maximum of 3 marks) for any of the 6 listed below. (Total
of 3 marks)

Answer: Page 48, Topic 3 The risk management process

risk identification [1], risk analysis [1], risk evaluation [1], risk treatment [1],
risk monitoring and review [1], communication and consultation [1]

2.4.2 Note to marker: The steps should correspond to the student’s answer in
2.4.1. 1 mark provided for each step, (maximum of 3 marks)
(Total of 3 marks)

Answer: Page 48, Topic 3 The risk management process

● Risk identification: brainstorming, consulting experts, checklists, surveys, SWOT
analysis, historical analysis, external research [1]
● Risk analysis: Quantitative (decisions trees, Monte Carlo simulations, sensitivity
analysis), Qualitative (brainstorming, checklists, Delphi, interviews, PI probability
impact tables, risk map, risk matrix, risk register) [1]
● Risk evaluation: Methods: risk ranking and prioritisation, risk matrix, risk appetite
and tolerance, cost-benefit analysis, scenario analysis, residual risk assessment;
Tools: Risk register, heat maps, decision trees, Monte Carlo simulation, sensitivity
analysis, SWOT analysis [1]
● Risk treatment: Plan that will avoid, reduce, share, or accept the risk [1]
● Risk monitoring and review: tracking significant changes, monitoring performance,
periodic reassessment, learning and development [1]
©STADIO [RISK MANAGEMENT – RIM262] [ Assignment Feedback – Semester 2, 2024]
Page 7 of 11
 ● Communication and consultation: regular meetings, training, updates, minutes of
meetings [1]

2.4.3 Note to marker: The steps should correspond to the student’s answer in 2.4.1
and 2.4.2. 1 mark provided for each step, (maximum of 3 marks).
(Total of 3 marks)

● Risk identification: Important to know the challenges and opportunities. Risk

identification is like being a detective for a project, assessing what surprises (risks)
might occur and how they might change things. This includes risks from inside the
project and from the outside world. The big risks must be spotted early. This helps in
planning better for the project. [1]
● Risk analysis: Understanding and evaluating risks. It helps businesses decide which
risks might have a big impact and which ones are less concerning. A big challenge
however is to decide which risks need a response and which ones can be set aside.
[1]
● Risk evaluation: The primary goal of risk evaluation is to determine which risks need
immediate attention and which can be monitored or even accepted. Organisations
can allocate resources more effectively, ensuring that the most significant threats
are addressed first. This process helps in making informed decisions, prioritising
actions, and ensuring that the organisation's objectives are met without unnecessary
disruptions. In the world of finance, risk evaluation is especially vital. Financial
institutions and businesses must weigh the potential rewards of an investment or
decision against the associated risks. By doing so, they can make choices that align
with their risk appetite and strategic goals. [1]
● Risk treatment: The goal is to ensure that risks are managed in line with the
organisation's risk appetite and objectives. [1]
● Risk monitoring and review: Risks can shift and evolve over time. That is why it is not
enough to just identify, analyse and evaluate them once. Companies need to keep
an eye on these risks and revisit them often. This helps ensure that the mitigating
strategies they have in place to handle these risks are still effective and in line with
the company's goals. Regularly checking and updating our understanding of risks
means we are always ready, no matter how challenges might change. [1]
● Communication and consultation: Communication and consultation are the bridges
that connect all parts of an organisation, ensuring that insights about risks are shared
and understood. This process is vital because when everyone is on the same page,
the organisation can make informed decisions and respond to risks more effectively.
Clear communication and active consultation are important in the risk management
process as they foster a unified approach to handling uncertainties. [1]

©STADIO [RISK MANAGEMENT – RIM262] [ Assignment Feedback – Semester 2, 2024]

Page 8 of 11
Question 3 (25 marks)

3.1 Note to marker: Maximum 2 marks each, 1 mark for correct risk category, 1 mark for
correct risk type. (Total of two marks)

Answer: Page 35 of the study guide, section 2.4 Risk Categories, and associated risk types

a. Financial risk (risk category) & credit risk (risk type) [2]/also correct credit risk (risk
category) & counterparty risk (risk type) [2]
b. Operational risk (risk category) & system risk (risk type) [2]/also correct business risk
(risk category) & operational risk (risk type) [2]
c. Legal risk (risk category) & lawsuits (risk type) [2]/also correct business risk (risk
category) & legal risk (risk type) [2]

3.2 Note to marker: Maximum of 9 marks to be allocated, 3 marks maximum for each risk
(type, description and internal/external risk). Anything that closely aligns with the below
can be considered if the core of the student’s explanation matches the core facts, and if
the description and classification matches the risk type. Students can use their own
wording for the explanation. (Total of 9 marks)

Answer: Page 40-42 of the study guide. Section 2.4.1 Risk types and their associated risk
categories

Operational Risk Description [max 3 marks] Internal/extern

Type [max 3 marks] al risk/both
[max 3 marks]

Human Resources Retrenchments due to the pandemic leading Internal

Risk to business disruption/lawsuits

Operations Risk Disruption due to Covid 19 leading to financial External

losses and business interruption

Process risk where the airline has decided to Internal

carry passengers only and has not diversified
the risk to include cargo flights

Theft/Fraud Risk Finance clerk who had been stealing money Internal
every month and depositing amounts into his
aunt’s bank account

System Risk Cybercrime in 2018 where personal Internal and

information of customers was leaked External

©STADIO [RISK MANAGEMENT – RIM262] [ Assignment Feedback – Semester 2, 2024]

Page 9 of 11
3.3 Note to marker: Maximum of 6 marks 2 marks each for the benefit of qualitative and
quantitative technique [4], 1 mark each for a method for each [2]. Anything that closely
aligns with the below can be considered if the core of the student’s explanation matches
the core facts. Students can use their own wording for the explanation. (Total of 6 marks)

Answer: Page 69-89 of the study guide. Topic 4 Risk analysis tools and techniques
● Benefits of using qualitative techniques [max 2]: They help in understanding the
nature of the risk and its potential impact [1]. They help us understand how significant
different risks are by looking at what could happen if they occur [1]. This kind of
analysis usually gives us important insights, sometimes even more valuable than what
we get from quantitative analysis [1]. It is a good place to start when we are first
looking at the risks of a project [1]. Qualitative techniques focus on opinions and
feelings [1]. They are more about discussions and observations [1].
● Methods of qualitative techniques [max 1]: Assumption analysis [1]. Probability-
Impact (PI) tables [1]. risk mapping [1]. brainstorming [1]. interviews [1]. checklists [1]
risk register [1] risk matrix [1] Delphi [1]
● Benefits of using quantitative techniques [max 2]: They deal with numbers,
probabilities, and statistics, allowing for a more precise and numerical understanding
of risks [1]. They give us specific numbers and probabilities about what might happen
in a project [1]. They usually need more detailed analysis, often with the help of
computers [1]. Quantitative techniques use numbers and hard data. They are useful
when you need clear, objective answers [1].
● Methods of quantitative techniques [max 1]: Decision trees [1]. Monte Carlo
simulations [1]. Sensitivity analysis [1].

3.4 Note to marker: Maximum of 4 marks to be allocated – 1 mark for explanation of risk
attitude; 1 mark for explanation of risk behaviour; 2 marks for analysis of risk culture.
Anything that closely aligns with the below can be considered if the core of the student’s
explanation matches the core facts. Students can use their own wording for the
explanation. (Total of 4 marks)

Answer: Page 44-45 of the study guide. Section 2.5 Risk Culture
● Risk attitude [max 1 mark] focuses on how members of an organisation view risk.
The organisation’s feelings about risk. Understanding risk attitude is important
for No Way or companies to form the right risk culture.
● Risk behaviour [max 1 mark] is what a company does about risks or their actions
in response to the feelings of risk. How individuals act based on their risk
perceptions. These actions can help shape the risk culture of an organisation.

©STADIO [RISK MANAGEMENT – RIM262] [ Assignment Feedback – Semester 2, 2024]

Page 10 of 11
 ● No Way seems to have a good risk culture [1]. They were cautious (risk attitude)
about the potential issues the pandemic would have on the business, and were
proactive (risk behaviour) in hiring expert consultants to perform an analysis of
the entire business. Although many issues were identified, No Way accepted that
risks needed to be mitigated and things needed to change (i.e. become more
resilient). No Way involved the risk management team from the outset, and the
board led from the top by choosing to do something about the risks. No Way was
honest in spotting the problems and was ready to fix them (max 1 mark for an
explanation to back up the decision whether No Way had a good risk culture or
bad one).

ASSIGNMENT TOTAL: 75 MARKS

©STADIO [RISK MANAGEMENT – RIM262] [ Assignment Feedback – Semester 2, 2024]

Page 11 of 11