Risk Management and Assessment process

Question one

According to the four-stage hierarchical process, the factors to be considered in the risk assessment process consist, identifying the risk, deciding the consequences of the risk on the organization, evaluating the risk and taking action over the risk and documenting the findings of the assessment. The methods for analysis of a given risk can either be qualitative or quantitative. The qualitative evaluation is carried out through a matrix while the quantitative analysis is done through the formulation of a risk decision tree.
The risk level is high considering that the company can lose its revenue. The contingency plan that should be undertaken includes the enhancement of online security payments through the installation of firewalls and educating their staff of phishing methods that are used by hackers and how they can be mitigated (Brindley, 2017). The legal aspect that ought to be considered is the loss of data and a third party gaining access to the confidential data of the clients of the company. There is limited insurance option that is related to the cyber security cases, thus, the need to work stringently on the cyber security options.
The stakeholders to involve are cyber security experts from government authorities, executive management of AAPoly Group and its IT staff. The risks that ought to be considered in order of importance include vetting of the integrity of the company’s staff and the installation of security features in the IT systems of the company. The risk that must be monitored immediately is the integrity of the team not to expose the operations of the firm to cyber-attacks. The low risk that ought to be monitored is the review of IT system of the company. The company has the capability of handling the risk through the establishment of recruitment and IT policy within the organization. Ensuring that there is the provision of regular update of the IT system exposure to risk on a monthly basis should constitute the risk register and evaluating the risk management measures laid by the company.

Question two

The risk identified on a priority basis include the loss of staff, negative review of the company, financial loss that is incurred by the company and the legal battles that are likely to be advanced by the company (Haimes, 2015). The contingency measure would entail apologizing to the customer and be taking up the medical costs of the customer. The client is suing the legal battle that the company could face for serving a meal with peanut oil despite mentioning of the nut allergy. However, there is a limited option that is available for the issue. Stakeholders to involve, include the food assessors, management of the company and the cook. The risk to be taken immediately is the emphasis of the waiters and cooks being keen on the food orders while the low-level risk is offering the treatment option to the customer. Emphasizing the cooks being keen when taking the order would stress on the capability of the business to handle the risk and would also entail the risk control measure.

Question three

The risk is medium owing since it is likely to have a short-term effect. The contingency plan that ought to be taken into consideration is hiring of staff bus by the company for the period of the strike. The legal aspects that could be considered are the high lateness and the repercussion that the staff would face based on HR policy on delay and meeting of work targets. The stakeholders involved include the staff members who are affected by the strike, management of the company and bus Hire Company (Thakor, 2016). The capability of the firm to handle the confrontation would lead to financial repercussions being incurred by the company. The risk control measure would entail advising the company’s staff to live close to the company and purchase of a staff bus. Concisely, a risk register needs to be maintained to ensure that there is the solution to each risk is recorded for future reference.

Question four

The primary risk that is facing the company is the loss of the company’s clients and financial loss. The risk level is high. The contingency plan would entail involving the health and foreign affairs departments of the company on how the health issue could be remedied. The legal aspect involved is the policy on reimbursement of the clients who have canceled their bookings. Insurance option is limited, and the company has to provide internal control measures that could mitigate the risk identified (Sadgrove, 2016). Therefore, the stakeholders to involve in the risk mitigation process include the executive management of the company and governments authorities such as foreign affairs and health ministries within the Asian region.

Question five

The risk level that is facing the company is high owing to the loss of clients form the company that could lead to loss of clients. The loss of critical supervisors is also high due to the leak of client’s data. However, the legal issue that is involved would require proof of leak of company’s data where it has been established the staff involved in the data leak. To address the problem, the principal supervisors, human resource department and the IT department should be committed to coming up with internal measures such as bonuses for the primary supervisors and enhanced security of the client’s database. The contingency measures should also entail the setting of higher rewards, good working conditions, work-life balance and increased gross payment for the principal supervisors (Bahr, 2014). Offering incentives such as holidays for the highly efficient staff, fully paid by the company would help keep the critical supervisors of the company.

Question six

The risks that are facing the company include the inability to recruit the staff with technical expertise to work in the company and the decreased productivity within the company, especially in the bar department. Failure to hire the staff is a medium risk while the reduced productivity of the bar department is a high risk owing to the poor services that the clients are likely to receive. The contingency plan that the company needs to lay within the company is contracting with an HR recruitment company to evaluate the roles needed to undertake the task and the competitive remuneration for the position. Additionally, training of the staff within the bar department on how they could enhance their performance within the company would be necessary. There is no legal aspect or insurance option that is relevant to the case. The analysis of each risk is based on the qualitative report on how the risk could impact on the general work efficiency of the company and their impact on the revenue generation of the company. The stakeholders to involve in the risk assessment process include the human resource department of the company, HR consultants and the executive management of the company. The HR consultant is a critical stakeholder owing to the role that they ought to play in training the existent staff in the bar department and the redesigning of the character and remuneration for the holder of the given position (Boritz, Carnaghan, & Alencar, 2014). The criteria for ranking the risks in based on their influence in attracting or dismissing a qualified professional to occupy the advertised position. The risk that has to be treated immediately is the inability to recruit the potential staff to take up the job. The low-level risk that should be monitored is the lack of internal coaching and mentoring of the team in each department by leach line manager. The business has the internal capability for handling the risks owing to the flexibility of the company’s HR policy that gives room for the recruitment of independent human resource consultants to manage the specialized tasks. The implementation of the risk control measure should begin by enhancing the relationship between the staff, line managers, and the supervisors. Continuous training of the staff and offering mentorship would result in the acquisition of technical skills. Such would lead to ease of promotion owing to skills improvement policy within the company. The professional consultation that the IT staff needs to offer to the management of AAPoly Group needs to be done formally and should list the sustainable measures that the company needs to undertake to bring about staff mentoring.

References

Bahr, N. J. (2014). System safety engineering and risk assessment: a practical approach. CRC Press.
Boritz, J. E., Carnaghan, C., & Alencar, P. S. (2014). Business modeling to improve auditor risk assessment: An investigation of alternative representations. Journal of Information Systems, 28(2), 231-256.
Brindley, C. (Ed.). (2017). Supply chain risk. Taylor & Francis.
Haimes, Y. Y. (2015). Risk modeling, assessment, and management. John Wiley & Sons.
Sadgrove, K. (2016). The complete guide to business risk management. Routledge.
Thakor, A. V. (2016). The highs and the lows: a theory of credit risk assessment and pricing through the business cycle. Journal of Financial Intermediation, 25, 1-29.