Please help with Risk Management no text book available or needed for this assignment. RISK MANAGEMENTLearner Full Names:Surname:Only fill in…

Please help with Risk Management no text book available or needed for this assignment. RISK MANAGEMENT,correct printing margins please

Only fill in your answers in the provided columns on the right hand side of the page. Question 1: Multiple Choice – Only write the BEST CORRECT corresponding answer in the space provided for “Your Answers”. (i.e. either a, b, c, or d ) Nr: Statement or question: Mark Your Answers 1.1 In risk management, uncertainties may include: 2 a Events which may or may not happen b Uncertainties caused by a lack of information c Uncertainties caused by ambiguity d All of the above 1.2 The unexpected variability or volatility of returns is known as: 2 a Information security risk b Financial risk c Human relationship risks d Marketing risk 1.3 The characteristics of a Level 3 uncertainty (total uncertainty) are: 2 a Outcomes are not fully identified and probabilities are unknown b Outcomes can be predicted with precision c Outcomes are identified and probabilities are known d Outcomes are identified but probabilities are unknown 1.4 Having appropriate risk management processes in place is a function of: 2 a The Board b Employees c Management d Directors Student Number: – 3 Question 1: Multiple Choice – Only write the BEST CORRECT corresponding answer in the space provided for “Your Answers”. (i.e. either a, b, c, or d) CONTINUED: Nr: Statement or question: Mark Your Answers 1.5 An example of a risk management plan is: 2 a House insurance b SWOT analysis c Project failures d None of the above 1.6 A benefit of risk management is: 2 a Effective use of resources b Ability to quickly grasp new opportunities c Contingency planning d All of the above 1.7 One of the key activities in the Risk Management Process is: 2 a Resource controls b Staff meetings c Cost allocation d Budgeting 1.8 The practice of taking measures to minimize loss is called: 2 a Risk avoidance b Risk assumption c Risk prevention d Risk transfer 1.9 The capture of information about the organization and its operations, 2 including the company’s aims and objectives, involves: a Compliance risk b Strategic risk c Operational risk d Security risk 1.10 A Risk Assessment form is used to: 2 a Show the severity of a risk b Indicate risk probabilities c Estimate the frequency of occurrence of a risk d Show the organisation’s vulnerabilities and the estimated cost of recovery in the event of damage. Total question 1 /20 Student Number: – 4 Question 2: Choose the CORRECT answer by selecting a or b. Nr: Statement or question: Nr: Your Answers A Work Breakdown Structure breaks larger tasks down into … 2.1 a. smaller tasks (activities) or 2.1 b. milestones Each item in the WBS is generally assigned a unique identifier; these identifiers 2.2 can provide a structure for a hierarchical summation of costs and … 2.2 a. time b. resources The following are examples of possible Threats and Opportunities in a business: 2.3 a. Quality; Staff; Management; Price b. Technology; Public expectations; Competitors and competitive actions The following are examples of possible Strengths and Weaknesses in a business: 2.4 a. Economic conditions; Expectations of stakeholders or 2.4 b. Resources ( financial, intellectual, location); Customer service; Efficiency FMEA is a method for analysing potential …. early in the development cycle. 2.5 a. reliability problems or 2.5 b. risk problems Risk can be defined in terms of frequency and severity: 2.6 … is how serious it will be if something happens. 2.6 a. Frequency or b. Severity A Hazard and Operability study that systematically analyses each part of a 2.7 system or activity is called … 2.7 a. HAZOP or b. HAZOS Failure Modes and Effects Analysis is a method used 2.8 a. early in the development cycle or 2.8 b. at the end of the development cycle The following aspects should be covered in the risk review process: 2.9 a. Opinions of key external and internal stakeholders; Risk disclosure 2.9 exercise; or b. Resource controls; Planned reaction; Report and monitor performance Which of the following are risks associated with workplace skills: 2.10 a. Financial risk; Compliance; Reputation 2.10 b. Changing labour market conditions; changes in existing strategic partnerships Total question 2 /10 Initial: Student Number: – 5 Question 3: Carefully read each of the following statements and state whether they are true (T) or false (F): No Statement T/F 3.1 Two of the factors that make up risk are levels of risk and uncertainty. 3.2 Risk management is defined as a set of principles and processes that help minimise the negative impacts of risks and maximise the positive impacts. 3.3 One of the risks faced when developing new products is problems with employee acceptance. 3.4 A reactive project manager tries to resolve issues when they occur. 3.5 Risk spreading is when money is put aside to cover losses that might occur. 3.6 One method to reduce inter-group conflict is through arbitration. 3.7 Reputation is a risk associated with workplace skills. 3.8 In financial risk management, market risk is the investor’s risk of loss arising from a borrower who does not make payments as promised. 3.9 Injury or harm to customers due to negligence of the company may result in a public liability claim against the com-pany. 3.10 Compliance risk is the risk of direct or indirect losses arising from failed internal processes or systems. 3.11 An event that result in development of new infrastructure and demand management systems that cannot be man-aged after the event, is called environmental risk. 3.12 According to the 3×3 risk matrix, the severity of a risk with a high probability and medium impact is medium. 3.13 One of the problems that could be experienced with a risk matrix is that higher qualitative ratings can be assigned to quantitatively smaller risks by mistake. 3.14 One of the elements of the external environment that the SWOT analysis examines, is the human resource skills. 3.15 The HAZOP process is a means of solving problems rather than an identifying technique. 3.16 In PEST analysis, PEST is an acronym for Political, Economic, Sociological and Training factors. 3.17 To run an effective risk management program, one needs to be able to predict failure risk levels throughout the life of the asset. 3.18 Four ways to respond to risk include tolerate, treat, transfer and terminate. 3.19 One of the controls that can be put in place to mitigate risk, is additional information. 3.20 In an insurance context, pure risk refers to the uncertainty as to whether a voluntary undertaken activity will result in a gain or loss. Total question 3 /20 TOTAL: FORMATIVE 5 /50

le>
d

Student Number:

–

Formative Assessment

Module

Risk

Management

Assignment No. MAN61FMod5-1

Initial:

Student Number:

–

RISK MANAGEMENT

Learner Full Names:

Surname:

Only fill in your answers in the provided

olumns on the right hand side of the page.

Question 1: Multiple Choice – Only write the BEST CORRECT corresponding answer in the
space provided for “Your Answers”. (i.e. either a, b, c, or d )
			Nr:		Statement or question:	Mark	Your
		Answers
1.1	In risk management, uncertainties may include:						2
			a	Events which may or may not happen
			b	Uncertainties caused by a lack of information
			c	Uncertainties caused by ambiguity
			d	All of the above
1.2	The unexpected variability or volatility of returns is known as:
Information security risk
Financial risk
Human relationship risks
Marketing risk
1. 3	The characteristics of a Level 3 uncertainty (total uncertainty) are:
Outcomes are not fully identified and probabilities are unknown
Outcomes can be predicted with precision
Outcomes are identified and probabilities are known
Outcomes are identified but probabilities are unknown
1. 4	Having appropriate risk management processes in place is a function of:
The Board
Employees
Management
Directors

Initial:

Student Number:

–

Question 1: Multiple Choice – Only write the BEST CORRECT corresponding answer in the space provided for “Your Answers”. (i.e. either a, b, c, or d) CONTINUED:

Nr:

Statement or question:

Mark

Your

Answers

1.5	An example of a risk management plan is:

a House insurance

b SWOT analysis

c Project failures

d None of the above

1.6	A benefit of risk management is:

a Effective use of

resources

b Ability to quickly grasp new opportunities

c Contingency planning

d All of the above

1.7	One of the key activities in the Risk Management Process is:

a Resource controls

b Staff meetings

c Cost allocation

d Budgeting

1.8	The practice of taking measures to minimize loss is called:

a Risk avoidance

b Risk assumption

c Risk prevention

d Risk transfer

1.9	The capture of information about the organization and its operations,
including the company’s aims and objectives, involves:

a Compliance risk

b Strategic risk

c Operational risk

d Security risk

1.10	A Risk Assessment form is used to:

a Show the severity of a risk

b Indicate risk probabilities

c Estimate the frequency of occurrence of a risk

d Show the organisation’s vulnerabilities and the estimated cost of recovery in the event of damage.

Total question 1		/20
Initial:

Student Number:

–

Nr:

Statement or question:

Nr:

Your

Answers

2.1

2.2

2.4

2.5

2.6

2.7

2.8

2.9

2.10

Question 2: Choose the CORRECT answer by selecting a or

A Work Breakdown Structure breaks larger tasks down into …

2.1

smaller tasks (activities) or

milestones

Each item in the WBS is generally assigned a unique identifier; these identifiers

2.2

can provide a structure for a hierarchical summation of costs and …

time

resources

The following are examples of possible Threats and Opportunities in a business:

2.3

Quality; Staff; Management; Price

Technology; Public expectations; Competitors and competitive actions

The following are examples of possible Strengths and Weaknesses in a business:

2.4

Economic conditions; Expectations of stakeholders or

Resources ( financial, intellectual, location); Customer service; Efficiency

FMEA is a method for analysing potential …. early in the development cycle.

2.5

reliability problems or

risk problems

Risk can be defined in terms of frequency and severity:

2.6

… is how serious it will be if something happens.

Frequency or

Severity

A Hazard and Operability study that systematically analyses each part of a

2.7

system or activity is called …

HAZOP or

HAZOS

Failure Modes and Effects Analysis is a method used

2.8

early in the development cycle or

at the end of the development cycle

The following aspects should be covered in the risk review process:

2.9

Opinions of key external and internal stakeholders; Risk disclosure

exercise; or

Resource controls; Planned reaction; Report and monitor performance

Which of the following are risks associated with workplace skills:

2.10

Financial risk; Compliance; Reputation

Changing labour market conditions; changes in existing strategic

partnerships

Total question 2

/10

Initial:

Student Number:

–

Question 3:

Carefully read each of the following statements and state whether they are true (T) or false (F):

Statement

T/F

3.1 Two of the factors that make up risk are levels of risk and uncertainty.

3.2 Risk management is defined as a set of principles and processes that help minimise the negative impacts of risks and maximise the positive impacts.

3.3 One of the risks faced when developing new products is problems with employee acceptance.

3.4 A reactive project manager tries to resolve issues when they occur.

3.5 Risk spreading is when money is put aside to cover losses that might occur.

3.6 One method to reduce inter-group conflict is through arbitration.

3.7 Reputation is a risk associated with workplace skills.

3.8 In financial risk management, market risk is the investor’s risk of loss arising from a borrower who does not make payments as promised.

3.9 Injury or harm to customers due to negligence of the company may result in a public liability claim against the com-pany.

3.10 Compliance risk is the risk of direct or indirect losses arising from failed internal processes or systems.

3.11 An event that result in development of new infrastructure and demand management systems that cannot be man-aged after the event, is called environmental risk.

3.12 According to the 3×3 risk matrix, the severity of a risk with a high probability and medium impact is medium.

3.13 One of the problems that could be experienced with a risk matrix is that higher qualitative ratings can be assigned to quantitatively smaller risks by mistake.

3.14 One of the elements of the external environment that the SWOT analysis examines, is the human resource skills.

3.15 The HAZOP process is a means of solving problems rather than an identifying technique.

3.16 In PEST analysis, PEST is an acronym for Political, Economic, Sociological and Training factors.

3.17 To run an effective risk management program, one needs to be able to predict failure risk levels throughout the life of the asset.

3.18 Four ways to respond to risk include tolerate, treat, transfer and terminate.

3.19 One of the controls that can be put in place to mitigate risk, is additional information.

3.20 In an insurance context, pure risk refers to the uncertainty as to whether a voluntary undertaken activity will result in a gain or loss.

/20

Total question 3
TOTAL: FORMATIVE 5	/50

Initial:

PDF to Word

BUSINESS ADMINISTRATION I:
RISK MANAGEMENT

READ THIS BEFORE YOU DO ANYTHING ELSE!
1.
TUTORIAL INTRODUCTION

We trust that you will find your studies towards this qualification rewarding.

It is very important that you work through the study material in each guide and in the
prescribed text books, as this will prepare you for the assignments at the end of each Module. In
order to complete the Qualification you need to be found competent against all the Assessment
Criteria of the Topics in this Module.

2.
HOW DOES THIS MODULE WORK?

Chapters start with a title followed by the lessons for that chapter. At the beginning of
every chapter is a list of the outcomes for the particular chapter.

YOU ARE NOT REQUIRED TO ANSWER THESE STATEMENTS. We are only
informing you of WHAT you will learn and be assessed on in this module.

The study guide fulfils the purpose of a tutor, and will effortlessly guide you through the
training material. Each lesson teaches you about a specific topic.

Make sure you understand the topic of the lesson before you proceed to the next lesson.

If at any time you require assistance, please contact one of the study advisors at BMT
College who will promptly assist you with any queries.

REMEMBER: IT IS IMPORTANT TO STUDY AND WORK THROUGH
ALL THE LESSONS IN THIS GUIDE BEFORE ATTEMPTING THE
ASSIGNMENT. IF YOU UNDERSTAND THE WORK IN THIS GUIDE,
THE ASSIGNMENT WILL BE EASY.

STUDY INSTRUCTIONS

3. ICONS USED IN THIS MANUAL

LESSON 1
Indicates the start of a new lesson

Indicates the start of a Chapter (also top left of STUDY chapters) Usually an explanation
or definition of a specific word or concept Examples of a specific topic or concept

Important information.

Take a break from your studies!

Making notes while you study is very important. Spaces have
been allocated throughout this manual for this purpose

Indicates self assessment and self assessment answer section
THESE SHOULD NOT BE SUBMITTED FOR ASSESSMENT

Outcomes for this Module (What you will learn)

Steps to be followed in order to complete/execute/do a specific action or task.
Prescribed textbook

No textbook required for this module.

READ THIS BEFORE YOU DO ANYTHING ELSE!

HOW TO COMPLETE YOUR ASSIGNMENT

4.
COMPLETING THE QUESTIONS:

Answers to review questions must preferably be typed as this eliminates the possibility
of an assessor marking the answers incorrect due to the illegibility (unclearness) of the
handwriting.

You need to complete ALL the formative questions. Unless the Col ege granted you
RPL exemption from that topic or subject, you need to do all the questions. If you do not
understand a question, phone or e-mail your assessor to get assistance. ALL
questions need to be completed in order to be found competent.

Each question must be marked clearly. The question numbers must not be placed in the
left margin but at the top of the answer.

Question 1.1

An example of a breakfast cereal is Kellogg’s.

Only attempt the summative assignment after you successfully worked through the
module and completed all the formative questions for the particular module/s.

Diploma learners are required to complete a Summative assignment on completion of a
subject (provided in the yellow assignment covers).

Use single sheets, front side only. (Double pages must be cut loose on the sides)

Learners who received exemption from certain topics or subjects through RPL
(recognition of prior learning) must attach the official letter from the College stating the
exempted topics or subjects.

5. SUBMITTING YOUR FORMATIVE AND SUMMATIVE ASSIGNMENTS:

Make sure your name, surname and student number is on every page.

Place the answers to your formative assessment inside the BLUE Formative Assignment

cover provided.

Place the answers to your summative assignment inside the YELLOW
Summative Assignment cover provided.

Use a file binder and bind the cover around your answer sheet.


Always keep a copy of your assignment (should your assignment be lost in the post) as
the BMTC can take no responsibility for assignments lost in the post.


STUDY INSTRUCTIONS




PLEASE NOTE: You can only submit the Formative Assignment once! That
means, you only have one attempt for the formative assessment. If you fail
the formative you need to make up the marks in the summative. You have
three attempts to pass the summative assignment successfully.

6.
RESULTS OF YOUR FORMATIVE AND SUMMATIVE ASSIGNMENT:

Your formative and summative assignment results will be outlined in a results letter at the
end of each module.

Your formative assessment will count 25% toward your final result for the module and
your summative assessment will count 75% of your final result for the module.

To pass and to be advanced to the next module, you need a final result of 50%.

If you do not obtain a pass mark of 50%, you will be required to re-do sections of the
summative assignment where you did not obtain a success
Assignment (tests) structure for the 1st year of the Diploma qualification Study
Formative
Summative
Next Action from the college?
Process
STUDY COMPONENT 1
Management Principles (a)
College will mark module 1
NO SUMMATIVE DUE
Step 1

Complete and submit
formative assignment and posts
after module 1
Module 1 questions
module 2.
Management Principles (b)
College will mark module 2
NO SUMMATIVE DUE
Step 2
Complete and submit
formative assignment and posts
after module 2
Module 2 questions
module 3.
College will mark module 3
Management Principles (c)
Complete and submit the
formative and summative of
Complete and submit
Step 3
summative assignment on
component 1. Learner receives
Module 3
Module 1, 2 and 3.
results of component 1. The College
formative questions
posts module 4.
STUDY COMPONENT 2
Business Admin (a)
College will mark module 4
NO SUMMATIVE DUE
Step 4
Complete and submit
formative assignment and posts
after module 4
Module 4 questions
module 5.
Business Admin (b)
College will mark module 5
NO SUMMATIVE DUE
Step 5
Complete and submit
formative assignment and posts
after module 5
Module 5 questions
module 6.

College will mark module 6
Business Admin (c)
Complete and submit the
formative and summative of
Complete and submit
Step 6
summative assignment on
component 2. Learner receives
Module 6
Module 4, 5 and 6.
results of component 2. The College
formative questions
posts module 7.
STUDY COMPONENT 3
Entrepreneurship (a)
College will mark module 7
NO SUMMATIVE DUE
Step 7
Complete and submit
formative assignment and post
after module 7
Module 7 questions
module 8.
Entrepreneurship (b)
College will assess module 8
Complete and submit the
Complete and submit
formative and summative of
Step 8
summative assignment on
Module 8
component 3. Learner receives
Module 7 and 8
formative questions
results of component 3.
END OF 1ST YEAR
STUDY PLANNER
Expected
Suggested
time of
Type
REF
Heading/Description
Duration
completion
(in hours)

(learner to
complete)
1. RISK MANAGEMENT
Lesson
1.1

Introduction to risk management

Lesson
1.2
Types of Risk
2
Lesson
1.3
Risk Assessment and Evaluation
3
Lesson
1.4
Risk Mitigation and Response
2
Lesson
1.5
Impact of Legislation on Risk Management
3
Formative
1
Complete formative answer sheet (Blue Cover)
3

CHAPTER 1

RISK MANAGEMENT

IN THIS CHAPTER:


LESSON 1.1 :

INTRODUCTION TO RISK MANAGEMENT


LESSON 1.2 : TYPES OF RISK

LESSON 1.3 : RISK ASSESSMENT AND EVALUATION

LESSON 1.4 : RISK MITIGATION AND RESPONSE

LESSON 1.5 : IMPACT OF LEGISLATION ON RISK MANAGEMENT

AT THE END OF THIS CHAPTER YOU WILL BE ABLE TO:

1. Understand
business
risks;
2. Identify the broad factors driving risk;
3. Understand the interrelationship between elements responsible for success and the risk
of failure;
4. Advise on preventative measures and contingency planning; 5. Explain risk
management.

LESSON

1.1
LESSON 1.1
INTRODUCTION TO RISK MANAGEMENT

In this Lesson:

Management expert Peter Drucker argues that risk management – the ability to manage
the unexpected – is as important as entrepreneurship and business skills in propelling economic
growth.

A society that is able to control and cushion against disaster is better able to deploy its
resources towards economic and social advancement.

One of the duties of the directors of a company is to take risk for reward, which is the
essence of business. Risk governance is the responsibility of the board, but the implementation of
processes relating to risk is a management function.

A company must have and maintain an on-going risk assessment process, consisting of
risk identification, risk quantification and risk evaluation.
CONCEPTS AND VOCABULARY TERMS YOU NEED TO UNDERSTAND:
 Risk assessment: is the attempt to identify and quantify the risks faced when
undertaking a course of action. Where possible and affordable, the business might take out
insurance policies, though not all risks can be insured.
 Risk identification: is the attempt to determine and then quantify any threats to the
firm’s continued operations.
 Risk management: is the attempt to identify and plan for threats to the
organisation’s stability or profitability (see risk identification). Manager can apply a long-term
strategy or risk minimisation by addressing each of the main areas of risk.
9
© Business Management Training College (Pty) Ltd

INTRODUCTION TO RISK MANAGEMENT

1. UNDERSTANDING RISK

There are many meanings attached to “risk” and this means that very different approaches
to risk management are taken in different fields.
For
example:

The ISO 31000 (2009) /ISO Guide 73 definition of risk is the ‘effect of uncertainty on
objectives’. In this definition, uncertainties include:

events (which may or not happen) and

uncertainties caused by a lack of information

uncertainties caused by ambiguity.

This definition also includes both negative and positive impacts on objectives.

Another definition is that risks are future problems that can be avoided or mitigated,
rather than current ones that must be immediately addressed. Risk can be seen as relating to the
probability of uncertain future events.

In
information security risk is defined as “the potential that a given threat will exploit
vulnerabilities of an asset or group of assets and thereby cause harm to the organisation”

Financial risk is often defined as the unexpected variability or volatility of returns and
thus includes both potential worse-than-expected as well as better-than-expected returns.

In general, we may think of risk as: A situation involving exposure to danger.

Some examples of risks are:

Interruptions of the business cycle or business processes arising from government
regulation, economic conditions, social conditions, weather systems, natural disasters, and other
sources;

Unforeseen changes in existing strategic partnerships, key business relationships, and
vendor/supply sources;

Changing labour market conditions affecting labour force availability and costs;

Issues arising from integrations of computer systems, communications networks,
accounting systems, and other systems;

Access to information may be prevented by government or legal restrictions, privacy
concerns, or other frameworks that are put in place;

Security conditions might arise that affect operations.

LESSON

1.1

Example: Greenpoint Stadium

Two of the many factors that posed risks with the building of the Greenpoint Stadium
were:

What will happen when the Soccer World Cup is over? The cost of maintenance alone
means the city will continue to pour huge amounts of ratepayers’ money into the stadium for
years with no direct return.


Weather related risks.

Contractors building the multimillion-rand Green Point Stadium were bracing themselves
for a few months of heavy rains and gale-force winds, seven-and-a-half months ahead of the
deadline to complete the World Cup venue.

During a muddy walk-about on site one day, the project managers could see why one of
the key risk factors facing stadium contractors was winter.

At that point the main concern was the external works, and how they could seal the site to
make it “watertight” before the end of the month.

Following is a list of incidents that illustrate the devastating effects of the consequences
of event risks and of the need to manage risk effectively.

(Source: ‘Risk Management’ –AD Valsamakis, RW Vivian, GS du Toit)

Event
Cause
Consequence

Thalidomide was a widely
6 000 malformed babies

1959 -1961:
prescribed sedative drug that
were born in 20 countries.

Use of medical
caused genetic damage in the
The producer of the drug paid

drug Thalidomide babies of women who took the
compensation.

drug.

1960:
435 miners were trapped
A coal-mining disaster occurred

Coalbrook mining
underground and all attempts
when part of the mine collapsed.

disaster, SA.
to rescue them failed.

1988:
An explosion, resulting in fire and

165 men were killed, the
Piper Alpha off-
flowed by further explosions was
platform was destroyed and a

shore rig
caused by an operator error during total loss of approximately

explosion, North
restart after a safety valve had
R16bn was sustained.

Sea.
been removed.

1995:

A locomotive falls

A locomotive fell down a mine
down a mine
104 people killed.

shaft at speed
shaft, Vaal Reefs

mine, SA

A sophisticated terrorist attack was launched in the US when four

2001:
aircraft were hijacked, two of which crashed into the World Trade

Terrorist attack
Centre. This caused the twin towers to collapse and the deaths of

thousands of people.
11

INTRODUCTION TO RISK MANAGEMENT

1.2 RISK AND UNCERTAINTY

Two of the factors that make up risk, are uncertainty and levels of risk.

Uncertainty
implies
doubt about the future. We cannot predict the future, and we therefore feel uncertain
due to a lack of information. Uncertainty is very important when we talk about risk. If we are
sure that something is going to happen, it is not a risk, but a certainty.

If we are certain that something is going to happen, we cannot get insurance to cover it.

You may now ask, what about life assurance? We are all sure that we are going to die at
some time, so how can we buy life cover?

The answer is that although we have certainty that we will die at some time, we don’t
know when. It is due to this uncertainty that we can buy life assurance

EXAMPLES of risk that can or can’t happen:

You drive your car to work every day. You cannot tell if an accident is going to happen.

You have a house built, but it may burn down.

You work in an office, but it may be destroyed by a fire.

You feel OK today, but you don’t know if you are may suffer a heart attack or a stroke or
an accident. You don’t know when, if ever, it may happen.

Interest rates may change (increase or decrease)

In the book ‘Risk Management’ by AC Valsamakis, RW Vivian and GS du Toit, the

certainty-uncertainty continuum is illustrated as follows:

Level of uncertainty
Characteristics
Examples

Outcomes can be
Physical laws, natural
None (certainty)

predicted with precision.
sciences.

Outcomes are identified
Games of chance, cards,

Level 1:
and probabilities are
Objective uncertainty
dice.

known.

Outcomes are identified,
Level 2:
Fire, car accidents,

but probabilities are
Subjective uncertainty
investments.
unknown.

Outcomes are not fully

Level 3 :
Space exploration, genetic
identified an probabilities

Total uncertainty
research.
are unknown.
12

LESSON

1.1

A high degree of uncertainty, as at level 3, reflects a significant lack of understanding and
knowledge of the situation, resulting in a low level of confidence and assurance. Where there is
complete uncertainty, the prediction of possible outcomes is impossible.

Uncertainty, which is a condition that results from an inability to foresee future events,
has been recognised as affecting all walks of life. (Risk Management Ed 4)

1.3 LEVELS OF RISK

We know that there is a bigger chance that certain things may happen than others.
We can determine this in two ways:

Frequency

Severity

1.3.1 Frequency

Frequency
is
how often something happens.

Imagine a house that is situated next to a river that is known to overflow its banks when
heavy rain occurs. Now, imagine a house that is situated on a hill, 100
meters from the river. We do not know when the river will overflow, but we do know
which house is more likely to be flooded should the river overflow

Explanation:

If the river just overflows slightly, the possibility is greater that the first house will be
damaged. The second house will only be damaged if the river overflows severely. It is therefore
more likely that the first house will more often be flooded, due to its position next to the river.

1.3.2 Severity

Severity
is
how serious will it be if something happens?

Think about the two houses. If the first house is worth R 50 000 and the second R
500 000, will that change our attitude towards risk?

Remember, the risk that the first house will be damaged more frequently is higher, but,
should the second house be damaged, the costs of repair will be much higher because of the
higher value.
13

INTRODUCTION TO RISK MANAGEMENT

1.4 COMPARISON BETWEEN FREQUENCY AND SEVERITY

In many risk situations, there is a high frequency and a low severity of loss.

This means there are a high number of small losses, and relatively few big losses.

1.
Fire losses at houses

There are many more small fires at houses, but few big losses.
2. Vehicle
accidents

The average costs are relatively low, with a relatively small number of big claims.
3.
The cost of personal accident claims normally the cost is low, with few big claims.

Thousands of passengers make use of commercial airlines every day. How often do you
hear of aeroplane accidents? Air travel is a relatively safe way of travelling.
But, should an accident occur, it usually involves high costs, both in financial terms and
in loss of life.

High frequency, low severity

Low frequency, high severity

Technology can be developed to restrict the number of accidents. Automatic flying
equipment and electronic landing systems can serve as examples.

1.5 WHAT IS RISK MANAGEMENT

Risk management is defined as a set of principles and processes that help minimise the
negative impacts of risks and maximise the positive impacts. Risk management should identify
risks, assess them, determine a suitable response, and implement that response. In order for risk
management to be successful, it must be integrated into the culture and the day-to-day activities
of the organisation.

It is a managerial function aimed at protecting the organisation and its people, assets and
profits against the physical and financial consequences of risk. It involves planning, coordinating
and directing the risk-control and the risk-financing activities in the organisation. (Risk
Management Ed4)

The risk management process should be PACED:

Proportionate to the size of your organisation;

Aligned to your organisation’s mission;

Complete;

Embedded into the culture of the organisation and its day-to-day activities; 14
© Business Management Training College (Pty) Ltd
LESSON

1.1

Dynamic and responsive.

Some examples of risk management processes and plans:

House insurance

Disaster recovery plans

Succession planning

In simple terms Risk Management reduces the likelihood of project failure, be it
financial, schedule or performance based.

1.5.1 Why is Risk Management so important?

It is widely recognised that strategic, project and operational failures are all too common:

Only 28% of IT projects deliver on time and on budget. More than 25% fail to deliver at
all (source – PMI Risk symposium 2005)
According to the Project Management Institute, projects with a sound risk process can
expect a 15% higher success rate than standard projects.

17% increase in cost efficiency;

15% increase in schedule efficiency;

A single averted risk can pay for all risk management activity for that project.

By identifying and managing risks today, Project Managers can plan well ahead of the
problem’s occurrence.

1.5.2 Benefits of risk management

Any organisation that effectively manages risk will experience significant benefits
throughout a number of areas, including:

Improved strategic and business planning;

More effective use of resources;

Increased ability to deliver on time;

Reduced costs by limiting legal action or preventing breakages;

Improved reliability leading to an enhanced reputation;

An ability to quickly grasp new opportunities;

Fewer breakdowns, fewer shocks and fewer unwelcome surprises;

Enhanced communication between business units and departments;

The ability to reassure key stakeholders throughout the organisation;

The promotion of continuous improvement, leading to higher quality of output


A more focussed internal audit programme;

Robust contingency planning.

INTRODUCTION TO RISK MANAGEMENT

1.6 ESTABLISHING YOUR RISK MANAGEMENT CONTEXT

Each organisation is unique, and it is crucial that you identify the context in which your
risk management framework must operate.
Consider:

The regulatory or legal environment you operate in with respect to both internal
practices (e.g. labour laws and regulations, liability claims, etc.) and how you relate to your
customers and vendors.

Communication methods you will use to notify and communicate with your
stakeholders, as a range of techniques may be required to suit different stakeholder groups.

The size of the organisation in terms of the number of divisions, revenue of business
lines, size of markets, and budgets of functional groups.

Labour relations in the organisation.

The structure of the organisation, which can affect risk analysis, planning, and
implementation.

The culture of the organisation with respect to risk tolerance. Is your organisation a
conservative family business or an edgy risk-taker?

1.7 AREAS OF BUSINESS AFFECTED BY RISK

Risks are typically related to one of four areas:

The organisation’s long-term strategy (three years, five years, and beyond);

The way that an organisation manages change (for example, during mergers and
restructuring);

The day-to-day operations of the organisation;

The general financial health of an organisation.

Risk can be positive, negative, or neutral – simply a deviation from the norm. Risk is
often defined as an event or a consequence.

What happens if one area of a business fails?

Risk management is important in all areas of business. It is of no use if one area has all
the practices in place, while others neglect possible risks and have no risk management plans in
place.

We will look at the effect on the organisation if certain areas fail, for example product
development and project management.

LESSON

1.1
1.8 IMPACT OF RISK MANAGEMENT IN NEW PRODUCT DEVELOPMENT

If for example, a company develops new products, they face a number of risks and
challenges, some of which are:

Failure of the new product development process;

Failure of the product at the testing stage;

Problems in market acceptance;

Unsuccessful launch of the new product.

No one wants to see a new invention go sour when it hits the commercial market.
Reasons for a new product not doing well include appearance (people don’t like the size,
shape or colour) and price (price too high for what they get) To manage these types of risks, it is
important to remember that:

Commercial success happens long before a product is completely finished or designed.
As an inventor of new products, you should always develop ideas with
future commercialisation in mind. That way, you can avoid costly errors. For
example, if you have an interesting shape you can add to your invention, it will be more
marketable. You can file for what is called a design patent to protect that aspect of your product.
File this as soon as you come up with your new design.

Know the power of a good logo. People are literally bombarded with information and
products. How can you make yours stand out? And how do you need to adjust its design to best
do that? What about a trademark? This is like a brand name. If you come up with a good one, it
can be protected in a similar way as obtaining a patent for a product. What about colour? Just
because you can get a ton of product made cheaply in a certain colour doesn’t mean you should.
Colour choice is critical in the developing of new products. Do your research in this area.

Current trends and fashions. Last year’s ideas may not sell well this year.

Last and maybe most important is pricing. You need to know how much people will
pay for your invention before you perfect it. That way, you’ll make design and product
development choices that are in line with predicted mass production costs.

1.8.1 Impact of risk management on project management

Let us look at the impact of risk management on a new project in an organisation.

In project management, risk refers to future conditions or circumstances that exist outside
of the control of the project team that will have an adverse impact on the project if they occur.
Whereas an issue is a current problem that must be dealt with, a risk is a potential future problem
that has not yet occurred.

INTRODUCTION TO RISK MANAGEMENT

A reactive project manager tries to resolve issues when they occur. A proactive project
manager tries to resolve potential problems before they occur. This is the art of risk management.
Not all issues can be seen ahead of time and some potential problem that seems unlikely to
occur, may in fact occur. However, many problems can be seen ahead of time and they should be
managed through a proactive risk management process.

Identify all
Respond to
Control risks during

possible project
important project
the project and look

risks
tasks
for new risks

Create risk
Analyse all project

management
risks to see which ones
Create contingency

plan
are important.
plans for high risks

High level process flow

Everything in life has some degree of risk. Walking across the street can be risky.
Your projects have risks as well. The project manager should perform a risk assessment
with the project team and the client to identify high, medium and low level risks. If you are
lucky, you may find that you only have low risks. However, this assessment will alert the client
and the project team to any medium and high-level risks that may cause future problems.

Identifying risks on your project is not necessarily bad, since risks are common to all
projects. All projects have some degree of risk. Projects with a higher level of risk require more
rigorous risk management and more management focus.
Although not all risks can be eliminated entirely, most can be anticipated and managed
ahead of time.

The purpose of risk management is to identify the risk events for a project and then
establish a Risk Management Plan to manage the risk event and minimise harm to the project.

LESSON

1.1

A ten step risk management process:

Define the work

Issues
10.

5.
Procure-
ment
scope

Manage the
9.
schedule and

6.
Quality &
budget
Commu-
Metrics

nication

7.
8.

Risk
HR

Build the schedule and budget
2. THE RISK MANAGEMENT PROCESS

The key activities in the Risk Management process are:
1. Recognise
risks;
2. Evaluate
risks;
3.
Respond to significant risk;
4. Resource
controls;
5.
Plan the reaction;
6.
Report and monitor performance;
7.
Review the risk management framework.

2.1. Recognise risks

A large, complex organisation will require a formal, detailed risk identification process,
while for a small organisation, a short, informal process will be sufficient.

A template can be used to track and record all relevant information. Basic information
should include:


Risk identifier, such as a number;

Description of risk:

Classification (usually based on organisation’s business or operating units, but should be
customized for each organisation)

Why is it a risk?

Is this a hazard, opportunity, or uncertainty?

Tangible impact (people, time, money, etc.)

Non-tangible impact (reputation, morale, objectives, etc.)
19

INTRODUCTION TO RISK MANAGEMENT


Data gathered or studies completed

Timeline:

When might the risk occur?

How long could it last?

Could it reoccur?

What signals or alarms will we see?

Scope of risk:

What could happen as a result of this risk?

What is the likelihood of the overall risk and each consequence?

What data do we have about the consequences of this risk?


What other risks could occur from this risk?

Rate the impact (low, medium, or high) and the likelihood (likely, neutral, not likely)

Previous experience with this risk

Risk attitude: Organisational tolerance for the risk

2.2
Rank and evaluate risks

One method to use is the 3×3 matrix, which we will discuss later on in this module.

2.3. Respond to significant risks

There are generally four ways to respond to risks.

2.3.1 Risk avoidance is refusing to undertake, or abandoning a venture in which the risk
seems too costly.

Many people who would like to be self employed don’t start a business to avoid the risk
of loss.

Leasing rather than owning is a way to avoid ownership risk.

Using the corporate form of ownership is a way to avoid unlimited liability.

2.3.2 Risk prevention, is the practice of taking measures to minimise loss.

Smoke detectors and sprinkler systems help reduce fire damages without avoiding the
fire.

Safety programmes are designed to prevent accidents. Running a credit check helps
reduce bad debt expenses.

2.3.3 Risk assumption, Risk anticipation, or self insurance, is the practice of putting
money aside to cover losses that might occur. The loss may not occur, but if it does money is
available to help defer it. Self insurance is more common among large businesses than small
ones, but a growing number of small businesses are joining together to self insure.

2.3.4 Risk transfer or risk spreading is the practice of using insurance to cover 20

LESSON

1.1

losses. The best form of protection against many risks is the proper insurance. A
relatively small amount of money is required to insure against great loss.

During a specified time period, the insured business pays a premium to an insurance
carrier in return for a promise to receive a certain amount of money in the event of loss as
specified in the insurance policy contract.

Key
Considerations

Keep the following points in mind when choosing a mitigation strategy.

Any strategy should do as much as possible to ensure normal business practices are not
interrupted or are delayed as little as possible.

In any larger company a risk materialising will almost certainly require media
engagement to make announcements, clarify details, and provide on-going information to
stakeholders and the general public about what your organisation is doing. Managing the media
should be part of your plan.

Direct communication with stakeholders is critical. It should be either general but
informative, or very specific to the impact the risk has on them.

If there is any chance that people may be injured or worse, you should include medical
support in your planning. This can mean having an emergency response team standing by or
simply providing emergency support numbers to your staff.

Depending on the risk, you may be required by law to obtain insurance against it
occurring. If this is not the case but insurance is available you should perform a cost/benefit
analysis to determine if insurance should be part of your risk mitigation strategy.

2.4. Resourcing controls

Once a risk has been identified, and you have chosen to treat it, it’s time to look at
controls that can be put into place to mitigate the risk.

Possible controls can include:


Re-allocating existing people or equipment;

Additional people;

New equipment;

Skills and training;

New information;

Your evaluation should look at:
21

INTRODUCTION TO RISK MANAGEMENT


Does the control meet laws and regulations?

How well does each control mitigate the risk?

What is the cost of the control vs. the implementation benefit?

What is the sustainability of the control?

What changes might have to be made to this control?

What other effects will this control have?

2.5. Reaction planning

You should build a contingency plan for each major risk that has been identified.
What will you do if the risk does occur?

The plan should detail:

When:

How will we know when the risk will happen?


What will alarms look like?

When should we start acting?

Who:

Who has responsibility for this risk?

What other resources might they need?

Who else should be informed?

What:

What will happen when the risk occurs?

What will we do when the risk happens? (Depending on the risk, this plan could be very
detailed or very simple. A step-by-step, timed plan may be necessary.)

What consequences could the risk have?

What other risks might this event create?

Where:

Where is the risk going to happen?

2.6. Reporting and monitoring

When your organisation establishes its risk management framework, a reporting
hierarchy should also be established. Your reporting structure will differ depending on the
complexity of your risk management program. Some common setups include:

A part-time risk manager;

A risk management committee;

A full-time risk management champion;

A risk management team;

A risk management department with an internal audit team.
22

LESSON

1.1

Your organisation will need to develop a checklist of items that will need to be reported
on and monitored on a regular basis.

This checklist should include:

What data is to be gathered;

What form it is to be presented in;

Templates to be used;

When data should be gathered and reported;

Who is responsible for measuring, reporting, and monitoring.

Items that will need to be reported on include:

Changes to risks;

Near misses and incidents;

Changes that will affect the risk management program, such as legislative changes,
industry developments, and changes in supporting elements of risk planning.

Items that should be monitored include:

Effectiveness of risk controls;

Cost of controls vs. benefit achieved;

Laws and legislation;

Industry climate;

Alignment of risk management plan with corporate goals.

2.7. Review and Evaluate

A plan for periodic review and evaluation of the risk management framework is a critical
element of any risk management program. Typically a thorough review is performed annually.

Things that should be covered in the review process include:

Analysis of risk response measures and whether they achieved the desired result, and did
so efficiently;

Review of reporting and monitoring procedures;

Knowledge gap analysis for risk assessments (Were people able to find the information
they needed?);

Compliance check with appropriate regulations and organisations;

Opinions of key external and internal stakeholders;

Self-certification;

Risk disclosure exercise, to identify future risks;

Repeat of risk assessment;

Lessons learned;
23

INTRODUCTION TO RISK MANAGEMENT


Recommendations and implementation plan.

Remember, the review should be proportionate to your organisation. If your organisation
is small, an afternoon meeting to review your risk management program may be sufficient. For
larger organisations, the review process may take weeks or even months and require outside
assistance.

3. PROBABILITY OF RISK

A business must determine the probability of a loss occurring due to various perils.
This should be viewed in terms of:

The
crime situation in the country in case of theft, armed robberies and hijacking. e.g.
Statistics could indicate the probability of suffering these types of losses for similar types of
businesses like banks, retailers, and service providers like Transport companies.

The
ethical values of a community can also play a role. In some cases people may see it as
their right to “help themselves”

The
Legal System of a country. If people see the opportunity to “get away with crime”
because the Law does not deal with criminals effectively, crime may be rife.
E.g. in Moslem Countries, Islamic laws determine that thieves have their right arms
amputated by the shoulder. This is an effective way to prevent theft and create crime-free
societies.

The
Economic situation in a country. Poor and desperate people may have no choice but to
resort to crime.

The
situation on our roads in South Africa poses a great risk for accidents.
Research has recently indicated that South Africa may have as many as 3.5
million illegal, unlicensed drivers on our roads.

The
situation in similar industries or businesses can also indicate the probability of
suffering losses.

In case of natural disasters, certain areas or countries are more prone to be 24

LESSON

1.1
subject to certain types of disaster. Hurricanes, tornados and earthquakes could pose a
much higher risk in some countries than in others. South Africa is fortunate to very seldom

experience such disasters. Our mining activities, however, do cause earth tremors and
earth-moving activities.

NOTES:

LESSON

1.2
LESSON 1.2
TYPES OF RISK
In this Lesson:
The types of risks that should be considered includes activities, decisions and events that
may impact on the operating profit and finance of the venture and may lead to different levels of
failure.
Typical risk types to be considered include the following:
 Inherent venture risks;
 Incidental venture risks;
 External venture risks;
 Venture process risks; and
 Information and decision-making risks.
CONCEPTS AND VOCABULARY TERMS YOU NEED TO UNDERSTAND:
 Risk management includes the processes concerned with identification,
analysing and responding to risks. It includes both minimising the impact of adverse
events and maximising the likelihood of positive outcomes.
Project risk management includes the processes of risk assessment, risk mitigation and
risk response.
 Risk is the expected losses (economic, time, infrastructure or resources) that a
particular phenomenon might cause.
 Risk probability in a project can be defined as the degree to which the risk event is
likely to occur.
 Risk assessment is the identification, quantifying and evaluation of the
probability of the occurrence of risk events and the impact of the risk events on the
project.
 A financial instrument is either cash; evidence of an ownership interest in an entity;
or a contractual right to receive, or deliver, cash or another financial instrument.
 Credit risk is an investor’s risk of loss arising from a borrower who does not
make payments as promised.

 Market risk is the risk that the value of a portfolio, either an investment portfolio
or a trading portfolio, will decrease due to the change in value of the market risk factors.
27

TYPES OF RISK

1. RISK CAN BE QUANTITATIVE OR QUALITATIVE.

1.1 Quantitative
risks are those that can clearly be quantified. They have an impact on time, people,
money, or other resources. An example could be lost revenue, lost production, or delayed time.

1.2 Qualitative
risks are those that cannot easily be clearly quantified. This may be because you do not
have sufficient historical data to determine the likelihood of the risk and/or its impact is not
understood well enough for a qualitative impact to be associated with it.

An example: Your organisation is opening an oil rig in a new area. You have no concrete
data for this particular type of machinery in poor weather, but you do know that other facilities in
the area have their production affected in varying amounts each year because of weather.

You should always strive to make all qualitative risks quantitative, if possible, by
collecting and analysing data.

2. RISK CAN FURTHER BE CATEGORISED ACCORDING TO THE GROUP OR
ENVIRONMENT THAT IS AFFECTED.

2.1. People related risks

The workplace constitutes a dynamic environment consisting of people who have
different personalities, values, cultures and ethical values.

It is vital that personnel should share common values and goals that bind them together in
an attempt to achieve the organisation’s goals and objectives.

The corporate culture should provide guidance to personnel to work together in order to
achieve these goals and objectives in an organised way.

The organisation faces great risks if sound relationships amongst personnel are hampered
with inter-group conflict and stress.

In the end, it is not only the people, but the organisation too, that will suffer from risks
associated with interpersonal relationships.

LESSON

1.2
2.1.1 Inter-group
conflict

Causes of inter-group conflict and collaboration are varied. Some of the more significant
factors generating inter-group conflict are:

2.1.2 Personality
conflict

Different backgrounds, different management styles, religions and values can cause
conflict.

2.1.3 Conflicting
ideas

Two different, but interrelated departments could have totally different values, attitudes
and approaches to problem solution.

Conflict may be the result of workers believing that the company is pushing productivity
for as little remuneration as possible, while management may believe that the workers are lazy,
doing less than a fair day’s work for a fair day’s pay.

2.1.4 Empire
Building

Inter-group conflict can be the result of competition between groups for power in the
organisation. Each group worked on the assumption that one group’s gain was another group’s
loss.
Competition
between the groups is destructive and on-going, as information may be jealously guarded,

and it is not uncommon to find one group deliberately misleading the other group, in the hope to
gain some advantage.

2.1.5 Personal
Background
Dissimilar
groups, like accountants and advertising staff, do not only have different backgrounds,
experience, values, beliefs etc., but they can even dress differently.
Conflict regularly arises as a result of dissimilarities.

2.1.6 Group
Cohesion

It is not uncommon to find conflict within a particular group.

The disadvantage for the group will be that it will be forced to devote energy to sustain
its own existence and be unable to take a united stand in the face of opposition.

This conflict may cause the group to lose its sense of identity and purpose.

Other groups may take advantage of the group in conflict.

For cohesion to endure, it is essential that the group resolves its own internal conflict.

2.1.7 Authority and status

A common reason for inter-group conflict is inconsistency or incongruence between the
authority and status of interacting groups.

TYPES OF RISK

Such conflict generally becomes totally dysfunctional and destructive and is common
where there is an imbalance in the power of the leadership of two interacting groups.

If a lower status group has a stronger leader than a higher status group, conflict will
occur.

2.1.8 Work

flow

Work flow is the basis for organisation design.

The critical question in designing the structure is “who does what, with whom, when,
where and how often”.

The emphasis is on the person-to-person flow of work.

The work flow which can be considered as a single supervisory unit should be
consolidated and given to one person or one group to perform.

3. REDUCING THE RISK OF CONFLICT

Before considering methods of reducing inter-group conflict it must be realised that not
all conflict is dysfunctional or abnormal. Under most conditions, groups compete for scarce
resources, status, power, influence and authority. The competition can be satisfying to the groups
and may improve productivity. Only when inter-group competition becomes destructive does
dysfunctional conflict exist. When this occurs, a variety of methods may be used to reduce
conflict.

An effective way of reducing inter-group conflict is through the introduction of a
super ordinate goal.

This is a goal, which appeals equally to both conflicting groups and is one that cannot be
achieved by one group acting alone or in opposition to the other group. Normally, a super
ordinate goal transcends the lower level goals of the two interacting groups.

However, it is frequently difficult to find meaningful super ordinate goals, which are
more important to interacting groups, then their internal goals. But this concept operates well in
companies that have been taken over. The acquired company may have existing conflict between
sales and production, yet in the new circumstances both departments may be in danger of
elimination. In order to survive they may start working together. In this case, self-preservation
becomes the super ordinate goal for the two groups.

30
LESSON

1.2

Related to the concept of the super ordinate goal is the strategy of defining a common
enemy for both groups. Confronted with an external threat, two conflicting groups may begin
collaborating to destroy a common danger. This situation is frequently observed in wartime when
two conflicting units in the same division unite in the face of the enemy.

Effective
inter-group collaboration requires the existence of the norm of reciprocity. Here
reciprocity means that the rights of one group against another imply a duty of the first group to
the second group, and vice versa. Reciprocity is more than mere obligation; it implies a
conscious recognition of moral duties between groups. When the norm of reciprocity operates,
each group consciously strives to maintain debt and duty obligations to ensure effective
interaction and avoid exploitation. This norm of reciprocity means that all inter-group relations
should possess an element of continual indebtedness. In short, favours should never be totally
repaid if the interacting groups are to continue to relate effectively. This continual state of mutual
indebtedness is seen as a stabilizer of social systems.

A further method of reducing inter-group conflict is through arbitration. This
requires the use of an outside judge to evaluate the nature of the conflict and rule in favour of
one of the groups. The outside judge should be perceived as impartial and should be respected by
both groups. This method of resolving inter-group conflict seldom improves relations between
the two groups. The judge’s decision must either be a compromise verdict or a ‘win lose’
decision. In the first case, both groups may be dissatisfied with the decision, while in the second,
the losing group is likely to feel hard done by and the winning group openly rejoices.

The main advantage of arbitration is that it can bring to a conclusion a problem that has
plagued an organisation for a long period.

Finally
inter-group
conflict can be reduced through creating an environment in
which the conflicting groups meet to air their differences.

Sensitivity training or encounter sessions have been used effectively by quite a number of
companies in recent years. The object of T-Groups is to allow both the groups and their
individual members to provide feedback on their attitudes and perceptions about each other.
Through frank discussion, groups come to understand and resolve their conflict.

Disadvantages in this form of conflict resolution are that it can be: a)
time-consuming and
b)
also may not necessarily improve understanding or resolve conflict.

TYPES OF RISK
4. ROLE OF COMMUNICATION IN MANAGING PEOPLE-RELATED RISK

A communication system that allows employees to be informed about company actions is
a strong factor in creating high employee morale.

An effective two-way communication system provides employees with the
opportunity to be involved in company matters.

It provides managers with insight into employee attitudes toward the company.

In many small businesses, most communication is exchanged on a face-to face basis
because the manager has direct, personal contact with employees.
The manager plans the work, gives instructions, and evaluates jobs to see that they are
done properly. Other forms of communication are non-personal and may be written or visual
(posters, for example).

The manager must realise that effective communication does not occur accidentally but is
the result of conscious effort by the manager to build an effective communication system.

Some guides for creating effective communication are:
1.
The manager encourages employees to express their ideas and opinions.
2
The manager listens with understanding to ideas, suggestions, and complaints.
3.
The manager keeps people informed on changes in policies and procedures and all other
matters affecting their work.
4.
The manager keeps informed on how employees are feeling and what they are thinking.
5.
The manager encourages two-way communication.
6.
The manager gives recognition for good work and expresses appreciation for jobs well
done.

7.
Communication messages should be accurate, definite, simple, and suitable for the
occasion.
8.
The manager explains the “why” of decisions.
9.
Communication messages should not contain any hidden messages. They should be
clearly and effectively stated.
10. The manager should create a climate of trust and confidence by reporting facts
honestly to employees.

32
LESSON

1.2
4.1
Building Positive Employee Relationships

Small business managers should recognise the uniqueness of their firms. They can
contribute greatly to improving employee relations by being aware of the following specific
suggestions:

Improve your own general understanding of human behaviour.

Accept the fact that others do not always see things as you do.

In any differences of opinion, consider the possibility that you may not have the right
answer.

Show your employees that you are interested in them and that you want their ideas on
how conditions can be improved.


Treat your employees as individuals; never deal with them impersonally.

Respect differences of opinion.

In so far as possible, give explanations for management actions.

Provide information and guidance on matters affecting employees’ security.


Make reasonable efforts to keep jobs interesting.

Encourage promotion from within.

Express appreciation publicly for jobs well done.

Offer criticism privately in the form of constructive suggestions for improvement.

Train supervisors to be concerned about the people they supervise in the same way as
they would be about merchandise or materials or equipment.

Keep your staff up-to-date on matters that affect them.

Quell false rumours and provide correct information.

Be fair!

4.2
Risks associated with workplace skills include:


Financial risk;

Compliance;

International competitiveness and quality management;

Reputation.

It is clear that any organisation requires skilled and competent employees to work
together to achieve the organisation’s goals and objectives.

In South Africa, labour legislation makes it compulsory for organisations to train and
develop their workforces.

TYPES OF RISK

The strategy is based on the four most recent pieces of labour legislation:

The Skills Development Act;

The Skills Development Levies Act;

The SAQA Act;

The Employment Equity Act.

Specialised skills are scarce, and companies face a huge risk in loosing skilled workers to
competitors, other companies and to foreign companies.

Research shows that currently, 10 000 South African medical personnel have left South
Africa. The prospects overseas are much more attractive than in South Africa, and it is doubtful
if these skilled people will ever return.

The policy of Affirmative Action in South Africa makes it even more unlikely that they
would ever return, as the prospects of employment for them are very slim if they are not part of
the designated groups.

Companies wanting to retain skilled workers must develop a plan of action to motivate
their workforce to stay. Good, healthy working conditions, competitive remuneration packages,
fringe benefits, recognition, promotion opportunities and job security rate amongst the most
important factors that ensure job satisfaction.

4.3
Financial risk (associated with workplace skills)

Companies can suffer great financial losses due to unsuitably skilled and untrained staff.
A lack of knowledge and training can result in accidents that not only involve the employee, but
also colleagues, customers and members of the public. Many incidents have been reported where
the causes were contributed to human error.
These could have been as a result of ignorance, negligence or incompetence.
These companies run the risk of being held liable for damage, injury or death.

4.4 Compliance
(Associated
with people-related risks)

Competent and knowledgeable employees will know the legal requirements and
obligations regarding registration, tax, employment, and safety. Non-compliance may result in
hefty fines for the organisation.

34
LESSON

1.2
4.5
International competitiveness and quality management

Skilled, competent employees will know what is required to be internationally
competitive. Quality standards must be adhered to, as the company may suffer severe losses if
export consignments are returned due to quality discrepancies.

4.6 Reputation

Untrained employees may not realise the importance of their actions regarding the
reputation of the company. Unqualified and untrained staff can tarnish the image of an
organisation, which could result in a company losing customers, and getting a bad reputation.
The Public Service Sector in South Africa is a good example of this.

5.
FINANCIAL RISK

Financial risk includes insufficient funding to construct the required infrastructure and
facilities, inaccurate (that is, underestimating) capital and operating cost estimates, inaccurate
estimating (that is, overestimating) of possible revenue flows.

Financial Risk arises as a result of exposure.

Exposure to financial markets affects most organisations, either directly or indirectly.
When an organisation has financial market exposure, there is a possibility of loss but also an
opportunity for gain or profit. Financial market exposure may provide strategic or competitive
benefits.

Financial risk is the likelihood of losses resulting from events such as changes in market
prices. Events with a low probability of occurring, but that may result in a high loss, are
particularly troublesome because they are often not anticipated.

Since it is not always possible or desirable to eliminate risk, understanding it is an
important step in determining how to manage it.

Identifying exposures and risks forms the basis for an appropriate financial risk
management strategy.

TYPES OF RISK
There
are
three main sources of financial risk:
1.
Financial risks arising from an organisation’s exposure to changes in market prices, such
as interest rates, exchange rates, and commodity prices 2.
Financial risks arising from the actions of, and transactions with, other organisations such
as vendors, customers, and counterparties in derivatives transactions.
3.
Financial risks resulting from internal actions or failures of the organisation, particularly
people, processes, and systems.

Example

It is easiest to understand these risks with an example. Assume you have a financial
consulting business that is based in S.A. You advise individuals on where you invest their
retirement money. You decide to expand globally, and look to open a branch in the United
Kingdom.

– Currency Risk: Your business’s primary operations are in SA Rand, but in the UK you
will be paid in British Pounds. The exchange rate between a SA Rand and British Pound
fluctuates daily, meaning your earnings in Pounds once repatriated into Rand can vary
substantially over time. As an example, say 1 British Pound = R 10.00 when you invest your
money in pounds. If the value of 1 British Pound fell to R 5.00 Dollars over the time of your
investment, then your earnings (in Rand terms) would be halved! Corporations frequently use
foreign exchange contracts to hedge against currency fluctuations.

– Compliance/Regulatory Risk: You must comply with the requirements of your host
country. In South Africa, your financial firm complies with FICA and FAIS rules and the FSB.
(Financial Services Board). When you open a London branch, you must comply with the FSA
regulatory body and the laws of the UK that govern your business. All your employees must be
compliant with the local laws as well. Your compliance with local laws and regulations makes
you subject to fines, litigation, and reputational risk in both your host country and South Africa.

– Tax Risk: You must comply with the tax laws of South Africa. You are subject to
changes in their tax code, which may adversely affect your business. You may be “double taxed”
by both your host country and the country where your business is based.

– Political Risk: If you decide to open a branch in country where a newly-elected socialist
government decides that all financial firms should be state-owned, your financial firm can be
seized by the government with no recourse to you. Political risk is generally viewed to be a
bigger problem in emerging markets than in first world countries.

Financial risk management is the practice of creating economic value in a firm by
using financial instruments to manage exposure to risk, particularly credit risk and market risk.

Note:
A
financial instrument is either cash; evidence of an ownership interest in an entity; or a
contractual right to receive, or deliver, cash or another financial instrument.
36
© Business Management Training College (Pty) Ltd
LESSON

1.2

Credit risk is an investor’s risk of loss arising from a borrower who does not make
payments as promised.
Market
risk
is the risk that the value of a portfolio, either an investment portfolio or a trading
portfolio, will decrease due to the change in value of the market risk factors

6.
STRATEGIC RISK

Strategic risk is the current and prospective impact on earnings or capital arising from
adverse business decisions, improper implementation of decisions, or lack of responsiveness to
industry changes. This risk is a function of the compatibility of an organisation’s strategic goals,
the business strategies developed to achieve those goals, the resources deployed against these
goals, and the quality of implementation. The resources needed to carry out business strategies
are both tangible and intangible. They include communication channels, operating systems,
delivery networks, and managerial capacities and capabilities. The organisation’s internal
characteristics must be evaluated against the impact of economic, technological, competitive,
regulatory, and other environmental changes.

6.1
Common Strategic Risks

External
Risks

Competition

Market changes

Human Resource Risks

Knowledge

Staffing

Employee theft

Financial
Risks

Cash flow

Capital


Price pressures

Structural
Resource
Risks

IT systems

Proprietary information

Regulatory actions

TYPES OF RISK

Physical Resource Risks

Disasters

Bottlenecks

Relationship Risks

Reputation

Supply chain

6.2
A Real-World Example of Strategic Risk

To get past the theory, it is helpful to consider one real-life example of compounding
strategic risks that derailed a successful community hospital. Note that this hospital suffered for

two reasons – it did not identify and monitor risk and it had no systems in place to adapt to
uncertainty.

A Real-World Example of Strategic Risk

Medi-Serve Medical Centre (MSMC) was the market leader in a small community.

It held a sizable advantage in both market share and community perception relative to its
competitor, Central Hospital (CH). MSMC was recognised regionally for its ability to provide
cutting edge technology, attract leading specialists, and adopt new management techniques. It
had a clear strategy based on these factors and had held a superior market position for years.
However, this strategy—like all others—was based on assumptions.

In this case, two key assumptions revolved around competition and physicians. CH

tended to compete on customer service and had a competent medical staff that was
mostly loyal and did not practice at MSMC. CH did not pursue higher-end specialty services.
The physician assumption at MSMC revolved around physician satisfiers; MSMC specialists
were assumed to value access to cutting-edge technology and the reputation that a practice based
at MSMC afforded. These assumptions drove MSMC

strategies: continue to be a full service provider, continue to invest in technology, and
emphasize research and productivity. Unfortunately, CH did not operate as MSMC

assumed it would and set in motion changes that introduced significant strategic risk for
MSMC.

CH was not content to be an afterthought in market share or profitability. It realized that
to compete, the organisation would have to begin offering higher-end specialty services and take
share from MSMC. CH decided to upgrade its technology in select areas and approached MSMC
physicians with a different “value proposition.”
This value proposition was based upon quality of life. CH offered better call
arrangements and greater convenience as only a select number of specialties were targeted.
Because of this focus, specialists were able to obtain better OR times, could secure convenient
office space, and were generally treated with better
customer service. The result was that over a matter of months, a number of key
physicians left MSMC for CH. Patient volume followed and CH gained financially. In a short
period of time, CH had pulled close to even in market share for key services.

This clearly surprised MSMC, which had not considered possible risks and was therefore
not evaluating and monitoring these uncertainties. Even worse was their response after the shift
in physician practice. At a trade group meeting, an MSMC executive mentioned to the crowd

that his organisation had faced a downturn, adding that MSMC would address the situation
during its next strategic planning cycle (four months away).
Meanwhile, MSMC continued to implement its original strategies, despite knowing the
assumptions upon which those strategies were built had drastically changed. MSMC

never did recover lost share.
38

LESSON

1.2

Strategic risk includes new technologies that can render your products obsolete, and
sudden shifts in customer tastes that could radically change your industry. A company that does
not have a proper framework for strategic risk could be in danger.

To avoid this, aim to apply effective countermeasures for each form of strategic risk. For
example, to protect against dangerous shifts in customer preferences, gather and analyse
proprietary information to detect signs of change. Then conduct fast, cheap experiments to
identify attractive offerings for different customer micro-segments.

The heart of Strategic Risk is the capture of information about the organisation and its
operations. This includes the company’s aims and objectives. Once the information has been
captured it must be organised and the risks associated with each part thoroughly assessed.

Once the risks have been assessed, work can begin on planning the management of the
risks. This often leads to a fresh approach to strategic planning within the organisation.

7.
COMPLIANCE RISK

Regulatory compliance describes the goal that corporations or public agencies aspire to in
their efforts to ensure that personnel are aware of and take steps to comply with relevant laws
and regulations.

The Compliance Institute of SA Institute has developed a Generally Accepted
Compliance Practice framework (GACP) – a set of principles, standards and guidelines that act
as a benchmark for compliance best practice that organisations and their Compliance Officers
should apply. A first of its kind in the world.

Compliance risk is the current and prospective risk to earnings or capital arising from
violations of, or non-conformance with, laws, rules, regulations, prescribed practices, internal
policies, and procedures, or ethical standards. Compliance risk also arises in situations where the
laws or rules governing certain bank products or activities of the Bank’s clients may be
ambiguous or untested.

This
risk exposes the institution to:

Fines;

Civil money penalties;

Payment of damages;

The voiding of contracts.
39

TYPES OF RISK

Compliance risk can lead to diminished reputation, reduced franchise value, limited
business opportunities, reduced expansion potential, and an inability to enforce contracts.

7.1
Quantity of Compliance Risk Indicators

The following indicators should be used when assessing the quantity of compliance risk.

Low

Violations
or
noncompliance
issues are insignificant, as measured by their number
or seriousness.

The institution has a good record of compliance. Compliance management systems are

sound and minimise the likelihood of excessive or serious future violations or noncompliance.

Moderate

The frequency or severity of violations or noncompliance is reasonable.

The institution has a satisfactory record of compliance. Compliance management systems
are adequate to avoid significant or frequent violations or noncompliance.

High

Violations or noncompliance expose the company to significant impairment of
reputation, value, earnings, or business opportunity.

The institution has an unsatisfactory record of compliance. Compliance management
systems are deficient, reflecting an inadequate commitment to risk management.

7.2
Quality of Compliance Risk Management Indicators

The following indicators should be used when assessing the quality of compliance risk
management.

LESSON

1.2

Strong

Management fully understands all aspects of compliance risk and exhibits a clear
commitment to compliance. The commitment is communicated throughout the institution.

Authority and accountability for compliance are clearly defined and enforced.

Management anticipates and responds well to changes of a market, technological, or
regulatory nature.

Compliance considerations are incorporated into product and system development and
modification processes, including changes made by outside service providers or vendors.

When deficiencies are identified, Management promptly implements meaningful
corrective action.

Appropriate controls and systems are implemented to identify compliance problems and
assess performance.

Training programs are effective, and the necessary resources have been provided to
ensure compliance

Compliance management process and information systems are sound, and the Bank has a
strong control culture that has proven effective.

The Bank privacy policies fully consider legal and litigation concerns.

Satisfactory

Management reasonably understands the key aspects of compliance risk. Its commitment
to compliance is reasonable and satisfactorily communicated.

Authority and accountability are defined, although some refinements may be needed.

Management adequately responds to changes of a market, technological, or regulatory
nature.

While compliance may not be formally considered when developing products and

systems, issue are typically addressed before they are fully implemented.
41

TYPES OF RISK

Problems can be corrected in the normal course of business without a significant
investment of money or management attention. Management is responsive when deficiencies are
identified.

No shortcomings of significance are evident in controls or systems. The probability of
serious future violations or noncompliance is within acceptable tolerance.

Management provides adequate resources and training given the complexity of products
and operations.

Compliance management process and information systems are adequate to avoid
significant or frequent violations or noncompliance.

Privacy policies adequately consider legal and litigation concerns.

Weak

Management does not understand, or has chosen to ignore, key aspects of compliance
risk. The importance of compliance is not emphasized or communicated throughout the
organisation.

Management has not established or enforced accountability for compliance performance.

Management does not anticipate or take timely or appropriate actions in response to
changes of a market, technological, or regulatory nature.

Compliance considerations are not incorporated into product and system development.

Errors are often not detected internally, corrective action is often ineffective, or
Management is unresponsive.

The likelihood of continued violations or noncompliance is high because a corrective
action program does not exist, or extended time is needed to implement such a program.

Management has not provided adequate resources or training.

Compliance management processes and information systems are deficient.

LESSON

1.2

Privacy policies are non-existent or do not consider legal and litigation concerns.

Careful consideration must be given to legislation that regulates a particular industry,
and how non-compliance may affect the organisation.

The different categories of legislation are:

General Regulating Legislation;

Financial Regulating Legislation;

People Regulating Legislation;

Sector Regulating Legislation.

Company Policies, Practises and Systems must ensure compliance to all applicable
legislation, and risk management must be applied.

Risks that cannot be mitigated should be avoided as far as possible. Insurance cover must
be adequate to provide cover for any eventuality that may occur.

We will discuss the impact of legislation on the management of compliance risk in lesson
1.5.

7.3
The following categories of liability may arise from non-compliance in specific
areas:

7.3.1 Legal
liability

Injury or harm to customers due to your negligence may result in a public liability claim
against your company. You may be sued by a customer for harm caused by a product, that you
provided to them, whether you only sold the product, or manufactured it. As a professional
practitioner, like a doctor, you may be held liable should an operation go wrong due to your
negligence.

Legal Liability Cover provides protection against Public liability.

Product liability and Professional liability claims against the company.

The Personal Liability policy offers indemnity to the insured or a member of his family
who stays with him, regarding legal liability claims

7.3.2 Personal
liability

You cross a road without looking to see if there is oncoming traffic. In an attempt to
avoid hitting you, a car crashes into a wall. The owner can claim from you for his damages. Your
Personal Liability cover will pay for his damages. The Insured will therefore be identified.
43

TYPES OF RISK

This liability cover is included in the house owner’s policy. It can be specifically for
something that happens at the Insured’s property, but can also include other liability that may
occur away from the Insured’s property. You may be sued by a customer for harm caused by a
product that you provided, whether you only sold the product, or manufactured it. Restaurants
and companies selling food are especially vulnerable

7.3.3 Public
liability

A company may be held liable if negligence can be proven against it by a member of the
public for death, injury or harm.

The premises of a company may pose risks to the public. The surface of the floor in a
store is very slippery due to cleaning the floor, but no warning is given. An elderly lady falls, and
breaks her hip. She needs a hip replacement operation. The total cost amounts to R200 000. She
can hold the Company liable for these costs.

7.3.4 Professional Indemnity

Professionals like doctors, need to have professional indemnity cover to protect them
from liability claims against them.

Dr. A is a very competent doctor. He performs an amputation of a patient’s right arm,
instead of the left arm. The patient sues him for negligence. His Professional Indemnity cover
should pay the claim.

7.3.5 Contractual
Liability

Co-Contractors
Where
co-contractors
are liable on a contract their liability may be ‘joint’ or ‘joint and several’.

a) ‘Joint’
liability (or pro rata liability) is the liability of each co-contractor to pay only his
proportionate share of the debt.

Where two persons have bought land together , but without specially rendering
themselves liable in solidum, and one of the purchasers leaves the country, the other, who has
paid his ful share of the purchase price, cannot be compelled to pay the balance due by the

absentee purchaser’

LESSON

1.2
b)
‘Joint and several’ liability (or liability in solidum) is the liability of each co-contractor
to make the full performance of the obligation himself So the creditor can recover the whole
amount of the debt from whichever co-debtor he wishes.

If the creditor gives a personal discharge to any one of the co-debtors, the debt is not
extinguished. The remaining co-debtors remain liable, but their liability is now reduced to the
amount of the debt, less the proportionate share of the released co-debtor.

To clarify the position, suppose A, B, and C are co-contractors liable in terms of a
contract to pay R3 000 to X.

Since the general rule is that co-debtors are jointly liable in the absence of any special
provision, X can recover only R1 000 from each of A, B, and C.

But if they are jointly and severally liable to X, X may recover R3 000 from either A, B,
or C (of course not from each). If X recovers the sum from A, A may claim the proportionate
share (R1 000) from each of B or C.

Should X release one of the co-debtors, say A, from his obligation, X will then, on the
principle of Dwyer v Goldseller (supra), be able to recover only R2 000 from either B or C.
Should either pay, he will, of course, be able to recover R1 000 from the other.

The
following
co-contractors
are automatically jointly and severally liable (unless
agreed otherwise): joint acceptors, drawers; and endorsers of bills of exchange sureties
partners.

Negligence is a wrongful act that injures the person, property or reputation or another,
and entitles the person who suffers from the wrong to claim damages in compensation from the

person who caused the injury.

A while ago a supermarket received threats that certain of the products on their shelves
had been poisoned. These brands were identified.

They however, continued to sell these products to an unsuspecting public. Only after
people got sick, did they go public and admitted that this has happened.

This was pure negligence, and the supermarket (or their Insurers) would have been liable
if someone had died.

TYPES OF RISK
Negligence

It is when someone else becomes liable in place of somebody.

Mr. X falls asleep behind the wheel of his car. He not only crashes into another vehicle
that is worth R500 000, but both cars end up in the living room of a house.
Both cars are completely destroyed, and extensive damage is caused to the house and its
contents.

Fortunately, Mr. X had insurance. The Insurance Company of each party will become
vicariously liable for the damage. If the 2 innocent parties were not Insured, they will be able to
claim from Mr. X’s Insurer.

Code of good practice

A code of conduct is a set of principles based on an organisation’s core values and their
business philosophy.

Codes of conduct are written in the manner of company policies. The code of conduct is
usually brief and provides general guidelines. Individuals can also interpret the code of
conduct differently from one another. A code of conduct is a set of ethical rules, which
employees must abide by so that they know what is acceptable and non-acceptable behaviour in
the work place, where they are currently employed.

Look at the following examples:

Some people will never steal stationery from a store, but will not think it is stealing when
they take stationery from the office for themselves.

Some people will take time off work and say that they are ill, but they are actually in
good health.

In compiling a code of conduct for employees, the following aspects must be included
and thoroughly thought of by the organisation before putting such a code of conduct in place:
1. Define
the
moral and professional behaviour of employees.
2. Define
the
standards of employees’ performance to be met in delivering a product or a service.
3. Define
the
manner in which perks, gifts and favours are accepted.
4. Define
the limits of the employees’ private interests.
5. Define
the
manner
in which employees treat the public and the organisation’s clients.
6. The
accepted
norms and values of the community in which the business operates must be honoured.
46

LESSON

1.2
7.
The code of conduct must be specific and not vague.



Management must ensure that employees adhere to the code of conduct.

Employees must also make sure they understand and adhere to this code of conduct.
If not, employees must understand that they will face disciplinary action

Employees must have a clear understanding of what will happen if they disobey the code.

Employers must also ensure that when employees are not sure what ethical behaviour is
expected of them in certain situations that they (employees) are briefed.

8. OPERATIONAL RISK

Operational risk is the risk of direct or indirect losses resulting from:

Inadequate internal processes or systems

Failed internal processes or systems,

Human factors

External events

Operational risk is thus the risk of failure, or near failure, of critical business processes
and their underlying operational systems and data. Operational risk is typically not taken in
return for expected reward, but exists in the natural course of corporate activity.

The most important types of operational risk involve breakdowns in internal controls and
corporate governance. Such breakdowns can lead to financial losses through error, fraud, or
failure to perform in a timely manner or cause the interests of the company to be compromised in
some other way. Other aspects of operational risk include major failure of information
technology systems or events such as major fires or other disasters

Major
sources of operational risk include:

Fraud;

Regulatory compliance;

Recruitment;

Training and retention of talent;


Operational process reliability;

Information technology security;

Outsourcing of operations;

Dependence on key suppliers;

Implementation of strategic change;
47

TYPES OF RISK

Integration of acquisitions;

Human error;

Customer service quality;

Regulatory compliance;

Social and environmental impacts.

The term Operational Risk Management (ORM) is defined as a continual cyclic process
which includes risk assessment, risk decision making, and implementation of risk controls,
which results in acceptance, mitigation, or avoidance of risk Operational Risk Management
analyses and manages the firm’s risk of monetary loss resulting from inadequate or failed internal
processes, people, and systems, or from external events. Operational Risk Management
procedures will be discussed later on in this module.

9. OTHER GENERAL RISKS ARE:

Political risks. These include official support and guarantees promised that do not
materialise, the use of the company as a political ‘football’ between parties in order to garner
votes, takeovers of a privately run company by authorities when political gain seems likely.

Minority or majority exclusion risks. These are derived from a need to provide for

empowerment, skills training and capacity building, affirmative action dictating the selection of
key personnel, and procurement procedures that may lead to increases in the price of supplies
and in cost of construction.

‘White elephant’ risks. These are incurred through the building of inappropriate, over
scaled structures necessary for some event but unsustainable after it.

After-the-ball-is-over ‘hangover’ risks. These are incurred when people wake up to
the fact that the party is over and that life as usual must be resumed, coupled with the on-going
need to manage many new and upgraded facilities and infrastructure.

Sport facilities erected for the World Cup that may be underutilised after the event.

Environmental impact risks. Problems experienced include over-loading of the
capacity of infrastructure and bulk services, water, waste, air and noise pollution, and
despoliation of natural and cultural resources.

LESSON

1.2

Transport system/infrastructure risks. An event may result in development of new
infrastructure and demand management systems that cannot be managed after the event when
staffing levels will go back to normal.

NOTES:

LESSON

1.3
LESSON 1.3
RISK ASSESSMENT AND EVALUA
EV
TION
ALUA

In this Lesson:

Risk assessment is the identification, quantification and evaluation of the probability of
the occurrence of risk events and their impact of the risk events.
Risk assessment addresses issues such as: What can go wrong? How likely is this to
happen? If it does happen, what are the consequences? In essence risks assessment is both
proactive and reactive measures to risk management.
1. IDENTIFYING OR RECOGNISING RISKS IS THE FIRST STEP OF THE RISK
MANAGEMENT PROCESS.

1.1 Identifying
Risks

How do you identify risks?

Using real or hypothetical case studies

Drawing on personal and organisational experience


Looking at similar projects and learning from their experience

Consulting experts

Mind mapping or brainstorming techniques

Considering points of failure

Extrapolating from past incidents reports or complaints

Interviewing and/or surveying stakeholder groups

Using systems analysis techniques like flow charting

Operational modelling

Formal auditing or inspections

Conducting new studies or consulting previous studies

Work breakdown structure analysis

Formal analyses such as:

SWOT: Stands for Strength, Weakness, Opportunities, and Threats. A good system to
create a broad picture of any situation.
51

RISK ASSESSMENT AND EVALUATION

PESTLE: Stands for Political, Economic, Social, Technological, Legal, and
Environmental. Used to assess the current market conditions and create a strategic plan.

HAZOP: Stands for HAZard and OPerability study. Provides a structure and system to
examine a process or operation to identify risks.


FMEA: Stands for Failure Mode and Effects Analysis. A system that analyses system
failures and their effects.

1.2 Evaluation
Methods

Risk evaluation can be defined as expressing risk in numerical terms. (Risk Management
Ed 4)

One of the popular tools used in the risk assessment process is a risk matrix or severity
matrix.

A risk matrix is a table in which rows show the risks and columns show their likelihood
(probability) of occurrence and their impact.

The risk is then determined as the total of all the hazards that contribute to it.

2. RISK CALCULATION

The risk of any particular hazard ( H) can be defined as its probability (p) multiplied
by its consequence ( c). In layman’s terms: how likely it is to happen and how
bad will it be, should it happen.
Hazard = PH * CH

Therefore the total risk (R) of an event (e) is the sum of the (n) potential hazards that
would result in that event:

LESSON

1.3

An example of a Risk Matrix:

Low
Medium
High

Probabilit

Low
Medium
Medium

Low
Low
Low

Impact/Consequence

This is an example of a 3 x 3 matrix, with both probabilities and consequences consisting
of three levels namely low, medium and high.

Using the matrix we see that, for example:

The severity of a risk with a high probability but low consequence or impact is low.

The severity of a risk with a high consequence but medium probability is medium.

The severity of a risk with a high probability and high impact is high.

This matrix can be customised and expanded to include additional levels of severity and
likelihood. For example the consequences can be defined as catastrophic, critical, marginal and
negligible. The probability can be identified as
‘Certain’, ‘Likely’, ‘Possible’, ‘Unlikely’ and ‘Rare’. Very low probabilities may not be very
reliable.

An example of such a Risk Matrix would be as follows:

Negligible
Marginal
Critical
Catastrophic

Certain
High
High
Extreme
Extreme

Proba

Likely
Moderate
High
High
Extreme

bili

ty
Possible
Low
Moderate
High
Extreme

Unlikely
Low

Low
Moderate
Extreme

Rare
Low
Low
Moderate
High

Impact
53

RISK ASSESSMENT AND EVALUATION

Risks that are identified are plotted in the matrix according to probability and impact.

2.1
Problems with a Risk Matrix

In his article ‘What’s Wrong with Risk Matrices?’, Tony Cox argues that risk matrices
experience several problematic mathematical features making it harder to assess risks. These are:


Poor Resolution. Typical risk matrices can correctly and unambiguously compare only a
small fraction (e.g., less than 10%) of randomly selected pairs of hazards.
They can assign identical ratings to quantitatively very different risks (“range
compression”).

Errors. Risk matrices can mistakenly assign higher qualitative ratings to quantitatively
smaller risks. For risks with negatively correlated frequencies and severities, they can be “worse
than useless,” leading to worse-than-random decisions.

Suboptimal Resource Allocation. Effective allocation of resources to risk-reducing
countermeasures cannot be based on the categories provided by risk matrices.

Ambiguous Inputs and Outputs. Categorisations of severity cannot be made objectively
for uncertain consequences. Inputs to risk matrices (e.g., frequency and severity categorisations)

and resulting outputs (i.e., risk ratings) require subjective interpretation, and different users may
obtain opposite ratings of the same quantitative risks. These limitations suggest that risk matrices
should be used with caution, and only with careful explanations of embedded judgments.

3. RISK ASSESSMENT FORMS

A risk assessment form is a form or report that shows an organisation’s vulnerabilities
and the estimated cost of recovery in the event of damage. It also summarises defensive
measures and associated costs based on the amount of risk the organisation is willing to accept
(the risk tolerance).

This form is used to identify, evaluate and estimate the levels of risks involved in a
situation, their comparison against benchmarks or standards, and determination of an acceptable
level of risk.

LESSON

1.3
3.1
An example of a risk assessment form:

Project:

Nr: Risk
Title:
Date:

Probability of risk event
P

Description of risk event
Impact of risk event
I

Expected value of risk
E=p*I

Cost of preventative action
PA

Preventative action
Residual probability of risk event
pr

Expected value of action
EA=PA+pr*I

Corrective action
Cost of corrective action
CA

Decisions:

If EA

New technologies such as hybrid and electric vehicles;

New vehicle manufactures in the market;

Changing currency rates;

New hazard standards (such as a reduction in asbestos use);

Labour strikes and work stoppages;

Political instability in overseas manufacturing areas;

Fuel shortages and price changes;

Increased pressure to produce may result in quality decrease;

More new products increases the possibilities of defects and problems.

RISK ASSESSMENT AND EVALUATION

A completed risk assessment form for one of the risks would look like this: Description:

The marketplace is beginning to ask for hybrid vehicles but these products are not
included in our line-up.

Area:
Legal
Regulatory
Marketplace
Financial
Operating
Other

(describe)

Possible Tangible Effects (such as money, time, and resources): Loss of market share,
reduced profit.

Possible Intangible Effects (such as morale and reputation): Could affect TopCar’s
reputation as a cutting-edge auto manufacturer and industry leader.

Impact:
Low
Medium
High

Likelihood:
Unlikely
Neutral
Likely

When might this occur?
How long could it last?
Rival car manufacturers have their product launch These vehicles will likely be slow to
catch on scheduled for the last tem of next year.
but will quickly rise in popularity.

What other risks could result?
If we are required to start manufacturing these new vehicles, we will face significant
challenges in worker knowledge, manufacturing equipment, and product sourcing.

If this risk had to be plotted on the risk matrix, it would probably be plotted as high
probability and medium consequence, making it a medium risk.

Low
Risk One
High

Probabilit

Low
Medium
Medium

Low
Low
Low

Impact/Consequence

LESSON

1.3
4. FORMAL RISK ANALYSIS MODELS AND METHODS

A “risk analysis” is the process of arriving at a risk assessment, also called a
“threat and risk assessment.” A “threat” is a harmful act such as the deployment of a
virus or illegal network penetration.

4.1
Work Breakdown Structure (WBS)

The idea of a Work Breakdown Structure (sometimes called Product Breakdown
Structure) is to break larger tasks (milestones) down into smaller tasks (activities) or individual
components that are more manageable. Each item in the WBS is generally assigned a unique
identifier; these identifiers can provide a structure for a hierarchical summation of costs and
resources. A typical numbering system is where a section, for example section 3 is subdivided
into 3.1, 3.2, and so on; section 3.1 is subdivided into 3.1.1, 3.1.2, and so on until the
decomposition has been carried as far as is needed. The items at the lowest level of the WBS are
referred to as work packages.

Here is an example Work Breakdown Structure for a newsletter project.

1.0

Newsletter

Project done

2.0
3.0
4.0
5.0
6.0
7.0
8.0
Design
Articles
Photos &
Mechanical
Printing
Newsletter
Questionnaire

complete
done
illustrations
done
done
mailed
done

complete

Designer
Ideas
Ideas
Layout stones
Printer

Put mailing
Questionnaire

selected
submitted
approved
with computer
selected
list together
drafted

Final changes
Concepts
Ideas
Photos
Label
Questionnaire

&
Film to printer
submitted
approved
submitted
newsletters
approved
proofreading

Blueline

Design
Photos
mail
Questionnaire
1st draft
Final sign-off reviewed and

approved
approved
newsletters
mailed
approved

Type output
Responses
Stories
Newsletter to

at image

tailed and
reviewed
office
setter
report made

Final
draft

Stories

RISK ASSESSMENT AND EVALUATION

It is always a good idea to post the WBS where all team members can see it to help
people keep on track.

Questions to ask to determine if each deliverable has been broken down sufficiently are:

Am I able to clearly define the component?

Am I able to clearly state what will be done to complete the work and what will NOT be
done?

Am I able to estimate the time needed to complete the component?


Am I able to assign an individual or organizational unit who will be responsible for
completing the work?

Am I able to assign a rand value to the cost of completing the work?

If the answer to any of these questions is ‘No’, that particular component needs to be
further broken down. This decomposition exercise assists staff to better understand and properly
document the scope of their task. It also provides information needed for budget revision.

4.2
SWOT analysis (Strengths, Weaknesses, Opportunities and Threats) SWOT is
commonly used as part of strategic planning and looks at:

Internal strengths;

Internal weaknesses;

Opportunities in the external environment;

Threats in the external environment.

In risk management, SWOT can help management in a business discover:

What the business does better than the competition;

What competitors do better than the business;

Whether the business is making the most of the opportunities available;

How a business should respond to changes in its external environment.

A
SWOT Analysis is a strategic planning tool used to evaluate the Strengths,
Weaknesses, Opportunities, and Threats involved in a project or in a business venture or in any
other situation of an organisation or individual requiring a decision in pursuit of an objective. It
involves monitoring the marketing environment internal and external to the organisation or
individual.

Albert Humphrey led a research project at Stanford University in the 1960’s and 1970’s
and developed the SWOT analysis technique based on data used from the Fortune 500
companies.

LESSON

1.3

The SWOT analysis looks at two main environments that can pose risks organisation and
asks a number of questions:

The internal (within organisation) environment (SW)

What are the strengths and weaknesses of the enterprise regarding human resource skills?
Strengths would entail the skills that employees possess and weaknesses would entail the
training needs within the enterprise.

The external environment (OT)

Which threats and opportunities arising from changes outside the enterprise will affect
human resources performance? A threat will be construed as not having the necessary skills
within the enterprise to cope with the external factors, while an opportunity will be a particular
skills base in the enterprise to cope with external factors.

Finally the researcher should compare the present strengths and weaknesses to future
threats and opportunities and choose a long-term organisational strategy for human resource
management that will assist individuals as well as the organisation in general to prepare for the
future.

4.2.1 Performing the SWOT Analysis

First identify a clear objective before you start with the SWOT analysis. Once the
objective has been defined, SWOT can be used to assist in the attainment of the objective.

SWOT is:

Strengths : Internal attributes that is helpful to obtain the objective;

Weaknesses: Internal attributes that is harmful to obtaining the objective;

Opportunities: External conditions that is helpful to achieving the objective;


Threats: External conditions that is harmful to achieving the objective.

Diagram of a SWOT analysis:

Internal →
Strengths
Weaknesses

External →
Weaknesses
Threats

RISK ASSESSMENT AND EVALUATION

When the SWOT analysis has been completed, decide if the objective is attainable given
the SWOT. If not, change the objective an repeat the SWOT analysis.

If the objective is attainable, answer the following questions to generate possible
strategies:

How can I Use each Strength to eliminate or reduce potential risks?

How can I Stop each Weakness that create opportunities for risk?

How can I Exploit each Opportunity to maximise my risk management activities and
plans?

How can I Defend against each Threat to minimise risk.

4.2.2 Examples of Strengths and Weaknesses:


Resources: financial, intellectual, location

Customer service

Efficiency

Competitive advantages

Infrastructure

Quality

Staff

Management

Price

Delivery Time

Cost

Capacity

Strong relationships with key industry customers

Examples of Opportunities and Threats

Political/Legal

Economic condition

Expectations of stakeholders

Technology

Public expectations

Competitors and competitive actions

Errors to be avoided

The

following errors have been observed in published accounts of SWOT
analysis :

Conducting a SWOT analysis before defining and agreeing upon an objective (a desired
end state). SWOTs should not exist in the abstract. They can exist only with reference to an
objective.
60
LESSON

1.3

If the desired end state is not openly defined and agreed upon, the participants may have
different end states in mind and the results will be ineffective.

Opportunities external to the company are often confused with strengths internal to the
company. They should be kept separate.

Another error is to confuse SWOTs with possible strategies. SWOTs are descriptions of
conditions, while possible strategies define actions. This error is made especially with reference
to opportunity analysis. To avoid this error, it may be useful to think of opportunities as
“auspicious conditions”.

4.3 HAZOP

The HAZOP process is an analysis tool that systematically analyses each part
of a system or activity.

It is quite popular because of its ease of use, the ability to organise and structure the
information, minimal dependence on the experience of the analysts, and the high level of results.
It provides a more complete identification of the hazards, including information on how hazards
can develop as a result of operating procedures and operational upsets in the process, hence the
incorporation of the word operability in the name. The basic idea is to “let the mind go free” in a
controlled fashion in order to consider all the possible ways that process failures can occur.

The essence of the Hazop analysis approach is to review procedures in a series of
work-sessions or meetings. During these meetings, a multi-discipline team performs a systematic
study of a process using guide words to discover how deviations from the design intent can occur
in equipment, actions, or materials, and whether the consequences of these deviations can result
in a hazard.

The results of the HAZOP analysis are the team’s recommendations, which include
identification of hazards and the recommendations for changes in design, procedures, etc. to

improve the safety of the system. Deviations during normal, start-up, shutdown, and maintenance
operations are discussed by the team and are included in the HAZOP. It must be remembered
that HAZOP is an identifying technique and is not intended as a means of solving problems.
Although Hazop is essentially a qualitative technique, it can be used to identify areas which
must be subjected to comprehensive quantitative analysis.

RISK ASSESSMENT AND EVALUATION
A block flow diagram of the HAZOP process looks like this:

Select a process or
operating step

Explain design
Repeat for all process

intention of the
sections or operating

process section or
steps
operating step

Select a process
Repeat for all process
variable or task

variables or tasks

Apply guide word to

Repeat for all

process variable or
guide words

task to develop
meaningful deviation

List possible causes
Develop action items

and deviations

Examine
Develop acceptability
consequences

of risk based on
associated with
consequences,

deviations
causes and

(assuming all
protection
protection fails)

Identify existing

safeguards to prevent

deviation

4.3.1 The following terms are used in the HAZOP process:

Design Intent – the way a process is intended to function.

Deviation – a departure from the design intent discovered by systematically applying
guide words to process parameters.

Guide Word – words that are used to modify the design intent and to guide and stimulate

the brainstorming process for identifying process hazards.

Cause – the reason why a deviation might occur.

Consequence – the results of a deviation.

Safeguard – administrative controls that prevent the causes or mitigate the consequences
of deviations.

Hazard Category – an assessment of the hazard risk of the operation.

Recommendations – recommendations for design changes, procedural changes, or for
further study.
62
© Business Management Training College (Pty) Ltd
LESSON

1.3
4.4 FMEA

Failure Modes and Effects Analysis (FMEA) is a method for analysing potential
reliability problems (implying risks) early in the development cycle. By identifying
such problems early, it makes it easier to take actions. This will then enhance the reliability
through design. A crucial step is anticipating what might go wrong with a product. While
anticipating every failure mode is not possible, the development team should formulate as
extensive a list of potential failure modes as possible, as these pose risks that can be avoided or
managed.

The process is performed by a multi-discipline team familiar with the process. The failure
modes and failure causes are identified initially and are used as the starting point for the FMEA.
Each cause is evaluated for potential effect on the system. A qualitative risk category is then
assigned to each failure cause according specified guidelines. This qualitative ranking is
determined by considering both the severity and frequency of occurrence. Critical areas of the
process are identified and studied to determine the possibility of a major incident. Management
can then use this information to control the potential risk, and avoid the accident scenario.

A block flow diagram of the FMEA process is given below:

Publish report

Identify hazardous

top level events
yes

Has all equip-

Identify equipment/
no
ment/operations
been exam-
operation

ined?

Identify potential
yes

failures

Is design
Identify design

safe and
safety (FMEA)
adequate?

Use process hazards analysis

team members to develop
no
appropriate corrective action.

Identify method of

eliminating hazard
Team members include:

-SMS, hazards analysts
– personnel as designated by

Issue SAR that
management

identifies finding

RISK ASSESSMENT AND EVALUATION
4.5 PEST
and
PESTEL

The PEST analysis is a useful tool for understanding market growth or decline, and as
such the position, potential and direction for a business. A PEST analysis is a business
measurement tool. PEST is an acronym for Political, Economic,
Social and Technological factors, which are used to assess the market for a business
or organizational unit. The PEST analysis headings are a framework for reviewing a situation,
and can also, like the SWOT analysis, be used to review a strategy or position, direction of a
company, a marketing proposition, or idea.

Where a PEST analysis most commonly measures a market; a SWOT analysis measures
a business unit, a proposition or idea. PEST analysis uses four perspectives, which give a logical
structure, in this case organised by the PEST
format, that helps understanding, presentation, discussion and decision-making.
The four dimensions are an extension of a basic two heading list of pro’s and con’s.

PEST becomes more useful and relevant the larger and more complex the business or
proposition, but even for a very small local businesses a PEST
analysis can still bring up one or two very significant issues that might otherwise be
missed.

The four quadrants in PEST vary in significance depending on the type of business, eg.,
social factors are more obviously relevant to consumer businesses and businesses close to the
consumer-end of the supply chain, whereas political factors are more obviously relevant to a
municipality while environmental factors will apply strongly to the mining business.

PEST analysis can be used for marketing and business development assessment and
decision-making, and the PEST template encourages proactive thinking, rather than relying on

habitual or instinctive reactions.

PESTLE analysis factors are Political, Economic, Sociological, Technological,
Legal and Environmental. The PESTLE analysis examines each factor to
assess what their impact or potential impact on the organisation. In this way, they
can prepare strategically for any changes that need to be made in the organisation or simply to
have the awareness of the external market to give them a competitive edge over other firms in
the industry.

LESSON

1.3

Examples of each PESTLE analysis factor are:

Political: what is happening politically with regards to tax policies employment laws,
trade restrictions, tariffs

Economic: what is happening within the economy i.e. economic growth/ decline,
minimum wage, unemployment (local and national), credit availability, cost of living, etc.

Sociological: what is occurring socially i.e. cultural norms and expectations, health
consciousness, population growth rate, career attitudes.

Technological: new technologies are continually being developed. There are also
changes to barriers to entry in given markets.

Legal: changes to legislation. This may impact employment, access to materials,
resources, imports/ exports, taxation etc.

Environmental: what is happening with respect to ecological and environmental aspects.

4.5.1 How A PESTLE Analysis Can Help A Business.

The PESTLE Analysis results can be used in the decision making process. When a new
product is developed, or a new strategic plan must be implemented, a PESTLE Analysis can
investigate the opportunity for such changes, and whether they are viable propositions for the
business to undertake. This eliminates or reduces possible risks associated with new products and
new strategic plans.

A good PESTLE Analysis also means a business can minimise risk when taking
advantage of the trends and changes in the market place. The business can then adapt and change
its products and general vision to suit the needs of the market, thereby cutting out potential risk.
By predicting the needs of an increased market, the business can take advantage of any
opportunities that may arise. It also allows the business to make informed decisions on any
downturns in the market place.
The business can be alert of any negative forecasts in the market place, which may have
an adverse impact on it and plan accordingly.

The PESTLE Analysis can also be used to manage or reduce potential risks that could be
incurred prior to setting up a business. It can be an essential planning tool for predicting what the
market requires at a specific time and what will be commercially successful. By looking at
external factors such as political trends, legal aspects and social factors, the business can plan
ahead of other existing businesses in the market place. By investigating the market in such a
manner, the business can plan appropriately from the very outset in order to avoid difficulties
later on.

RISK ASSESSMENT AND EVALUATION

Example – The Vibe
Thabo and James are opening a new Pub in their area – The Vibe. One of their
considerations was the risk involved in such an operation. They decided to do a PESTEL
analysis to help them identify risks by assessing the current market conditions creating a strategic
plan.

PESTEL analysis for The Vibe

Political
Economical
Social

 Licensing Laws in line
 National and
 Place to meet friends and

with Government policy
international economic
for locals to socialise

 Opening hours and late
downturn means people  Easily accessible
night opening
generally have less
 Localised venue known

 Minimum wage increase
disposable income for
for live music, themed

affecting salaries and
socialising
nights for younger
wages
 Rise in staff wages due
consumers

 Legislation regarding
to Minimum Wage
 Demographically

measures of drinks
increases
increased local student

 National Government
 Cut price offers for
population
guidelines regarding
alcohol in supermarket
 Media concern with

health
promotions
negative aspects of ‘binge

 Local and National
 Increases in transport
drinking’

Government concerns
costs in line with Fuel

 Increased awareness of
regarding negative
pricing
health concerns

aspects of ‘binge
 Increased advertising on

drinking’
mainstream media of

 Budget increases in duty
consuming alcohol
on alcohol
responsibly

 Wider choice and taste of

alcoholic drinks in
supermarkets for

consumers

Technological
Environmental
Legal

 Developments in delivery  Recycling
 Smoking Ban

of cold beers and
 Waste, litter, refuse
 Stronger enforcement of

draughts
produced in local area
underage drinking
 Development of wide
 Transportation and
 Changes in Drink Driving

range of flavoured
delivery costs of goods
Laws

alcoholic drinks

 Legislation on measures
 Local interest in nightlife
of drinks served

promoted via multi-media,

websites, blogs and

social networking
 Advertisements for

alcohol awareness and

responsible drinking on

mainstream media
 Increased advertisement

for alcohol brands via

multi media

LESSON

1.3
5. LEVELS OF FAILURE

To run an effective risk management program one needs to be able to predict failure risk
levels throughout the life of the asset. Most of the times, risks are estimated using probability and
severity ratings. In many risk analysis approaches, Risk Priority Numbers (RPN) is determined
based on probability and severity.

During risk assessment activities, one should take into account existing controls which
limit the probability and severity (and detectability) of the risk event. These should be evaluated
and documented so that:

Guesswork is eliminated as rating are based on previous occurrence details;

When a risk assessment is performed on the same process, a more consistent approach
can be followed.

Use the following strategies when identifying and documenting failure modes:

1.
Brainstorming

Brainstorming is a widely used component of Quality Risk Management processes, and it
is an effective method to determine “what might go wrong” with the item under study, because it
encourages lateral thinking.
2.
Evaluate the Number of Causes

When failure modes are being identified, it is useful to briefly review the potential causes
of each proposed Failure Mode in order to determine whether the proposed Failure Mode is
documented at a level that is workable when the Risk Assessment activity begins.
3.
Encourage and Capture the Reporting of Near Miss Incidents
It is well established that, when identifying potential failure modes, it is useful to review
obvious sources of information, such as data on process deviations, batch rejects, product
complaints and defects, production problems, qualification and validation incidents, reasons for
change controls, etc. However, one area that is often overlooked in formal Quality Risk
Management methodologies is the occurrence of near miss events, or problem incidents that
almost occurred.

Near miss incidents can provide valuable and real information on potential failure modes
and their frequencies, but they are often not formally documented.

To facilitate the use of near miss data, it is necessary to formally encourage a culture of
reporting of near misses within the organisation, and to integrate such reporting as a formal
element of the Quality System, similar perhaps to how deviations are reported.

RISK ASSESSMENT AND EVALUATION
4.
Assemble Comprehensive Data
Ensure that the procedures in place for Quality Risk Management exercises define in
detail the data and documentation that should be assembled on the item under study.

If a process map or flowchart of the item under study is to be used, it should be
sufficiently detailed and descriptive if it is to be of value. This information can include:
5.
Look for Strength of Evidence

Assess the strength of evidence as far as possible for each opinion or suggestion
proposed. This helps reduce the level of subjectivity and guesswork that can arise during the
failure mode identification process.

In this regard, it is helpful to:

Seek the opinions of actual users and operators of the item under study. A process
operator may know very well what can go wrong with a process or activity, and he or she may be
in a position to advise as to its potential frequency.

Seek the opinions of those employees or others who are knowledgeable in the item under
study.

Where possible, take into account the concerns of stakeholder groups when considering
“what might go wrong” with an item under study.
68

LESSON

1.3
NOTES:

NOTES:

LESSON

1.4
LESSON 1.4
RISK MITIGATION
MITIGA
AND RESPONSE

In this Lesson:

Risk Mitigation covers efforts taken to reduce either the probability or consequences of a
threat. These may range from physical measures (protective fences) to financial measures
(insurance etc.).
1. RESPONDING TO RISK

There are generally four ways to respond to risks. The best risk response plans usually
provide a few options, ranked in order of preference.

1.1 Tolerate

Accept that the risk exists. Tolerate the possible consequences.

1.2 Treat

Perform an action to mitigate the risk. For example, if you know that the bank may not
approve you for as much money as you need, you may want to look for other sources of funding.

1.3 Transfer

Transfer the responsibility or the consequences of the risk to a third party. This is often
done through a guarantee or insurance..

1.4 Terminate

Stop the activity that causes the risk.

RISK MITIGATION AND RESPONSE

Key Considerations

Keep the following points in mind when choosing a mitigation strategy.

Any strategy should do as much as possible to ensure normal business practices are not
interrupted or are delayed as little as possible.

In any larger company a risk materialising will almost certainly require media
engagement to make announcements, clarify details, and provide on-going information to
stakeholders and the general public about what your organisation is doing. Managing the media
should be part of your plan.

Direct communication with stakeholders is critical. It should be either general but
informative, or very specific to the impact the risk has on them.

If there is any chance that people may be injured or worse, you should include medical
support in your planning. This can mean having an emergency response team standing by or
simply providing emergency support numbers to your staff.

Depending on the risk, you may be required by law to obtain insurance against it
occurring. If this is not the case but insurance is available you should perform a cost/benefit
analysis to determine if insurance should be part of your risk mitigation strategy.

Controls that can be put in place to mitigate risks include:

Re-allocation or resources (people, equipment, material);

New or additional equipment;

Additional people;

Training;

More information.

Contingency planning

You should build a contingency plan for each major risk that has been identified.
What will you do if the risk does occur?

The plan should detail:

When:

How will we know when the risk will happen?

What will alarms look like?

When should we start acting?

Who:

Who has responsibility for this risk?

What other resources might they need?

Who else should be informed?

What:

What will happen when the risk occurs?

What will we do when the risk happens? (Depending on the risk, this plan could be very
detailed or very simple. A step-by-step, timed plan may be necessary.)

What consequences could the risk have?
72

LESSON

1.4

What other risks might this event create?

Where:

Where is the risk going to happen?

Effective risk management programmes can be developed by following four steps:
1.
Identify the risk to which the business will be subjected.
2.
Evaluate the probability of the occurrence of each risk that has been identified, along
with the cost of insurance coverage, when available, that will protect against this risk.
3.
Decide which of the four risk strategies offers the best cost/benefit protection for each
risk.
4.
Control the risk by implementing the best type strategy for each type.

2. INSURANCE

When looking from an insurance point of view, there are two types of risks:
1.
Pure risk – uncertainty as to whether some unpredictable event will result in loss.
The possibility of a loss is present, but the possible extent of the loss is unknown.
These risks are insurable. Examples: the consequences of a fire, the death of a key
employee, a liability judgement against your company.
2.
Speculative risk – the uncertainty as to whether a voluntary undertaken activity will
result in a gain or loss. These risks are not insurable.

Development of new products, keeping inadequate or too much stock, changes in
customers’ preferences, price fluctuations and changes in laws.

2.1
Types of insurance coverage

Insurance is the process of transferring risk to protect against loss of assets and earnings.

In this process, the losses of some are being paid for by the premiums of many.

A wide variety of insurance policies are available to the small business owner or
manager, and there are many ways to classify insurance. Because our definition of risk
management and insurance includes efforts to prevent loss of assets and earnings, we will use
this classification method.

Insuring against loss of assets

Insuring against loss of earnings

RISK MITIGATION AND RESPONSE
A. INSURING AGAINST LOSS OF ASSETS

Some of the major insurance coverage to protect against loss of assets includes property,
liability, and crime insurance.
1. Property
Insurance

Property insurance protects the small business from damages or theft of:

plant,

equipment (including vehicles, which may be a separate policy), and

inventory assets. It is wise to protect assets against fire and natural disasters such as the
flooding.

Floods caused by Hurricane Katrina during August 2005 in the USA caused severe
damage and destruction, and many people lost all their possessions.

Motor vehicle insurance covers collision damage, theft, and public liability (third party).

While property insurance will pay to replace buildings and contents, it does not cover the
payroll and other expenses that must be paid during the period of rebuilding. However, business
interruption insurance covers lost income and other expenses of recovery. Many of those
businesses that were destroyed during the flood that did not have property insurance coverage
will go out of business, and those with property insurance, but without business interruption
insurance, will wish they had the coverage.

It is also wise to protect against theft of major assets. Suppose that the only tow truck
belonging to a small service station was stolen and that the truck, which brings in a significant
part of the firm’s revenue, was uninsured. Could the owner replace the asset, or would the
business lose the investment in the truck and its earnings as well?

For most businesses property insurance is very important.

Many commercial property insurance policies contain a coinsurance clause under which
the policyholder agrees to maintain insurance equal to some specified percentage of the property
value (80% is common). In exchange for the promise the policyholder gets a reduced insurance
rate. If the manager or owner fails to maintain the percentage, only part of the loss is reimbursed.

LESSON

1.4
2. Liability
Insurance

Liability insurance protects the firm in court cases in which it would be required to pay
damages to customers who get hurt on the premises or who are injured by the firm’s products.
Liability insurance will pay the judgment assessed by the court arising from the lawsuit up to a
specified amount set forth in the policy. Many small businesses that have decided to use risk
avoidance and reduction in order to save money by not purchasing liability insurance have been
hit with lawsuits running into the tens of thousands of rands, resulting in the loss of their
business. Medical doctors purchase very expensive malpractice insurance policies to protect
against liability.

Tobacco Companies in the USA paid out millions of dollars to consumers who developed
or died of smoking related diseases.

Asbestos Mining Companies are being held responsible for diseases relating to asbestos
poisoning of former workers

Injury or harm to customers due to your negligence may result in a public liability claim
against your company.

You may be sued by a customer for harm caused by a product, that you provided to them,
whether you sold the product, or manufactured it.

As a professional practitioner, like a doctor, you may be held liable should an operation
go wrong due to your negligence.


Employer’s Liability, Workers’ Compensation, and Unemployment Insurance These
insurances are required by law to insure employees. Employer’s liability insurance protects the
business assets against suits brought by employees who suffer injury. Workers’ compensation
provides employees with money while they cannot come to work, and unemployment insurance
helps to provide pay to people who have lost their jobs. These two types of insurance protect
employees rather than employer assets.

3. Crime
Insurance

Theft insurance covers burglary, theft, and robbery, although special cover must be
requested to cover money. Visible, forcible, and violent (at gunpoint) entry are prerequisites in
all theft cases.

RISK MITIGATION AND RESPONSE

Due to the high risk of crime in South Africa, the premiums for theft cover for stock,
electronic equipment, like computers and money is extremely high.

Special cover is required in case of theft by employees

Employee theft constitutes the most costly type of shrinkage. Crime insurance is
available to protect against loss of assets through theft and embezzlement by employees. There
have been businesses without controls that allowed an employee to steal so much money that
they could not pay their bills and were forced out of business. For many small businesses
carefully controlled risk avoidance and reduction may be a viable risk management strategy, but
check the cost versus the benefit of insurance for the specific business.

B. INSURING AGAINST LOSS OF EARNINGS

In this part of the lesson we focus our discussion on protecting the owner against
loss of earnings. Every small business owner requires four basic types of insurance to
cover loss of earnings:

Health;

Disability;

Life;

Pension provisions.

1. Health
Insurance

If the business owner, who lacks health insurance, is seriously injured or has a medical
problem that requires an extended stay in the hospital, paying the bills could be a drain on
business profits for years. Medical claims have forced companies to go out of business. Business
owners are commonly covered by the same policy as their employees, but they can have
additional coverage.

2. Disability
Insurance

If the owner can no longer work, can the business continue to operate and provide the
present standard of living to the owner? If not, disability insurance would cover lost earnings up
to the amount specified in the policy.

3. Life
Insurance

The death of the owner has caused many small businesses to liquidate because there was
no money to pay present debts and estate taxes or to buy out partners.

Key person insurance is a life insurance policy on the owner and/or employees purchased
by the company with the company as the sole beneficiary.

LESSON

1.4

Although key person insurance will not replace the owner or other important managers,
sales representatives, and engineers, it provides the business with the funds necessary to find and
train their replacements, and to cover the lost profits due to their untimely deaths.

4. Pensions

When the owner retires, will the business continue to provide an income to maintain the
present standard of living? One way to guarantee a set income after retirement is to start a
pension plan.
a)
Pensions and annuities are special forms of insurance policies that combine insurance
with savings. They are also referred to as whole life policies. The premiums go partly to provide
standard insurance coverage and partly into a fund that is invested by the company for the
policyholder. At a certain age the policyholder is paid an income. If the policyholder dies before
reaching that age, the policy either converts to income for the beneficiary or is paid out as
proceeds from the policy-holder’s life insurance.
b)
Many small business owners have found that it is more economical to have a separate
term life insurance policy and a pension plan. Most small business investment menus include
stocks, bonds, and money market mutual funds 3. CRIME PREVENTION

Business owners need to practice crime prevention as a way of reducing risks and
protecting their assets. Not only do they need to prevent major crimes, such as armed robbery,
theft, and white collar crimes, they also need protection from trespassing, vandalism and
harassment.

Armed robbery

In South Africa, the danger of armed robbery is very high. Owners must do everything in
their power to reduce the risk, as insurance costs are very high. Due to the high risk and the high
premiums, theft cover is provided on a “first loss” basis only. That means, a company must
determine the value of stock loss that thieves can manage to get away with before your security
company and the police arrive.

The security requirements by the Insurance Companies are very strict, like Armed
Response security, security gates, safes, etc. You can imagine the “first loss”
amount of a jewellery store, where thieves may get away with millions of Rands before
the security arrives.

RISK MITIGATION AND RESPONSE

Measures to be taken to reduce the risk of armed robberies:

Securing entrances to limit easy entrance and exits.

EXAMPLE: Banks have time delayed, controlled entrances and exists.

Controlling the handling of cash.

EXAMPLES: Daily deposit of cash, ‘minimum cash on hand’ and the use of armed cash
transport companies like Khulani Springbok Patrols, are recommendable.

Using Security guards and dogs.

Redesigning the surroundings

EXAMPLES: well-lit parking areas, silent alarms, CCTV cameras 4. THEFT

4.1
Types of theft

4.1.1. Shoplifting – theft by customers

It can be:

the amateur, e.g. the thrill seeker, children or teenagers.

the kleptomaniac who has an uncontrollable urge to take things whether they need it or
not or;


professional shoplifters who do it for a living.
4.1.2. Employee theft – a major source of loss

It can be:

the individual who steals one or two items or;

groups that remove truckloads of merchandise;

employees who conspire with outsiders to steal, e.g. charging lower prices or not at all, or
placing; and

additional items in their packaging.

4.2
Techniques for preventing theft

Retail establishments have found that the following measures can be effective in reducing
theft:

Wide angle and one way mirrors to observe employee or customer behaviour.

CCTV cameras to monitor and observe a large area of the store.

Electronic noise activators or security tags, some visible, some not, to warn of
unprocessed merchandise leaving the store.

Security guards, and under cover guards posing as shoppers.

Security audits such as:
1.
Unannounced spot checks of critical areas such as cash registers, employees’ packages,
car trunks, and waste disposal holding areas.
78

LESSON

1.4
2.
Visible security surveillance of work activities.
3.
Weekly, monthly or quarterly inventory checks.

White collar crime

This is a very serious problem faced by employers with losses totalling much more than
in other categories.

Types of white collar crimes include:

Removal of cash.

Falsification of accounts.

Fraudulent computer manipulation.

External accessing of the computer.

Bribery of purchasing agents and other employees.

Collusion that results in unrecorded transactions.

Sale of proprietary information.

Sabotage of new technology, new or old products or customer relations.

Computer security: two problems are the fraudulent use and destruction of data.
This amount of crime has increased in number and magnitude.

The “Credit doctor” who access credit bureau computer files to steal personal data of
people who have good credit histories, which is sold to people who have bad credit histories.
Lenders then grant credit to these poor risks and end up footing the bill when a credit applicant
stops making payments or vanishes.

Ways to minimise white collar crime include:

Audits of data such ad past sales transactions, inventory levels, purchase prices and
accounts receivable.

Officer handled adjustments on large items should be handled by an officer of the
company, not the salesperson.

This reduces the chances of collusion and cash compromises to the customer’s and
salesperson’s advantage.

Proper identification should prevent e.g. credit card fraud.


Take Fidelity guarantee insurance against employee theft.

Work habit vigils – Be aware of white collar employees’ work habits.

The following could indicate signs of misconduct:

Do they work nights regularly?

Do they never take a day off?

Do they forego their usual vacation?

Are they always at the office first and the last to leave?

Do they never stay at home, even when they are sick?

Watch their standard of living, dress, car, housing, entertainment, private schools for their
children and travel that seem to cost more than what the employee should 79

RISK MITIGATION AND RESPONSE
be able to afford, which can all indicate economic misconduct.

5. PERILS AND HAZARDS

A peril refers to the cause of a loss.

5.1 Perils

increases the chance that a loss will occur;

increases the severity of the loss if it should occur.

5.1.1 Types of perils: (amongst others)

Fire

Lightning


Theft

Example: Think of a house with a thatched roof. The house catches fire, and as a result of
the thatch roof, the fire is soon out of control.

The result is that the house is completely destroyed. The direct cause of the damage is the
peril (fire), but the damage was more severe as a result of the dangerous type of material the
roof was made of (hazard).

Accident damage to your car is a peril, but heavy traffic and dangerous
conditions on the road are hazards.

5.2 Hazard

5.2.1 Types of hazards: (amongst others)

the location of the risk (think of the house situated on the river banks)

The type of merchandise a store keeps (jewellery or liqueur stores are much more
attractive to be burgled than a store selling stationery or biscuits) A hazard can be physical or
moral.

Moral hazards result from the attitudes and actions of people, normally the insured.
It can also refer to the actions of employees of the insured.

It includes the following:

Dishonesty (e.g. fraudulent claims);

Employers that exploit their employees financially by paying low wages, and who have a
bad attitude towards the safety of their workers;

People who believe that it is not wrong to defraud insurers;

Negligence )a driver who drives under the influence of alcohol.
80
© Business Management Training College (Pty) Ltd
LESSON

1.4

All the above constitutes bad moral risks.

6. TURNAROUND AND RECOVERY

Research into the forever large number of business bankruptcies in recent years has
identified the major causes. One thing is clear – an early turnaround strategy and a recovery
programme could have saved many from financial ruin.

6.1
The purpose of a recovery programme is:

To turn around a troubled or underperforming area (a risk that is realising) as quickly as
possible with minimised further cost, deviation from schedule and client satisfaction issues.

A recovery and turnaround plan will:

assess the overall project status, issues and risks being experienced;

develop a set of recommended results oriented, pragmatic, implementable actions and
solutions as part of a recovery plan;

work with and provide mentoring to the project or risk manager and the team during
execution of the recovery plan.

6.2
The benefits of a risk recovery plan are:

Continuous evaluation of risks and issues affecting a project or area.

Assessment of project risk

Identifying problems and prioritising solutions

Implementable solutions and actions based recovery plan

Faster recovery time

Minimized further cost and deviation from scheduled activities

Fewer client satisfaction issues

In asset management, turnaround and recovery specialists are experts in dealing with
situations where cash is short or there is a risk of loss.

With the aid of a professional insolvency team, there is often a better result that can be
produced for employees, creditors, directors and shareholders Often, assets that are at risk can be
protected and workout strategies can be developed to avoid bankruptcy or liquidation.
Negotiation with creditors is necessary recovery programmes are put in place to ensure
long-term health of a business.

RISK MITIGATION AND RESPONSE
7. THE RISK MANAGEMENT PLAN

We have looked at the outline of a risk management plan earlier in this module.

A risk management plan should provide a structured approach to risk where risk
exposures and threats are identified and managed pro-actively.

In the book ‘Risk Management’ by AC Valsamakis, RW Vivian and GS du Toit,
components of a typical risk management process are described as follows:


Risk identification: is regarded as the first step of the process and aims to analyse the
strategy, objectives and processes of the business in terms of risk exposures and threats. These
are also known as the inherent risks, which make up the initial risk exposure without taking into
account any control measures.


Risk evaluation involves the measurement (quantifying) and assessment (qualifying)
of the inherent risk. The inherent risks are evaluated to determine the potential severity and
likelihood of risk events, as well as the adequacy of the risk controls.


Risk control is the next component, which aims to address the risks that remain a
threat to the business. Current control measures need to be improved an additional control
measures should be developed.


Risk financing is a risk management component that is often not considered, although
it forms a crucial part of the process. This component forms a close link with risk control, as it
also strives to ensure that the cost of risk management does not exceed the benefits.


Risk monitoring entails a continuous evaluation of the business operations to ensure
the adequacy of control measures and the identification of new risk exposures and threats to the
organisation. As such, risk monitoring can be regarded as an early warning system for
management, in order to be proactive in identifying new risks and implementing control
measures to prevent a risk event or to minimise the effect should the risk event occur. (Adapted
Risk Management Ed 4) 82

LESSON

1.4
NOTES:

IMPACT OF LEGISLATION ON RISK MANAGEMENT
LESSON 1.5
IMPACT
MP
OF LEGISLAT
LEGISLA ION
ON RISK MANAGEMENT

In this Lesson:

Every organisation should evaluate the possible risks it may be exposed to, and take
precautions to either avoid, prevent, transfer or assume these risks.

Careful consideration must be given to legislation that regulates a particular industry, and
how non-compliance may affect the organisation.
1. THE DIFFERENT CATEGORIES OF LEGISLATION

There are various categories of legislation namely:

General Regulating Legislation

Financial Regulating Legislation


People Regulating Legislation

Sector Regulating Legislation

Company policies, practises and systems must ensure compliance to all applicable
legislation, and risk management must be applied.

Risks that cannot be avoided should be controlled as far as possible. Insurance cover
must be adequate to provide cover for any eventuality that may occur.

1.1
GENERAL LEGISLATION:

(i)
THE CONSTITUTION OF THE REPUBLIC OF SOUTH AFRICA 108 OF 1996

The Constitution is the highest authority in South Africa with a number of clauses
directly related to individual rights and employment relations.

LESSON

1.5
(ii) THE OCCUPATIONAL HEALTH AND SAFETY ACT 85 OF 1993

To provide for the health and safety of persons at work and for the health and safety of
persons in connection with the use of plant and machinery; the protection of persons other than
persons at work against hazards to health and safety arising out of or in connection with the
activities of persons at work; to establish an advisory council for occupational health and safety;
and to provide for matters connected therewith.

(iii) THE COMPENSATION FOR OCCUPATIONAL INJURIES AND DISEASES
ACT
130 OF 1993 (COIDA)

The main aim of the Act is compensation for losses due to occupational injuries and
diseases at the workplace.

(iv)
ENVIRONMENTAL PROTECTION ACT OF 1986

This Act provides regulations for protection of the environment and natural resources.

1.2
FINANCIAL LEGISLATION:

(i)
INCOME TAX ACT OF 1962

This act determines the registration with the Receiver of Revenue and tax must be paid:

As employer;

As taxpayer;

On added value (VAT).

(ii) THE
COMPANIES ACT 61 OF 1973

This Act prescribes the setting-up of companies.

1.3
PEOPLE REGULATING LEGISLATION:

(i)
THE LABOUR RELATIONS ACT 66 OF 1995

In addition to achieving economic development and social justice, the purpose of the
Labour Relations Act is to advance labour peace and democratisation of the workplace.

(ii)
THE BASIC CONDITIONS OF EMPLOYMENT ACT 75 OF 1997

The Act applies to all employees and employers except members of the National Defence
Force, National Intelligence Agency, South African Secret Service and unpaid volunteers
working for an organisation with a charitable purpose.
85

IMPACT OF LEGISLATION ON RISK MANAGEMENT

(iii)
THE EMPLOYMENT EQUITY ACT, 55 of 1998.

The purpose of the Act is to achieve equity in the workplace, by:

Promoting equal opportunity and fair treatment in employment through the elimination of
discrimination, and

Implementing affirmative action measures to redress the disadvantages in employment
experienced by designated groups, to ensure their equitable representation in all occupational
categories and levels in the workplace.

(iv) THE SKILLS DEVELOPMENT ACT 97 of 1998

The intention of the Act is to provide an institutional framework to devise and implement
national, sector and workplace strategies to develop and improve the skills of the South African
workforce; to integrate those strategies with the National Qualifications Framework
contemplated in the South African Qualifications Authority Act; to provide for learner-ships that
lead to recognised occupational qualifications; to provide for the financing of skills development
by means of a levy-financing scheme and a National Skills Fund; to provide for and regulate
employment services; and to provide for matters connected therewith.

(v)
THE SKILLS DEVELOPMENT LEVIES ACT, 9 of 1999.

To provide for the imposition of a skills development levy and for matters connected
therewith.

(vi)
THE UNEMPLOYMENT INSURANCE ACT 30 OF 1966

The main purpose of the Act is the establishment and maintenance of the Unemployment
Insurance Fund to insure employees against loss of income as a result of unemployment

LESSON

1.5

This is a graphic representation of the distribution of the levy money paid to SARS

Equivalent of 1% of annual
pay-roll to SARS

70% is used by the SETA
10% goes to the specific
20% goes to NSF for use in
for the promotion of skills

SETA for administrative
national skills projects
development within the
purposes

sector

10% is used in discretionary
50% is used for a
grants awarded to
mandatory grant awarded to

employers training in
employers who submit a

strategic areas at the
workplace skills plan and
discretion of the SETA
annual training report.

The last 10% and any unclaimed funds is used by the SETA to address areas of skill
shortage within the sector. Strategic training, learnership grants, ABET training and other
important programmes are funded by this portion of the levy payment.

1.4 SECTOR APPLICATION OF LEGISLATION:

(i)
FINANCIAL ADVISORY AND INTERMEDIARY SERVICES ACT 37 OF 2002
(FAIS)

Regulates the financial Services Sector.
(ii)
THE PROMOTION OF ACCESS TO INFORMATION ACT 2 OF 2000

This Act seeks to advance the values of transparency and accountability.
(iii)
MEDICAL SCHEMES ACT 131 OF 1998

Regulates the Medical Aid Industry.
(iv)
PENSION FUNDS ACT 24 OF 1956

Regulates the Pension Funds Industry in South Africa.

2.
LEGAL CONSEQUENCES OF NON-COMPLIANCE

All of the above Acts are legal requirements that organisations must comply with.

Non-compliance can result in very heavy fines and / or prosecution that can lead to jail
sentences of executives and closure of the organisation concerned. Companies that are
non-compliant can be held financially liable for losses that occur as a result of their
non-compliance. It can also seriously tarnish the reputation and image of that company.

IMPACT OF LEGISLATION ON RISK MANAGEMENT

A company that does not comply with Environmental Protection Act may be polluting
the water in the area during its operations.

If found guilty, the company can be held liable for the damage, as well as for the
resulting death and disease caused. The recent outbreak of Typhoid in the Delmas area may
eventually be contributed to the negligence of some company in the area, although at the time of
writing this, the caused has not been established.

3. THE CONSUMER PROTECTION ACT

This Act constitutes a framework for consumer protection, and all other laws which
provide for consumer protection (usually within a particular sector) should be read with this Act
to ensure a common standard of protection.

All suppliers of goods and services must comply to this Act.

Application of the Act
The Consumer Protection Act affects a wide range of consumers and transactions.
A consumer is not only the person to whom goods or services are promoted or supplied,
but also the actual user of the goods or the recipients or beneficiary of the services. In other
words, a consumer may be a person other than the person who entered into an agreement with a
supplier and paid for the goods or services.
In practice this would mean that if you are given a spa treatment as a birthday present,
you will be entitled to the consumer protection measures set out in the Act, even though you
never entered into an agreement with the spa.

Safety monitoring and recall

The provisions in the Act regarding safety monitoring and recall (section 60), and
liability for damages caused by goods (section 61) apply to ALL transactions, even those
transactions exempted from the application of the Act. Thus, in our example above, the
distributor will be entitled to protection where she suffered damage as a result of defective goods
– even where the transaction was exempted.

The Act will not apply to services which constitute advice or an intermediary service that
is subject to regulation in terms of the Financial Advisory and Intermediary Services Act, 2002
(FAIS), or services in terms of the Long-term Insurance Act, 1998 or the Short-term Insurance
Act, 1998. However, it should be noted that the Act prescribes that the Long-term Insurance Act
and the Short-term Insurance Act must be aligned with the consumer protection measures in this
Act within 18 months from the commencement of this Act.
88

LESSON

1.5

If this is not done, the provisions of this Act will apply to all services rendered in terms of
the two insurance Acts.

Direct marketing
The provisions in the Act which regulate direct marketing extend to all communication
for the purposes of direct marketing (not only direct marketing via electronic communication). In
terms of section 11, a consumer may either refuse to accept, pre-emptively block, or require
another person to discontinue any communication which may be seen as direct marketing. This
may include telephone calls, e-mails, brochures or letters in the mail, etc. The National
Consumer Commission will facilitate the establishment of a registry where a consumer may
register their particular preferences (for example, that a consumer wishes not to receive any
direct marketing (a pre-emptive block) or, where he previously agreed to receive marketing
material, he now wishes to change his mind and requires the marketer to stop marketing to him
directly). Businesses will have to ensure that they have measures in place to receive and record
consumers’
specific preferences (at no cost to the consumer), and abide by these expressed
preferences. In addition, the Minister may prescribe certain times when consumers may not be
contacted, for example, on public holidays or after a certain time at night.

Cooling
off
The Act provides for a 5 business day cooling off period in instances where transactions
resulted from direct marketing, in other words, transactions which were not initiated by the
consumer (section 16). This section does not apply to transactions which are governed by section
44 of the Electronic Communications and Transactions Act, 2002 (in terms of which consumers
have a seven day cooling off period (normal days, not business days)).

It should be noted that it is not a requirement for the transaction to be concluded at the
home of the consumer for the cooling off period to apply (as is the case in the National Credit
Act). The cooling off period will apply to all transactions that resulted from direct marketing.

Product liability
Section 61 of the Act effects a major change with regard to the position of the consumer
in cases where he suffers damages as a result of unsafe or defective goods. This provision
determines that producers, importers, distributors and retailers of goods will be liable for any
harm caused as a result of the supply of unsafe goods, a product failure, a defect or hazard in the
product, or interestingly, inadequate instructions for the use of the goods or warnings related to
any 89

IMPACT OF LEGISLATION ON RISK MANAGEMENT
possible hazard that might be associated with the product. (Although the Act determines
that labelling of products and trade descriptions are optional, it might be necessary for producers,
importers, distributors and retailers of goods to ensure that proper instructions for use, and
warnings of potential danger or hazard are provided, as this may prevent a claim for damages by
consumers.) Probably the biggest change to the current legal position is the fact that the Act
determines that producers, importers, distributors and retailers of goods will be liable for damage
caused by unsafe or defective goods whether or not the harm resulted from their negligence. This
means that the consumer will no longer have to prove that the damages suffered as a result of
defected goods was due to the fault (negligence or otherwise) of the producer, importer,
distributor or retailer (this is referred to as strict liability). Rather, the shoe is now on the other
foot: where a consumer claims for damages, the producer, importer, distributor or retailer will
have to prove that they are not responsible, and thus not accountable, for the resulting damages.

The Act determines that a consumer may hold the producer, importer, distributor and
retailer jointly or severally liable, and a consumer may claim for damages related to death,
injury, illness, loss or damage to property, or economic loss as a result of death, injury, and
illness or, loss or damage to property. The Act provides for a number of defences which the
producer, importer, distributor and retailer may use when a claim for damages is instituted
against them by a consumer.

Term, renewal and cancellation of contracts
The Act regulates the term, renewal and cancellation of fixed term contracts. In terms of
section 14, there can be no automatic renewal of the fixed term contract.
The consumer (this section applies to natural persons only) is entitled to cancel the
contract when the contract term expires, or at any other time, given that he gave the supplier 20
business days’ notice in writing. Where the consumer cancels the contract before the expiry date,
the supplier will be entitled to any outstanding amounts, as well as a reasonable cancellation fee.

Language
The Act does not contain a provision for information to be in an official language.
However, section 22 requires that all information should be in plain language. The Act
further requires that the language used should be appropriate to the class of persons the goods or
services are aimed at, and as understandable to someone of that class with average literacy skills
and experience. Where technical specifications are set out in any agreement or on a product
label, this requirement might prove difficult to comply with.
90

LESSON

1.5

Written agreements
There is no general requirement for agreements to be in writing. However, the Act allows
the Minister to require certain categories of agreements to be in writing. It is foreseen that the
Minister may require fixed term contracts to be in writing. Section 50 requires that where an
agreement is set out in writing (whether this is required in terms of this Act or voluntary) the
supplier must provide the consumer with one free copy (or access to an electronic copy) of the
terms and conditions, that the agreement must be in plain and understandable language, and that
it should contain a breakdown of the consumer’s financial obligations under the agreement.
However, if a consumer agreement between a supplier and a consumer is not in writing,
the supplier is obliged to keep a record of the transactions entered into over the telephone or any
other recordable form.

Customer loyalty programmes
Section 35 of the Act determines that a supplier who sponsors a consumer loyalty
programme, or accepts loyalty credits in exchange for goods or services (for example frequent
flyer miles), may impose a partial or complete restriction on the availability of the goods or
services during specific periods of the year. However, the restriction may not exceed 90 days in a
calendar year. In addition, the Act requires that certain information be made available to the
consumer when an offer to participate in the loyalty programme is made.

Overselling and overbooking
The Act provides for the reasonableness test for overselling and overbooking. In terms of
this test a supplier may not accept payment for goods or services where it has no reasonable
intention to supply the goods or services, or where it intends to supply goods or services that are
materially different to the goods or services for which the consumer has paid.

With regard to damages suffered as a result of a supplier’s inability to supply goods or
services due to overbooking or overselling the Act provides for a refund of the amount paid plus
interest (usually, this would be the deposit plus interest), as well as any consequential damages
which directly resulted from the breach of contract.

In practical terms, this would mean that where you –

booked a flight from Cape Town to Durban for which you paid a deposit of RX,

booked and paid for a rental car in Durban in the amount of RY, and

set up a meeting with a business associate in Durban to sign a contract valued at RZ, after

which the business associate will leave for India, and you are bumped from the flight as a result
of overbooking, you will be entitled to claim

RX plus interest for the deposit you paid for the flight, and 91

IMPACT OF LEGISLATION ON RISK MANAGEMENT

RY plus interest for the rental car, which amounts to a consequential loss that is directly
resulting from the overbooking.

However, the fact that you suffered a loss because you were not able to sign the contract
before your business associate left for India amounts to loss of anticipated use or enjoyment, for
which the Act does not provide.

Warranty on repaired goods
The Act provides for a three month warranty on repaired goods. This warranty includes
all new or reconditioned parts installed during the repair or maintenance work, as well as the
labour to install such parts. However, where a consumer subjected goods to abuse or misuse, the
warranty will be void. Also, the warranty does not extend to ordinary wear and tear.

Safety monitoring and recall
The Act introduces a streamlined approach to safety monitoring in that it obliges the
National Consumer Commission to promote the development and adoption of industry wide
codes of practice in terms of which industries will monitor safety of their products. This includes
the introduction of systems to receive and investigate complaints, recall goods, and reporting on
certain matters to the National Consumer Commission.

However, the National Consumer Commission may require the importer or producer of
particular goods to carry out a recall of the product where the National Consumer Commission
has reasonable grounds to believe that goods are unsafe, and the producer or importer of the
goods has not taken the necessary steps in terms of the applicable industry code to ensure public
safety.

Prepaid certificates, credits and vouchers
The Act determines that gift or similar vouchers expire either upon redemption or after

three years. (Adapted from Accounting South Africa website) 92

LESSON

1.5
NOTES:

BIBLIOGRAPHY

Risk Management, AC Valsamakis, RW Vivian and GS du Toit,

Nel, P.S. (2001). Employment Law Impacting on Employment Relationships. Nel, PS;
Gerber, PD; van Dyk, PS; Haasbroek, GD; Schulz, HB; Sono, T; Werner, A (2001).
Human Resources Management: 5th Edition Oxford: Cape Town

Nel, PS; Gerber, PD; van Dyk, PS; Haasbroek, GD; Schulz, HB; Sono, T; Werner, A
(2001). Human Resources Management: 5th Edition Oxford: Cape Town

Machado, R. The Foundations of Business. Juta.

Marè, G.F. 1996. ‘n Handleiding vir Entrepreneurs: Die weg na beroepsukses. Kagiso
Uitgewers.

Turn in your highest-quality paper
Get a qualified writer to help you with

“ Please help with Risk Management no text book available or needed for this assignment. RISK MANAGEMENTLearner Full Names:Surname:Only fill in… ”

Get high-quality paper

Guarantee! All work is written by expert writers!

Still stressed from student homework?

Get quality assistance from academic writers!

Order now