JIT2 Risk Management Report: Revlon's Challenges and Strategies

Verified

Added on 2023/06/08

AI Summary

This report provides an overview of Revlon, a global cosmetics company, and examines the various risks it faces in the international marketplace. The report identifies eight key risks, including foreign laws and regulations, international accounting complexities, global pricing strategies, currency rate fluctuations, communication difficulties, supply chain complexity, potential natural disasters like earthquakes, and the threat of data theft. For each risk, the report assesses the likelihood of occurrence, severity of impact, and controllability. It then proposes risk responses, such as becoming familiar with local laws, adopting appropriate tax strategies, implementing competitive pricing, managing currency exchange through forward contracts, adapting brand names for foreign markets, tracking suppliers effectively, securing business insurance against natural disasters, and employing robust data security measures. The report also outlines a business contingency plan, including strategic pre-incident changes and measures to protect sensitive data, ensuring business continuity and resilience in the face of potential disruptions. This document is available on Desklib, where students can find similar solved assignments and resources.

Running head: RISK MANAGEMENT
Risk Management
Name of the Student:
Name of the University:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1RISK MANAGEMENT
JIT2/RISK MANAGEMENT
A. Company Overview
The selected company for this report is Revlon. The company is manufacturing as well as marketing
of range of cosmetics and nail products. The company is selling of cosmetics under its brand name. The
company is known as best cosmetics companies which is operating into upper mass market segment. This
company is operating globally, therefore there are possibility of various global marketing risks into the
business operations of Revlon. The total revenue of the company is $2.334 billion. The marketing
activities of Revlon are price that the company is pricing their products offerings of other competitor
brands. Competitive pricing is varied as per the cosmetics industry. Various brands are offerings of
similar features of products but those are differentiate by means of price. Revlon as the cosmetic giant has
its presence into hundred countries along with Australia and US (Revlon, 2016). The company is focused
to sell of their products throughout retail channels as well as mechanizing stores. There are also bulk
distribution throughout drug stores and pharmacy across the global marketplace. It helps the company to
retain of larger middle class consumer based across various nations. The company is also adopted of
strategy of point of sales towards its retailing operations.
A1. through A3a. Risk Register
Name of
Risk Description
Source
(with
explanation)
Likelihood of
Occurrence*
(with
justification)
Severity of
Impact*
(with
justification)
Controllability*
(with
justification)
1. Foreign
laws and
regulations
The company has lack of
understanding of local
laws and regulations for
successful international
business.
Laws and
regulations
As each of the
country have
different laws and
regulations,
therefore it is
difficult to
understand each
country’s law
properly when
doing overseas
business.
Very likely
It is very likely
that the company
is not familiar
with the new laws
and regulations of
the country they
are going to
operate their
business
Bromiley et al.,
2015).
Moderate
Lack of
understanding of
laws and
regulations
provide moderate
impact on the
business
functions of
Revlon in global
marketplace.
Total direct
control
throughout the
project actions
This risk is
directly controlled
by following of
laws and
regulations of the
country, the
company is
operated.

2RISK MANAGEMENT
2.
Internation
al
accounting
Accounting is a risk to
Revlon those are liable for
the corporation tax abroad.
Accounting
Various tax
systems make
accounting
functions of the
company a
significant risk.
Likely
It is likely
occurred as
various
accounting
system can
provide a benefit
on the company’s
sales and its
profit.
Medium
International
accounting
system provides
impact on the
company’s sales.
Medium
controllable
throughout the
project actions
Sometimes, it is
not possible to
liable towards the
taxation of
products and
services.
3. Global
pricing
strategy
Setting of price of
products as well as
services at overseas is a
big risk for the company.
Cost is considered to
remain competitive
globally.
Price
Due to different
pricing strategies
into different
countries,
therefore price
factor is a
challenge for the
company when
they are decided
to source their
products
overseas/
Medium
There are
medium
likelihood as the
company is not
able to make a
better pricing
strategies to
achieve of more
customers Wolke,
2017).
Medium
Various pricing
strategies provide
an impact on the
profit and total
sales revenue of
the company.
Highly
controllable
throughout the
project actions
By following a
proper pricing
strategies of the
products, Revlon
can able to
compete into
international
market.
4.
Currency
rate
There is fluctuation into
the currency rate is a risk
for the international
business (Hiles, 2007).
Price
Sometimes, there
is change into the
rate of currency
which is a risk for
the company to
sell their products
globally.
Highly likely
There is difficulty
into forecasting
of global
economic
volatility when
there is
fluctuation into
rate at
unpredictable
levels.
Extreme
Fluctuations into
rate provide
impact on balance
of the business
expenses as well
as its profit.
When the
company is
paying the
suppliers cost
with US dollars,
but selling the
product with un-
predictable
currency, then the
company is ended
up with a loss.
Minimal control
The company is
not able to predict
when there would
be fluctuation into
the currency rate.
Therefore,
sometimes the
company has to
face this situation.
5.
Communic
ation
difficulties
along with
cultural
differences
Communicating across the
cultures are considered as
real challenge. There is
ineffective communication
with the clients and
consumers results
unsuccessful into the
international business.
Barrier into the language
Communication
and culture
Different
language and
culture of
individuals is a
risk.
Nearly certain
When any
company is going
to operate in
other country,
there are nearly
certain possibility
of language and
Medium
Cultural
differences are
also influencing
the market
demands for the
product and
Highly
controllable
throughout the
project actions
The company
should have such
person in their
store those can

3RISK MANAGEMENT
and nonverbal
communication is
breaking the business
deals.
cultural barrier. service. understand the
country’s
language and
familiar with the
culture of people.
6. Supply
chain
complexity
When coming to source of
products as well as
services from overseas,
handling of the supply
chain is a defy for the
company. Complexity into
the supply chain rises
chances to effort with
suppliers and illegal
business practices (Merna,
& Al-Thani, 2008).
Supply chain
management
The suppliers are
the main channel
to source of
products to their
clients, therefore
complexity into
supply chain is a
risk.
Nearly certain
There are
complexity into
the supply chain
as the suppliers
are not able to
provide services
on time. In case,
when the
company is
operated
internationally
then it is quite
hard for the
company to track
the delivered
products from the
supplier side.
Medium
It provides impact
on the business as
the clients are not
satisfied when the
product are not
reached or
delivered on
scheduled time.
Minimal control
The company
should track the
suppliers and
concerned on the
scheduled date
when the product
is supposed to be
delivered.
7.
Earthquake
There are possibility of
natural disaster which
would be a high loss for
the company and its sales
revenue.
Natural disaster
There are
possibility of
natural disaster
which would
harm the
company and its
products.
Unlikely
There is very few
possibility of
earthquake which
would hamper the
business
functions of
Revlon.
Low
It provides a low
impact on the
business when the
company have
proper business
insurance.
No control
There are no such
control over
earthquake
(Blyth, 2008).
8. Data
theft
There are high chances of
loss of data or stolen of
data. The hacker may steal
payment card information
and personal information
of the customers
(Glendon, Clarke, &
McKenna, 2016).
Security
Lack of security
of the personal
data can case of
data theft.
Likely
There is
possibility of loss
of data when the
company has no
such password
protected and
authorized system
to put personal
data into a
secured place.
High
It provides a high
impact on loss of
data of the
customers and
stolen of the data
may cause their
brand reputation
to fall. The
customers would
not trust the
company any
more to share of
personal
information next
time.
Controllable
The data theft is
controlled by
putting the data
into password
protected folder
so that no
unauthorized
person can access
to it.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4RISK MANAGEMENT
B. Risk Responses
Risk 1: Foreign laws and regulations risk is mitigated by become familiar with the laws in which the
company is going to operate. The company when going to operate overseas should get better
understanding of local laws and regulations for successful international business.
Risk 2: The Company should provide of proper tax to the country’s government and also get an
understanding of the tax related laws and regulations to provide tax for their products and services
overseas.
Risk 3: As each of the countries have different pricing strategies, therefore the company should achieve
and get understanding of country’s pricing of similar products and then they should sell the products into
the market with low price so that the company can able to gain of competitive market. Therefore, in order
to gain profit and a better brand reputation, Revlon should implement a better pricing strategies.
Risk 4: One of the way to prevent from the currency rate fluctuation risk is paying the suppliers as well
as production cost into same currency as one the company is selling into. There is required to switch into
local production where it is possible to get better balance of outgoings besides sales revenues of the
company. There is also possibility to mitigate un-predictable currency rates is set up of forward contract
and decide with charge into development for the upcoming sales. It protects the sales of Revlon from risk
being presented by means of unbalanced currency.
Risk 5: The Company should consider to adopt names of their brand as well as product when there is
launching into the foreign market. There should be created of quality transactions of the product along
with marketing materials. It ensured for the brand name works as well abroad.
Risk 6: The Company should track of their suppliers those are providing of raw materials and other
marketing services to the company. As it is difficult to track the suppliers from overseas, therefore the
company should use of better tracking system which help them to track the products on the way and can

5RISK MANAGEMENT
estimate the time the company is supposed to receive it. Cost is considered to remain competitive
globally as cheapest price of product can help the company to achieve of global place into international
business.
Risk 7: The Company is required to insure their store, products and services so that any natural disaster
may occur, the company can get return of money through their insurance policies. As they are no such
control over the earthquake, therefore either the company should concerned on forecasted weather
condition or they can have a proper business insurance. The company should also take care of personnel
losses by getting proper safety and early precautions to this type of natural disaster.
Risk 8: There should be use of proper firewalls and encryption method to keep the data secured. The
personal data of customers should not be shared with others or any authorized person. The information
of customers should only be accessed by authorized person. All the personal data of customers are kept
password protected and they should a strict encryption of the data. When there is theft of data, it provides
a huge impact on the company as the customers are not satisfied with this kind of mistakes from the
company’s side.
C. Business Contingency Plan
C1. Strategic Pre-Incident Changes
1. Each of the competence will conduct if consciousness training which included of facility
evacuation routes as well as measures on annual basis
2. There are procurement of emergency supplies for the employees trapped at facility to store at
secured location
3. Communicate with the community evacuation routes by posting of posts throughout the facilities
4. Work with the local authorities for coordination of emergency activities and work with the local
authorities for coordination of emergency activities (Rosemann & vom Brocke, 2015).

6RISK MANAGEMENT
5. Emergency numbers are published into higher traffic areas to protect each of the employer knows
precise number to call to the responders besides accept of aid from external the emergency crews
C2a. Sensitive Data
Sensitive data are assets to the company, as well as kind of data is based on the company. When
the data are based on the company, it is protected by regulations as well as the company can hold of the
assets. In this case, the sensitive data are intellectual properties, employee names, contract number,
residential address, employee identification number, corporate data, organizational policies and
information related to vendors besides suppliers. The data are protected by laws and there is also required
of physical protection. Without physical protection, the regulations are easily become powerless against
the security breaches. The sensitive data are stored into secured server that is encrypted by random
generated password. When an authorized person access to the sensitive data, then each thing is monitored
as well as recorder for future security reasons.
C2b. Normal Data Protection
The best offense to protect of sensitive data is have decent defense. Electronic learning labs are
implemented of defense when it originates to keep of data. All the sensitive data are encrypted in rest as
well as in transit. The network is being segmented of virtual local area networks to produce, develop and
test. All LANs are being protected with firewall (Salmela, 2016). Access to the server is consoled and
allowed from the corporate VPN. All the employees should have authentication for login. The company is
accessible to the key card. The card is for terminated workforces are composed and restricted in 24 hours
of termination. The data center is being accomplished by AWS to evaluate information for access control
in datacenter, physical, logical security measures. The guests can display of temporary badge throughout
the visit.
C2c. Disruption Data Protection

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7RISK MANAGEMENT
Since there is strive for enforce of security methods, data protection throughout disruption is not
changing. There is risk to compromise of security is not work rewards to bring DR site. It is required to
have privileges, encryption, and segmentation of network, firewalls besides authentication. The security
function is transformed the locations where the server can relieve of access to be gained. When the
corporate office is not retrieved throughout emergency, the infrastructure team can appeal for public IP
address from the workers to permit VPN access into AWS situation.
C2d. Ethical Use of Data
The ethical use of data is required throughout disruption. It is documented principles regards to
sensitive data, action plan to manage of confidential data as well as current resources. The things are to be
done through comply of laws, regulations, contracts and policies. The payment card is a data security
standards, social security number in addition to statement of acceptable uses (Sahebjamnia, Torabi, &
Mansouri, 2015). The data are either viewed by exposure or accessed by unauthorized individuals, then
the company should do of hardware repair as well as software updates, anti-viruses software, LAN
support to computer data in prevention to data theft.
C3a. Customer Records
Ethical protection of customer records are important, therefore the company is adhere to
guidelines such as lawful processed of data, accurate, processed with data subject rights, secured as well
as non-transferred without effective protection. The company can contact with information commissioner
officer to protect of customer data. The storage system is monitored to make sure that it is continued to
meet with requirements of business and comply with legislation.
In order to secure the customer records, encryption as well as access control systems are
implemented. It ensures that the users with proper permission have to access to the customer’s data. In
order to make sure that the data are ethically protected, monitoring system is implemented. The system
can analyze who access to the data and for which purpose. The employees can fill data request form to

8RISK MANAGEMENT
make sure that they can get the data. The data are also kept backup to make sure that it is recovered in
case of data loss.
C3b. Normal Security Measures
Secure of the customers data is a key requirement for the company. Without the customers, the
company is no more operated their business anywhere. Facilities are required of security equipment’s like
cameras as well as biometric scanners (vom Brocke, Zelt, & Schmiedel¸2016). With those security
equipment’s, there are regular checking of functionality will make sure of minimal intrusion that are
occurred. Security guards are in place to make sure that the security equipment’s are into place.
The IT department ensures that security practices are utilized by the employees throughout no
notice of inspections. The employees are received of annual training to make sure that they are aware of
the threats like social engineering. It provides training on password protection. It safeguards will reduce
risks throughout human factor such ad employee. IT department should ensure that the network is being
threatened with firewalls besides up-to-date operating systems and the system will accept of existing
patches. IT department will display DNS logo to make sure of interference is being detected.
C3c. Disruption Security Measures
In event of intrusion on network, fast responses are introduced and it followed of attack responses
protocol. The data will be locked for the employees, and the backup servers are retrieved to endure with
the usual operations. Scanning of DNS logs as well as server rooms are intruded of network facilities.
Once the intrusion is being counteracted, the team will provide a short-term to the personnel.
C3d. Ethical Use Protections
The customers as well as clients are trusted the company with the personal as well as corporate
information, to maintain of interest as well as extension retain of the customer and buyer. It is critical that
the company is not protecting only the data, but also ensuring that it is used in moral way.

9RISK MANAGEMENT
In order to protect of data, the company is used of higher security IT systems as well as
monitoring of client information. It will mandate the training requirement for the employee to educate
them of ethical use of both internal as well as external data.
The company will employ of use of virtualized environment in offsite system, there is replication
among data centers as well as hosted cloud services. In order to back up as well as maintain of higher
availability and security of the data (Dar et al., 2015). After major disruption, the company is used of
methods to redirect of virtual environment along with restoration of back up of data which is laid out of
the internal data.
C4. Communication Plan
In case of major disruption and disaster, it is ensured that communication is major requirement
into the organization. The communication plan which is used in case of disruption is started as disaster
tree with all contact information of employees. There are monthly review of plan to add into revisions as
well as updates to the company. There are also training along with testing based on utilization of plan.
C4a. Stakeholders
The stakeholders are included of customers, suppliers, and employees, board of director, vendors,
governmental agencies and clients. In event of disaster, the employees are communicated about not to
come to work, customers are notified of expected delays to deliver orders, board of directors for direction,
suppliers are notified for cancellation and delay of pending orders. The clients are notified of damages
whether the goods are stored and estimation duration of disruption. The governmental agencies for advice
of conceivable risks to setting and contact to the personal data needed by the native regulations.
C4ai. Stakeholder Communications
In case of emergency, it is required to contact with the supervisor and other personnel. When there
is go down of phone lines, then each department should have contact list with contact information of
supervisors and others. In event level, it is required to mandate to start the phone tree by contacting the

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

10RISK MANAGEMENT
emergency services, straight supervisor of the department. In case the usual communication lines are
down, the workers can use of email system. Once the administrator is being contacted, then it will
responsible to start of phone tree to contact other departmental head. Once one person is contacted, then it
will automatically contacted to next level to make sure of accuracy.
C5. Restoration of Operations
It is focused on how to get organizational up as well as running after the disruption like total loss
of the facility. In case disruption is occurred, it is required to get data backup online, ensure that the
facilities are operational, taking care of customers as well as clients, re-establishment of contact with
vendors and looking out the employees and families. With regards to restoring operations afterwards
occurrence of disturbance, the company should follow of information such as commercial requirements to
recover of dangerous functions, technical necessities to recover of dangerous functions. There are proper
timeframe in plan to allow for recovery. With disruption, there are loss of revenue which caused to reduce
of profits.
D. BCP Implementation Plan
D1. Implementation of the BCP
BCP is implemented in Revlon as it is continued to deliver of services that are critical to the
business operations and identification of resources that are required to support of the business continuity.
BCP is effective when it is critical to the components which can present throughout the planning stage. A
senior management committee is required at the time of implementation of BCP to oversee process that is
included to initiate of required steps, design the resources and continue with testing and auditing of the
plan. Senior management is approved planning structure, identified role of individuals, created of teams
responsible to develop and execute the plan along with prioritization of the business operations.
D2. Communication of the BCP

11RISK MANAGEMENT
When dealing with the commercial interruption, it is dangerous to provide direction to vendor,
employee and clients and both internal as well as external contracts such that they are aware of activation
of BCP. The communication officer can initiate notice process to make sure all the personnel can get
aware of status of emergency and details regards to BCP. Contract will being established included of
cellular, internal email and personal phone. Each of the member is responsible to make sure that the
customers as well as vendors can notified regards the status of BCP during interruption. It is included of
communication of impact of both vendor and customers, estimation of target time for resumption of the
operations and contract information.
D3. Monitoring and Testing of the BCP
BCP is taken into consideration with estimated costs to move, setup as well as ongoing operations
into new facilities. There are monitoring and testing program of BCP process which remains viable
throughout:
1. Incorporation of BIA as well as risk assessment into BCP along with testing program
2. Expansion of enterprise wide testing program
3. Assigning of roles as well as tasks to implement of testing program
4. Completing yearly and test the BCP
5. Evaluating of testing program and test the results by the senior management as well as
board
6. Assessment of testing program and test consequences by the sovereign party
7. Revising of BCP as well as testing programs based on variations into the business
processes
8. Auditing besides examining the references
D4. Adjustment of the BCP