Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Risk Management in Brazilian Energy Utilities

Verified

Added on 2022/11/28

AI Summary

This article discusses the risk management framework for cyber security in Brazilian energy utilities, highlighting the impact of cyber threats and the role of stakeholders in managing the issue. It analyzes the motivations of cyber attackers and the lack of corporate governance in the energy sector. The article also suggests that technology and real-life examples should be emphasized to address the severity of the issue. The case study focuses on Woolworths Supermarkets, its industry, cyber spaces, and cyber risks, highlighting the need for a separate cyber risk management policy. It discusses the processes and elements of cyber risk governance and management in the context of an organizational ERM framework. The article concludes with a critical review of the model and recommendations for improvement.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: RISK MANAGEMENT
Risk Management
Name of the Student:
Name of the University:
Author Note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1
RISK MANAGEMENT
Part A - Article review:
1) A synopsis of the article highlighting the risk management framework, its constructs,
findings and assertions:
The article titled, ‘Cyber security governance and management for smart grids in
Brazilian energy utilities.’ by Pardini et al. (2017) sheds light on one of the most crucial
challenges faced by the global industries-cyber security issues. The analysis of the approach of
the article shows that the authors have very succinctly highlighted the impact of cyber security
on the energy sector. The authors right in the introductory section highlighted the importance of
the energy sector to the global economy and the role of the sector in ensuring social wellbeing.
The authors point out that in order to make the energy generation, distribution and retailing
operations of the more dynamic, energy companies today implement higher level of
digitalization. The article then goes on to point out that the lack of corporate governance in the
energy sector especially in the area of cyber application, provides the opportunities to cyber
threats from the ‘external threats. The article gives a detailed analysis of the motivations of the
cyber attackers to launch cyber-attacks. It mentions that the sizes of the hackers can vary from a
small as an individual to as large as an entire nation. The article also mentions the different
motives, which the hackers have behind hacking cyber spaces. The article then brings in
stakeholders, which can play significant role in enabling the companies manage the issue of
cyber invasion. An analysis of the article shows that in depth analysis of the issue by the authors.
The article though specifies Brazil, in actuality pertinent for the global economy. Similarly, the
article is applicable for not only the energy sector but for all the other sectors. The analysis of the
article does point out some flaw as well. The first flaw is that the article does not stress on the
use of technology in curbing cyber threats. Similarly, the article does not provide any actual

2
RISK MANAGEMENT
example suffered by energy companies. Thus, the analysis can be closed by mentioning that
though the article delves into the issue of cyber threats, it does not provide any real life example
to prove the severity of the issue.
2) Describe the organization’s background, industry, cyber spaces and cyber risks:
Background and industry:
Woolworths Supermarkets is a leading Australian supermarket chain owned by
Woolworths Group, which is listed on the ASX. The retail chain was founded in 1924 and at
present operates in more than 900 locations. The super market chain leads the Australian retail
industry alongside Coles. As per a report released by the Australian Broadcasting Corporation in
2019, the share of Woolworths in the Australian retail market has increased from 32.6 percent to
34 percent in 2018. Coles follows Woolworths with 27.6 percent market share followed by Aldi,
IGA and other super markets. Thus, it is evident that the Woolworths dominates the Australian
retail industry. The product umbrella of the supermarket chain consists of fruit and vegetables,
meat, seafood and Deli, bakery, dairy products, beverages, pet food, baby food, health and
beauty products and household goods. The supermarket chain apart from marketing products at
its outlets, markets products on the ecommerce platforms as well (Woolworths.com.au. 2019).

3
RISK MANAGEMENT
Figure 1. Graph showing the share of Woolworths in Australia
(Source: Abc.net.au. 2019)
Cyber spaces and cyber risks:
The supermarket operates uses the cyber space to carry on its operations and is thus,
subjected to various cyber risks. They supermarket functions using both its brick and mortar
outlets and ecommerce portals. In fact, the brick and mortar outlets of the supermarket are
dependent on technology largely to function, which includes right from payments received from
customers to maintain inventory. The retail company uses the digital platform to market its
products in the Australian market and receive orders from customers. Woolworths Supermarket
has a very strong presence on the social media platforms like Facebook and Instagram, all of
which are based on the cyber space. It even uses the digital platforms to procure goods from

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

4
RISK MANAGEMENT
suppliers (Nagurney, Daniele and Shukla 2017). This is because any cyber intrusion in the digital
space of the retail chain could lead to loss of confidential business data of great importance, thus
causing massive business losses to the retail chain. Loss of data can even bring the entire
operations of the retail to a halt, thus further escalating the issue. The immense business loss
which cyber threat can pose to the retail chain was brought to the forefront when the computer
system of the retail chain was all across Australia crashed 2018 leaving the entire operation of
halted for an hour, thus causing losses of millions of AUD (Weeklytimesnow.com.au. 2018).
Thus, it is evident that the supermarket chain is extremely susceptible to risks from cyber-
attacks. Cyber risks pose serious threats to companies because they lead to losses of vital data
sets like customer data and financial data (Biener, Eling and Wirfs 2018). The magnitude of the
risks, which cyber risks pose to Woolworths supermarket and its stakeholders like customers can
be gauged from that fact that cross border cyber-attacks are capable of stealing immense amount
of money from both the retail chain and its consumers (News.com.au. 2018). The retail giant is
expected to have very strong policies regarding management of its online operations. However,
the ‘2018 CORPORATE GOVERNANCE STATEMENT’ issued by the apex management
contradicts this perception of strong data security at the Woolworths. The document on the sixth
page mentions that the senior management is responsible for reviewing cyber security. Thus, it
transpires from this document that cyber security system in the Woolworths Supermarket is weak
in spite of the serious cyber threats which the supermarket chain is exposed to
(Woolworthsgroup.com.au. 2019).

5
RISK MANAGEMENT
3) Explain the processes and elements pertaining to cyber risk governance and
management in the article in the context of an organizational ERM framework.
The processes and elements of ERM framework of the Woolworths Group, the owner of
the retail giant provides evident that it has a succinct cyber risk government and management
policy in place. The ‘TERMS OF REFERENCE OF THE RISK AND COMPLIANCE
COMMITTEE’ document of Woolworths Group mentions that the enterprise risk management
framework of the company operates under the Risk and Compliance Committee. The committee
in turn works and derives its power from the board of directors. The risk management process
and elements of Woolworths rest on AS/NZS ISO 31000:2009 Risk management – Principles
and guidelines (Iso.org. 2019). The risk assessment process of Woolworths which embraces
cyber risks consists of five main elements. The first element of the risk management process of
Woolworths is identification of the risks. The stakeholders identify the risks pertaining to the
supermarket chain pertaining to crucial areas like cyber risks. For example, upon identifying
cyber risks like potential threat unauthorized access to the company’s data of any kind, the
employees report it to the middle level managers. The middle level managers report the issue to
the Risk and Compliance Committee, which takes the second step namely, measurement. The
Risk and Compliance Committee breaks down the second step into four steps. They are
controlling the severity of the risks like cyber risks, measuring the consequences of the risks,
identifying the likelihood of the risks followed by risk rating. The third step consists of
prioritizing the risks followed by the fourth step of taking action steps. The fifth and the final
step of the process consists reporting, monitoring and assurance (Woolworthsgroup.com.au.
2019). However, considering the computer crash and the consequent loss of business, which
Woolworths suffered it, can be asserted that the retail giant requires ERM policies, which would

6
RISK MANAGEMENT
emphasize on the cyber risk management to counteract future cyber-attacks (News.com.au.
2018).
Figure 2. ERM framwork of Woolworths
(Source: Woolworthsgroup.com.au. 2019)

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

7
RISK MANAGEMENT
Figure 3. Elements and process flow of ERM of Wooloworths
(Source: Woolworthsgroup.com.au. 2019)
4) Discuss the policy and process implications of the proposed model to the organization as
a strategic organizational enterprise risk management framework:
The EMR policies and process of Woolworths have several implications to the retail
giant as a strategic organizational ERM. The first implication of the risk management policies of
Woolworths covering several risks including cyber risks is that they are applicable throughout
the organisations. They apply to all the locations and all employees irrespective of designations,
which ensures standard risk management operations. The second implication is that engages both
external and internal stakeholders, which ensures strong stakeholder support in the entire
process.

8
RISK MANAGEMENT
5) A critical review of the model on how well it fits the organization and your
recommendations for improvement.
A critical review of the ERM model of Woolworths Supermarket shows that it is
insufficient to meet the increasing levels of cyber threats the supermarket chain faces in
Australia. First, the ‘TERMS OF REFERENCE OF THE RISK AND COMPLIANCE
COMMITTEE’ document mentions the ‘cyber security’ only once. This means the retail chain
does not have a separate cyber risk management policy in place, which is extremely necessary
considering the growing numbers of cyber threats it is facing. It can however, the model is
alignment with industry standards and can be applied to other industries. Secondly, the ERM
including cyber threats of Woolworths in spite of enjoying backing of the apex management was
not able to prevent the computer crash. This actually contradicts the fitness of the model. Thus, it
can be recommended that the supermarket chain should form separate cyber threat management
policies to face the future cyber-attacks in order to improve its ERM. The second
recommendation is that the cyber threat management policies should apply to both external
stakeholders and internal stakeholders accessing the data of the retail giant.
Part B. Case Study Analysis:
1. Recommended strategic ERM:
The recommended strategic ERM of Woolworths should be an integral part of the central
enterprise risk management framework of the retail chain. The ERM should dedicate an entire
new section to cyber risk management. The cyber risk management framework of Woolworths
should be aligned with the vision and mission of the retail chain. The objective of the cyber risk
management framework should detecting the slightest of the cyber threat within its internal and
external digital space and report the same to the dedicated committee on real time basis. The

9
RISK MANAGEMENT
cyber threat risk management framework should operate under the c-suite leadership of a
special committee like the present Risk and Compliance Committee. The committee should
report directly to the board. The role of the board would measuring the intensity of the reported
cyber risks and its potential impact of the retail giant. The role of the board would be prioritizing
the risks and forming risk management Risk and Compliance Committee strategies. The cyber
risk management framework should form policies and process of using the digital platforms of
the retail giant, which would apply to both internal and external stakeholders. The policies which
the committee would form would apply with to all aspects of internal operations like
interdepartmental data sharing and even data sharing among employees operating in the same
department.
The cyber risk management is an appropriate framework because it would enable
Woolworths to deal with future cyber threats more effectively. This is because considering the
growing market share of Woolworths in Australia it would not be wrong to expect more severe
cyber-attacks on the digital base of the retail giant to steal sensitive business data. Thus, a
committee looking after all types of risk would find it challenging to manage cyber risk
efficiently. Thus, in this case cyber risk management committee would prove more efficient in
combating cyber risks. The strengths of the committee would be its power directly driven from
the board and locus of control spanning the entire digital space of Woolworths. The weaknesses
of the committee might arise would be its supposed conflict with the existing Risk and
Compliance Committee and limited resources. The committee would be able to overcome the
first weakness by effectively collaborating with the Risk and Compliance Committee. The
second weakness can be countered by appealing to the board to allocate more resource towards
the operations of the committee. The committee should comply with AS/NZS ISO 31000:2009

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

10
RISK MANAGEMENT
Risk management – Principles and guidelines as per the prevailing risk management policies
of the company. The committee should also arrange of training the employees of Woolworths
Supermarket in order to gain their support in management of cyber threats. The committee
should act closely with the other departments like IT and marketing. This would greatly reduce
the scope of conflict of the committee with the existing departments. This collaboration of the
cyber risk management committee with the other departments would strengthen the operations of
the former.

11
RISK MANAGEMENT
References:
Abc.net.au. 2019. Abc.net.au. [online] Available at:
https://www.abc.net.au/news/2019-05-03/supermarket-market-share-roy-morgan-single-source/
11073926 [Accessed 12 Sep. 2019].
Biener, C., Eling, M. and Wirfs, J.H., 2018. Insurability of cyber risk. Methodology, p.9.
Iso.org. 2019. Iso.org. [online] Available at: https://www.iso.org/standard/43170.html [Accessed
12 Sep. 2019].
Nagurney, A., Daniele, P. and Shukla, S., 2017. A supply chain network game theory model of
cybersecurity investments with nonlinear budget constraints. Annals of operations
research, 248(1-2), pp.405-427.
News.com.au. 2018. News.com.au. [online] Available at:
https://www.news.com.au/finance/business/technology/big-business-failure-puts-us-at-risk/
news-story/ebe10258a00b22760f47d2e0d65e930e [Accessed 12 Sep. 2019].
Pardini, D.J., Heinisch, A.M.C. and Parreiras, F.S., 2017. Cyber security governance and
management for smart grids in Brazilian energy utilities. JISTEM-Journal of Information
Systems and Technology Management, 14(3), pp.385-400.
Richey Jr, R.G., Roath, A.S., Whipple, J.M. and Fawcett, S.E., 2010. Exploring a governance
theory of supply chain management: barriers and facilitators to integration. Journal of Business
Logistics, 31(1), pp.237-256.
Weeklytimesnow.com.au. 2018. Weeklytimesnow.com.au. [online] Available at:
https://www.weeklytimesnow.com.au/news/national/woolworths-data-crash-follows-anz-and-

12
RISK MANAGEMENT
commbank-system-failures/news-story/52a4d115308ac0c795db6a385dda91bb [Accessed 12
Sep. 2019].
Woolworths.com.au. 2019. Woolworths.com.au. [online] Available at:
https://www.woolworths.com.au/ [Accessed 12 Sep. 2019].
Woolworthsgroup.com.au. 2019. Woolworthsgroup.com.au. [online] Available at:
https://www.woolworthsgroup.com.au/content/Document/2018%20Corporate%20Governance
%20Statement.pdf [Accessed 12 Sep. 2019].

1 out of 13

+13062052269

info@desklib.com

Risk Management in Brazilian Energy Utilities

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Management Accounting Issue in Bupa Health & Care

Strategic Planning and Management for Woolworths in Australian Retail Industry

Finance for Business: Analysis of Woolworths Ltd.

Analysis of David Jones Market: Size, Trends, Financial and Corporate Performance

Literature Review and Analysis of Supply Chain Management

International Marketing : Assignment