Risk Management in Construction Projects
VerifiedAdded on  2020/03/15
|16
|3294
|102
AI Summary
This assignment presents a critical literature review focused on risk management within the context of construction projects. It delves into established methods and frameworks used for identifying, assessing, and mitigating risks throughout the project lifecycle. The review synthesizes insights from relevant scholarly articles and publications to provide a comprehensive understanding of current best practices and challenges in construction risk management.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
RISK MANAGEMENT AUDIT OF TRANSPORTATION AND LOGISTICS COMPANY
Contents
Introduction...........................................................................................................................................2
Risk Management Audit........................................................................................................................2
Risk Management..............................................................................................................................2
Disaster Recovery Plan......................................................................................................................9
Business Contingency Plan..............................................................................................................10
Controls...........................................................................................................................................12
Organizational Structure..................................................................................................................13
Conclusions.........................................................................................................................................13
References...........................................................................................................................................14
1
Contents
Introduction...........................................................................................................................................2
Risk Management Audit........................................................................................................................2
Risk Management..............................................................................................................................2
Disaster Recovery Plan......................................................................................................................9
Business Contingency Plan..............................................................................................................10
Controls...........................................................................................................................................12
Organizational Structure..................................................................................................................13
Conclusions.........................................................................................................................................13
References...........................................................................................................................................14
1
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
RISK MANAGEMENT AUDIT OF TRANSPORTATION AND LOGISTICS COMPANY
Introduction
Maersk Group is a Danish company that provides transportation and logistics services in over
130 countries. The company has its head office in Copenhagen, Denmark and subsidiaries
across the world with over 88,000 employees working for it. It has a fleet of over 650
container ships and it transports over 15 million containers through these ships around the
world. This is a report on risk management practices that is used by the company for
managing its risk portfolio. The report would investigate the risk management strategies used
by the company with an aim to assess their effectiveness. It would analyze the current risk
faced by the company and would do its mapping. The report would also explore how risk
management practices like disaster recovery, risk contingency planning, and business
continuity planning can be used by the company. The organizational structure used for risk
management along with the control processes would also be analyzed in this risk audit report.
Risk Management Audit
Risk Management
The company uses standard steps for managing risks in the organization including risk
identification, assessment, ranking and response planning.
Risk Identification: The micro and macro aspects related to multiple organizational and
industrial perspectives can be explored to identify risks faced by the organization. These
include social, political, temporal, environmental, financial, legal, geographical, technical,
managerial, and outreach perspectives. These perspectives can act as key risk topics and
when they are delve deeper into, sub-topics related to risks can be identified which would
help in identification of specific risks or risks that may be faced by the logistics and
transportation services organization.
Risk Topic Risk Sub-
topics
Risk Risk Description
Social Cultural
Change
Employee resistance The company is going through a
cultural change that may not be
accepted easily by its
employees who may fear the
change as negative. This causes
2
Introduction
Maersk Group is a Danish company that provides transportation and logistics services in over
130 countries. The company has its head office in Copenhagen, Denmark and subsidiaries
across the world with over 88,000 employees working for it. It has a fleet of over 650
container ships and it transports over 15 million containers through these ships around the
world. This is a report on risk management practices that is used by the company for
managing its risk portfolio. The report would investigate the risk management strategies used
by the company with an aim to assess their effectiveness. It would analyze the current risk
faced by the company and would do its mapping. The report would also explore how risk
management practices like disaster recovery, risk contingency planning, and business
continuity planning can be used by the company. The organizational structure used for risk
management along with the control processes would also be analyzed in this risk audit report.
Risk Management Audit
Risk Management
The company uses standard steps for managing risks in the organization including risk
identification, assessment, ranking and response planning.
Risk Identification: The micro and macro aspects related to multiple organizational and
industrial perspectives can be explored to identify risks faced by the organization. These
include social, political, temporal, environmental, financial, legal, geographical, technical,
managerial, and outreach perspectives. These perspectives can act as key risk topics and
when they are delve deeper into, sub-topics related to risks can be identified which would
help in identification of specific risks or risks that may be faced by the logistics and
transportation services organization.
Risk Topic Risk Sub-
topics
Risk Risk Description
Social Cultural
Change
Employee resistance The company is going through a
cultural change that may not be
accepted easily by its
employees who may fear the
change as negative. This causes
2
RISK MANAGEMENT AUDIT OF TRANSPORTATION AND LOGISTICS COMPANY
resistance in employees towards
change (JOC Staff, 2014)
Competition High competition
reducing market share
If the competition is high then
the market share of the
company would be affected.
One of the major competitors of
Maersk is Hanjin in Korea
which is fighting with Maersk
for the first position in the high
end shipping segment
(Andersen, 2013)
Technical System Cyber attack If the IT systems used by the
company face problems like
cyber attacks, they can cause
disruptions in its operations.
The company’s systems had
faced a major cyber attack that
had affected most of its
applications such that the
systems had to be shut down.
Maersk took a week to make
1500 of its applications
functional again after the attack
was identified (Reuters Staff,
2017).
Political Security In-transit loss of goods If the cargo gets damaged in
transit then it leads to a loss for
the customer of the company
and a reputation loss for Maersk
(Colina, 2011)
Financial Revenue loss Increase in cost leading
to revenue loss
If the freight rates and oil prices
rise, it would affect the
operational profits of the
3
resistance in employees towards
change (JOC Staff, 2014)
Competition High competition
reducing market share
If the competition is high then
the market share of the
company would be affected.
One of the major competitors of
Maersk is Hanjin in Korea
which is fighting with Maersk
for the first position in the high
end shipping segment
(Andersen, 2013)
Technical System Cyber attack If the IT systems used by the
company face problems like
cyber attacks, they can cause
disruptions in its operations.
The company’s systems had
faced a major cyber attack that
had affected most of its
applications such that the
systems had to be shut down.
Maersk took a week to make
1500 of its applications
functional again after the attack
was identified (Reuters Staff,
2017).
Political Security In-transit loss of goods If the cargo gets damaged in
transit then it leads to a loss for
the customer of the company
and a reputation loss for Maersk
(Colina, 2011)
Financial Revenue loss Increase in cost leading
to revenue loss
If the freight rates and oil prices
rise, it would affect the
operational profits of the
3
RISK MANAGEMENT AUDIT OF TRANSPORTATION AND LOGISTICS COMPANY
company leading to loss of
revenues because of increase in
cost of operations
Infrastructure Transportatio
n delays
Poor infrastructure
causing delays in
delivery
If the infrastructure used for
transportation of goods such as
port infrastructure near seas is
not up to the mark or not
sufficiently developed then it
can cause delays in transporting
goods to customers of Maersk
Environmental Air Pollution Air pollution from ship
emissions
The ships used for transporting
goods via sea cause emissions
that can pollute the
environment. Shipping
contributes 4% to the global
CO2 emissions (The Gaurdian
Team, 2011).
Outreach Marketing Incorrect customer
segmentation
The company has been trying to
develop a segmentation model
for the categorization of its
customers but failed to come up
with an effective model which
made it difficult for the
company to market itself
efficiently (Jerković & Adeltoft,
2012).
Risk Assessment: The strategic objectives of the company can be explored to understand
how the identified risks can affect the strategic positioning or operations of Maersk group.
Strategic objectives of an organization can come under any of the common four categories
including provision of highest quality of products or services, creation of global environment,
providing efficient solutions, and creating cooperation with the social and business
environment.
4
company leading to loss of
revenues because of increase in
cost of operations
Infrastructure Transportatio
n delays
Poor infrastructure
causing delays in
delivery
If the infrastructure used for
transportation of goods such as
port infrastructure near seas is
not up to the mark or not
sufficiently developed then it
can cause delays in transporting
goods to customers of Maersk
Environmental Air Pollution Air pollution from ship
emissions
The ships used for transporting
goods via sea cause emissions
that can pollute the
environment. Shipping
contributes 4% to the global
CO2 emissions (The Gaurdian
Team, 2011).
Outreach Marketing Incorrect customer
segmentation
The company has been trying to
develop a segmentation model
for the categorization of its
customers but failed to come up
with an effective model which
made it difficult for the
company to market itself
efficiently (Jerković & Adeltoft,
2012).
Risk Assessment: The strategic objectives of the company can be explored to understand
how the identified risks can affect the strategic positioning or operations of Maersk group.
Strategic objectives of an organization can come under any of the common four categories
including provision of highest quality of products or services, creation of global environment,
providing efficient solutions, and creating cooperation with the social and business
environment.
4
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
RISK MANAGEMENT AUDIT OF TRANSPORTATION AND LOGISTICS COMPANY
The strategic objectives of the company can be identified along each of these categories as
follows:
ï‚· Highest quality of products and services: Delivery best in class logistics and
transportation services to customers by leveraging on digitization and customization
ï‚· Global Environment: Developing structured business solutions for customer
organizations across globe
ï‚· Cooperation with the environment: Building a strong capital structure and bring the
financial ratios in line with the ratings of investment grades.
ï‚· Efficient solutions: Reorganize business structures to bring synergies in different
departments and new product development processes.
Risk assessment can be done considering these objectives that would form the basis of the
ranking given to identify risks.
Table A: Risk Impacts
Impact
Level
Descriptor Description
0 Negligible No financial loss
1 Minor Some financial and reputation loss
2 Moderate Moderate financial and reputation loss
3 Serious Serious loss that can interrupt operations of business
4 Severe Major financial loss or business interruption
5 Catastrophic Failure of the company (Avdoshin & Pesotskaya, 2011)
Table B: Risk Probabilities
Probability
Level
Descriptor Description
0 Impossible May never happen
1 Rare Can appear occasionally
2 Unlikely Can appear at times
3 Moderate Will occur some time
4 likely Can appear in most situations
5 Most certain Event would happen (Bayne, 2002)
5
The strategic objectives of the company can be identified along each of these categories as
follows:
ï‚· Highest quality of products and services: Delivery best in class logistics and
transportation services to customers by leveraging on digitization and customization
ï‚· Global Environment: Developing structured business solutions for customer
organizations across globe
ï‚· Cooperation with the environment: Building a strong capital structure and bring the
financial ratios in line with the ratings of investment grades.
ï‚· Efficient solutions: Reorganize business structures to bring synergies in different
departments and new product development processes.
Risk assessment can be done considering these objectives that would form the basis of the
ranking given to identify risks.
Table A: Risk Impacts
Impact
Level
Descriptor Description
0 Negligible No financial loss
1 Minor Some financial and reputation loss
2 Moderate Moderate financial and reputation loss
3 Serious Serious loss that can interrupt operations of business
4 Severe Major financial loss or business interruption
5 Catastrophic Failure of the company (Avdoshin & Pesotskaya, 2011)
Table B: Risk Probabilities
Probability
Level
Descriptor Description
0 Impossible May never happen
1 Rare Can appear occasionally
2 Unlikely Can appear at times
3 Moderate Will occur some time
4 likely Can appear in most situations
5 Most certain Event would happen (Bayne, 2002)
5
RISK MANAGEMENT AUDIT OF TRANSPORTATION AND LOGISTICS COMPANY
Risk Ranking: Based on impact level and probabilities of occurrence, risks can be given
ranking from acceptable, moderate, significant, and severe to high risk.
Risk Probability
Impact
Level
0 1 2 3 4 5
0 0 0 0 0 0 0
1 0 1 2 3 4 5
2 0 2 4 6 8 10
3 0 3 6 9 12 15
4 0 4 8 12 16 20
5 0 5 10 15 20 25
Risk
Category
No Risk 1-3: Acceptable 4-7:
Moderate
8-13:
Significant
14-19:
Severe
20-25:
High Risk
(Bodicha,
2005)
Risk Matrix: A risk matrix can be used to identify each risk and the ranking given to each
risk based on probability of its occurrence and the impact on the company
Each identified risk can be given ranking based on its likelihood of occurrence and impact on
the project to form the risk matrix as shown below:
Risk Explanation Impact Probability Ranking
Employee resistance to change It would majorly affect
the strategic goals of
creating global
environment, efficient
solutions, and building a
cooperative environment
5 4 20
High competition reducing
market share
High competition is
already there and it
affects the market
4 5 20
6
Risk Ranking: Based on impact level and probabilities of occurrence, risks can be given
ranking from acceptable, moderate, significant, and severe to high risk.
Risk Probability
Impact
Level
0 1 2 3 4 5
0 0 0 0 0 0 0
1 0 1 2 3 4 5
2 0 2 4 6 8 10
3 0 3 6 9 12 15
4 0 4 8 12 16 20
5 0 5 10 15 20 25
Risk
Category
No Risk 1-3: Acceptable 4-7:
Moderate
8-13:
Significant
14-19:
Severe
20-25:
High Risk
(Bodicha,
2005)
Risk Matrix: A risk matrix can be used to identify each risk and the ranking given to each
risk based on probability of its occurrence and the impact on the company
Each identified risk can be given ranking based on its likelihood of occurrence and impact on
the project to form the risk matrix as shown below:
Risk Explanation Impact Probability Ranking
Employee resistance to change It would majorly affect
the strategic goals of
creating global
environment, efficient
solutions, and building a
cooperative environment
5 4 20
High competition reducing
market share
High competition is
already there and it
affects the market
4 5 20
6
RISK MANAGEMENT AUDIT OF TRANSPORTATION AND LOGISTICS COMPANY
position of the company
Cyber attack causing
disruptions
It would majorly affect
the functioning of
logistics and
transportation operations
as they are largely
dependent on
technologies
5 3 15
In-transit loss of goods of
customer goods
This is less likely to
occur and the impact
would also be minimal
with only a few
customers affected
3 2 6
Increase in cost leading to
revenue losses
Increase in oil and
freight prices is more
likely to occur but the
damage would not be
major as adjustments
can be made
3 4 12
Poor infrastructure causing
delays in delivery
Poor port infrastructure
can be faced in
developing countries but
it would only cause
minimal strategic
damage through delays
3 4 12
Air pollution from ship
emissions causing
environmental impacts
Air pollution is a
common problem with
shipping operations and
it would affect the
creation of cooperative
environment
3 5 15
Incorrect customer
segmentation causing
marketing challenges
Incorrect segmentation
leads to wrong targeting
of customers which
5 2 10
7
position of the company
Cyber attack causing
disruptions
It would majorly affect
the functioning of
logistics and
transportation operations
as they are largely
dependent on
technologies
5 3 15
In-transit loss of goods of
customer goods
This is less likely to
occur and the impact
would also be minimal
with only a few
customers affected
3 2 6
Increase in cost leading to
revenue losses
Increase in oil and
freight prices is more
likely to occur but the
damage would not be
major as adjustments
can be made
3 4 12
Poor infrastructure causing
delays in delivery
Poor port infrastructure
can be faced in
developing countries but
it would only cause
minimal strategic
damage through delays
3 4 12
Air pollution from ship
emissions causing
environmental impacts
Air pollution is a
common problem with
shipping operations and
it would affect the
creation of cooperative
environment
3 5 15
Incorrect customer
segmentation causing
marketing challenges
Incorrect segmentation
leads to wrong targeting
of customers which
5 2 10
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
RISK MANAGEMENT AUDIT OF TRANSPORTATION AND LOGISTICS COMPANY
would affect the creation
of global and cooperative
environment that is
supportive to business
goals of the company
Risk Response: Risk Reponses can be acceptance of risk, avoiding of risk, transfer of risk
and risk mitigation. The choice of appropriate response plan is based upon the level of the
severity of the risk. For instance, risks that are high or severe are usually avoided and in case
they cannot be, risks may be transferred to a third party. Risks that are moderate or significant
are either avoided transferred or mitigate in case either are not possible (Curtis & Carey,
2012)
Risk Ranking Descriptor Response
Employee resistance to change 20 High Risk Avoid by creating awareness of
benefits of change and providing
training to employees to get buy-in
High competition reducing
market share
20 High Risk Mitigate by aggressive marketing
and customer targeting and by
providing innovative solutions to
stay ahead
Cyber attack causing
disruptions
15 Severe Mitigate by running disaster
recovery plan
In-transit loss of goods of
customer goods
6 Moderate Transfer the risk from the loss to
freight forwarded or the insurance
insurance company (Solomon
Island Government, 2009)
Increase in cost leading to
revenue losses
12 Severe Mitigate the risks by restructuring
and cutting costs
Poor infrastructure causing
delays in delivery
12 Severe Mitigate by proper planning so as
to minimize delays
8
would affect the creation
of global and cooperative
environment that is
supportive to business
goals of the company
Risk Response: Risk Reponses can be acceptance of risk, avoiding of risk, transfer of risk
and risk mitigation. The choice of appropriate response plan is based upon the level of the
severity of the risk. For instance, risks that are high or severe are usually avoided and in case
they cannot be, risks may be transferred to a third party. Risks that are moderate or significant
are either avoided transferred or mitigate in case either are not possible (Curtis & Carey,
2012)
Risk Ranking Descriptor Response
Employee resistance to change 20 High Risk Avoid by creating awareness of
benefits of change and providing
training to employees to get buy-in
High competition reducing
market share
20 High Risk Mitigate by aggressive marketing
and customer targeting and by
providing innovative solutions to
stay ahead
Cyber attack causing
disruptions
15 Severe Mitigate by running disaster
recovery plan
In-transit loss of goods of
customer goods
6 Moderate Transfer the risk from the loss to
freight forwarded or the insurance
insurance company (Solomon
Island Government, 2009)
Increase in cost leading to
revenue losses
12 Severe Mitigate the risks by restructuring
and cutting costs
Poor infrastructure causing
delays in delivery
12 Severe Mitigate by proper planning so as
to minimize delays
8
RISK MANAGEMENT AUDIT OF TRANSPORTATION AND LOGISTICS COMPANY
Air pollution from ship
emissions causing
environmental impacts
15 Severe Mitigate by using ships that less
CO2 emissions
Incorrect customer
segmentation causing
marketing challenges
10 Significant Improve the segmentation strategy
that effectively identifies customer
segments for marketing (Engine
Yard, Inc., 2014)
Disaster Recovery Plan
Disaster recovery is the process which is used to recover the data that is lost after a critical
incident faced by the infrastructure of an organization. Maersk had faced a major cyber attack
from Petya in 2016 which is a ransomware which asked for a hefty for data recovery.
However, due to a strong disaster recovery strategy in place, the company was able to
overcome the challenges and recover its data as well as resume its 1500 applications across
the organization within a week after the detecting the intrusion.
Besides cyber attack, there can be several more causes of disaster in an organization such as
other human induced damages and devastations caused by natural calamities. The disaster
recovery plan can have different steps that are decided based on different situations (JIRA
Security and Privacy Committee (SPC) , 2007).
For example, following recovery steps would be used in case Maersk headquarter in
Copenhagen is destroyed by a natural calamity like earthquake or fire:
ï‚· Set up a temporary headquarter in a new location in Copenhagen
ï‚· Allocate some of the staff to ensure that operations are uninterrupted
ï‚· Transfer the backup files data to the new location systems
ï‚· Shift the management team to the new facility
ï‚· Conduct repairing of the old headquarter
ï‚· Announce the change of address of the headquarter to the public (Delhi Government,
2014)
Following recovery steps were used by Maersk when it was faced with the cyber attack:
9
Air pollution from ship
emissions causing
environmental impacts
15 Severe Mitigate by using ships that less
CO2 emissions
Incorrect customer
segmentation causing
marketing challenges
10 Significant Improve the segmentation strategy
that effectively identifies customer
segments for marketing (Engine
Yard, Inc., 2014)
Disaster Recovery Plan
Disaster recovery is the process which is used to recover the data that is lost after a critical
incident faced by the infrastructure of an organization. Maersk had faced a major cyber attack
from Petya in 2016 which is a ransomware which asked for a hefty for data recovery.
However, due to a strong disaster recovery strategy in place, the company was able to
overcome the challenges and recover its data as well as resume its 1500 applications across
the organization within a week after the detecting the intrusion.
Besides cyber attack, there can be several more causes of disaster in an organization such as
other human induced damages and devastations caused by natural calamities. The disaster
recovery plan can have different steps that are decided based on different situations (JIRA
Security and Privacy Committee (SPC) , 2007).
For example, following recovery steps would be used in case Maersk headquarter in
Copenhagen is destroyed by a natural calamity like earthquake or fire:
ï‚· Set up a temporary headquarter in a new location in Copenhagen
ï‚· Allocate some of the staff to ensure that operations are uninterrupted
ï‚· Transfer the backup files data to the new location systems
ï‚· Shift the management team to the new facility
ï‚· Conduct repairing of the old headquarter
ï‚· Announce the change of address of the headquarter to the public (Delhi Government,
2014)
Following recovery steps were used by Maersk when it was faced with the cyber attack:
9
RISK MANAGEMENT AUDIT OF TRANSPORTATION AND LOGISTICS COMPANY
ï‚· All the running IT systems were shut down as soon as the attack was reported
ï‚· A communication was sent to all the customers about the shut down
ï‚· Public announcements of attacks and recovery initiative were made with an assurance
of fast recovery
ï‚· Systems were checked to identify those affected and those safe
ï‚· Systems that were unaffected by the attack were started again and the business from
selected ports were resumed including Algeciras, Buenos Aires, Callao Lima, Itajai,
India and Tangier.
ï‚· Bookings were started with limited applications running including INTTRA and EDI
ï‚· Bookings in locations where applications could not be run, manual bookings were
started
ï‚· Data was recovered from the backup systems
ï‚· Normal operations were resumed (Arden Group, 2017)
Business Contingency Plan
Business Continuity planning includes identification of systems that are critical to an
organization, analysis of risks that are faced by the company by causing disruptions in these
systems, determination of likelihood of the risk occurrence and development of a plan for
recovering and resuming disrupted services (Ting, et al., 2009).
Following steps can be used for business continuity:
Step 1: Initiation of business continuity plan
Step 2: Assessment of risk probability and assessment
Step 3: Development of recovery strategies to deal with risks when they occur
Step 4: Disaster recovery
Step 5: Test the recovery strategy
Step 6: Training the staff on recovery strategies
Step 7: Update the Business Continuity plan (OECD, 2014)
10
ï‚· All the running IT systems were shut down as soon as the attack was reported
ï‚· A communication was sent to all the customers about the shut down
ï‚· Public announcements of attacks and recovery initiative were made with an assurance
of fast recovery
ï‚· Systems were checked to identify those affected and those safe
ï‚· Systems that were unaffected by the attack were started again and the business from
selected ports were resumed including Algeciras, Buenos Aires, Callao Lima, Itajai,
India and Tangier.
ï‚· Bookings were started with limited applications running including INTTRA and EDI
ï‚· Bookings in locations where applications could not be run, manual bookings were
started
ï‚· Data was recovered from the backup systems
ï‚· Normal operations were resumed (Arden Group, 2017)
Business Contingency Plan
Business Continuity planning includes identification of systems that are critical to an
organization, analysis of risks that are faced by the company by causing disruptions in these
systems, determination of likelihood of the risk occurrence and development of a plan for
recovering and resuming disrupted services (Ting, et al., 2009).
Following steps can be used for business continuity:
Step 1: Initiation of business continuity plan
Step 2: Assessment of risk probability and assessment
Step 3: Development of recovery strategies to deal with risks when they occur
Step 4: Disaster recovery
Step 5: Test the recovery strategy
Step 6: Training the staff on recovery strategies
Step 7: Update the Business Continuity plan (OECD, 2014)
10
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
RISK MANAGEMENT AUDIT OF TRANSPORTATION AND LOGISTICS COMPANY
Different BCP steps may be needed for different situations of disasters as explained in the
examples below:
Situation
:
Dissatisfied employees
going on strike
Competitors having
advantage because of faster
adoption of new
technologies
Cyber attack
Step 1 Inform the top
management about the
strike
Assess the technology Shut down all systems
Step 2 Form a team for
managing emergency
Negotiate with technology
seller for purchase
Communicate the
disruption to
customers
Step 3 Negotiate with labour
representative and arrive
at acceptable terms
Test technology on pilot Start systems that are
unaffected by attack
Step 4 Resume the operations
with available staff
Use technology for limited
services to ensure that in
case the technology fails, all
operations of the company
are not disrupted
Start operations in
limited locations
Step 5 Inform the public about
the resolution and terms
agreed upon
Announce the new
technology adoption to
customers and to the public
Start applications that
are unaffected
Step 6 Start business activities
as normal
Start the activities again Start using
applications in limited
locations
Step 7 If negotiation fails, hire
new people for work
Employ more people if
needed for new technology
adoption (Ting, et al., 2009)
Purchase new systems
and transfer data
backup on these
systems
11
Different BCP steps may be needed for different situations of disasters as explained in the
examples below:
Situation
:
Dissatisfied employees
going on strike
Competitors having
advantage because of faster
adoption of new
technologies
Cyber attack
Step 1 Inform the top
management about the
strike
Assess the technology Shut down all systems
Step 2 Form a team for
managing emergency
Negotiate with technology
seller for purchase
Communicate the
disruption to
customers
Step 3 Negotiate with labour
representative and arrive
at acceptable terms
Test technology on pilot Start systems that are
unaffected by attack
Step 4 Resume the operations
with available staff
Use technology for limited
services to ensure that in
case the technology fails, all
operations of the company
are not disrupted
Start operations in
limited locations
Step 5 Inform the public about
the resolution and terms
agreed upon
Announce the new
technology adoption to
customers and to the public
Start applications that
are unaffected
Step 6 Start business activities
as normal
Start the activities again Start using
applications in limited
locations
Step 7 If negotiation fails, hire
new people for work
Employ more people if
needed for new technology
adoption (Ting, et al., 2009)
Purchase new systems
and transfer data
backup on these
systems
11
RISK MANAGEMENT AUDIT OF TRANSPORTATION AND LOGISTICS COMPANY
Controls
TO control the security specific risks from affecting the company, assess the vulnerability of
systems at each layer of OSI model and take appropriate control measures.
Layer OSI Layer Risk Control
1 Physical Use universal standards for Ethernet
Install UPS to deal with situations of power outages
2 Data link Allow correct message routing using address resolution protocol
3 Network Take routing decisions based on network security protocols and give
restricted access to network users (SLAC, 2009)
4 Transport Use Transfer Control Protocol for checking transmission errors and
Use UDP for the reliability of transmission
5 Session Use password authentication for giving access to users
6 Presentation Use universal data transfer standards
7 Application Install softwares for anti-virus ad anti-malware on systems (Armour,
2017)
12
Controls
TO control the security specific risks from affecting the company, assess the vulnerability of
systems at each layer of OSI model and take appropriate control measures.
Layer OSI Layer Risk Control
1 Physical Use universal standards for Ethernet
Install UPS to deal with situations of power outages
2 Data link Allow correct message routing using address resolution protocol
3 Network Take routing decisions based on network security protocols and give
restricted access to network users (SLAC, 2009)
4 Transport Use Transfer Control Protocol for checking transmission errors and
Use UDP for the reliability of transmission
5 Session Use password authentication for giving access to users
6 Presentation Use universal data transfer standards
7 Application Install softwares for anti-virus ad anti-malware on systems (Armour,
2017)
12
RISK MANAGEMENT AUDIT OF TRANSPORTATION AND LOGISTICS COMPANY
Organizational Structure
Conclusions
The report discussed how risk management, disaster recovery, and business continuity
planning can be used to manage mild to catastrophic risks in an organization. A case of a
transportation and logistics service provider named Maersk was taken and the risk
management system, DR planning and BCP processes were explored considering different
situations of disasters. It was found that risk management process involves identification of
risks and their ranking based on their probability of occurrence and impact on the strategic
goals of the project. Ranking can then be used for identifying appropriate response strategy. It
was found that the steps involved in disaster recovery and business continuity planning are
different with different types of risk situations.
Maersk Director
Risk manager Finance ManagerTransportation & Logistics Director
Transportation Department Logistics Department IT Department
StaffStaffStaff Staff
13
Organizational Structure
Conclusions
The report discussed how risk management, disaster recovery, and business continuity
planning can be used to manage mild to catastrophic risks in an organization. A case of a
transportation and logistics service provider named Maersk was taken and the risk
management system, DR planning and BCP processes were explored considering different
situations of disasters. It was found that risk management process involves identification of
risks and their ranking based on their probability of occurrence and impact on the strategic
goals of the project. Ranking can then be used for identifying appropriate response strategy. It
was found that the steps involved in disaster recovery and business continuity planning are
different with different types of risk situations.
Maersk Director
Risk manager Finance ManagerTransportation & Logistics Director
Transportation Department Logistics Department IT Department
StaffStaffStaff Staff
13
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
RISK MANAGEMENT AUDIT OF TRANSPORTATION AND LOGISTICS COMPANY
References
Andersen, O., 2013. Competitors go after Maersk where it hurts. [Online]
Retrieved from: http://shippingwatch.com/articles/article5196893.ece
[Accessed 10 October 2017].
Anderson, R. C., 2010. Risk Management and Corporate Governance, s.l.: OECD.
APM Group Ltd, 2017. DEFINING RISK: THE RISK MANAGEMENT CYCLE. [Online]
Retrieved from: https://ppp-certification.com/ppp-certification-guide/52-defining-
risk-risk-management-cycle36
[Accessed 14 September 2017].
Arden Group, 2017. What lessons can you learn from the Maersk cyber-attack?. [Online]
Retrieved from: https://arden-group.co.uk/2017/07/03/what-lessons-can-you-learn-
from-the-maersk-cyber-attack/
[Accessed 10 October 2017].
Armour, D., 2017. Understanding Security Using the OSI Model, s.l.: SANS Institute.
Avdoshin, S. M. & Pesotskaya, E. Y., 2011. Software Risk Management: Using the
Automated Tools, s.l.: Russian Federation.
Bayne, J., 2002. An Overview of Threat and Risk Assessment, s.l.: SANS Institute .
Bodicha, H. H., 2005. How to Measure the Effect of Project Risk Management Process on the
Success of Construction Projects: A Critical Literature Review. The International
Journal Of Business & Management, 3(12), pp. 99-112.
Colina, E. V. d., 2011. Who bears the burden of proving the cause of cargo damage?.
[Online]
Retrieved from: http://www.incelaw.com/tw/knowledge-bank/who-bears-the-burden-
of-proving-the-cause-of-cargo-damage
[Accessed 10 October 2017].
14
References
Andersen, O., 2013. Competitors go after Maersk where it hurts. [Online]
Retrieved from: http://shippingwatch.com/articles/article5196893.ece
[Accessed 10 October 2017].
Anderson, R. C., 2010. Risk Management and Corporate Governance, s.l.: OECD.
APM Group Ltd, 2017. DEFINING RISK: THE RISK MANAGEMENT CYCLE. [Online]
Retrieved from: https://ppp-certification.com/ppp-certification-guide/52-defining-
risk-risk-management-cycle36
[Accessed 14 September 2017].
Arden Group, 2017. What lessons can you learn from the Maersk cyber-attack?. [Online]
Retrieved from: https://arden-group.co.uk/2017/07/03/what-lessons-can-you-learn-
from-the-maersk-cyber-attack/
[Accessed 10 October 2017].
Armour, D., 2017. Understanding Security Using the OSI Model, s.l.: SANS Institute.
Avdoshin, S. M. & Pesotskaya, E. Y., 2011. Software Risk Management: Using the
Automated Tools, s.l.: Russian Federation.
Bayne, J., 2002. An Overview of Threat and Risk Assessment, s.l.: SANS Institute .
Bodicha, H. H., 2005. How to Measure the Effect of Project Risk Management Process on the
Success of Construction Projects: A Critical Literature Review. The International
Journal Of Business & Management, 3(12), pp. 99-112.
Colina, E. V. d., 2011. Who bears the burden of proving the cause of cargo damage?.
[Online]
Retrieved from: http://www.incelaw.com/tw/knowledge-bank/who-bears-the-burden-
of-proving-the-cause-of-cargo-damage
[Accessed 10 October 2017].
14
RISK MANAGEMENT AUDIT OF TRANSPORTATION AND LOGISTICS COMPANY
Cooper, R., 2004. Risk Analysis and Preventing Information Systems Project Failures, s.l.:
School of Computing and Mathematical Sciences.
Curtis, P. & Carey, M., 2012. Risk Assessment in Practice, s.l.: COSO.
Delhi Government, 2014. HAZARD, RISK AND VULNERABILITY ANALYSIS, New Delhi:
Delhi Government.
Engine Yard, Inc., 2014. Security, Risk, and Compliance, s.l.: Engine Yard.
Health and Safety Authority, 2006. Guidelines on Risk Assessments and Safety Statements ,
Dublin: Health and Safety Authority.
Jerković, I. & Adeltoft, J., 2012. Maersk Line Case, s.l.: Maersk Lines.
JIRA Security and Privacy Committee (SPC) , 2007. Information Security Risk Management
for Healthcare Systems , s.l.: MITA (Medical Imaging & Technology Alliance) .
JOC Staff, 2014. New Book Probes Changing Maersk Culture. [Online]
Retrieved from:
https://www.joc.com/maritime-news/container-lines/maersk-line/new-book-probes-
changing-maersk-culture_20140528.html
[Accessed 10 October 2017].
OECD, 2014. Risk Management and Corporate Governance, s.l.: OECD.
Reuters Staff, 2017. Maersk brings major IT systems back online after cyber attack. [Online]
Retrieved from: https://www.reuters.com/article/us-cyber-attack-maersk/maersk-
brings-major-it-systems-back-online-after-cyber-attack-idUSKBN19O0X8
[Accessed 10 October 2017].
SLAC, 2009. Research Support Building and Infrastructure Modernization: Risk
Management Plan, s.l.: SLAC.
Solomon Island Government, 2009. National Disaster Risk Management Plan, s.l.:
SOLOMON ISLANDS GOVER NMENT.
The Gaurdian Team, 2011. Maersk claims new 'mega containers' could cut shipping
emissions. [Online]
Retrieved from: https://www.theguardian.com/environment/2011/feb/21/maersk-
15
Cooper, R., 2004. Risk Analysis and Preventing Information Systems Project Failures, s.l.:
School of Computing and Mathematical Sciences.
Curtis, P. & Carey, M., 2012. Risk Assessment in Practice, s.l.: COSO.
Delhi Government, 2014. HAZARD, RISK AND VULNERABILITY ANALYSIS, New Delhi:
Delhi Government.
Engine Yard, Inc., 2014. Security, Risk, and Compliance, s.l.: Engine Yard.
Health and Safety Authority, 2006. Guidelines on Risk Assessments and Safety Statements ,
Dublin: Health and Safety Authority.
Jerković, I. & Adeltoft, J., 2012. Maersk Line Case, s.l.: Maersk Lines.
JIRA Security and Privacy Committee (SPC) , 2007. Information Security Risk Management
for Healthcare Systems , s.l.: MITA (Medical Imaging & Technology Alliance) .
JOC Staff, 2014. New Book Probes Changing Maersk Culture. [Online]
Retrieved from:
https://www.joc.com/maritime-news/container-lines/maersk-line/new-book-probes-
changing-maersk-culture_20140528.html
[Accessed 10 October 2017].
OECD, 2014. Risk Management and Corporate Governance, s.l.: OECD.
Reuters Staff, 2017. Maersk brings major IT systems back online after cyber attack. [Online]
Retrieved from: https://www.reuters.com/article/us-cyber-attack-maersk/maersk-
brings-major-it-systems-back-online-after-cyber-attack-idUSKBN19O0X8
[Accessed 10 October 2017].
SLAC, 2009. Research Support Building and Infrastructure Modernization: Risk
Management Plan, s.l.: SLAC.
Solomon Island Government, 2009. National Disaster Risk Management Plan, s.l.:
SOLOMON ISLANDS GOVER NMENT.
The Gaurdian Team, 2011. Maersk claims new 'mega containers' could cut shipping
emissions. [Online]
Retrieved from: https://www.theguardian.com/environment/2011/feb/21/maersk-
15
RISK MANAGEMENT AUDIT OF TRANSPORTATION AND LOGISTICS COMPANY
containers-shipping-emissions
[Accessed 10 October 2017].
Ting, J. S.-L., Kwok, S.-K. & Tsang, A. H.-C., 2009. Hybrid Risk Management
Methodology: A Case Study. International Journal of Engineering Business
Management, 1(1), pp. 25-32.
16
containers-shipping-emissions
[Accessed 10 October 2017].
Ting, J. S.-L., Kwok, S.-K. & Tsang, A. H.-C., 2009. Hybrid Risk Management
Methodology: A Case Study. International Journal of Engineering Business
Management, 1(1), pp. 25-32.
16
1 out of 16
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.