Risk Management: Framework, Strategies, and Analysis Report
VerifiedAdded on  2022/09/15
|18
|5782
|16
Report
AI Summary
This report delves into the critical aspects of risk management, encompassing risk identification, assessment, and the application of various frameworks. It begins by defining risk identification as a vital process for organizations to proactively address potential threats to their objectives, differentiating between business, non-business, and financial risks. The report then examines the risk description framework used by Telstra Corporation Limited, highlighting the significance of frameworks in identifying and mitigating risks, particularly those related to cyber security and network vulnerabilities. Furthermore, the report explores enterprise risk management (ERM), focusing on its three key dimensions: entity objectives, organizational structure, and the ERM process itself. The COSO framework is used to illustrate how these dimensions integrate to provide a comprehensive approach to risk management. The report also discusses risk architecture and risk management strategies within the framework, emphasizing their relevance for Telstra's operations and the need for proactive measures to protect sensitive data and ensure business continuity. The report concludes by emphasizing the importance of continuous monitoring, communication, and adaptation in maintaining effective risk management practices within a dynamic business environment.
Running head: RISK MANAGEMENT
Risk Management
Name of the Student
Name of the University
Author’s Note:
Risk Management
Name of the Student
Name of the University
Author’s Note:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1
RISK MANAGEMENT
Table of Contents
Question 1........................................................................................................................................2
Question 2........................................................................................................................................5
Question 3........................................................................................................................................8
Question 4......................................................................................................................................12
References......................................................................................................................................15
RISK MANAGEMENT
Table of Contents
Question 1........................................................................................................................................2
Question 2........................................................................................................................................5
Question 3........................................................................................................................................8
Question 4......................................................................................................................................12
References......................................................................................................................................15
2
RISK MANAGEMENT
Question 1
1.1 Explanation of the Risk Identification and Discussion on Three Types of Risks
Risk identification can be defined as the most significant process for determining
different risks, which can potentially avoid the organization, investments or programs from
achievement of the objectives (McNeil, Frey and Embrechts 2015). This specific process
involves documentation as well as communication of the concern. The major objective of this
risk identification procedure refers to the constant identification of different events, which when
take place, might comprise of negative impacts on the overall capability of a project for the core
purpose of obtaining performance goals (Glendon, Clarke and McKenna 2016). These risks
mainly come from the respective project or from external sources. Several kinds of risk
assessment are present, like program risk assessment, which are required for supporting the
investment decisions, proper analyses of different alternatives as well as assessment of the cost
uncertainty or operational cost. It provides with the major scope through which different threats
are being recognized as well as evaluated on top priority for better understanding of the threats
and vulnerabilities (Ho et al. 2015).
The first step of risk identification is to recognize various program objectives and goals
for fostering a common understanding within the team about understanding success of the
program (Aven 2016). Several sources of risks are present and as a result, the respective project
team must review the respective scope of the program, cost estimation, scheduling, technical
maturity, key performance parameter, challenges for performances, stakeholders’ expectation
and current planning and many more. There are three distinct types of risks present that could be
extremely vulnerable for a business or organization and hence it is needed to eradicate these risks
successfully for better execution of the processes and operations. These risks include business
risk, non business risk and financial risk (Olson and Wu 2015). The description of these risks is
provided below:
i) Business Risk: The first as well as the foremost type of risk is business risk. This
particular type of risk is taken by the respective business enterprises themselves for
maximization of shareholder profits and values (Chance and Brooks 2015). The most significant
and important example of this business risk is that an organization undertake the high cost risks
RISK MANAGEMENT
Question 1
1.1 Explanation of the Risk Identification and Discussion on Three Types of Risks
Risk identification can be defined as the most significant process for determining
different risks, which can potentially avoid the organization, investments or programs from
achievement of the objectives (McNeil, Frey and Embrechts 2015). This specific process
involves documentation as well as communication of the concern. The major objective of this
risk identification procedure refers to the constant identification of different events, which when
take place, might comprise of negative impacts on the overall capability of a project for the core
purpose of obtaining performance goals (Glendon, Clarke and McKenna 2016). These risks
mainly come from the respective project or from external sources. Several kinds of risk
assessment are present, like program risk assessment, which are required for supporting the
investment decisions, proper analyses of different alternatives as well as assessment of the cost
uncertainty or operational cost. It provides with the major scope through which different threats
are being recognized as well as evaluated on top priority for better understanding of the threats
and vulnerabilities (Ho et al. 2015).
The first step of risk identification is to recognize various program objectives and goals
for fostering a common understanding within the team about understanding success of the
program (Aven 2016). Several sources of risks are present and as a result, the respective project
team must review the respective scope of the program, cost estimation, scheduling, technical
maturity, key performance parameter, challenges for performances, stakeholders’ expectation
and current planning and many more. There are three distinct types of risks present that could be
extremely vulnerable for a business or organization and hence it is needed to eradicate these risks
successfully for better execution of the processes and operations. These risks include business
risk, non business risk and financial risk (Olson and Wu 2015). The description of these risks is
provided below:
i) Business Risk: The first as well as the foremost type of risk is business risk. This
particular type of risk is taken by the respective business enterprises themselves for
maximization of shareholder profits and values (Chance and Brooks 2015). The most significant
and important example of this business risk is that an organization undertake the high cost risks
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3
RISK MANAGEMENT
within marketing for the core purpose of launching any new product and gain maximum sales
and profit.
ii) Non Business Risk: The second important and significant type of risk is non business
risk. These distinct types of risks are not under the control of the organizations. The risks, which
arise out of the economic and political imbalances could be easily termed as the non business
risks and these could often negatively affect the organizational growth and development to a high
level.
iii) Financial Risk: The third distinct and noteworthy type of risk is financial risk. It is
the kind of risk, which includes financial loss to the firms (Hubbard 2020). The financial risks
usually takes place for the losses or instability within the financial market that are being caused
by the movement within stock price, interest rate and currency.
1.2 Discussion of the Risk Description Framework by Hopkins in Telstra Corporation
Limited
Telstra Corporation Limited is one of the most significant and important
telecommunication organization within Australia that is responsible for building and operating
telecommunication networks and markets voice, mobile, pay TVs, Internet accessibility as well
as other product or service. The organization was founded within the year of 1975 and the
headquarters is in Melbourne Australia (Telstra.com.au. 2020). More than 26000 employees are
working in the company and they are adopting several new strategies for eradicating any type of
risk or threat. The risk description framework by Hopkins for the organization of Telstra
Corporation Limited is required for being sure that all types of risks and threats are successfully
eradicated without any type of complexity or issue.
Moreover, the probable risks are highlights and these are being managed with the
respective risk description framework. The main components of this particular framework
include the communications as well as reporting structure or the architecture, the overall strategy
for risk management, which is being set by the organizational strategy and finally the set of
procedures and guidelines or protocols that are being developed (Hopkin 2018). The subsequent
combination of different protocols and guidelines is required to be considered over top priority
and make sure that the existing risks and threats within Telstra are successfully eradicated. As a
RISK MANAGEMENT
within marketing for the core purpose of launching any new product and gain maximum sales
and profit.
ii) Non Business Risk: The second important and significant type of risk is non business
risk. These distinct types of risks are not under the control of the organizations. The risks, which
arise out of the economic and political imbalances could be easily termed as the non business
risks and these could often negatively affect the organizational growth and development to a high
level.
iii) Financial Risk: The third distinct and noteworthy type of risk is financial risk. It is
the kind of risk, which includes financial loss to the firms (Hubbard 2020). The financial risks
usually takes place for the losses or instability within the financial market that are being caused
by the movement within stock price, interest rate and currency.
1.2 Discussion of the Risk Description Framework by Hopkins in Telstra Corporation
Limited
Telstra Corporation Limited is one of the most significant and important
telecommunication organization within Australia that is responsible for building and operating
telecommunication networks and markets voice, mobile, pay TVs, Internet accessibility as well
as other product or service. The organization was founded within the year of 1975 and the
headquarters is in Melbourne Australia (Telstra.com.au. 2020). More than 26000 employees are
working in the company and they are adopting several new strategies for eradicating any type of
risk or threat. The risk description framework by Hopkins for the organization of Telstra
Corporation Limited is required for being sure that all types of risks and threats are successfully
eradicated without any type of complexity or issue.
Moreover, the probable risks are highlights and these are being managed with the
respective risk description framework. The main components of this particular framework
include the communications as well as reporting structure or the architecture, the overall strategy
for risk management, which is being set by the organizational strategy and finally the set of
procedures and guidelines or protocols that are being developed (Hopkin 2018). The subsequent
combination of different protocols and guidelines is required to be considered over top priority
and make sure that the existing risks and threats within Telstra are successfully eradicated. As a
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
RISK MANAGEMENT
result, it becomes quite effective and significant to ensure that the probable telecommunication
issues in the networking and network resources are being well identified and actions taken for
them on top priority (Sadgrove 2016). The major risks of the organization include distributed
denial of service attack, targeted attack, human related threat such as insider access and network
device vulnerabilities as well as many more.
The distributed denial of service attack decreases network capacity and increments costs
of traffic by successfully disrupting the service availability for ensuring network accessibility
(Cole, Giné and Vickery 2017). Such attack is also utilized as the main gateway or smokescreen
for one second, more malicious as well as damaging attack. The organization of Telstra might
face subsequent issues related to these issues for evolving and growing in sophistication. The
attackers might utilize their respective smart phone based botnets and using standardized
network protocols for launching the attacks like NTP or Network Time Protocol and BGP or
Border Gateway Protocol (Iqbal et al. 2015). According to the risk description framework by
Hopkins, the organization of Telstra should highlight the risks and threats within time, so that it
becomes easier for them to understand the present situation and understand the level of
vulnerability for any type of misconfiguring service or product.
The several indirect attacks over the telecommunication organization ensure that different
malware activities and techniques are being used by various cyber criminals and target
subscribers or their devices (Hopkin 2018). As a result, the respective confidential data or
information is lost completely and the organization of Telstra would not be able to retrieve them
under any circumstance. With the distinct components of risk description framework, it would
become quite easier for the organization to understand such situations and to eradicate different
aspects of risks and issues for better impersonation and gaining of accessibility towards sensitive
customer and corporate information related to internet provider. The vital steps of risk
management are being considered on top priority and they are being executed sequentially (Agca
et al. 2017). These steps include recognition of different risks, analyses of these risks, assessment
of the risks, treating the risks and finally checking or reviewing the respective risk properly for
Telstra after describing them.
RISK MANAGEMENT
result, it becomes quite effective and significant to ensure that the probable telecommunication
issues in the networking and network resources are being well identified and actions taken for
them on top priority (Sadgrove 2016). The major risks of the organization include distributed
denial of service attack, targeted attack, human related threat such as insider access and network
device vulnerabilities as well as many more.
The distributed denial of service attack decreases network capacity and increments costs
of traffic by successfully disrupting the service availability for ensuring network accessibility
(Cole, Giné and Vickery 2017). Such attack is also utilized as the main gateway or smokescreen
for one second, more malicious as well as damaging attack. The organization of Telstra might
face subsequent issues related to these issues for evolving and growing in sophistication. The
attackers might utilize their respective smart phone based botnets and using standardized
network protocols for launching the attacks like NTP or Network Time Protocol and BGP or
Border Gateway Protocol (Iqbal et al. 2015). According to the risk description framework by
Hopkins, the organization of Telstra should highlight the risks and threats within time, so that it
becomes easier for them to understand the present situation and understand the level of
vulnerability for any type of misconfiguring service or product.
The several indirect attacks over the telecommunication organization ensure that different
malware activities and techniques are being used by various cyber criminals and target
subscribers or their devices (Hopkin 2018). As a result, the respective confidential data or
information is lost completely and the organization of Telstra would not be able to retrieve them
under any circumstance. With the distinct components of risk description framework, it would
become quite easier for the organization to understand such situations and to eradicate different
aspects of risks and issues for better impersonation and gaining of accessibility towards sensitive
customer and corporate information related to internet provider. The vital steps of risk
management are being considered on top priority and they are being executed sequentially (Agca
et al. 2017). These steps include recognition of different risks, analyses of these risks, assessment
of the risks, treating the risks and finally checking or reviewing the respective risk properly for
Telstra after describing them.
5
RISK MANAGEMENT
Question 2
2.1 Critical Discussion on the Three Dimensions in which an ERM can be defined
The COSO or the Committee of Sponsoring Organizations of the Treadway Commission
framework is responsible for defining the multidimensional ERM process that is eventually
applicable to any specific organization (Khan, Rathnayaka and Ahmed 2015). ERM or enterprise
risk management is the core procedure to plan, organize, lead as well as control the major
activities of the business for the purpose of minimizing the overall impacts of risks over the
organizational earnings and capital. This type of management involves operational, strategic and
financial risks, apart from the risks related to the accidental losses. The external factors have
fueled a significant interest by the companies within the risk management process.
There are three dimensions for the enterprise risk management attribute, which include
entity objectives, entity organizational structure and ERM process (DeAngelo and Stulz 2015).
On the basis of these three dimensions, it is needed to ensure that the most basis objectives are
being highlighted.
i) Entity Objectives: The first and the foremost dimension for ERM of entity objectives
involve 4 types of objectives like strategic, operations, reporting as well as compliance. Each of
these goals are required to be understood for highlighting the processes and policies for the
increasing number of industries (Bromiley et al. 2015). Proper compliance is needed to be taken
into considered for top priority for ensuring that the respective strategic objectives are
successfully executed without much issue and complexity. The entity objectives of COSO ERM
framework can be achieved by following different processes, such as ensuring control
environment for ethical and integrity value, proper risk assessment, different control activities,
subsequent execution of information and communication factors with high effectiveness and
efficiency and finally proper monitoring of the policies and procedures (Giannakis and
Papadopoulos 2016). Risk identification and analysis would become successful and security
would be improved to a high level by conducting a proper application change management. As a
result, process level objectives are being successfully incorporated for ensuring significant risks
are identified as well as assessed effectively.
RISK MANAGEMENT
Question 2
2.1 Critical Discussion on the Three Dimensions in which an ERM can be defined
The COSO or the Committee of Sponsoring Organizations of the Treadway Commission
framework is responsible for defining the multidimensional ERM process that is eventually
applicable to any specific organization (Khan, Rathnayaka and Ahmed 2015). ERM or enterprise
risk management is the core procedure to plan, organize, lead as well as control the major
activities of the business for the purpose of minimizing the overall impacts of risks over the
organizational earnings and capital. This type of management involves operational, strategic and
financial risks, apart from the risks related to the accidental losses. The external factors have
fueled a significant interest by the companies within the risk management process.
There are three dimensions for the enterprise risk management attribute, which include
entity objectives, entity organizational structure and ERM process (DeAngelo and Stulz 2015).
On the basis of these three dimensions, it is needed to ensure that the most basis objectives are
being highlighted.
i) Entity Objectives: The first and the foremost dimension for ERM of entity objectives
involve 4 types of objectives like strategic, operations, reporting as well as compliance. Each of
these goals are required to be understood for highlighting the processes and policies for the
increasing number of industries (Bromiley et al. 2015). Proper compliance is needed to be taken
into considered for top priority for ensuring that the respective strategic objectives are
successfully executed without much issue and complexity. The entity objectives of COSO ERM
framework can be achieved by following different processes, such as ensuring control
environment for ethical and integrity value, proper risk assessment, different control activities,
subsequent execution of information and communication factors with high effectiveness and
efficiency and finally proper monitoring of the policies and procedures (Giannakis and
Papadopoulos 2016). Risk identification and analysis would become successful and security
would be improved to a high level by conducting a proper application change management. As a
result, process level objectives are being successfully incorporated for ensuring significant risks
are identified as well as assessed effectively.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6
RISK MANAGEMENT
ii) Entity Organizational Structure: The second significant and important dimension of
enterprise risk management is entity organizational structure (Grace et al. 2015). Since, it
considers all levels of hierarchy in an organization; various aspects are needed to be considered
for this purpose, which include subsidiaries, processes of business units, division level and entity
level. It helps to highlight the mission, vision and strategies of the organization to identify the
major business objectives and ensure that the philosophy and operating style of the management
is well facilitated and use human resources processes and policies on top priority (Carvalho and
Rabechini Junior 2015). The overall organizational structure is responsible for determining the
modes, where the organization is eventually operating as well as performing. The organizational
structure allows the expressed allocations of various responsibilities for several functionalities
and procedures to separate entities like the individual, working group, department and finally
branches of the company (Sadgrove 2016). As a result, the probable risks are being highlighted
on top priority and the organization gets distinct chance for risk identification and prioritization.
iii) ERM Process: The final significant and vital dimension of enterprise risk
management is ERM process. The major components of this particular dimension include
internal environment, setting of different objectives, identification of the events, risks’
assessment, risks’ response, control activities, information as well as communication and
monitoring (Olson and Wu 2015). The first component is internal environment, in which the
internal environmental factors are required to be analyzed, so that the execution process becomes
quite effective and ethical and integrity values are being exercised in the company eventually
(Chance and Brooks 2015). The next component is to set the goals and objectives, so that the
entire procedure of risk management is being executed with the help of several significant and
noteworthy objectives and goals. The next distinct and significant component of the ERM
process is identification of different events. As a result, the vital events and attributes are well
identified and the probable risks are assessed properly. Moreover, the risk responses are also
analyzed and different control activities are needed to be taken into consideration (Cole, Giné
and Vickery 20170. Finally, the respective organization will have to implement information and
communication technology with proper monitoring of the process.
RISK MANAGEMENT
ii) Entity Organizational Structure: The second significant and important dimension of
enterprise risk management is entity organizational structure (Grace et al. 2015). Since, it
considers all levels of hierarchy in an organization; various aspects are needed to be considered
for this purpose, which include subsidiaries, processes of business units, division level and entity
level. It helps to highlight the mission, vision and strategies of the organization to identify the
major business objectives and ensure that the philosophy and operating style of the management
is well facilitated and use human resources processes and policies on top priority (Carvalho and
Rabechini Junior 2015). The overall organizational structure is responsible for determining the
modes, where the organization is eventually operating as well as performing. The organizational
structure allows the expressed allocations of various responsibilities for several functionalities
and procedures to separate entities like the individual, working group, department and finally
branches of the company (Sadgrove 2016). As a result, the probable risks are being highlighted
on top priority and the organization gets distinct chance for risk identification and prioritization.
iii) ERM Process: The final significant and vital dimension of enterprise risk
management is ERM process. The major components of this particular dimension include
internal environment, setting of different objectives, identification of the events, risks’
assessment, risks’ response, control activities, information as well as communication and
monitoring (Olson and Wu 2015). The first component is internal environment, in which the
internal environmental factors are required to be analyzed, so that the execution process becomes
quite effective and ethical and integrity values are being exercised in the company eventually
(Chance and Brooks 2015). The next component is to set the goals and objectives, so that the
entire procedure of risk management is being executed with the help of several significant and
noteworthy objectives and goals. The next distinct and significant component of the ERM
process is identification of different events. As a result, the vital events and attributes are well
identified and the probable risks are assessed properly. Moreover, the risk responses are also
analyzed and different control activities are needed to be taken into consideration (Cole, Giné
and Vickery 20170. Finally, the respective organization will have to implement information and
communication technology with proper monitoring of the process.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
RISK MANAGEMENT
2.2 Discussion on Risk Architecture and Risk Management Strategy as used in Risk
Management Framework and Measuring with explanation of their relevance in Telstra
Corporation Limited
Telstra Corporation Limited, being the leader of telecommunication organization in
Australia has to deal with different types of risks and threats related to cyber security and hence
there could be several chances for loss of confidential data or information (Telstra.com.au.
2020). As a result, various steps and mitigating actions are needed to be undertaken by the
organization for ensuring that the distinct processes and operations are well executed and would
be providing some of the most important and significant benefits to the company. Two vital
aspects of risk management framework are needed to be analyzed, which are risk architecture
and risk management strategy (McNeil, Frey and Embrechts 2015). The description of these two
aspects are provided in the following paragraphs:
2.2.1 Risk Architecture
The risk architecture defines about the process of different processes, technology and
information of Telstra is being structured properly for making risk management quite effective,
agile and efficient in the entire company as well as its significant relationships (Glendon, Clarke
and McKenna 2016). There are 3 vital areas for risk architecture, which include risk management
procedural architecture, risk management information architecture and risk management
technology architecture. It is extremely vital to understand that these distinct architectural areas
be initially defined in a sequential order. With the implementation of such distinct architecture, it
would be extremely easier for Telstra to identify the vital risks and monitor them properly for
better eradication of the issues and complexities (Aven 2016). Moreover, the performance is
improved after monitoring the regulatory and legal environments of the company with inclusion
of different techniques and possibilities.
2.2.2 Risk Management Strategy
The second significant attribute is risk management strategy that is required to be
considered by the Telstra Corporation Limited. This type of strategy is responsible for providing
a coherent and structured approach for successful identification, assessment and management of
risks (Hubbard 2020). It helps in building within a specific process towards regular up gradation
RISK MANAGEMENT
2.2 Discussion on Risk Architecture and Risk Management Strategy as used in Risk
Management Framework and Measuring with explanation of their relevance in Telstra
Corporation Limited
Telstra Corporation Limited, being the leader of telecommunication organization in
Australia has to deal with different types of risks and threats related to cyber security and hence
there could be several chances for loss of confidential data or information (Telstra.com.au.
2020). As a result, various steps and mitigating actions are needed to be undertaken by the
organization for ensuring that the distinct processes and operations are well executed and would
be providing some of the most important and significant benefits to the company. Two vital
aspects of risk management framework are needed to be analyzed, which are risk architecture
and risk management strategy (McNeil, Frey and Embrechts 2015). The description of these two
aspects are provided in the following paragraphs:
2.2.1 Risk Architecture
The risk architecture defines about the process of different processes, technology and
information of Telstra is being structured properly for making risk management quite effective,
agile and efficient in the entire company as well as its significant relationships (Glendon, Clarke
and McKenna 2016). There are 3 vital areas for risk architecture, which include risk management
procedural architecture, risk management information architecture and risk management
technology architecture. It is extremely vital to understand that these distinct architectural areas
be initially defined in a sequential order. With the implementation of such distinct architecture, it
would be extremely easier for Telstra to identify the vital risks and monitor them properly for
better eradication of the issues and complexities (Aven 2016). Moreover, the performance is
improved after monitoring the regulatory and legal environments of the company with inclusion
of different techniques and possibilities.
2.2.2 Risk Management Strategy
The second significant attribute is risk management strategy that is required to be
considered by the Telstra Corporation Limited. This type of strategy is responsible for providing
a coherent and structured approach for successful identification, assessment and management of
risks (Hubbard 2020). It helps in building within a specific process towards regular up gradation
8
RISK MANAGEMENT
as well as reviewing of the assessment on the basis of the new developments or actions taken.
Telstra can develop or implement this type of strategy for ensuring that the respective threats and
risks are successfully eradicated without much complexity or issue under every circumstance. As
a result, the organization would be highly benefitted from risks.
RISK MANAGEMENT
as well as reviewing of the assessment on the basis of the new developments or actions taken.
Telstra can develop or implement this type of strategy for ensuring that the respective threats and
risks are successfully eradicated without much complexity or issue under every circumstance. As
a result, the organization would be highly benefitted from risks.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9
RISK MANAGEMENT
Question 3
3.1 Evaluation of the term Risk Appetite
Risk appetite can be referred to as the distinct level of risk, which an organization is
prepared for accepting within the pursuit of the major goals, before action is deemed necessary
for proper reduction of risks and threats (Cole, Giné and Vickery 2017). This risk appetite is
responsible for representing a proper a balance within the potential advantages of innovation as
well as the risks, which can alter eventually. According to the ISO 31000 risk management
standard, risk appetite is the type and amount of risk, which a company is prepared for pursuing,
taking or retaining. This specific concept is helpful for guiding the organizational approach
towards risk management and risk (Khan, Rathnayaka and Ahmed 2015). There are some of the
most significant and important examples of such approaches to set risk appetite, which an
organization might adopt for ensuring a response towards risk, which is proportionate provided
in the business objectives.
The major approaches for risk appetite involve adverse, minimal, cautious, open as well
as hungry. As a result, it becomes quite effective to ensure that the respective risks are well
avoided and uncertainty is managed under every circumstance (DeAngelo and Stulz 2015). The
preferences and choices are being analyzed for limited rewards and preference is of low degree
and might have limited potential. It has the willing to consider every potential option and then
select the option, which is most likely to result in the most successful delivery and even
providing an acceptable reward level or value for money (Giannakis and Papadopoulos 2016).
The respective organization would also be eager to be creative and then select options with high
business rewards, in spite of having of greater acceptance towards management decisions and
risks.
A proper and suitable approach should be undertaken by an organization for varying
across the company with separate parts off the business after adopting a proper risk appetite,
which eventually reflects their respective role with the highly achieving risk appetite framework
for ensuring better consistency (Carvalho and Rabechini Junior 2015). Precise measurement is
not at all possible and risk appetite would be stated by a broader statement of approach. The
company might have a proper appetite for few distinct risks and might be averse to the rest of the
risks on the basis of the context as well as distinct potential losses and profits.
RISK MANAGEMENT
Question 3
3.1 Evaluation of the term Risk Appetite
Risk appetite can be referred to as the distinct level of risk, which an organization is
prepared for accepting within the pursuit of the major goals, before action is deemed necessary
for proper reduction of risks and threats (Cole, Giné and Vickery 2017). This risk appetite is
responsible for representing a proper a balance within the potential advantages of innovation as
well as the risks, which can alter eventually. According to the ISO 31000 risk management
standard, risk appetite is the type and amount of risk, which a company is prepared for pursuing,
taking or retaining. This specific concept is helpful for guiding the organizational approach
towards risk management and risk (Khan, Rathnayaka and Ahmed 2015). There are some of the
most significant and important examples of such approaches to set risk appetite, which an
organization might adopt for ensuring a response towards risk, which is proportionate provided
in the business objectives.
The major approaches for risk appetite involve adverse, minimal, cautious, open as well
as hungry. As a result, it becomes quite effective to ensure that the respective risks are well
avoided and uncertainty is managed under every circumstance (DeAngelo and Stulz 2015). The
preferences and choices are being analyzed for limited rewards and preference is of low degree
and might have limited potential. It has the willing to consider every potential option and then
select the option, which is most likely to result in the most successful delivery and even
providing an acceptable reward level or value for money (Giannakis and Papadopoulos 2016).
The respective organization would also be eager to be creative and then select options with high
business rewards, in spite of having of greater acceptance towards management decisions and
risks.
A proper and suitable approach should be undertaken by an organization for varying
across the company with separate parts off the business after adopting a proper risk appetite,
which eventually reflects their respective role with the highly achieving risk appetite framework
for ensuring better consistency (Carvalho and Rabechini Junior 2015). Precise measurement is
not at all possible and risk appetite would be stated by a broader statement of approach. The
company might have a proper appetite for few distinct risks and might be averse to the rest of the
risks on the basis of the context as well as distinct potential losses and profits.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10
RISK MANAGEMENT
Different measures could be developed for several categories for risks and it might be
aided to a project for learning about the level of delay or any type of financial loss, only to be
permitted for bearing (Grace et al. 2015). The highest level of risk tolerable is needed to be
defined and proper action to be undertaken on priority basis. There are some of the most
important and significant advantages of risk appetite, which is needed for guiding the
organization over the level of risks to be permitted and encouraging consistency of the approach
within the entire company (Agca et al. 2017). Major acceptable levels of risks are being defined
and the resources are not subsequently spent on reduction of risks, which are present at the
acceptable level.
3.2 Critical Discussion of Four Techniques of Risk Assessment used in Microsoft
Corporation with evaluation of Effectiveness and Efficiency as Risk Assessment Tools
Microsoft Corporation is a popular and significant multinational technology organization
of America that has its headquarters in Washington. It subsequently develops, manufactures,
licenses, supports as well as sells the computer software, personal computer systems, consumer
electronics and even related services (Microsoft. 2020). The best known software products of the
organization include Microsoft Windows line of the operating systems, Internet Explorer, the
Microsoft Office Suite and many more. The founders of the company are Bill Gates and Paul
Allen. Since they are a technology organization, there is always a high chance that the risks
related to cyber security and information management are increased to a high level.
The four distinct techniques of risk assessment that can be eventually utilized in the
organization of Microsoft organization include avoidance, reduction, sharing and retention
(McNeil Frey and Embrechts 2015). These four techniques are responsible for ensuring that the
risks are well managed after proper identification, evaluation and even prioritization of the risks.
These are being followed by the economical and coordinated application of different resources
for proper minimization, observing and directing of the profitability or impact of the most
unfortunate events and also expansion of the opportunity realization. These threats can come
from different sources such as financial market and also even threats, legal liabilities, credit risk
accidents and many more from the project failures (Glendon, Clarke and McKenna 2016). The
description of these risk assessment techniques is given below:
RISK MANAGEMENT
Different measures could be developed for several categories for risks and it might be
aided to a project for learning about the level of delay or any type of financial loss, only to be
permitted for bearing (Grace et al. 2015). The highest level of risk tolerable is needed to be
defined and proper action to be undertaken on priority basis. There are some of the most
important and significant advantages of risk appetite, which is needed for guiding the
organization over the level of risks to be permitted and encouraging consistency of the approach
within the entire company (Agca et al. 2017). Major acceptable levels of risks are being defined
and the resources are not subsequently spent on reduction of risks, which are present at the
acceptable level.
3.2 Critical Discussion of Four Techniques of Risk Assessment used in Microsoft
Corporation with evaluation of Effectiveness and Efficiency as Risk Assessment Tools
Microsoft Corporation is a popular and significant multinational technology organization
of America that has its headquarters in Washington. It subsequently develops, manufactures,
licenses, supports as well as sells the computer software, personal computer systems, consumer
electronics and even related services (Microsoft. 2020). The best known software products of the
organization include Microsoft Windows line of the operating systems, Internet Explorer, the
Microsoft Office Suite and many more. The founders of the company are Bill Gates and Paul
Allen. Since they are a technology organization, there is always a high chance that the risks
related to cyber security and information management are increased to a high level.
The four distinct techniques of risk assessment that can be eventually utilized in the
organization of Microsoft organization include avoidance, reduction, sharing and retention
(McNeil Frey and Embrechts 2015). These four techniques are responsible for ensuring that the
risks are well managed after proper identification, evaluation and even prioritization of the risks.
These are being followed by the economical and coordinated application of different resources
for proper minimization, observing and directing of the profitability or impact of the most
unfortunate events and also expansion of the opportunity realization. These threats can come
from different sources such as financial market and also even threats, legal liabilities, credit risk
accidents and many more from the project failures (Glendon, Clarke and McKenna 2016). The
description of these risk assessment techniques is given below:
11
RISK MANAGEMENT
i) Risk Avoidance: The first and the foremost risk assessment technique for Microsoft is
risk avoidance. It involves not performing an activity, which can present risk and refusing to
purchase a specific property or business for avoidance of legal liability would be referred to as a
major example (Ho et al. 2015). This particular technique, although not effective for all types of
risks, can be termed as responsible for reducing the costs and impacts to a high level and loss of
profits. The risk avoidance technique would not be highly effective and efficient as a risk
assessment tool, since it cannot detect the risk, unless and until any issue or harm is being caused
to the respective business (Aven 2016).
ii) Risk Reduction: The second significant and important risk assessment technique for
Microsoft is risk reduction. It is also termed as optimization and it includes proper reduction of
the severity of the likelihood of the threat from occurrence (Hubbard 2020). Any type of risk
management related to the management of processes and operations of the business should be
done after acknowledge of the risks in positive and negative categories. The risks related to cyber
security are termed as negative in nature and would not provide any type of benefit to the
business. In this specific situation, the risks should be reduced completed, so that the confidential
data are not affected (Sadgrove 2016). The risk reduction technique would be referred to act as
highly effective and efficient as a risk assessment tool, since it can easily and promptly assess the
risks for taking proper mitigation actions.
iii) Risk Sharing: The third significant and important risk assessment technique for
Microsoft is risk sharing. It is referred to as the process to share risk with other party for
reducing burden of loss or benefit of profit, after taking proper steps for risk management (Cole,
Giné and Vickery 2017). As it breaks down the risk into different segments or parts, the process
of risk management becomes quite effective and risk transferring reduces vulnerability. Being
the leader of the software industry, Microsoft should share their risks eventually, so that major
causes and issues are not being faced by them (Iqbal et al. 2015). The risk sharing technique
would be referred to act as highly effective and efficient as a risk assessment tool, since it can
share the loss or profit of the loss to a high level and allow the organization in undertaking
different measures for reduction of the risks.
iv) Risk Retention: The final important and noteworthy risk assessment technique for
Microsoft is risk retention. It significantly includes acceptance of the loss and profit from the
RISK MANAGEMENT
i) Risk Avoidance: The first and the foremost risk assessment technique for Microsoft is
risk avoidance. It involves not performing an activity, which can present risk and refusing to
purchase a specific property or business for avoidance of legal liability would be referred to as a
major example (Ho et al. 2015). This particular technique, although not effective for all types of
risks, can be termed as responsible for reducing the costs and impacts to a high level and loss of
profits. The risk avoidance technique would not be highly effective and efficient as a risk
assessment tool, since it cannot detect the risk, unless and until any issue or harm is being caused
to the respective business (Aven 2016).
ii) Risk Reduction: The second significant and important risk assessment technique for
Microsoft is risk reduction. It is also termed as optimization and it includes proper reduction of
the severity of the likelihood of the threat from occurrence (Hubbard 2020). Any type of risk
management related to the management of processes and operations of the business should be
done after acknowledge of the risks in positive and negative categories. The risks related to cyber
security are termed as negative in nature and would not provide any type of benefit to the
business. In this specific situation, the risks should be reduced completed, so that the confidential
data are not affected (Sadgrove 2016). The risk reduction technique would be referred to act as
highly effective and efficient as a risk assessment tool, since it can easily and promptly assess the
risks for taking proper mitigation actions.
iii) Risk Sharing: The third significant and important risk assessment technique for
Microsoft is risk sharing. It is referred to as the process to share risk with other party for
reducing burden of loss or benefit of profit, after taking proper steps for risk management (Cole,
Giné and Vickery 2017). As it breaks down the risk into different segments or parts, the process
of risk management becomes quite effective and risk transferring reduces vulnerability. Being
the leader of the software industry, Microsoft should share their risks eventually, so that major
causes and issues are not being faced by them (Iqbal et al. 2015). The risk sharing technique
would be referred to act as highly effective and efficient as a risk assessment tool, since it can
share the loss or profit of the loss to a high level and allow the organization in undertaking
different measures for reduction of the risks.
iv) Risk Retention: The final important and noteworthy risk assessment technique for
Microsoft is risk retention. It significantly includes acceptance of the loss and profit from the
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 18
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.