, PLEASE USE THIS DOCUMENT AS A GUIDE TO ANSWER YOUR ASSIGNMENT
Please note that the author of this document will not responsibility for any plagiarizing you
commit.
CASE STUDY: RISK MANAGEMENT – THE ROLE OF A RISK MANAGER
Since 2020, many incidents and events have caused organisations to adopt a focused approach towards
risk management and the role of risk managers. Examples of these events are the COVID-19 pandemic
and its severe effects on many countries, economies, and businesses. South Africa was not excluded
from the pandemic and was further hampered by severe power interruptions and inadequate service
delivery. These are all risk-related incidents/events involving risk managers to assist in the
management thereof. According to an article in Enterprise Risk Magazine (2023), uncertainty also
boosted the profile and role of risk managers. Large-scale risks are happening more often, which
requires sound risk management to cope with the increasingly unclear business and physical
environments. As such, it seems imperative that the role of risk managers and appropriate risk
management tools is clear. The classic three lines of defence in the risk governance model endeavour
to demarcate the various roles regarding the management of risks. Although there are many issues
surrounding this model, it provides a foundational guideline for the roles of the main role-players in
risk management.
Regarding the tools for operational risk management, it seems that there are concerns over the
predictive powers of key risk indicators (KRIs), the value of risk and control self- assessments
(RCSAs), and the subjectivity of scenario analysis to manage operational risks (Enterprise Risk
Magazine, 2023). In addition, embedding an operational risk management framework is becoming
essential. However, it appears that there is only a vague understanding of the exact role of a risk
manager. Furthermore, according to Enterprise Risk Magazine (2023), excessive effort is being
expended on issues that generate too little value when using operational risk management tools. For
example, RCSAs are tools that should provide value to organisations by identifying the primary
inherent risks, which can be used for analysing risk scenarios and determining and managing KRIs. In
addition, RCSAs can determine control weaknesses in managing the residual risks effectively.
Enterprise Risk Magazine (2023) mentioned that organisations should focus their RCSA efforts on the
effectiveness and adequacy of controls in mitigating low-, medium-frequency/medium and
high-impact operational risks. Risks leading to high-frequency and low-impact operational loss
incidents should be managed by means of more real-time monitoring of KRIs. This could ensure
obtaining value from the RCSA activity.
According to the Institute of Risk Management (IRM, 2023), the year 2024 will see certain risk events
escalate, requiring a more “aggressive” and formal approach by risk managers to assist organisations
in coping with these risk events. Some of these risks, specifically for South Africa, were identified by
various risk managers as follows:
future disasters, such as ongoing floods, global warming, and drought
the constant negative influence of the energy crisis on the economy
the slow pace of sustainability and investment projects
poor maintenance and development of infrastructure
increasing cyber risks and cybercrimes
inadequate handling of fraud and corruption
, General comments on the above points seem to indicate a lack of effective business continuity
processes and disaster management to manage future disasters. This is true of both the public and
private sectors. Fraud and corruption are creating a negative view of the country, causing investors to
be unwilling to invest in a deteriorating economy. This, in turn, leads to unemployment, poverty and
social inequalities. Technology also needs to be insourced because of a lack of adequate expertise,
which makes the country more vulnerable to cyber risks. Qualified people are emigrating to other
countries because of the uncertainties surrounding South Africa’s well-being. The energy crisis is also
playing a large role in undermining the country’s economy. Loadshedding is causing businesses to fail
and is hampering service delivery. This, in turn, leads to the poor maintenance of infrastructure and a
shortage of water and sanitation services. Unmaintained infrastructure also affects the environment,
economy, and society, creating a negative impact on sustainability and investment projects.
Note: For training purposes, some fictitious information has been included in this case study.
Question 1
1. Draw a diagram illustrating the three lines of defence to indicate the roles of risk
management. Explain in detail the differences between the roles of the head of operational risk
management and the third line of defence.
[You can draw your own diagram or copy the one in the prescribed book]
Please note that the author of this document will not responsibility for any plagiarizing you
commit.
CASE STUDY: RISK MANAGEMENT – THE ROLE OF A RISK MANAGER
Since 2020, many incidents and events have caused organisations to adopt a focused approach towards
risk management and the role of risk managers. Examples of these events are the COVID-19 pandemic
and its severe effects on many countries, economies, and businesses. South Africa was not excluded
from the pandemic and was further hampered by severe power interruptions and inadequate service
delivery. These are all risk-related incidents/events involving risk managers to assist in the
management thereof. According to an article in Enterprise Risk Magazine (2023), uncertainty also
boosted the profile and role of risk managers. Large-scale risks are happening more often, which
requires sound risk management to cope with the increasingly unclear business and physical
environments. As such, it seems imperative that the role of risk managers and appropriate risk
management tools is clear. The classic three lines of defence in the risk governance model endeavour
to demarcate the various roles regarding the management of risks. Although there are many issues
surrounding this model, it provides a foundational guideline for the roles of the main role-players in
risk management.
Regarding the tools for operational risk management, it seems that there are concerns over the
predictive powers of key risk indicators (KRIs), the value of risk and control self- assessments
(RCSAs), and the subjectivity of scenario analysis to manage operational risks (Enterprise Risk
Magazine, 2023). In addition, embedding an operational risk management framework is becoming
essential. However, it appears that there is only a vague understanding of the exact role of a risk
manager. Furthermore, according to Enterprise Risk Magazine (2023), excessive effort is being
expended on issues that generate too little value when using operational risk management tools. For
example, RCSAs are tools that should provide value to organisations by identifying the primary
inherent risks, which can be used for analysing risk scenarios and determining and managing KRIs. In
addition, RCSAs can determine control weaknesses in managing the residual risks effectively.
Enterprise Risk Magazine (2023) mentioned that organisations should focus their RCSA efforts on the
effectiveness and adequacy of controls in mitigating low-, medium-frequency/medium and
high-impact operational risks. Risks leading to high-frequency and low-impact operational loss
incidents should be managed by means of more real-time monitoring of KRIs. This could ensure
obtaining value from the RCSA activity.
According to the Institute of Risk Management (IRM, 2023), the year 2024 will see certain risk events
escalate, requiring a more “aggressive” and formal approach by risk managers to assist organisations
in coping with these risk events. Some of these risks, specifically for South Africa, were identified by
various risk managers as follows:
future disasters, such as ongoing floods, global warming, and drought
the constant negative influence of the energy crisis on the economy
the slow pace of sustainability and investment projects
poor maintenance and development of infrastructure
increasing cyber risks and cybercrimes
inadequate handling of fraud and corruption
, General comments on the above points seem to indicate a lack of effective business continuity
processes and disaster management to manage future disasters. This is true of both the public and
private sectors. Fraud and corruption are creating a negative view of the country, causing investors to
be unwilling to invest in a deteriorating economy. This, in turn, leads to unemployment, poverty and
social inequalities. Technology also needs to be insourced because of a lack of adequate expertise,
which makes the country more vulnerable to cyber risks. Qualified people are emigrating to other
countries because of the uncertainties surrounding South Africa’s well-being. The energy crisis is also
playing a large role in undermining the country’s economy. Loadshedding is causing businesses to fail
and is hampering service delivery. This, in turn, leads to the poor maintenance of infrastructure and a
shortage of water and sanitation services. Unmaintained infrastructure also affects the environment,
economy, and society, creating a negative impact on sustainability and investment projects.
Note: For training purposes, some fictitious information has been included in this case study.
Question 1
1. Draw a diagram illustrating the three lines of defence to indicate the roles of risk
management. Explain in detail the differences between the roles of the head of operational risk
management and the third line of defence.
[You can draw your own diagram or copy the one in the prescribed book]
