SEP2606
Assignment 2
Semester 2 2025
Due 2 October 2025
,SEP2606
Assignment 2
Semester 2 2025
Due 2 October 2025
SECTION A: WRITTEN ASSIGNMENT
Question 1: Define the term “risk management” and provide your own examples.
Risk management is the structured process of identifying possible threats, analysing
their likelihood and impact, and then implementing strategies to address them in a way
that supports organisational objectives. It is a proactive approach that not only prevents
losses but also enables institutions to function with greater confidence in uncertain
conditions (Hopkin, 2018).
For example, in a university setting, cyberattacks on learning platforms pose a serious
risk. This can be managed by applying multi-factor authentication, ensuring regular
system updates, and training staff and students to identify phishing attempts. In the
retail sector, theft is a recurring risk. Shops often respond with visible surveillance
cameras, well-trained staff, and store layout designs that discourage crime. Both
examples demonstrate how risk management is about balancing prevention, control,
and resilience.
, Question 2: Name and explain four decisions management can make to manage
risk cost-effectively.
Management must strike a balance between strong security and available resources.
Four main decisions guide this balance:
1. Risk Avoidance
Eliminating activities that expose the organisation to unnecessary danger. For
example, a company may avoid storing highly flammable chemicals and instead
use safer alternatives. By avoiding the hazard altogether, the associated risk is
eliminated.
2. Risk Reduction
Lowering the probability or impact of risks through targeted measures. A
construction firm might reduce the risk of injuries by enforcing safety drills and
providing personal protective equipment. The risk remains, but its severity is
controlled.
3. Risk Transfer
Shifting responsibility for potential losses to another party, often through
insurance. A logistics company can insure its fleet against hijacking or accidents,
transferring the financial risk to the insurer while focusing on its operations.
4. Risk Retention
Accepting risks that are minor or less costly to tolerate than to prevent. For
instance, a small shop may absorb occasional petty theft rather than install
expensive biometric entry systems. This acknowledges risk realistically without
over-spending on controls.
Assignment 2
Semester 2 2025
Due 2 October 2025
,SEP2606
Assignment 2
Semester 2 2025
Due 2 October 2025
SECTION A: WRITTEN ASSIGNMENT
Question 1: Define the term “risk management” and provide your own examples.
Risk management is the structured process of identifying possible threats, analysing
their likelihood and impact, and then implementing strategies to address them in a way
that supports organisational objectives. It is a proactive approach that not only prevents
losses but also enables institutions to function with greater confidence in uncertain
conditions (Hopkin, 2018).
For example, in a university setting, cyberattacks on learning platforms pose a serious
risk. This can be managed by applying multi-factor authentication, ensuring regular
system updates, and training staff and students to identify phishing attempts. In the
retail sector, theft is a recurring risk. Shops often respond with visible surveillance
cameras, well-trained staff, and store layout designs that discourage crime. Both
examples demonstrate how risk management is about balancing prevention, control,
and resilience.
, Question 2: Name and explain four decisions management can make to manage
risk cost-effectively.
Management must strike a balance between strong security and available resources.
Four main decisions guide this balance:
1. Risk Avoidance
Eliminating activities that expose the organisation to unnecessary danger. For
example, a company may avoid storing highly flammable chemicals and instead
use safer alternatives. By avoiding the hazard altogether, the associated risk is
eliminated.
2. Risk Reduction
Lowering the probability or impact of risks through targeted measures. A
construction firm might reduce the risk of injuries by enforcing safety drills and
providing personal protective equipment. The risk remains, but its severity is
controlled.
3. Risk Transfer
Shifting responsibility for potential losses to another party, often through
insurance. A logistics company can insure its fleet against hijacking or accidents,
transferring the financial risk to the insurer while focusing on its operations.
4. Risk Retention
Accepting risks that are minor or less costly to tolerate than to prevent. For
instance, a small shop may absorb occasional petty theft rather than install
expensive biometric entry systems. This acknowledges risk realistically without
over-spending on controls.
