RSK4801 ASSIGNMENT 04 SEMESTER 02 ANSWERS DUE 04 OCTOBER 2024

RSK4801 ASSIGNMENT 04 SEMESTER 02 ANSWERS DUE 04 OCTOBER 2024 CASE STUDY: RISK MANAGEMENT – THE ROLE OF A RISK MANAGER Since 2020, many incidents and events have caused organisations to adopt a focused approach towards risk management and the role of risk managers. Examples of these events are the COVID-19 pandemic and its severe effects on many countries, economies, and businesses. South Africa was not excluded from the pandemic and was further hampered by severe power interruptions and inadequate service delivery. These are all risk-related incidents/events involving risk managers to assist in the management thereof. According to an article in Enterprise Risk Magazine (2023), uncertainty also boosted the profile and role of risk managers. Large-scale risks are happening more often, which requires sound risk management to cope with the increasingly unclear business and physical environments. As such, it seems imperative that the role of risk managers and appropriate risk management tools is clear. The classic three lines of defence in the risk governance model endeavour to demarcate the various roles regarding the management of risks. Although there are many issues surrounding this model, it provides a foundational guideline for the roles of the main role-players in risk management. Regarding the tools for operational risk management, it seems that there are concerns over the predictive powers of key risk indicators (KRIs), the value of risk and control self-assessments (RCSAs), and the subjectivity of scenario analysis to manage operational risks (Enterprise Risk Magazine, 2023). In addition, embedding an operational risk management framework is becoming essential. However, it appears that there is only a vague understanding of the exact role of a risk manager. Furthermore, according to Enterprise Risk Magazine (2023), excessive effort is being expended on issues that generate too little value when using operational risk management tools. For example, RCSAs are tools that should provide value to organisations by identifying the primary inherent risks, which can be used for analysing risk scenarios and determining and managing KRIs. In addition, RCSAs can determine control weaknesses in managing the residual risks effectively. Enterprise Risk Magazine (2023) mentioned that organisations should focus their RCSA efforts on the effectiveness and adequacy of controls in mitigating low-, medium-frequency/medium and high-impact operational risks. Risks leading to high-frequency and low-impact operational loss incidents should be managed by means of more real-time monitoring of KRIs. This could ensure obtaining value from the RCSA activity. According to the Institute of Risk Management (IRM, 2023), the year 2024 will see certain risk events escalate, requiring a more “aggressive” and formal approach by risk managers to assist organisations in coping with these risk events. Some of these risks, specifically for South Africa, were identified by various risk managers as follows: • future disasters, such as ongoing floods, global warming, and drought • the constant negative influence of the energy crisis on the economy • the slow pace of sustainability and investment projects • poor maintenance and development of infrastructure • increasing cyber risks and cybercrimes • inadequate handling of fraud and corruption General comments on the above points seem to indicate a lack of effective business continuity processes and disaster management to manage future disasters. This is true of both the public and private sectors. Fraud and corruption are creating a negative view of the country, causing investors to be unwilling to invest in a deteriorating economy. This, in turn, leads to unemployment, poverty and social inequalities. Technology also needs to be insourced because of a lack of adequate expertise, which makes the country more vulnerable to cyber risks. Qualified people are emigrating to other countries because of the uncertainties surrounding South Africa’s well-being. The energy crisis is also playing a large role in undermining the country’s economy. Loadshedding is causing businesses to fail and is hampering service delivery. This, in turn, leads to the poor maintenance of infrastructure and a shortage of water and sanitation services. Unmaintained infrastructure also affects the environment, economy, and society, creating a negative impact on sustainability and investment projects. Note: For training purposes, some fictitious information has been included in this case study. Analyse the case study and answer the related questions. Question 1 (24 marks) You are appointed as an operational risk manager for a large investment company in South Africa. The company is reliant on foreign investors to ensure an acceptable profit margin. The CEO requested you to analyse the country’s six operational risks which could influence the company based on the details in the case study and in terms of the following: 3.1 Identify external risks that could influence the company and the potential consequences of the company’s main business and determine risk control/mitigation measures for each risk. Complete Table 1 below to answer the question. 3.2 Use the evaluation matrix (Table 2) to draft a risk and control self-assessment for the company. Using the 6 identified inherent risks, rate the control measures to determine the priority to manage the residual risk. Complete Table 3 for your answer. (12) Question 2 (11 marks) Risk-based decisions are dependent on accurate risk information. Key Risk Indicators are an operational risk management tool/methodology which generates risk information. The power outages could negatively influence the company’s operations, especially regarding system downtime. As such, it is imperative to monitor the effectiveness and efficiency of the system's operations. A lower threshold of 25 minutes and an upper threshold of 30 minutes per day were identified. The system downtime for a week was monitored and indicated in the table. Explain the concept of using Key Risk Indicators, determine the time of the system downtime per day and illustrate it by means of a line graph. Indicate which day(s) the company must ensure that a backup system operates. Question 3 (15 marks) The continuous monitoring of operational risk is essential to ensure the effectiveness of an operational risk management process. Explain what should be included in a risk monitoring programme and the role of monitoring during each component of a risk management process. TOTAL MARKS: 50