Risk Management Plan
Character and Citizenship Education
August 13, 2020Blazer, D.G. (2007). Religious beliefs, practices and mental health outcomes: What is the research question? American Journal of Geriatric Psychiatry,
August 13, 2020Risk Management Plan
Risk Management Plan
Company Overview
Boorela systems is an international webhosting, training, and domain registration company. It is the largest ICANN-approved webhosting company as it manages more than sixty-one million domain names. It was founded in the mid-1990s by Bob Parsons. It grew to be the largest web-hosting company through continuous acquisition of smaller web hosting companies. It employs approximately 4000 people and has more than thirteen million companies. It has a data centre measuring 65,000 square foot that is connected to a DWDM Ethernet backbone optical fibre offering a speed of 20 Gigabits per second. It is headquartered in Scottsdale in the State of Arizona in the United States.
1. Consultation and Communication
Using the table, list key stakeholders for the organisation (and their job roles or titles), they may be responsible for management decisions, organisational structures and are impacted by risk or responsible for risk in the organisation. Also include stakeholders that are external to the organisation that you believe should be listed. (Add additional rows to the table if needed.)
An option may be to present your stakeholders in the following table. (Add additional rows to the table if needed.) [Then delete the suggested italics text so that only the table remains.]
(50 words)
| Stakeholder | Role | Stakeholder’s agenda for Risks |
| e.g. Describe the stakeholder group | e.g. Describe the role that this group has with the organisation | e.g. what influences this stakeholder – a Finance Director’s agenda is to increase profit margin |
| Nathan Vaurela
|
Chief Executive Officer | Expanding the customer base and expanding revenue. |
| Steven Mills
|
President & COO | Managing the company’s global operations, marketing, and channels. |
|
Veronica Vaurela |
Chief Marketing Officer and Chief Customer Officer | Overseeing strategic end-to-end customer relationships and corporate marketing. |
| Caroline Vaurela
|
Chief People Officer | Hiring and retaining the greatest talent pool. |
| Peter Kommer
|
Executive Vice President of Global Platform Development | Development of systems and product platforms. |
|
Chad Vaurela |
Chief Financial Officer | Maintaining the profit margin, financial analysis, tax compliance, investor relations, and internal audit. |
| Lewis Mills | General Counsel | Corporate litigation, corporate governance, intellectual property, and mergers & acquisitions. |
| Robin Kommer | Senior Vice President Hosting | Overseeing hosting platforms for businesses. |
Explain the consultation and methods of communication that you will undertake as part of the planning process (100-200 words).
Communication and consultation are core aspects of the risk management process. Communication must at all-time feature open discussions with all relevant stakeholders so as to develop a common understanding of the problems at hand and how they can be resolved. Risk management is only enhanced when individuals and parties understand all the perspectives based on timely consultation. Stakeholders form biases about risks based on differences in concerns, concepts, assumptions, needs, and values. Stakeholder views have a fundamental impact on the decisions made. It is therefore important to reach out to each stakeholder in each department or sector to identify, record, and address their perceptions of risk in the preparatory stage. Upon meeting the stakeholders, the consultant then generates qualitative criteria by creating tools and methods that are meant to reach balanced estimations of the risk assessments by various stakeholders. External consultants should be brought in on a regular basis for exchange of experience and knowledge. Effective communication and consultation strategies will ensure that the both the risks and risk management process progress effectively without subjective estimations.
2. Establish, Identify and Analyse Risks
Review organisational processes, procedures and requirements. Analyse and assess the risks for your organisation. Apply the current risk management standards and processes to outline risk management for your organisation.
Boorela systems essentially deals with off-site hosting of customers website and email; storing files, images, and music as well as managing customer data. As the largest web-hosting services provider a risk for Boorela systems is a risk for millions of small businesses that depend on services for hosting of web services, domain names, and the business itself. Boorela systems has put in place various processes, procedures, and requirements to safeguard against security breaches and loss of data. The company always verified email addresses during the domain name validation process. The process is expanded to include telephone verification and fraud screening. Certified domain names are issued upon completion of the verification process. The certified domain name is screened for several fraud indicators. If probable fraud is identified, the domain is subjected to fraud review resulting in suspension of the verification process. The certified Domain name request is rejected if it is suspected that there is sufficient evidence that fraud has occurred.
The underlying reasoning behind risk management is that every corporation exists to provide the maximum value for its stakeholders. All corporate entities face uncertainty. It is upon the management to evaluate how uncertainty can be used as an opportunity to enhance value rather than as a risk that erodes value. The current risk management standards and process require alignment of risk strategy and appetite; enhancement of risk response decisions, reduction of operational losses and surprises; identification and management of cross-enterprise and multiple risks; improved deployment of capital, and seizing opportunities.
The management is required to consider the prevalence of risk when evaluating strategic alternatives so that they can develop risk management mechanisms by setting realistic objectives. Enhancement of risk response decisions is done by selecting a viable response such as risk acceptance, risk sharing, risk reduction, and risk avoidance. Identification of potential events that are likely to affect the organisation results in reduction of surprises and associated losses or costs. Consideration of the full range of impacts that are likely to result from identified risks enhances the capability of the management to identify hidden opportunities. Collection of robust risk information empowers management to deploy and allocate capital effectively preserving the integrity of the corporation as a going concern.
In 2012, Boorela system’s servers went offline creating a ripple effect for millions of small business who used its DN records, name servers, and webhosting services. An internal error was to blame for the outage but nevertheless servers claimed responsibility. The company reported that its router data tables had been corrupted by a series of internal network events. Small business lost access to their data and websites as well as potential and real revenue and sales. Outages cause insecurities and breach of data in the public cloud leaving small businesses exposed to various vulnerabilities. At the time of the attack Boorela systems did not have an immediate and reliable back-up strategy in place after several hours of outage. This created concerns about security redundancy, and business continuity plans as customers were offline for almost a full day.
2a. Establish the Context and Identify Risks
Start with completing a PESTEL analysis to understand the MACRO environment. This assists to uncover different risks that can affect the organisation (Remember this assessment must not be limited to WHS risks). For more information: http://www.mindtools.com/pages/article/newTMC_09.htm
| Political | Technology |
| e.g. Discuss how a change in government may affect specific factors
? Political instability in developing markets. ? Strict regulation in the European market and other markets. ? Internet crack-downs in developing countries. ? Pressure from online privacy rights groups. ? Change of online policy direction after the November elections. |
e.g. IT issues
? Free web-hosting services ? Intensive competition from start-ups. ? Proliferation of smart phones technology. ? Preference of online presence over brick and mortar presence. ? Expansion of technology infrastructure across the job. ? Affordability of the cost of data. ? Hackers |
| Economic | Environmental factors |
| e.g. Drop in Australian Dollar outline what this will affect
? Inflation rates ? Unpredictable value of the dollar ? Possible economic slowdown ? High interest rates ? Mergers and acquisitions ? Expanding domestic and global middle class ? High purchasing power |
e.g. weather what impact does this have
? Climate change debate ? Working indoors during harsh weather. |
| Social issues | Legislation |
| e.g. trends, culture, customer needs
? Work-life balance resulting in alternative working patterns such as telecommuting, work-sharing, and working from home. ? Instant communication ? Demographic changes ? Tech-savvy generation ? Media perception ? Changes in consumer attitudes. ? Expanding population densities in big cities. Growth of online social services e.g. dating, gaming, and food delivery. |
e.g. laws affecting the organisation
? Data Privacy concerns ? Litigation concerns due to data outages ? Cloud security concerns |
| Competitors | Other |
|
? High competition rates. ? Competitors offering basic free services and premium charged services. ? Access to new technologies ? Lack of product differentiation. |
? Presence of miscellaneous substitute products. |
2b. Risk Identification
Discuss here what methods you will use to identify risks. Complete a SWOT analysis for your organisation to help you to identify internal and external risk factors. (150 – 200 words)
Boorela systems’s risks will be evaluated using multiple methods. The primary methods will be evaluation of implementation challenges, external and internal dependencies, current strategic plan, stakeholder expectations, performance challenges, key performance parameters, technical maturity, schedule, cost estimates, and program scope review. The secondary methods of evaluation will entail an evaluation of system security, system safety, test event expectations, and cost deviations, ability to handle threats, supply-chain vulnerabilities, supportability, and interoperability. The risk identification will be an interactive process. As the identification continues, more information will be gained about the corporation’s strengths and weaknesses. The risk statement will be adjusted continuously to reflect the position based on the most immediate review. Operational risks will be prioritized since they affect the operations and capabilities of the end users. Risk prioritisation will be based on the gravity to the end users (Boorela systems’s customers who host their websites on the corporation’s servicers). The available alternatives, balances, and options will be recommended for end users to cushion them from heavy losses of customers and revenues.
| Strengths | Weaknesses |
| e.g. Brand reputation, reliable staff
? Impressive revenue and profitability ? Provision of monetary assistance by finders. ? Robust sales and distribution networks ? Barriers to market entry ? Established business units ? Brand recognition ? Firm entrenchment in the domestic market ? Reduced labour costs ? High industry growth rate ? Largest company in the sector |
e.g. Bureaucratic style of management
? Expensive cost structure ? Low investment in research and development ? Complex tax structure ? Lack of a diverse management team ? Exposure to outages and hacking ? Lack of product diversification |
| Opportunities | Threats |
| e.g. New product launch, expansion
? New services and products ? New acquisitions ? Diversification of products ? Global expansion ? Virtual offices |
e.g. Competitors
? Increasing costs ? Rising cost of raw materials ? Technological problems ? Lowe profitability of the sector ? Growing stiff competition ? Increasing interest rates ? Cash flow inadequacies. |
Discuss the risks that you have identified through your PESTEL analysis, SWOT analysis and the other methods you have used (200 words).
The SWOT and PESTEL analysis have revealed various risks that are inherent in Boorela systems’s organisational structure. The key risk is data breaches due to hacking or internal control failures. The risk is likely to result in massive losses for consumers, security fears, violation of private data, loss of brand recognition, and eventual loss of revenue for both the business and its customers. The risk could also lead to enactment of strict legislation, litigation suits, and pressure from privacy and security rights groups. The second risks include internet-closure in developing countries such as Asia die to political differences. There is also the risk of political instability in some countries of operation. The company is also likely to experience stiff competition from free web-hosting services which are venturing into offering premium instead of basic web-hosting services. Economic instability and high inflation rates are likely to impact negatively on the company’s profitability. The company is also exposed to acquisitions by big players in the Tech Industry such as Facebook who may opt to either buy Boorela systems or push it out of the market. The presence of miscellaneous substitute products offers Boorela systems little room for product differentiation and diversification. A punitive taxation regime poses a risk to the company’s profit margins. There is lack of management diversity since most of the managers are male and whites. This may make it difficult for the company to access some market segments both in the domestic market and in international markets.
2c. Risk Analysis, Evaluation and Prioritisation
Analyse and evaluate ten risks, outline the likelihood of each risk to occur, and prioritise the risks. Include a risk matrix template from your notes. (Please attach the risk matrix template in your appendix).
The order of the risk includes data/system breaches; loss of revenue; loss of brand recognition; litigation; punitive tax regime; political interference in developing markets; lack of management diversity; stiff competition by free web-hosting service providers; acquisition by dominant players in the tech industry, and lack of product diversification exacerbated by presence of miscellaneous product substitutes,
3. Develop a Risk Register Plan
- Outline the ten risks and levels of control in the risk register template Part A. You can create your own risk reference code unique to each risk e.g. a marketing risk may be given the risk reference code of MARK001.
- Determine and select the most appropriate actions for treating the ten risks, develop an action plan in template Part B to be implemented to treat the risks, if the risks were to occur. Discuss and evaluate the action plan and ongoing monitoring and communication of the risk management process.
Here you will include how you will resolve the risks according to the risk management hierarchy of control. Ensure you include strategies to monitor your risk treatments and a timetable for scheduling risk management activities.
| Risk Register Part A. Risk register: (Name of organisation) | |||||||||||
| Function (activity e.g. department): | Compiled by: | Date: | |||||||||
| Date of risk review: | Reviewed by: | Date: | |||||||||
|
Risk Reference (unique identifier code) |
What is the risk? (Risk) |
What can happen? (Event) |
How can it happen? (Cause) |
What can happen? (Consequences/level of impact) |
Current control strategies A (Adequate) M (Moderate) I (Inadequate) |
Current risk level analysis |
Risk priority (refer to risk matrix and attach matrix in appendix) |
Acceptability of Risk
A (Acceptable) or U (Unacceptable) |
Treat Risk Yes or No |
||
| Likelihood | Consequences | Level
of risk |
|||||||||
|
GOD 1 |
Data/System Breach | | | | | | | | | ||
|
GOD 2 |
Loss of Revenue | | | | | | | | | ||
|
GOD 3 |
Loss of Brand Recognition | | | | | | | | | ||
| GOD 4
|
Litigation | | | | | | | | | ||
| GOD 5 | Punitive Tax Regime | | | | | | | | | ||
| GOD 6 | Political Interference | | | | | | | | | ||
|
GOD 7 |
Lack of Management Diversity | | | | | | | | | ||
| GOD 8 | Competition by free web-hosting services | | | | | | | | | ||
| GOD 9 | Acquisition | | | | | | | | | ||
| GOD 10 | Lack of product diversification | | | | | | | | | ||
| Risk Register Part B. Risk register: (Name of organisation) | |||||||
|
Risk Reference (unique identifier code) |
Potential treatment options
|
Person responsible for monitoring the risk | Cost to implement risk treatment | Time frame to implement treatment | Monitors to measure the effectiveness of the risk treatments | Treatment of Risk Complete
Yes or No |
|
|
GOD 1 |
Hacker-immune systems | | | | | | |
|
GOD 2 |
Sustainable cash and equity reserves | | | | | | |
|
GOD 3 |
Public relations campaigns | | | | | | |
|
GOD 4 |
Strong legal representation | | | | | | |
|
GOD 5 |
Lobbying for tax friendly legislation | | | | | | |
|
GOD 6 |
Franchising with local webhosting service providers | | | | | | |
| GOD 7
|
Increase diversity at management levels | | | | | | |
| GOD 8 | Offer free trial versions | | | | | | |
| GOD 9 | Retain sector leadership | | | | | | |
| GOD 10 | innovation | | | | | | |
Bibliography
List the full URLs of the websites or documents you have used in your research.
Use Harvard style referencing e.g.
Queensland Government: Business and industry portal, Preparing a risk management plan and business impact analysis, viewed 3/2/1
