Risk Management

WJEC/Eduqas Business A Level

Component Three:
Business in a Changing World
What are
Risks?
Risk management refers to the practice of identifying potential risks
in advance, analysing them and taking precautionary steps to
minimise a firm’s exposure to the risk.

The process of assessing risk is difficult, as firms need to balance risks with a
high probability of occurring but lower loss value against a risk with high loss but
a lower probability of occurrence.

Risk management also faces difficulties in allocating resources. This is the idea
of opportunity cost.

Resources spent on risk management could have been spent on more

profitable activities.
Types of Risks Facing Business

Natural Employee Error Equipment Product Failures

Disasters Failure

Economic Legal Challenges Public Relations Supply

Factors Failure Problems
 Natural Massive travel disruption in
2010 from an Icelandic
Disasters volcano with thousands of
flights being cancelled.

• Icelandic volcano
Employee Error

1987 saw a crowded

passenger ferry leave a
Belgian port for the UK with
its bow doors still open.
The ferry quickly took on
water and capsized with
the deaths of 193 people.
Human error was to blame!
Equipment Failure

2010 saw BP’s Deepwater Horizon oil FAULTS:

well platform burst into flames following
a serious of catastrophic equipment • Weak cement
failures. 11 people died and the • Faulty blowout preventer
subsequent compensation pay-outs for to stop oil leaks
harm to the local environment following • Cost savings in design that
a prolonged oil leak amounted to £47bn. put profits before safety.
Product Failure
In 2010 Toyota was forced to
recall millions of cars after
problems with braking, floor
mats and acceleration pedals.

Officially the faulty brakes

have caused over 89 deaths
and more than 8 million
vehicles have been recalled.
Economic Factors

On 17 December 2008,
administrators announced
that all 807 Woolworths
stores would close by 5
January 2009 (later
changed to 6 January),
with 27,000 job losses and
debts of £385m.

Woolworths Collapse
1 min 59 secs
Legal Challenges
The personal data of 87 million
Facebook users was found to have
been collated and shared by
Cambridge Analytica for political
purposes without the individual’s
knowledge, raising data privacy
concerns and causing Facebook’s
share value to crash.

On-going legal challenges to the use

of this data are highly likely and this
risks further expensive court costs
for Facebook, as well as further
damage to their brand.
Public Relations
Failure Tax Avoidance
3 mins 6 secs

Many household names such as

Starbucks, Amazon and Google, are
accused of acting unethically in
efforts to avoid paying UK tax on
their profits. At a time of
household hardship and financial
austerity, the denial by Starbucks’s
CEO of any wrong doing proved
harmful to the brand.
Supply Problems
A chicken restaurant with no
chicken is a serious problem
but this was the situation
facing KFC for over 3 weeks
in 2018. Their new supplier
let them down over a
logistical issue meaning meat
could not be delivered
allowing KFC’s rivals to try
and take advantage.

KFC Supply Crisis

2 mins 5 secs
Probability of Risk
• All business activity involves an element of risk.

• The changing nature of the business environment and the fact that
every individual holds different wants and needs means risk is
inevitable.

• It is how a business manages their exposure to risk that matters.

• Some risks are quite easy to predict and it is possible to calculate the
impact of the risk upon a firm. This is known as a quantifiable risk.
Risk Assessment Matrix
Probability 1 2 3
Extremely Likely Extremely
Impact Unlikely Likely

Priority
1 Not Critical 1 2 3
Low
Medium
2 Significant 2 4 6 High

3 Fundamental
to Business 3 6 9
Operations

Impact x Probability = Risk Score

 Quantifiable Risks

• Quantifiable risks can be planned for

and measure put in place to minimise
their impact upon a business.
• When a risk can be measured it is
usually possible to take out insurance
(at a cost to the business) to ensure
that a business can continue to operate
even if the risk actually happens. Financial Risk Operational
Risk

Strategic Risk Compliance

Risk
ISO 31000
Using ISO 31000 can help firms to improve the identification of
risks and effectively and efficiently allocate resources for its
management, so helping them to achieve their objectives.

• ISO 31000 provides businesses with a series of guidelines

that they can follow to help reduce and manage exposure to risk.

• As it is not compulsory firms can choose not to apply it but it

does offer a sound framework for risk management.

• It considers key aspects of risk such as:

• How to minimise risk
• Acceptable levels of risk when pursuing opportunities
• Eliminating a source of risk
• Sharing risk with another party or parties
Risk Assessment Methods

Having identified, analysed and

evaluated each risk and
suggested a course of action to
manage the risk, a firm is able
to create a risk register.

It records each risk, the

probability of their occurring
and their likely impact. In large
firms it is the job of the Risk
Manager to minimise a
businesses’ exposure to risk.
Preventative Measures of Firms
• One of the key roles of a Risk Manager is implementing preventative
policies within a business that minimise a firm’s exposure to risk and
enable a business to still function should the worst happen.

• Such policies cannot be guaranteed to remove the risk entirely but they
help to minimise its impact.

• Preventative actions are easier to apply to internal risks than external

ones over which the business holds no direct control.

Water Back Up of Staff Training

Sprinklers IT Systems
Insurable Risks
For a loss to be insurable the loss must be:
• due to chance
• be definite and measurable e.g. receipts for claimed items
• must be predictable, i.e. its frequency and severity can be calculated to
establish the required premium.
• The loss cannot be catastrophic e.g. war
An insurable risk is a risk that meets the ideal criteria for
efficient insurance. It is not however, so big or catastrophic that
an insurance company is not able to pay out upon a claim.

Businesses pay insurance premiums to cover themselves

against a variety of different types of risk. Any claims on these
insurances though pushes up their insurance costs!
Uninsurable Risks
• Non-insurable risks are types of risks that the
insurer is not ready to insure against simply
because the likely future losses cannot be
estimated and calculated.
• These risks cannot be measured or forecast.

Consumer Technological
Floods
Demand Change
Contingency Planning
Contingency plans are an agreed course of action that a
business and its employees will adopt should things go wrong.

The main aims of a contingency plan are:

To contain and To allow the main

minimise the damage to operational functions of
persons or property. the business to continue.

Plans are constructed with the ‘worst case scenarios’ in mind and
are methodical documents that evaluate the impact of different
risks in each of the four functional areas of marketing, finance,
operation and human resources.
Contingency Planning Examples

Death of Key
Flood Fire Cyber Attack
Employee

Pressure Group
Terror Attack Supplier Failure
Activity
Analysis of Contingency Plans

ADVANTAGES
It reassures stakeholders It takes up valuable
that the firm is aware of management time that could
risks and has a plan of have been spent elsewhere.
action ready.
No guarantee that a plan will
Managers have to spend be effective in dealing with

DISADVANTAGES
less time ‘firefighting’ risk as events are highly
should a crisis actually occur variable.
as they have already
planned out a response.
Plans can encourage
inflexibility in how a business
Public relations are better handles a crisis.
managed in time of a crisis.
Pre-prepared press releases
can buy a firm time to The plan needs constant
assess their full response. updating as the business
environments change.
Other Contingency Strategies
• INSURANCE
• Ensure that insurance cover is regularly checked and
updated to provide sufficient cover in case of need.
• Insurance cover is expensive and SME’s might not
take any out.

• CONTINGENCY CASH FUND

• Keep back a certain amount of cash to be able to
finance any sudden emergency.
• This does have an opportunity cost for the business.

• ALTERNATIVE PRODUCTION FACILITIES

• Manufacturers should try and have alternative
arrangements in place for the production of their
goods in case of an emergency.
• Subcontracting is expensive and you lose direct
control over quality.
 Contingency Planning
What is it? Benefits?
• Preparing resources for an event, unlikely or • Reassures stakeholders of safety issues
otherwise
• Minimises negative impact (customers,
suppliers, staff, other stakeholders)
Steps in contingency planning • Quick response (PR response, customers,
suppliers etc)
• Identify possible issues/disasters
• Assess likelihood of occurrence and degree of
impact Limitations?
• Minimise impact (e.g. planning who, what • Time and cost
how, when) (assets, reputation, training)
• Need for update
• Plan for continued operation of business
• Training
• Doesn’t always mean disasters are avoided
Aims
• Likelihood of certain occurrences
• Act swiftly
• Minimise damage
Crisis Management
Crisis management is the process by which a business
deals with an unexpected event that threatens to
harm the business and its stakeholders.
In contrast to risk management, which involves assessing potential
threats and finding the best ways to avoid those threats, crisis
management involves dealing with threats before, during, and after
they have occurred.

There are 3 common features to a crisis:

• It presents an immediate threat to a

firm’s survival
• It is unexpected
• Decisions have to be made quickly
Crisis Management
• Crisis management will differ
between businesses but they all
rely upon an effective
contingency plan to be in place.

• The plan must be communicated

to everyone within the firm so
people know what to do if an
event occurs.

• Senior management need to

lead the process of crisis
management and to coordinate a
firm’s response e.g. briefing the
media and key stakeholders.

KFC’s supply chain failed leaving them

with a crisis as they ran out of chicken!
Evaluation
• It is impossible to identify all threats and estimates of probability are
often guesswork.
• Effective risk management will help to increase stakeholder trust and
confidence in the business.
• It provides a reliable basis for effective decision making as the risks are
balanced against the potential opportunities.
• Risk management should be built-in to corporate strategy and objectives.
• The cost of prevention needs to assessed against the cost of the event.
• Contingency planning is a key test of whether a business is looking to its
long-term future. Spending £5m money now may save £100m in the years
ahead ensuring that the firm survives.
Quick Fire Five
1. Explain one benefit of contingency planning.
2. What is meant by crisis management?
3. Explain the possible impact upon stakeholders if a business
experiences an unplanned crisis of some sort.
4. What document could a business use to help them manage their
risk better?
5. Explain the role of a risk assessment matrix.
Start 5 minutes End
Quick Fire Five - Solutions
Possible answers include:

1. Reassures stakeholders/improved PR/managers spend less

time ‘firefighting’ in time of crisis.
2. The process by which a business deals with an unexpected
event that threatens to harm the business and its
stakeholders.
3. Customers – loss of loyalty/suppliers – loss of revenue/local
community – job losses & anti-social behaviour/employees –
loss of employment/government – loss of tax
revenue/business – bad PR
4. ISO 31000
5. It provides a measure of the probability of an event occurring
multiplied by the impact of its occurrence upon a firm.
Exam Practice – Essay

“The rise of cyber crime is the main risk facing

modern businesses in the UK.” To what extent
do you agree with this statement?
(25 marks)
Exam Practice – Essay Points
Points might include some of the following issues:

• Definition of risk
• Depends upon how reliant a business is upon ICT systems
• Does a business operate an integrated ICT system with suppliers? E.g. EDI
• Does the business rely heavily upon web-based traffic for its sales?
• Firms can put in place software to prevent cyber crime e.g. firewalls and virus checkers.
• Firms should back-up their ICT systems regularly as part of their contingency planning
• Global markets make it more likely that firms become targets
• Other risks are equally important
• Supplier failure/economic crisis/departure of a leader/fire, flood or quake/new competitors/all
examples of other relevant risks.
• Importance of each risk depends upon circumstances of the firm at the time.
• Senior management need to assess and lead risk management
• Importance of contingency planning to minimise exposure to risk should a cyber crime event
occur.
• It is wrong to say that it is the main risk facing business as all firms have different needs. It is just
one of many risks that all need careful planning and management.
• Much depends upon how much forward contingency planning a firm conducts to minimise its
exposure to risk.