How risk management contributes to conducting business more effectively

1.Risk management can be thought of as a strategic process in organizations. Reflect on how you think risk management contributes to conducting business more effectively.

Any investment has a degree of risk that comes with it.  A risk is often described as the potential of gaining or losing something of value. To reduce the risk of losing their investment, most investors have turned their attention to risk management.  Risk management largely involves the identification, evaluation and acceptance or mitigation of uncertainty in investment decisions. Risk management helps to improve the performance of business my instilling confidence in investors and employee of a company or an institution. Risk identification assists in fostering the vigilance in times of discipline and calm at the time of crisis.  By identifying and evaluating risks in advance gives an organization enough time to prepare mitigation strategies that minimize the negative impacts of the hazards if not fully eliminating (Valsamakis, Vivian, & Du, 2010). Moreover, assessing risks, the organization generates ideas and concepts aimed at identifying the solutions to the hazards associated with the operations of the business.  Risk solutions are often discussed together with all stakeholders to identify the best solution thus promoting organizational culture.  Finally, risk management saves costs and time in the sense that investors are always prepared in advance to take the necessary steps and precaution to protect their business from loss.

2.Think about a recent project/endeavor that you have participated in. Do you agree with the following statement: “With proper planning it is possible to eliminate most/all risks from a project/endeavor”? Why, or why not?

Planning is the key to success of every endeavor.  A good plan lays the blue prints and guidelines of activities and processes that are necessary to make sure that a project or business is successful.  Therefore, the planning process comprises of activities such as thinking about and organizing ideas and activities necessary to achieve the desired objective.  I fully agree with the statement that with proper planning it is possible to eliminate most of the risks associated with a business. When making any business associated decisions, it is necessary to measure the associated risk. A good plan should be in a position to identify the opportunities that are associated with a project while at the same time identifying all the risks associated with it.  Therefore, a good and appropriate planning process should identify, assess and quantify business risks, then take measures to control or minimize their impacts on business operations (Hopkin & Management, 2014).  Additionally, a good plan should establish the distinct types of risks linked with each selection and thus give assurance that a company can design and adopt an effective program to prevent losses or minimize the impact if a loss takes place.  A good program should comprise of systematic plans and methods for identifying  and confronting these threats, treatment and indicates financial opportunities.

3.Describe an event (or a thing) that you have personally experienced in your own life that could be a hazard to some and a threat to others.

Businesses may face different types of risks in its daily operations depending on the industry and the nature of the business.  Notably, some of these risks faced by organizations can be managed by insurance while others other cannot, and the organizations are forced to absorb them and integrate them with business operations.  One of the major risks that I have recently faced in my place of work is the tool breakdown in the company.  In recent times, the internet has become an integral part of all business operations as most of the organization’s operations are conducted over the web.  Therefore, the moment the company loses the internet connection, most, if not all business operations comes to a standstill and this significantly affects the operations of the company.  At the beginning, the company had not installed a backup plan that could help save the company operations at such time (Choate, 2008).  However, in recent days, the company has designed a manual backup plan that helps to keep the operations going even when the internet is down.  Loss of internet is one of the major risks facing most online companies considering that with no web connection the company cannot complete its transactions.

4.In the organization in which you work, or have worked previously, describe how you would implement a strategy for risk tolerance. Provide an example of tolerable risks.

Despite the fact that risks are often associated with a loss in an organization, some of the risks facing an organization can be accepted and tolerated in the organization.  A tolerable risk is that risk that remains after suitable and sufficient control measures have been applied to significant hazards that have been identified, evaluated and controlled. The best way to implement a strategy for risk tolerance in an organization is fully and opened communicating and sharing of information with all stakeholders to make sure that they are aware of any emerging and collateral risks that may affect the company operations.  Stakeholders are an important part of a business and should be fully engaged in all business operations, particularly when it comes to identifying, evaluating and treating risks in the company (Hartmann, H, Thomas, & Scharpf, 2012). Discussions and consultations with the management team are critical to helping ensure that the company’s strategy remains appropriate given the market and economic conditions. A good example of tolerable risks is when an employee loses a day’s work as a result of equipment or tool breakdown. However, the probability of the risk occurring and the severity of the resulting harm must be low.

5.Think about the company you work for currently or one for whom you have worked previously. At that company, did you notice an overlap between operational and physical security? Explain your response.

Employee safety and well-being in any organization should be given the first priority in all organizational operations.  However, there are two major forms of securities in an organization that includes operational security and physical security.  Operational security largely focuses on the identification of critical information to determine the actions and activities of competitors and rivals. Additionally, operational security focuses on protecting an organization’s information and resources from competitors.  On the other hand, largely involves the protection of staff, tools, software, networks, and information from physical activities that could cause serious loss or damage.  Notably, both types of securities are important to the operations of an organization, but from time to time they overlap.  For example, employers always demand that employee should keep the interest of the company ahead of their personal interests.  Therefore, in the event of an accident, employees should try to save as much company assets as possible even if it means risking their lives (Salloum, Al-Abdullah, Vittal, & Hedman, 2016). On other occasions, especially in security and military organizations, employees are required to protect sensitive information about the company from falling into the hands of the wrong people at all costs even if it means losing their lives.  Therefore, in such situations, the two forms of securities overlap.

6.thinking about your current cyber security setup for your Internet-enabled devices at home, what steps would you or do you take (if necessary) to protect your home network from cyber attacks?

Despite making life easier as well as making it easy to transfer information and data from one point to another, the internet has its share of disadvantages especially when it comes to cyber attacks and cyber crimes.  Cyber attacks comprise of any offending activity carried out by states, persons or even groups that target computer information systems, structures or even personal computer devices by various means of malicious acts.  Cyber attacks often lead to identity theft or loss of sensitive information that might contain confidential details.  However, to protect a home or personal network from cyber attacks, one should ensure that they change the name of their home wireless network as it helps to make it harder for hackers to know the type of router and network one is using. It becomes easy for a cyber criminal to hack a router or a network once he or she identifies the manufacturer of a router (Loukas, 2015).  After changing the name of the network, it is prudent for an individual to choose a strong and unique password for the wireless network.   In most cases, wireless rooter come with pre-set with a default password that might be easy to hack or crack.  Therefore, it is necessary to change this default password to a strong and unique password of at least 20 characters including numbers, letters, and symbols.

7.Looking back at a current or former job, what risks do you notice now that you did not notice before taking this course? After learning strategies for dealing with these risks, what would you do to help manage or mitigate them?

Businesses face all kinds of risks, some of which can lead to significant loss of profit or in the worst case lead to bankruptcy. However, different companies deal with different kinds of risks depending on the location of the business, industry and the nature of the product they manufacture and produce.  After studying this course, I have to know some risks that I did not know that existed there before.  One of the notable risks that I have learned is the compliance risks, especially at the international level.  When an organization decides to expand its operations to other countries, it should fully understand the legal environment of the host country to avoid trouble with the host government (Hopkin & Management, 2014).  To mitigate this type of risk, it is advisable for the company to research and learn about the legal environment of the new country by consulting with the authorities of the country. They should also seek the help of risk management manager in the new country to provide information about the legal requirements as well as the best way to mitigate this risk in this new environment.

8.Take a few minutes to reflect on the material that was covered in this course. Do you feel this course has prepared you for your career? Explain your response.

The material gained from the study of this course has significantly prepared me for my future career as a risk manager by clearly identifying and describing the duties of a risk manager while at the same time identifying the different types of business risks. According to the course, a risk manager should be open minded and flexible enough to allow changes in the risk management plan with changes in the nature and type of risk. However, it is necessary for them to fully understand the risk management process that comprises of identifying, assessing and treating the risks.  Additionally, it is prudent for the risk management team to have an open and free flow of information between the company officials, employees and all stakeholders to make sure that they are all on the same page when it comes to treating risks.  Additionally, the course has helped me to understand that there are both internal and external business risks (Choate, 2008).  Internal risks can be avoided or treated within the organization since a company has control over internal risks, but has no control over external risks which might affect the entire industry in a country or even the entire country.  Therefore, it is necessary to differentiate between those risks that can be treated and mitigated and those that can be tolerated in the organization.


Choate, P. (2008). Dangerous business: The risks of globalization for America. New York: Alfred A. Knopf.

Hartmann, H, Thomas, H., & Scharpf, D. E. (2012). Practical SIL Target Selection: Risk Analysis per the IEC 61511 Safety Lifecycle. Sellersville, PA: Exida.

Hopkin, P., & Management, I. R. (2014). Fundamentals of Risk Management: Understanding, Evaluating and Implementing Effective Risk Management. London: Kogan Page.

Loukas, G. (2015). Physical-Cyber Attacks. Cyber-Physical Attacks, 221-253. doi:10.1016/b978-0-12-801290-1.00007-2

Salloum, A., Al-Abdullah, Y. M., Vittal, V., & Hedman, K. W. (2016). Impacts of Constraint Relaxations on Power System Operational Security. IEEE Power and Energy Technology Systems Journal, 3(3), 99-108. doi:10.1109/jpets.2016.2560119

Valsamakis, A. C., Vivian, R. W., & Du, T. G. (2010). Risk management. Sandton: Heinemann.