Risk Management in Business: A Case Study
Disclaimer: This work has been submitted by a student. This is not an example of the work written by our professional academic writers. You can view samples of our professional work here.
Any opinions, findings, conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of UK Essays.
Published: Tue, 06 Feb 2018
Every day, there is the chance that some sort of business interruption, crisis, disaster, or emergency will occur. Anything that prevents access to key processes and activities can be defined as a disaster.
Companies can experience many different threats to their mission critical systems such as fires, floods, lightning storms and humidity to disgruntled employees, hackers, human error, power failures and viruses. A disaster can happen at any time and it is vital to be prepared in the event that one occurs.
To be prepared for a business interruption, the organization must have a carefully crafted and comprehensive plan that describes risks, impacts, and step-by-step recovery strategies for critical business processes in various disaster and emergency scenarios. Without a plan, the team will be flying blind when an interruption occurs. The plan provides the necessary tools to mitigate interruptions and resume operations as quickly as possible, greatly facilitating decision-making and taking action when there is scant time and stress levels are elevated.
Using the information in the risk assessment to create effective recovery strategies for critical processes in all departments, incorporating these strategies into a comprehensive business continuity plan, and encouraging ownership of the plan across the organization, and ultimately, achieving the highest resiliency possible with limited resources.
Create the recovery strategies department-by-department, process-by-process. This allows each department to focus on strategies specifically relevant to their critical processes without extraneous information from other departments. Do the same for your business continuity plan, writing smaller plans by department. Also, use a template to document your recovery strategies to ensure process consistency across the organization. Finally, have plans reviewed and approved by department heads and distributed to all employees to encourage ownership and pride in the plan.
Each department in the organization will have a comprehensive action plan for business continuity outlining the steps to take to recover vital processes in various emergency scenarios. All employees will have their own copy of the plan, ready to use immediately when a disruption occurs. Employees will take ownership of the organization’s business continuity effort and this effort will be further ingrained in the organization’s corporate culture.
CHOCOLATE MANUFACTURING COMPANY
The Chocolate Company since inception in 1990 has been largely responsible for satisfying the country’s demand for Chocolates and Sugar Confectionery. Situated at Rusayl Industrial Estates in Muscat, Sultanate of Oman, the plant has various lines producing a wide range of confectionery like Éclairs, Toffees, Fudges, Caramels, Hard Boiled Candy and Enrobed Chocolates. These products are available in attractive packaging and premium Gift Boxes making them ideal for gifting as well as for own consumption. Most of the packaging in the Gift Pack segment has been carefully selected to ensure its enduring utility, thereby giving our valued customers an added benefit. The confectionery is produced by experienced personnel under stringent quality control and hygiene standards. State-of-the-art manufacturing facilities ensure products of international quality. The company in its relentless pursuit of quality obtained HACCP Certification in April, 2004.
The Company, through its uncompromising stand on quality and competitive pricing, has successfully penetrated countries all over the Gulf, the African continent, Asia, Australia, New Zealand, Canada, South Africa, USA and the UK.
The principal business processes involved are
- Procurement of raw materials and consumables.
- Production and Quality control.
- Distribution and marketing.
- Inventory Management.
- Pricing and cost control.
- Feedback from consumers and redressal systems.
- Publicity and promotional activities.
- Recruitment and HR.
- Finance & Administration.
- Corporate communications and public relations.
- Legal and secretarial matters.
- Investor relations.
- Maintenance of equipment and other assets.
- Capital expenditure for equipment and other purposes.
- IT systems and telecommunications.
- Transportation and Logistics.
Today, manufacturing sector companies like chocolate manufacturing operates in increasingly complex, competitive and global markets. The ability to manage risks across geographies, products, assets, customer segments and functional departments is of paramount importance. The inability to manage these risks can cause irreparable damages.
Chocolate company will always face the likelihood of being impacted by uncertain or adverse future events. These uncertainties will have an impact on a company’s ability to generate capital and shareholders returns. The company Board expects that management will not only look at where the company may be exposed to risk, but also how these risks can be managed to influence favorable business outcomes.
RISK AND RISK MANAGEMENT
Risk Management Methodology followed by the chocolate company
The risk management methodology at the chocolate company encompass the scope of risks to be managed, the process/systems and procedures to manage risk and the roles and responsibilities of individuals involved in risk management. The framework is comprehensive enough to capture all risks that the company is exposed to and have flexibility to accommodate any change in business activities.
The chocolate company’s effective risk management methodology includes
- Risk Policy framework.
- Identification of risks.
- Measurement and Impact Assessment.
- Management of the risks.
- Monitoring Reporting and Control.
A. Risk Policy Framework
The following fundamental principles should be considered by the company to develop and implement a proactive risk management program and help them to identify any potential areas of concern:
- Acceptance of a risk management framework: A formal risk management framework is needed at this company, to guide the integration of risk management into the company’s day to day operations.
- Corporate governance and risk: At this company,corporate governance is the prime responsibility of the Board of Directors and the General Manager. It combines legal duties with responsibilities to improve and monitor the performance of the company.
- Establish the risk response strategy: Following the agreement on the risk assessment rankings in all functional departments, management action will need to be taken to reduce the risk levels where they have been deemed unacceptably high or alternatively remove constraints where they are preventing the business from pursuing opportunities.
- Assigning responsibility for risk management change process: It is important for the company to ensure that the daily operation of the business supports this strategy and that the staff understands the proposed changes.
- Re-sourcing: Risk management is the responsibility of all levels of management.
- Communication and training: Implementing a communication and training program is important to introduce the concept of risk management.
- Monitoring of risk management process: To ensure that risk responses gaps are filled and that the risk responses continue to operate effectively and remain appropriate in light of changing conditions.
B. Identification of Various Risks of The Company
While drafting this Risk management Policy, the primary risk exposures at the company X that are identified is provided below, which are inclusive but not exhaustive and it will be the responsibility of the Risk Management Committee to review these on a periodic basis.
I. Market Risks
It is the risk that the value of the company will be adversely affected by movements in market rates or prices, foreign exchange rates, national & global fluctuations, credit spreads and/or commodity prices resulting in a loss to earnings and capital.
The market risks identified at this chocolate company are as follows
- Government Policy risks
- Product Risks
- Environmental risks
- Volatility of export orders
- Price Competition in the local & export market
- Currency fluctuation for export orders
II. Operational Risks
The operational risks identified at chocolate company are as follows
- Fire & Allied Risks
- Machinery breakdown/ obsolescence
- Volatility of Raw material & Packing material prices
- Quality/ Ageing risks of Raw material/ Packing material
- Delivery risk of Suppliers
- Loss of data & information- IT security
- Manpower Availability risks
- Inventory carrying risk
III. Reputation Risks
These are risks arising from negative public opinion resulting from failures of process, strategy or corporate governance.
The Reputation risks identified at this company are as follows
- Product expiry/Shelf life
- Corporate Governance
IV. Credit Risks
Non receipt of receivables or delay in receipts is the credit risks attributable to the company.
These may be identified as
- Payment risk from customers-local
- Payment risk from Customers- export
- Security from customers
- Advance to Suppliers
V. Liquidity Risks
The possibility is that the company will be unable to fund present and future financial obligations.
These may be identified as
- Cash flow & working capital management
- CAPEX decisions
- Cost overruns
VI. Strategic Risks
Risk those are arising from adverse business decisions or the improper implementation of such decisions.
These may be identified as follows
- Business Plan forecasts.
- Attrition of key people.
C. Risk Prioritizing and Impact Assessment
To adequately capture institutions risk exposure, risk measurement should represent aggregate exposure of the company to both risk type and business line and encompass short run as well as long run impact on it. To the maximum possible extent the company should establish systems / models that quantify their risk profile. However, in some risk categories, quantification is quite difficult and complex. Wherever it is not possible to quantify risks, qualitative measures should be adopted to capture those risks.
The company should utilize a Risk Matrix to evaluate the level of risks which are identified in the Company. The Risk Matrix is formed by assessing the probability of the risk, the severity of the risk, and the quality of control that exists specific to those risks. Scoring is attributed for each the three parameters namely probability, severity and Internal control. The aggregate score is computed and ranking of the risks is ascertained.
- The probability of the impact occurring is arranged ranging from low to high. Scores assigned as 4 for High, 2 for medium and 1 for low.
- Severity of the Risk is assessed as High, Medium and low based on the experience and normal prudence. Scores assigned as 4 for High, 2 for medium and 1 for low.
- Quality of Internal control is also similarly categorized as high, medium and low. The scores assigned in the reverse order since the better the existing control the lower is the impact and vice-versa. So scores here can be assigned as 4 for Low, 2 for Medium and 1 for High.
- Aggregate Score was thereafter computed after adding the individual scores for each parameter.
Company’s Risk Matrix using the above method is shown in Annexure I
ii. Impact Assessment
The company being a medium scale manufacturing unit should focus on the manageable risks like Operational risks, Liquidity risks and Strategic risks. Market risks, Credit risks and Reputation risks though an integral part of risk management may not need detailed impact assessment at this stage unless the probability of such factors seem to be out of proportions in time to come. Impact assessment of the Operational risks, liquidity risks and strategic risks at the company termed herein as Manageable risks, can be assessed as follows
Risk associated with any event has two components, loss severity and loss probability. Loss, in itself consists of expected and unexpected components. The unexpected loss component could be severe or catastrophic. Usually, expected losses are adjusted for in pricing or in reserve allocation. Unexpected losses require capital allocation. Given that operational risk, liquidity and strategic risk events are most often subject to internal control, any manageable risk system that passively measures these risks would clearly be inadequate.
Once risk factors are identified as likely causes of the Risk losses, mitigating steps need to be initiated. While quantification would indicate risk magnitude and capital charges, it may not by itself suggest mitigating steps. This makes it advisable for the company to combine qualitative and quantitative approaches to manageable Risk.
The broad steps involved here would be:
- determine the types of operational losses that could occur
- identify the causal risk factors
- estimate the size and likelihood of losses
- Mitigate associated risks
Qualitative approaches involve
- Expert / collective judgment.
Critical Self-Assessment: (CSA):
This is one of the common qualitative bottom-up approaches where line managers of the company can critically analyze their business processes given specific scenarios to identify potential risks and gaps in their risk management processes. Tools like questionnaires, checklists and workshops are used to help the managers analyze the risk profile of their business units. The key idea behind this method is that businesses managers of this company are in the best position identify and manage the Operational Risks pertaining to their business units.
Employing the services of external (or internal) auditors to review the business processes of a business unit is another approach. This process not only helps identify risks but also helps put in place the oversight organization for the manageable risks.
Key Risk Indicators (KRI)
Using the KRI approach the company can blend the qualitative and quantitative aspects of Operational Risk management. Factors that have predictive value and that can be easily measured with minimum time lag can serve as risk indicators. Some risk indicators inherently carry risk related information, for instance, indicators like sales volumes, order size, etc. Others are indirect indicators, for instance, production budgets, production lifecycle, performance appraisal etc. Key indicators are identified from several potential factors and are tracked over time. The predictive capabilities of the indicators are tested through regression analysis on historical loss data and indicator measurements. Based on such analysis, the set of indicators of the company being tracked can be modified suitably. Over time, as the model gets refined, the set of indicators can provide early warning signals for operational losses.
D. Management of the risks
Managing Market Risks: The chocolate company may be exposed to Market Risk in variety of ways as described earlier such as environmental issues, export orders, future contracts, Price competition, customer profile and marine transportation risks. Besides, market risk may also arise from activities categorized as off-balance sheet item.
- Government Policy Risks: Change in government policies, tax rates, introduction of new tax regimes, reduction or abolition of incentives etc carry risk to any entity in terms of its costing and pricing. In the short and medium term the company does not perceive any major risk in this segment, however the management has to be aware of any forthcoming changes that the government might envisage. Should there be any drastic change in Government policies that would affect its profitability especially in case of exports; the Company has contingency plans for producing at an alternative location outside Oman.
- Product Risks: Since the product is that of food item the company has to be 100% careful to maintain the product quality, product specification, pack sizes, contents in each pack etc. Producing lesser or poor quality products and not as per specification is a risk which company X needs to constantly be aware off. To mitigate such risks the company X should
- develop a well defined production policy
- develop a well defined Quality control and checks policy
- develop a well defined storage and Distribution policy
- Environmental risks: The company does not use and generate hazardous substances in its manufacturing operations. Hence the chances that the company may in future are subject to liabilities relating to the investigation and clean-up of contaminated areas is negligible. However the company should have a laid down policy of disposal of waste at pre-designed disposal points mainly for the rejected, expired and damaged items of raw materials, finished products and packing materials.
- Volatility of export orders: Some customers and sectors served by the company are directly dependent on general economic development, competition and frequent fluctuations in demand for their products. The prices for these products are, in part, dependent on the prevailing relationship between supply and demand. Possible price fluctuations are therefore apt to have a direct influence on each customer’s working capital management decisions, with subsequent influence on the customer’s Order Intake. This may lead to volatility in the development of Order Intake of the company. The company has a policy of geographically diversifying its customer base, as also expanding the customer base in each export market, so that transfer to less volatile locations can be made in short notice.
- Price Competition in the local & export market: The Company does business in very competitive local and export markets. In spite of the competition the company has a 70% market share in the local market and its export business is expanding.Both these local and export markets in which it competes are highly fragmented, with a few large, international manufacturers competing against each other and against a high number of smaller, local companies. Sometimes new entrants or existing players suddenly lower their prices to get rid of the company’s products. This has, in some cases, adversely impacted sales margins realized by certain of company’s products.
To mitigate this risk the company has taken the following steps:
- Maintaining complete information of its Competitors with respect to their latest technological developments, market strategies, new investments, management changes etc.
- Has developed emergency alternative plans to introduce different product ranges with minimal structural changes with similar or lower prices.
- Currency fluctuation for export orders:The Company exports its products to a large number of countries like Canada, USA, Australia, African countries, and the Middle East. Almost all export orders of the company are fixed in US dollars. Since Omani Rail is pegged with US Dollars, the fluctuation of the currencies in would have negligible impact on the export realizations at company X. Company X has a policy of booking export orders in terms of US dollars to avoid the risk of currency fluctuations.
Managing Operational Risks: Being a chocolate manufacturing company, it deals with the retail market. The most important risks are those of Operational risks. Operational risk is associated with human error, system failures and inadequate procedures and controls. It is the risk of loss arising from the potential that inadequate information system; technology failures, breaches in internal controls, fraud, unforeseen catastrophes, or other operational problems may result in unexpected losses or reputation problems.
- Fire & Allied risks: These are general risks applicable to almost all establishments. This includes Material damage to the company’s property due to Fire & lightning, Earthquake, Third party impact, Accidental damage, explosion, riot & strike, storm & tempest, burst pipes, Own Vehicle impact, malicious damage, and theft. The company should take necessary steps in mitigating such risks by taking
“Property All Risks Insurance Policy”
“Loss of profit insurance cover”
- Machinery breakdown/ obsolescence: This risk identified is a major risk element as the company has been established two decades earlier by using imported refurbished Plant
and machinery. Though most of the machinery is in running condition as of now the chances of spare part obsolescence is quite high in a majority of such machines. The physical status and the possible mitigation for major machinery can be shown in ANNEXTURE II
- Volatility of Raw Material/ Packing Material prices: The Company faces a medium level risk in its Raw material & Packing material prices. The main raw materials at are Sugar, Glucose, Milk Powder, vegetable fat, coconut, coco & whey powders. The packing material required is Wrappers, Bags, Gift boxes, Gift Tins and cartoons. Other than a few packing materials almost all of the raw materials and packing materials are imported as shown below
Country of import
- Quality risk Raw material & Packing material: This is a medium sized risk and the company should take reasonable care to mitigate such risks. Since the majority of the raw materials and packing materials are imported by the company, the purchase committee should implementing a stringent policy of
- Should have a multiple suppliers from the same country or region.
- Should have proper Quality checks for each Consignment while receiving delivery.
- Should have a stringent penalty clause on variation of specifications in the agreements with suppliers.
- Delivery risk of Suppliers: This is major risk element at the company because of the fact that in most cases purchases are imported and made through Letter of Credits. Non Delivery or delayed delivery in such purchases may affect the performance of the company. The company is implementing proper penalty clauses in the purchase agreement for delayed and/ or non-delivery of the ordered items.
- Transporting risks: In case of local sales, the company transports the products mostly through its own personnel. The company therefore, takes a general Transit Insurance policy covering accidents and theft.
- Inventory carrying risk: Inventory Carrying risks are of three types:
- Storage risk
- Overstocking & under stocking risk
- Expiry risk
- Storage risk
The storage policies currently are
Raw Materials – Glucose
Stored In godown
Raw Materials- others
Stored in godown
Packing Materials – Gift Tins, Cartoons
Stored In godown
Packing Materials – Wrapper, Bags. Gift Boxes
Stored in godown
Stored in godown
The company can keeps the entire inventory in closed warehouses.
- Over-stocking & Under-stocking: The company can maintain a good optimized production planning system in correlation with its sales plan so that it can have a optimum stocking policy. The current production plan is quite satisfactory and hence the risk is low to medium. But the company is mostly dependent on Export market, the volatility of export orders may lead to overstocking or under-stocking of inventory.
- Expiry risks: This risk is low to medium. Expiry risks of inventory can be mitigated by proper planning of Sales, Purchase, Production and Distribution. The Storekeeper needs to maintain up-to-date records. A system is being implemented to provide on-line information about the stock position i.e. the quantity in stock, Re-order period, Ordering level and the Expiry dates of each of the Raw material, packing material and finished stocks to the Sales, Production and Purchase department so that immediate action can be taken by the respective departments.
- Manpower Availability risks: There is a shortage of skilled manpower in Oman. This is however met with the expatriate staff employed mainly from the sub-continent. The company therefore faces a medium risk in terms of availability of skilled manpower. The company can met unskilled manpower availability with the local Omani population and also from expatriate staff. The gap of skilled labor availability is likely to increase and therefore the costs also increase. To mitigate such risks, the company can develop long term strategy to invest in higher capacity production machines so that the requirement of manpower is kept low.
- Accidents: The Company can face a chance of accidents at the factory, however the accident risks at the company is low, as it does not deal with hazardous material and the production processes are not complex. However the company may face risks from mechanical or electrical installations which can’t be entirely ruled out. So the company needs to take the following steps:
- By providing ELCB (Electric Leakage Circuit Breakers) in all electrical circuits and ACB’s for the main transformers
- By providing Hot masks to the manpower
- Having a good machinery breakdown policy
- Constant monitoring of the gas line leakages
The company needs have a Manpower Accidents and Injury Policy to cover the possibility of injury or death of manpower within the factory premises.
Managing Reputation Risks
Reputation of the company may also get hamper in various situations some of which are
Contamination-hygiene: Being in the Food sector the company should take utmost precaution to avoid any sort of contamination in its products which will reach to the general mass. The company should take precaution for the quality of the raw material and packing material that is required for the entire production process and the stocking procedure.
The company can follow the following policy:
- Stringent Quality control checks of Raw materials and packing materials
- Stringent Quality checks of the entire production process
- Maintaining Hygiene standards of the Government of Oman both in production and stocking.
- Sample testing at each stage
- Have a third Party damage policy insurance coverage owing to contamination
- Product expiry/Shelf life risks: This is again a very vital risk to the company as it is in the Food sector. The Government of Oman is very stringent in its laws to avoid expired products to be sold to the general public. So the company should take utmost care to avoid this risk by
- providing a stringent Distribution policy of its finished products
- Checks and controls before distribution of products.
- Monitoring distributed products on a daily basis
- Attributing Responsibility to a Senior Personnel for the management
- Corporate Governance: Corporate Governance Policies and Procedures manual are already in place at the company. Hence the risk associated with it is low. The management has to ensure proper compliance of the policies already undertaken to avoid any risk of reputation arising out of non-compliance of corporate governance.
Managing Credit Risks:
- Credibility Risk of Customers: The Company should develop a credit policy based on regions, volume and credibility ranking of the parties.
- Export: The Company exports to a wide range of countries. The contacts of customers are mainly through visits and through mail. It is initially very difficult to assess the credibility of the customers abroad. The risk element is therefore medium and high.
The company should mitigate this risk in the following manner:
- The company should back up the export orders by Letter of Credit from the parties.
- In case L/C mode is not practicable, the company can ask for advance payments or Security deposit, or post dated cheques which will cover the entire order taken prior to effecting delivery of the goods.
- The company currently did not enter into any distribution agreement with any export party and deals with parties on a case to case basis The Company can set up a network of distributors for handling exports sales as far as practicable. The company can also set up more than one distributor; in each region/country, so that price advantage can be achieved through minimal risk. The company should select distributors with proven track record, and the distributorship agreement should be through a internationally binding legal contract.
- Local: Local sales are affected by the company mainly to retail customers like supermarkets and hypermarkets, small shops and to two distributors in the interior.
The company should take the following steps:
- Sale to all hypermarkets and supermarkets where the volumes are above a certain limit are, as far as possible, affected by means of an annual contract with all modalities and terms and conditions clearly laid out.
- For single shop outlets, the company may face the risk of shop closing down and non-payment or delayed payment.
To counter this company should maintain small stocks with such shops and should have a regular but frequent collection system.
- In case of distributors the company should have legally binding distribution agreements.
- Limit setting: An important element of credit risk management is to establish exposure limits for each single customer and distributors. The compan
Cite This Work
To export a reference to this article please select a referencing stye below:Reference Copied to Clipboard.Reference Copied to Clipboard.Reference Copied to Clipboard.Reference Copied to Clipboard.Reference Copied to Clipboard.Reference Copied to Clipboard.Reference Copied to Clipboard.