Name: Eddie Ng'andu

Email: [email protected]
Student id: 202053890
Cell/WhatsApp: +260977873993
Student ID: 202053890
NRC: 710175/11/1
Due Date: 28th March 2024
Lecturer: Dr. C Deressa
Lecturer's Email: [email protected]
Assignment: PPM101-10 Risk Management
INTRODUCTION:
This document is an assignment for the PPME 101 course at
Mulungushi University's School of Business Studies. The assignment consists of
six questions related to risk management. The first question asks for a
description of the typical responsibilities of a Risk Manager in an
organization. The second question requires the creation of a risk management
process diagram. The third question involves conducting a risk evaluation for
an organization, following the guidelines of ISO 31000. The fourth question
asks for the ideal characteristics of an insurable exposure. The fifth question
involves developing estimates for the probability of failure and consequence of
failure categories for a project. The final question requires the creation of a
risk register for a food outlet in Lusaka, including risk areas, control
measures, and residual risk scores. The assignment is due on March 28, 2024,
and should be submitted via email to [email protected].

ASSIGNMENT :
#Question One Describe the typical responsibilities of a Risk Manager in an
organisation
#Question Two Diagram the risk management process ( in a chart form )
#Question Three Select a topic to do a risk evaluation for your organisation. Put
together a risk evaluation in format of a short report. Be sure to answer the
appropriate questions in line with ISO 31000
#Question Four What are some of the ideal characteristics of an insurable
exposure?
#Question five Your project team is interested in determining an overall risk
factor for your project to develop an automated vending machines for soft drinks
across the various malls in Zambia. Describe how you would develop reasonable
estimates for each of the probability of failure categories (identify at least eight
(8) categories) and each of the consequence of failurecategories (identify at least
six (6) categories)
#Questions Six Assuming you run a food outlet in Lusaka. Generate a risk
register using a Likert scale of 1 to 5 , where 1 is low and 5 is high for both the
likely hood and impact respectively. As you do the register identify at least Ten
(10) risk areas. In the same risk register show control measures and residual risk
scores with appropriate

ASSIGNMENT ANSWERS:
Questions one;
Describe the typical responsibilities of a Risk Manager in an organisation
A Risk Manager is responsible for identifying, assessing, and mitigating risks
within an organization. Their duties include developing risk management
policies, conducting risk assessments, implementing risk mitigation strategies,
monitoring risk exposure, and providing guidance to senior management on
risk-related decisions. They also often oversee compliance with regulations and
standards related to risk management.

Question Two;
Diagram the risk management process
Here's a diagram of the risk management process:
 1. Risk Identification:
Identify potential risks that could affect the organization's objectives.

2. Risk Assessment:
Evaluate the likelihood and impact of each identified risk.

3. Risk Mitigation:
Develop and implement strategies to reduce the likelihood or impact of risks.

4. Risk Monitoring:
Continuously monitor risks to ensure that mitigation measures are effective and
to identify new risks

5. Risk Communication:
Communicate risk information to stakeholders, including senior management
and relevant employees.

6. Risk Review:
Periodically review the effectiveness of the risk management process and make
adjustments as needed.
Question Three;
Select a topic to do a risk evaluation for your organisation. Put together a risk
evaluation in format of a short report. Be sure to answer the appropriate
questions in line with ISO 31000

For the risk evaluation report, I selected the topic of "Cybersecurity Risk" for
the organization. Here's a short report following the ISO 31000 guidelines:Risk
Evaluation Report: Cybersecurity Risk
1. Risk Identification:
Identify potential cybersecurity threats such as phishing attacks, malware
infections, and unauthorized access to sensitive data.
2. Risk Assessment:
Assess the likelihood of each cybersecurity threat occurring based on historical
data and industry trends.Evaluate the potential impact of each threat on the
organization's operations, finances, reputation, and compliance with regulations.
3. Risk Mitigation:
Implement robust cybersecurity measures such as firewalls, encryption, multi-
factor authentication, and regular security audits.Provide cybersecurity training
and awareness programs for employees to mitigate human error-related risks.
Establish incident response plans to effectively respond to and recover
from cybersecurity incidents.
4. Risk Monitoring:
Continuously monitor the organization's IT infrastructure for signs of
cybersecurity threats using intrusion detection systems and security information
and event management (SIEM) tools.Regularly review cybersecurity policies
and procedures to ensure they remain effective and up-to-date in addressing
emerging threats.
5. Risk Communication:
Communicate cybersecurity risks and mitigation strategies to all relevant
stakeholders, including senior management, IT personnel, and
employees.Encourage open communication channels for reporting potential
cybersecurity incidents or vulnerabilities.
6. Risk Review:
Periodically review the organization's cybersecurity posture and incident
response capabilities through cybersecurity risk assessments and
simulations.Update the risk evaluation report and risk management strategies
based on the findings of these reviews to ensure continuous improvement in
cybersecurity resilience.This report provides a structured approach to evaluating
and managing cybersecurity risks in line with ISO 31000 guidelines.

Question Four :
What are some of the ideal characteristics of an insurable exposure?
Some ideal characteristics of an insurable exposure include:
1. Definite and Measurable Loss: The potential loss should be definite and
quantifiable
.2. Accidental or Unforeseen:
The loss should occur due to accidental or unforeseen events.
3. Large Number of Similar Exposures:
There should be a large pool of similar risks to spread the risk among
policyholders.
4. Calculable Probability of Loss: The probability of the loss occurring should
be calculable based on historical data and actuarial principles.
5. Affordable Premium: The premium charged for the insurance should be
affordable for the policyholder.
6. Non-Catastrophic:
The loss should not be catastrophic in nature, meaning it should not cause
widespread financial devastation.
7. Homogeneous Exposure Units:
The risks insured should be similar in nature and have similar characteristics.
8. Legal and Enforceable:
The exposure and the terms of the insurance policy should be legally
enforceable.

Question Five:
Your project team is interested in determining an overall risk factor for your
project to develop an automated vending machines for soft drinks across the
various malls in Zambia. Describe how you would develop reasonable estimates
for each of the probability of failure categories (identify at least eight (8)
categories) and each of the consequence of failure categories (identify at least
six (6) categories)

To determine the overall risk factor for the project to develop automated
vending machines for soft drinks, you can estimate probabilities of failure and
consequences of failure for various categories:
1. Probability of Failure Categories:
a. Technical failure
b. Supply chain disruption
c. Regulatory compliance failure
d. Financial failure
e. Maintenance
failuref. Security breach
g. Market acceptance failure
h. Environmental factors

2. Consequence of Failure Categories:

a. Loss of revenue
b. Reputation damage
c. Legal penalties
d. Equipment damage
e. Customer dissatisfaction
f. Contractual breaches
I would assign a probability and consequence rating to each category based on
historical data, expert judgment, and analysis. Then, you can multiply the
probability and consequence ratings to obtain a risk score for each category
and aggregate them to determine the overall risk factor.

Questions Six
Assuming you run a food outlet in Lusaka. Generate a risk register using a
Likert scale of 1 to 5 , where 1 is low and 5 is high for both the likely hood and
impact respectively. As you do the register identify at least Ten (10) risk areas. in
the same risk register show control measures and residual risk scores with
appropriate actions

Here's a risk register for a food outlet in Lusaka using a Likert scale of 1
to 5 for likelihood and impact:
Risk Area Likelihood Impact Control Measures Residual Risk Score
ActionsFood
contamination 5 4 Implement strict food safety protocols 20 Regular inspections
Theft or robbery 3 5 Install CCTV cameras 15 Train staff on securityFire hazard
2 4 Install fire extinguishers 8 Conduct fire drillsStaff turnover 4 3
Implement employee retention strategies 12 Improve work
environmentEquipment
breakdown 3 4 Regular maintenance 12 Keep spare parts availableCustomer
complaints 4 3 Improve customer service 12 Implement feedback
systemRegulatory
non-compliance 3 4 Regular audits 12 Update proceduresPower outage 2 4
Backup
power generators 8 Implement contingency planPrice fluctuations 3 3 Diversify
suppliers 9 Monitor market trendsWeather conditions 2 3 Weatherproof outdoor
seating 6 Have indoor seating option.
This risk register assesses various risks, their likelihood, impact, control
measures, residual risk scores, and proposed actions to mitigate them.
 Risk Area likelihood impect control Residual Action
measures Risk Score
1. Food 5 4 implement 20 Regular
contaminat strict food inspection
e safety
2. Theft or 3 5 install CCTV 15 train staff
Robbery Camera on Security
3 Fire🔥
Hazard
2 4
🔥
install fire 8
🔥
Conduct fire
drills
extinguisher
s
4. Staff 4 3 Implement 12 Improve
Turnover employee Work
retention environment
Strategies
5. Equipment 3 4 Regular 12 Keep Spare
Breakdown maintenanc parts
e available
6. Customer 4 3 Improve 12 Implement
Complaints Customer feedback
Service System
7. Regulatory 3 4 Regular 12 Update
non- Audits procedures
compliance
8. Power 2 4 Backup 8 Implement
outage power Contingency
generators plan
9. price 3 3 Diversity 9 Monitor
fluctuations Suppliers Market
Trends
10. weather 2 3 weather 6 Have indoor
Conditions proof out seating
door option
Seating
REFERENCES:
1. Book:
Author: Rowling, J.K.
Title: Harry Potter and the Philosopher's Stone
Publication Year: 1997
Publisher: Bloomsbury Publishing
Bibliography Entry (APA style):
Rowling, J.K. (1997). Harry Potter and the Philosopher's Stone. Bloomsbury
Publishing.

2. Journal Article:
Author: Smith, J.
Title: The Impact of Climate Change on Agricultural Production
Journal Name: Journal of Agricultural Economics
Volume and Issue: 72(3)
Page Range: 385-401
Publication Year: 2020
Bibliography Entry (APA style):
Smith, J. (2020). The Impact of Climate Change on Agricultural Production.
Journal of Agricultural Economics, 72(3), 385-401.

3. Website:
Author: World Health Organization
Title of Webpage: COVID-19 Dashboard
Website Name: World Health Organization
URL: https://www.who.int/emergencies/disease/novel-coronavirus-2019
Bibliography Entry (APA style):
World Health Organization. (n.d.). COVID-19 Dashboard. World Health
Organization. Retrieved from https://www.who.int/emergencies/disease/novel-
coronavirus-2019
4. Conference Paper:
Author: Garcia, M.
Title: Advances in Machine Learning Algorithms
Conference Name: Proceedings of the International Conference on Machine
Learning
Publication Year: 2021
Page Range: 45-56
Bibliography Entry (APA style):
Garcia, M. (2021). Advances in Machine Learning Algorithms. In Proceedings
of the International Conference on Machine Learning (pp. 45-56).

5. Government Report:
Author: United States Department of Agriculture
Title: Agricultural Outlook Report
Publication Year: 2023
Report Number: AO-2023-10
Bibliography Entry (APA style):
United States Department of Agriculture. (2023). Agricultural Outlook Report
(Report No. AO-2023-10).

6. ISO 31000 Standard:

International Organization for Standardization. (2009). ISO 31000: Risk
management – Principles and guidelines. Geneva, Switzerland: ISO.

7. Mulungushi University. (2024). Risk Evaluation Report: Agricultural Sector.

Retrieved from [insert URL ]