Understanding the Role of Context in Risk Management

1.a.According to the research, it has been identified that establishment of the context helps in defining the overall scope associated to the process of the risk management and also allows to fix the criteria for the risks which are going to be assessed. It is necessary to determine the scope present in the context related to the organizational objective of the company. It has been found that the risks are quite uncertain in nature which results in affecting the progress associated with the objectives of the business processes (Bromiley et al., 2015). Thus, it can be seen that the risks are not possible to identify when there are issues related to the understanding of business strategies and objectives. During the research, it has been found that it is necessary for determining the appropriate risk context since it helps the organizations in identifying the risks that are linked to the context.

b.During the research, it has been found that there are various kinds of tools present in the market that helps in identifying risks by ensuring the fact that all the steps linked with the identification of risks have been taken properly. The utilization of tools for identifying the risks serves the following purposes which are as follows:

1. The risk management tools concentrate on identifying, prioritizing, and analyzing the risks of achieving the strategic capabilities, objectives, and missions.
2. It concentrates on identification, prioritizing, and analyzing the threats for minimizing the risks which may result in impacting the national security.
3. The risk management tools help in the elimination of the risks that most impact on the probability and objectives of the organizational success (Hopkin, 2018).
4. The tools related to the identification of risks concentrates on quantifying the economic and technical risks that are associated with the cost of the business-related systems.

c.In the research, it has been found that there is a requirement of documenting the identified risks in addition to relevant policies, standards, procedures, and legislation during the time of identifying any risks within the organization. Development of the procedures, standards, and processes are crucial for the business organizations that are in the preliminary stages of their business or when the organizations are trying to rebuild their business which is presently underperforming. The formalized kinds of procedures and processes allow the business organizations to reduce their business risks thereby saving money as well as time for them to carry of the business in an effective manner (Farrell & Gallagher, 2015). The procedures and processes help to improve the consistency of any service or product which the organizations deliver. Consideration of policies, and standards help in setting benchmarks for the business organizations that are required to be met within the given deadline. Having proper legislation and policies by the business organizations help them to build a trust factor within the customers thereby providing them with positive experience towards the services and products. 

2.a.During the time of analyzing and documenting any risks involved within the organization, it is necessary to document the risks properly thereby making a consultation with the stakeholders. Stakeholder consultation is known to be the development of productive and constructive relationships over a longer period of time. It helps in the creation of a mutual benefit thereby reducing the risks to a great extent with the identification of emerging and trending challenges which may hamper the future of the organization. It is necessary to understand the feedbacks and concerns of the stakeholders for improving the project design followed by improving the outcomes of the project (Bromiley et al., 2015). Moreover, consultation with the relevant stakeholders allows the business organizations to analyze as well as control the external risks that are involved within the organization. In the research, it has been found that consultation results in identifying and monitoring the challenges, trends, and perceptions associated with various groups of stakeholders.

Significance of Tools, Processes, and Policies for Risks Identification

b.Risk categorization is regarded as an essential component of the program related to risk management. The business organization needs to keep one thing in mind that the risks are going to be a part of their business processes. In the case of the large business organization, it can be seen that the risk management processes try to identify, analyze, prioritize the risks thereby starts working on the mitigating the risks that involved. The risks associated with the organizations are of various forms which range from the loss of reputation in front of the competitors or the financial loss that occurs during the time of doing business. A risk categorization helps a business organization in various kinds of ways which are as follows:

1. Risk categorization helps in avoiding several kinds of surprising situations related to risks within the organization.
2. It helps in providing a focused and structured approach for identifying various kinds of issues (Farrell & Gallagher, 2015).
3. It allows building multiple kinds of opportunities for responding towards any risks.

There is a necessity for the determination of the level of risks within the organization for mitigating those risks in a proper manner. The different level of risks is considered to be lower, medium, higher, and very higher. The level of risks needs to be analyzed properly for becoming active in the controlling process.

c.Documentation of the risk analysis processes is much required by the business organizations for reducing the number of risks within the organization thereby having a better business outcome. The procedure of risk investigation incorporates distinguishing and evaluating vulnerabilities, assessing their effect on results that we think about, and building a risk examination which communicates these components in the quantitative frame (Hopkin, 2018). It also helps in investigating the model through simulation and affectability examination and settling the administration choices that can enable us to keep away from various kinds of risks. During the time of risk analysis, the business organizations need to identify various sources of uncertainty and risks involved with each business processes.

1.This section is going to discuss a security risk that has been managed previously within the workplace by introducing the risk management processes as well as treatment plan related to the risk (Gao, Zhong & Mei, 2015). The chosen organization for the analysis is an IT organization and it can be seen that the recent online marketing strategies help in providing various kinds of benefits for the current global firms with convenient and cheaper transaction facilities followed by real-time management of consumer data.

After the research, it has been found that the online business models of the chosen organization were mostly dependent on computerized advertising for their prosperity, which resulted in achievement of data innovation and information administration procedures within the organization. Due to a fraud case, it has been found that the development of advanced advertising got extremely influenced by the abuse of innovation by corrupt people in different ways. The abuse of innovation that occurred in the chosen organization includes wholesale fraud, information misfortune and other information security breaks (Hovav, Han & Kim, 2017). The expansion of the data security breaks and instances of wholesale fraud as of late resulted in creating issues for the promoting of items and administrations within the organization. Thus, it has been found that the scenario of the risk situation is fully based on the online security breach and which need to be solved on a high priority basis for reducing the level of risks within the organization.

Value of Stakeholder Consultation and Risk Categorization

2.During the time of any security risk occurring within the organization, it is necessary to first communicate with all the employees working within the organization in a strategic way without hampering the existing business processes. During the time of identifying the security issues firstly, the IT security team was communicated followed by the incident beam and then the legal counsel. The IT security team played the main role to identify the levels of risks associated with the security breach and provided simple solutions for mitigating the risk (Gao, Zhong & Mei, 2015). The stakeholder, colleagues, and management who were communicated during the time of that security breach were C-level executives, customer service executives for informing about the risk to the customers, employees working in the department of media relations, other employees working within the organization, and customers.

3.During the time of identifying the security breach within the chosen organization, it has been found that various kinds of analysis and research have been made before presenting the final findings to the stakeholders of the organization. In the present innovation driven commercial center within the chosen organization, it can be seen that the technical devices for advertising incorporate information sharing, shopper profiling and direct promoting utilizing on the web or disconnected databases. Touchy individual data has been shared and traded for the benefit, regularly deceitfully by numerous advertising firms. Subsequently, the chosen firm frequently fall back on spontaneous showcasing, strategically pitch items and administrations utilizing database promoting systems, share information with different firms or members and in addition outsiders (e.g. outsiders) which undermined the person’s entitlement to the security of individual data. Information pilferage included a break of data security that might be set up with a specific end goal to ensure buyers, the organization or people whose individual data is utilized wrongly.

The shopper’s certainty and trust in the market got influenced by a constantly changing data framework arranged commercial center. The customers may likewise feel that the chosen organization, governments, and legitimate specialists are not doing what’s needed for securing their interests or for guaranteeing appropriate utilization of individual information, regardless of whether such information utilize is for online business action or customary purchasing and offering of items or administrations.

In the research, it has been analyzed that during the time of tackling the cases related to a security breach, the level of high security has been built up within the organizational information system (Hovav, Han & Kim, 2017). A strong marketing system has also been set up with the organization about the security risk for performing further trustworthy transactions followed by developing a healthy communicational environment.

4.A risk register form is considered to be the tool for documenting various kinds of risk as well as actions which help in the management of those risks involved within the organization. The risk register form serves as an effective tool for the better management of any security risks (Mace et al., 2015).

Number of Risks	Areas of Risk	Actual Score	Present Score	Targeted Score
1.	Financial Risks related to the security breach	9	4	3
2.	Risks related to the capacity, capability, and skills.	3	3	2
3.	Risks associated with business continuity.	9	6	3
4.	Cyber Risk Attack involved in the security breach.	6	6	6
5.	Loss of Data	4	4	4

Table 1: Risk Register Form for the security breach

5.Yes, during the time of mitigating the risks different working departments within the organization have been informed and communicated well for reducing the level of risks in a shorter period of time. Firstly, the IT security team was contacted and they had taken the responsibility for identifying the areas of risks as well as the level of risk associated with the organization. The IT security team have given much support for mitigating the risks involved with the security issue that happed within the chosen organization. Followed by that the employees of other departments including customer service executives, media relation executives and C-level executives also provided improved support during the mitigation of the risk.

6.Different kinds of legislative and organizational procedures had been taken into consideration during the time of carrying out the risk management. A national cyber security strategy had been adopted that consisted of suitable legislation against the illegal usage of the various kinds of mischievous or criminal purposes (Gao, Zhong & Mei, 2015). The organizational structure of the organization was made much stronger than before followed by the presentation of workshops on Cyber security law for the employees working within the organization. Different kinds of encryption systems had been introduced within the organization for increasing the level of security followed by the creation of compactness within the organization.

References

Bromiley, P., McShane, M., Nair, A., & Rustambekov, E. (2015). Enterprise risk management: Review, critique, and research directions. Long range planning, 48(4), 265-276.

Farrell, M., & Gallagher, R. (2015). The valuation implications of enterprise risk management maturity. Journal of Risk and Insurance, 82(3), 625-657.

Gao, X., Zhong, W., & Mei, S. (2015). Security investment and information sharing under an alternative security breach probability function. Information Systems Frontiers, 17(2), 423-438.

Hopkin, P. (2018). Fundamentals of risk management: understanding, evaluating and implementing effective risk management. Kogan Page Publishers.

Hovav, A., Han, J., & Kim, J. (2017). Market Reaction to Security Breach Announcements: Evidence from South Korea. ACM SIGMIS Database: the DATABASE for Advances in Information Systems, 48(1), 11-52.

Mace, G. M., Hails, R. S., Cryle, P., Harlow, J., & Clarke, S. J. (2015). Towards a risk register for natural capital. Journal of Applied Ecology, 52(3), 641-653.