Angelica De Gala Mr.

Ryan Endrinal
BSBA- II

1. Define and explain the terms risk and risk management.

RISK
Risks can be internal and external to your business. They can also directly or indirectly
affect your business's ability to operate. Risks can be hazard-based (e.g. chemical
spills), uncertainty-based (e.g. natural disasters) or associated with opportunities (e.g.
taking them up or ignoring them). The Australian standard defines risk as 'the chance of
something happening that will have an impact on objectives'.

The types of risk you face are specific to a business and its objectives. To effectively
manage risk, an entity should prepare for internal and external scenarios that may directly
affect your business.

DIRECT RISK TO BUSINESS

Some common risk categories are:

 natural disasters, such as floods, storms, bushfires and drought

 pandemic, such as coronavirus (COVID-19), human influenza, swine flu or bird flu
 legal, such as insurance issues, resolving disputes, contractual breaches, non-
compliance with regulations, and liabilities
 global events, such as pandemics and interruptions to air traffic
 technology, such as computer network failures and problems associated with using
outdated equipment
 regulatory and government policy changes, such as water restrictions, quarantine
restrictions, carbon emission restrictions and tax
 environmental, such as climate change, chemical spills and pollution
 work health and safety, such as accidents caused by materials, equipment, or location
of your work
 property and equipment, such as damage from natural disasters, burst water pipes,
robbery and vandalism
 security, such as theft, fraud, loss of intellectual property, terrorism, extortion
and online security and fraud
 economic and financial, such as global financial events, interest rate increases, cash
flow shortages, customers not paying, rapid growth and rising costs
 staffing, such as industrial relations issues, human error, conflict management and
difficulty filling vacancies
 suppliers, such as issues within their business or industry resulting in failure or
interruptions to the supply chain of products or raw materials
  market, such as changes in consumer preference and increased competition
 utilities and services, such as failures or interruptions to the delivery of your power,
water, transport and telecommunications.
INDIRECT RISK TO BUSINESS
People often make the mistake of overlooking things that don't directly impact their
business and are therefore unprepared to deal with change. For example, while the
business might not be directly affected by a natural disaster, they may still suffer if it
affects their suppliers, customers or general location.
Consider how these scenarios could affect the business:
 If the suppliers are affected, business may run out of the products you sell, or the
materials need to make products.
 If the customers are personally affected, their priorities may change and the business
could experience a reduced demand for its products or services.
 If the general location is affected, the business and its customers may not be able to
access its premises, or their utilities could be affected. For example, an entity could lose
power, which could mean it:
o will not be able to operate its business
o may need to throw out any perishable goods and replace them, which can be
costly.
RISK MANAGEMENT
The process of identifying risks, assessing risks and developing strategies to manage risks
is known as risk management. A risk management plan is an essential part of any
business as it helps you to understand potential risks to your business and identify ways
to minimize them or recover from their impacts.

WHAT IS RISK MANAGEMENT?

Risk management is the process of identifying, assessing and controlling threats to an
organization's capital and earnings. These threats, or risks, could stem from a wide
variety of sources, including financial uncertainty, legal liabilities, strategic management
errors, accidents and natural disasters. IT security threats and data-related risks, and the
risk management strategies to alleviate them, have become a top priority
for digitized companies. As a result, a risk management plan increasingly includes
companies' processes for identifying and controlling threats to its digital assets, including
proprietary corporate data, a customer's personally identifiable information (PII) and
intellectual property.

Every business and organization faces the risk of unexpected, harmful events that can
cost the company money or cause it to permanently close. Risk management allows
 organizations to attempt to prepare for the unexpected by minimizing risks and extra
costs before they happen.

WHY RISK MANAGEMENT IS IMPORTANT?

By implementing a risk management plan and considering the various potential risks or
events before they occur, an organization can save money and protect their future. This is
because a robust risk management plan will help a company establish procedures to avoid
potential threats, minimize their impact should they occur and cope with the results. This
ability to understand and control risk enables organizations to be more confident in their
business decisions. Furthermore, strong corporate governance principles that focus
specifically on risk management can help a company reach their goals.

WHAT ARE THE IMPORTANT BENEFITS OF RISK MANAGEMENT?

 Creates a safe and secure work environment for all staff and customers.
 Increases the stability of business operations while also decreasing legal liability.
 Provides protection from events that are detrimental to both the company and the
environment.
 Protects all involved people and assets from potential harm.
 Helps establish the organization's insurance needs in order to save on unnecessary
premiums.

2. What is risk management framework and why it should be linked to other business
processes?
The selection and specification of security controls for a system is accomplished as part
of an organization-wide information security program that involves the management of
organizational risk---that is, the risk to the
organization or to individuals associated with the
operation of a system. The management of
organizational risk is a key element in the
organization's information security program and
provides an effective framework for selecting the
appropriate security controls for a system---the
security controls necessary to protect individuals
and the operations and assets of the organization.

The Risk Management Framework provides a

process that integrates security and risk
management activities into the system development life cycle. The risk-based approach to
security control selection and specification considers effectiveness, efficiency, and
constraints due to applicable laws, directives, Executive Orders, policies, standards, or
regulations.
 Prepare Step
Prepare carries out essential activities at the organization, mission and business process,
and information system levels of the enterprise to help prepare the organization to
manage its security and privacy risks using the Risk Management Framework.
 Categorize Step
Categorize the system and the information processed, stored, and transmitted by that
system based on an impact analysis
 Select Step
Select an initial set of baseline security controls for the system based on the security
categorization; tailoring and supplementing the security control baseline as needed based
on organization assessment of risk and local conditions.
 Implement Step
Implement the security controls and document how the controls are deployed within the
system and environment of operation.
 Assess Step
Assess the security controls using appropriate procedures to determine the extent to
which the controls are implemented correctly, operating as intended, and producing the
desired outcome with respect to meeting the security requirements for the system.
 Authorize Step
Authorize system operation based upon a determination of the risk to organizational
operations and assets, individuals, other organizations and the Nation resulting from the
operation of the system and the decision that this risk is acceptable.
 Monitor Step
Monitor and assess selected security controls in the system on an ongoing basis including
assessing security control effectiveness, documenting changes to the system or
environment of operation, conducting security impact analyses of the associated changes,
and reporting the security state of the system to appropriate organizational officials.

All companies face risk; without risk, there is no reward. The flip side of this is that too
much risk can lead to business failure. Risk management allows a balance to be struck
between taking risks and reducing them.

Effective risk management can add value to any organization. In particular, companies
operating in the investment industry rely heavily on risk management as the foundation
that allows them to withstand market crashes.

An effective risk management framework seeks to protect an organization's capital

base and earnings without hindering growth. Furthermore, investors are more willing to
invest in companies with good risk management practices. This generally results in lower
borrowing costs, easier access to capital for the firm and improved long-term
performance.
The bottom line is risk management framework should be linked to other business
processes since it plays a crucial role in any company's pursuit of financial stability and
superior performance. The adoption of a risk management framework that embeds best
practices into the firm's risk culture can be the cornerstone of an organizations' financial
future.