A3A. Risk Level Justification
Market Volatility: The severity of impact is high considering how the market determines business performance. The probability of occurrence is medium considering the rapid changes in the consumer choices and preferences. The controllability of market volatility is low as external forces determine it.
The severity of cyber threats is high as sensitive information can be leaked to unwarranted person. The likelihood of occurrence is high, as the rate of cybercrimes has doubled over the past few years. Cyber threats are highly controllable with the implementation of stringent cybersecurity measures.
The severity of impact is medium as geopolitical uncertainties influence diplomatic relationships between nations, which have ripple effects on international businesses. The likelihood of occurrence is low as most nations have using diplomatic ways to solve disputes. The controllability of geopolitical uncertainties is low because businesses have restrictions on geopolitical issues.
Reduced demand has a medium impact on the business as it implies a reduction in revenue. The likelihood of occurrence is low, as the company has put mechanisms to ensure that the sales and profits margins are increased. Controllability is medium depending on the efficacy of marketing and advertising strategies.
New regulations will have a low impact on the business as it is assumed that the authorities have the goodwill of the businesses. The likelihood of occurrence is low as most of the legal provisions have been formulated and implemented. Controllability of new regulation is low as jurisdictions of business are restricted.
The amount of resources of the company has a medium impact; consider low resources will affect the effective functioning of the organization. The likelihood of occurrence is medium as resource planning mitigates the risk. The controllability of the risk is high as the company has absolute power to determine its resources.
Tesco Inc. operates in a multicultural setting. As such, cultural difference may have a medium impact on the company especially when it comes to the interpersonal relationship within the organization and relationship within the larger community. The likelihood of occurrence is low as the business assesses the cultural factors before starting new ventures in the identified community. The controllability of community culture is low; therefore, the company must employ adaptive techniques.
The severity of impacts of economic impacts is high as they can determine the sustainability of the business. The likelihood of occurrence is medium, as the organization has been operating in a relatively stable economy for the last decade. The controllability of economic uncertainties is low since it mainly entails external factors that are complex and convoluted.
Market volatility is a threat that is systematic implying that diversification is ineffective. However, the organization can manage market volatility by hedging its portfolio. Some of the sources of market volatility include natural disasters, political turmoil, recessions, and terrorist attacks (Bessis, 2015). By the act of avoidance, the company will determine which markets have a high risk of being volatile. Studies have consistently shown that some markets are more volatile than others due to historical factors. As such, Tesco Inc. can choose which markets to explore or avoid.
The cyber threat to the organization can be minimized through a commitment by the top management to solving emerging threats. The top management should deliberate on the methods of reducing the cyberthreat to the organization by appropriate funds to support cybersecurity. Again, the company should have competent people with the skills to manage the security of the IT infrastructure of the organization. Lastly, all the businesses process should be evaluated,and periodic reports are written. All the loopholes in the IT system should be treated as urgent and appropriate measures taken.
Geopolitical uncertainties are likely to affect the operations of the company in foreign markets. As such, the company should examine the political and diplomatic relations between the two countries. For instance, countries with a history of conflict will be unsuitable for business. The assertion is supported by the fact that most similar countries employ harsh trade policies, sanctions toward each other (Bessis, 2015). Therefore, the company should avoid expanding its operations in nations where geopolitical differences are likely to affect its goals and objectives.
The company can mitigate the risk of reduced demand by enhancing its marketing and advertising techniques. Diminisheddemand for the company’s product implies that the consumers prefer to purchase from the competitors, or the company has failed to meet the quality that enhances customers’ satisfaction. As such, the organization should employ new methods of marketing, especially using social media as research has shown its benefits (Lam, 2014). Garfield can increase the demand for their products by ensuring that they surpass the expectation of the consumers regarding quality.
The company can reduce damage attributed to new regulations by ensuring that all the stakeholders are conversant with the new rules. Such can be achieved by employing a legal consultant who will advise the company on the legal consequences of contravening the new laws. After a thorough understanding of the new regulations, the company must formulate internal measures that will ensure all the stakeholders ascribe to the regulations (Bessis, 2015). The company should espouse the importance of adhering to legal restraint
The organization should align its projects with the available funds. For instance, the company should only start new projects if they are certain they have a reliable source of funding. Resource planning is imperative for the organization. The leadership of the company should create a department whose sole role is to plan for the company and advise the executive on the strength and weaknesses of each project to be undertaken. As such, the company will avoid the damages that are associated with failed projects.
Cultural risks can be solved in two perspectives. The first measure is the creation of organizational culture. Organizational culture serves as a binding platform for all the employees working for the company. The second measure is the flexibility of the company to adapt to community culture. The success or failure of the organization will be attributed to the level of support of the immediate community (Lam, 2014). As such, the company should be flexible to appreciate the culture of the community. Stable external relationships will ensure that the primary stakeholders support the operations of the company.
Economic uncertainties are factors that can determine whether the company survives or fails. Tesco Inc. should respond to the risk of economic uncertainties by adopting transformational leadership. Economic uncertainties are manifested in different forms (Sadgrove, 2016). As such, fixed strategies may fail to work in the event of a new challenge. Through transformational leadership, the organization will formulate strategic plans to enable the company to overcome the difficulties. Furthermore, the company can employ a collaborative approach including customers and other businesses.
C1. Strategic Pre-incident Changes
The pre-incident changes that the company can follow to ensure its well-being involve stages of business continuity impact assessment. Impact analysis will identify the result`s arising from disruption of business functions and processes. Impact analysis enables the business leaders to create appropriate recovery procedures in case the problem occurs in future. Through impact analysis, the company will understand the financial and operational impacts that result from changes in the business functions and processes (Sadgrove, 2016). Additionally, the organization will discover the exact point where the losses will have significant impacts on the business based on the identified impacts. Another important change that the company can use to maintain its well-being is formulating solid recovery strategies (Lam, 2014). Incidents can derail the company from the track. However, it is imperative for the company to explore and exhaust all recovery strategies to ensure that the preferred strategies are appropriate for the issues identified in the business impact analysis phase.
C2A. Sensitive Data
Sensitive data refers to information that requires safeguard and protection from unwarranted and unauthorized access (Sadgrove, 2016). In the case of Tesco Inc., the confidential information is categorizedinto three broad groups including personal information, business information, and classified information. Classified information of the business may regard unpatented discovery regarding products or processes.
C2B. Normal Data Protection
During normal business operation, sensitive data can be protected physically by establishing a strong room where all the sensitive information is stored. The room should be monitored through CCTV cameras. Access to the room should be limited to a few individuals. The computers should have strong passwords and firewalls to deter hackers from accessing the system.
C2C. Disruption Data Protection
In the event of a disruption, data will be physically protected by safeguarding the room by armed guards. The strong room should be fireproof meaning that the necessary measures should be taken to ensure that the roomis protected from fire. Additionally, the organization will back up the data in a cloud storage system apart from backing it up in hard drives that will be stored in reliable places such as banks.
C2D. Ethical Use
The company will guarantee the data is used ethically by defining the extent to which specific data can be used. As such, the company will formulate regulations regarding the use of data. Any person who will be culpable of contravening the rules will face disciplinary action, which may include termination of employment contract.
C3A. Customer Records
For Tesco Inc., the customer records include the following name, credit information, billing information and order records. All these information are critical for the organization especially due to the transition of the operations to the digital platform where most transactions are conducted online.
C3B. Normal Security Measures
The customer's records can be protected normal business operation by two methods including the installation of systems and enhanced security measures. The systems that will be installed should be secure and have strong passwords. Such implies that the company should involve the expertise system experts to ensure that new advance systems are installed. System upgrade should regularly be conducted. Security measures that should be taken include restricted access to customers’ records, signing in and of people allowed to access the systems, and documenting any changes in the client records.
C3C. Disruption Security Measures
In case there is a disruption of risk, the customers’ record can be protected by the shutting down of the system. Once the system has shut down, the IT department will examine the possible cause and will only open the system to be operational once all the issues have been addressed. The shutdown implies that the company will remain temporary dysfunctional.
Tesco Inc. will ensure that customer records are ethically used by periodically reviewing the activities of the staff. Such implies that the company should install software and programs that can record activities relating to unlawful or unauthorized access to customers information. The company should review its ethical policies annually to ensure that its cooperation with other business is in line with the general code of ethics.
C4. Communication Plan
Following a disruption, the company will communicate to all the critical people using calls. All the employees of the company will have their contacts stored in the main database. Apart from calls, the company can reach the concerned people through other means including teleconferencing and instant messages. Preferably, a company group should be created in one of the instant messaging apps that are secure and reliable.
The stakeholders who should be contacted in the event of disruption include the employees, key customers, utility companies, shareholders, and suppliers. All the stakeholders mentioned above are instrumental in the operations and functioning of the business.
C4AI. Stakeholder Communication
Employees will be contacted to be instructed on the nature of the problem and the impact it has on the role of each employee. The utility company will be informed formally through written communication on the state of the company. Key customers will be informedof the nature of the problem and disruption in their orders. The shareholders will be informed of the risk event, and a meeting will be convened to mitigate on the next course of action for the company. Lastly, the suppliers will be informedof the prevailing changes and discussions will be made to find a short-term solution to the stalemate.
C5. Restoration of Operations
Normal operation will be restored after risk event through communication to the stakeholders. The communication will mostly be based on explaining to the stakeholders the events and the measures that have been taken to control it in the future. The recovery strategies play a significant role in shaping the restoration discourse.
D1. Implementation of BCP
BCP will be implemented in the company after the ratification by the board of directors. The implementation will proceed in phases. The first phase is the introduction phase where the BCP will be introduced to all the sectors of the company. The second phase of implementation will be focused monitoring plan. In this phase, the director of planning will be responsible for evaluating how BCP works in a specific area. The last phase of implantation will be the inclusive approach, which encompasses all aspects of the business.
BCP will be communicated to the organization through an official memo. The memos are usually placed in strategic positions where all the target audience can access them. Additionally, a forum will be convened in which the stakeholders of the organization will discuss the content of the BCP.
D2. BCP Monitoring
Monitoring and testing of BCB before the incident will be carried out three times in a year. The company will conduct drills on the disruptions and assess how effective they are regarding the mitigation of the risks.
D3A. BCP Adjustment
Adjustment to BCP will be done annually. At the end of each operation period, the company will conduct a comprehensive review of the BCP. Any new changes and alteration will be incorporated in the updated version of BCP. The company will involve external consultants who will provide expert advice on various elements of the BCP.
D4A. Communication of Change
Changes to the BCP will mainly be communicated to the stakeholders through emails. The stakeholders will be sent emails notifying them of the changes to the policies. Additionally, the company wills communicate with the employees using memos
project management assignment help, business management assignment help, business management assignment, management assignment help services, strategic management assignment help, management accounting assignment , management homework help, marketing management assignment help, human resource assignment help, human resource management assignment help, managerial accounting assignment help, management accounting assignment help, financial management assignment help, it management assignment help, project management homework help, hospitality management assignment help, hr management assignment help, operations management homework help, brand management assignment help, database management homework help, financial management homework help, operations assignment help, healthcare management assignment help, write my project management assignment,