According Haas, Gerba and Rose (1999), Quantitative microbial risk assessment, the major purposes of a business management organ is to reduce resource wastage in the operations. These include wastages caused by risks exposed to business by both internal and external hazards. Risks therefore would refer to the capacity of harm in expectation that might occur to a business within a given duration of time within the business’ accounting period. Managing risks is therefore fundamental for the business management to be able to avoid losses. The process of risk management begins at risk assessment.
Risk assessment is the managerial process of carrying out a risk test in a business or an organization to identify the risks to which the business is exposed to, gauge the quantity of the risks and be able to foster best ways possible to eliminate the risks through a substantial recommendation by the assessors. Risk management is very crucial in protecting the workers and properties of the organization against unnecessary damages. Risk assessment gives some piece of mind to the management since major dangers to the business shall have been mitigated. This paper therefore focuses to examine the process of risk assessment with specific to a given company; the Becoming Company
The Becoming Company is a service provider company based in Burlington, the hometown of the founder Ann Roger. The Becoming Company deals in development training and inspirational materials such as music, videos and books titled Drive Change. The company aims at making sales from inspiring people with all levels of deformities out of the experienced the company’s founder Ann Roger had gained having faced the same situation. She therefore had the required expertise in the company business and recruited a staff of three to help her run the business.
We therefore analyze the company assets and records for the risks assessment. The company can use the HSE operational method to identify the risks exposed to the business. This involve study in detail the general business operations. For instance, we consider Ann’s business operation and the security given to her assets and confidential operations. The whole process taken by the company to mitigate its risk can be represented by the organizational risk management flow chart below.
The execution of the risk assessment process begins by identifying the stock record of the Becoming Company. It also encompasses noticing the security and control over the company properties. The company endowed by both software and hardware, the company provides its customers with services in advice, consultation and sale of music videos and books. The company also uses software and internet servers it buys from other firms and corporations. The table below summarizes the company assets.
Vulnerabilities of Becoming Company
Anne’s firm has a lot of gaps and loopholes in terms of the degree of protection of her access to confidential information as well as the safety of such important information. Anne runs the business based on the degree of loyalty of her three workers as they are left free to access the confidential files that are just recorded in plain texts and words as employees have the access to the log in details of such computers (Leeuwen and Vermeire, 2007). The following are basic possible vulnerabilities that Anne’s assets and the confidential information are attached to;
Possible loss of business information
This will arise following the poor manner in which the business records are kept. The choice of the company to only save such confidential and important information in plain texts and words that are further kept in several directories will be the worse should such books of account be lost. Despite Anne having the office in place, the backup flash drive is poorly stored at home. The backup flash, according should have safely been kept in a more reasonable place than Anne did it.
The basic window login
This is prone to access to anybody that might not while for the company. An authorize person might just access the confidential information of the business which are saved in such computers. This foreign person accessing such information will be of a negative impact to the business as this might leak out some important records and information and it is that information that might be looked at as the strength of the company.
No encrypted file format
There is a possible vulnerabilities of unencrypted files that than the encrypted files. Examining this further in terms of associated risks, it is therefore prone to more risk and the subsequent loss of the files. The decision by Anne to use her store’s phone as a password for the encrypted WEP can as well pose serious consequences should such confidential password be leaked to other an authorized persons.
Higher probability of the computer crush
The frequency with which the employees tinker and do their surfing might not work for the safety of these computers. This can also be argued out in terms of the lack of a permanent antivirus put in place to enhance the security of these computers. The choice by Anne to use the free AVG virus protection might not be good for the reliability of the system as this free AVG is prone to frequent updates which not cheeked might put more risks to the system and hence causing severe damages.
The company is founded on the use of a local wireless network firm to supply the internet services. The decision by the company to rely on the conventional firewall and virus scanner might constantly be reliable for the continuous operation of the firm. The use of free Zone Alarm for firewall and free AVG for scanning the various applications points out to a possible breakdown in the system.
Inefficient custom program
The decision to use a mere untested program written a university student understood to Anne’s nephew might cause serious damages to the company operation. The manner the program operates having been written in Microsoft Visual Basic present more questions than answers. Since the only programmer of this program is the nephew, it might prove difficult to be maintained in the absence of its original programmer.
Risks and the associated consequences
The following risks will be inevitable to Anne’s company and will have several consequences. The frequency of a particular risk occurrence will differ from one another depending on the degree of vulnerability.
This majorly depends on the organizational structure of a particular company and its administrative procedure. As per this context, Becoming Company will severely be affected since it has a very poor administrative structure. The company has a poor manner of record keeping which is fully disorganized. The company is also seen to be using an outdated technology in its operation (Leeuwen and Vermeire, 2007). The associated consequence of this risk will be interruption of the supply change that results to the customer’s loyalty demoralized and shifts to other competitive company as they view this company as being unreliable. Becoming company will also suffer from the loss of all data due to the use of an obsolete information technology system.
This is associated with the over dependency on a particular single expertise which translates to interruption of supply chain the employee be absent from work. This definition typically depicts the exact state of affairs at the Becoming Company, which is operated based on only three employees. To put more emphasis, Moe is attached the supervisory role and would be forced to chip in when Ann is absent to be in charge. This indicate a possible supply interruption should both Ann and more be absent on a similar day.
This will apply in this company because there is use of obsolete information technology being used. The company will be less advantaged due to the stiff competition it faces against those that use current Information technology systems. There will be loss of customers as a consequential effect. The adverse effect might even be the closure of the company since the objective of the business is to make profits that are embedded on the effective demand.
This is results from the cases off illness that may affect the company employees. This has a consequence of interrupting the supply of the goods and services produced by the Becoming Company. This risk will frequently affect this company because it only has three employees and this would mean that every time one falls sick, delegation is done to fill the position implying an increased workload for such a worker and hence decreasing his productivity.
Health and safety risk
Many businesses have suffered major setbacks in terms of legal procedures due to failure to manage health and safety risk. The requirement is to keep a business safe for every stakeholder. Consequences such as company bad reputation and legal proceedings have characterized it. In this context, the Becoming can face serious consequence because of poor delivery of services as a result of using obsolete information technology.
This risk arises when a firm fails to meet the requirements as outlined in laws and regulation set by the governments. A failure by Becoming Company to obey the employment laws, payment of taxes, trading laws as well as safety and regulation Acts will pose a bigger challenge including its termination.
Becoming Company is highly exposed to fraud arising from the use of internet and fax. Failure to be keen in its operation the company thus loses many funds. The company operation is based on the use of internet and fax, which are the best channels of communication that facilitate swindling.
Risk ranking categories
The risk identified above can then be classified into the following categories depending on the magnitude of risk exposed to the business.
Counteracting the Vulnerabilities
This is to be discussed one by one-close examination of the consequences arising from the vulnerabilities as discussed;
One of the major consequences arises due to inefficient record keeping in which case the Company has no proper data storage. The financial risks associated with such poor practices can be counteracted by installation of the accounting management software’s such as the ERP software. On the issue of the possible computers crushing, Anne should buy a recognized antivirus scanner and stop leaning on unexpected free AVG antivirus. In so doing, the cost of maintenance would significantly reduce and such savings diverted to other valuable expenditures for the company’s expansion.
On the issue of inefficient custom program, the company should seek for experts and advice according on the best program and the current software that are compatible to such programs. The use of a program that was just developed by a mere school will not keep the company with the pace of its competitors. In respect to possible financial loss through scammers, the company should sensitize its employees to be aware of such unethical activities from the internet. The scammers if not checked would negatively cause failures of the firm.
Anne should also employ the encryption of files since this will enable the safety of such confidential documents, as the loss of such files will negatively hurt the company’s operation. There should also a proper overhaul of the whole installation done by the Initia TEC as this configuration may not be efficient to boost the service delivery and ensure no interruption of its activities which will enable Company retain its customers and even get more new customers that will be persuaded by its loyal customers. The company should also consider more staffing. There an overburdening of the employees and this has a consequent of supply interruption to cases of sicknesses. Addition of more workers will work in favor of the company as the value of marginal productivities of its workers will increased because of specialization.
Recommendation to the Becoming Company
Critical analysis of the current state of affairs in terms of the way the firm keeps and manages its finances, it quite noting that Becoming Company is still far much inefficient in its accounting department. It is revealed from the poor manner of record keeping of financial records, which are manually entered into the books of accounts in plain texts and words and further kept in several directories. There is a need for this firm to adopt and implement accounting software to help remain relevant in terms of its financial management and record keeping. Being a small business enterprise ERP accounting software is recommended to be installed by this company to help manage its finances.
Operation of ERP software
In the context of the financial operations as per the Becoming Company, data entry will be accurate, and critically via the use of ERP as well as a concurrent maintenance of all information linked to accounting and finances. General ledger accounts, account receivables and payables will be incorporated in the system and will be easily managed.
Benefits of ERP software
- Reduction in the cases of accounting areas.
- Production efficiency due refined forecasting.
- Asset, order and inventory management will be enhanced.
- The package comes with the automation of accounting procedure.
Cost –Benefit analysis for ERP installation
A close examination of the cost associated with the acquisition and the installation software, it is found to be affordable to such Small Business to which Becoming Company belongs. A current risk associated with the Becoming Company when weighed against the positive package this software comes further proves the need to adopt the system. It will also be argued that Becoming Company stands to lose more customers if remains technologically irresponsive while other substitute Companies appreciates the need to change with technological trends. The cost of losing customers when balanced on the other hand against the cost of installing the ERP further makes it more logical as the former is much greater than the later. Reputation of a company name remains very vital for a company to strive, hence a company that is seen to be technologically stagnant will lose its reputation and this comes with huge costs.
The general procedure of risk management in the Becoming Company can be summarized into the management flow chart below.
A proper risk assessment is the most essential step of risk management. The Becoming Company must therefore allow for a proper risk assessment to be able to mitigate the exact risks identified. This should be a regular business practice as part of its management scheme. Owing to these massive costs if the company does not acquire the software, it is therefore necessary that Becoming Company should adapt the new proposed software in order to remain viable.
National Research Council. (1994). Science and judgment in risk assessment. Washington, DC: National Acad. Press.
Leeuwen, C. J., & Vermeire, T. (2007). Risk assessment of chemicals: An introduction. Dordrecht, The Netherlands: Springer.
Haimes, Y. Y. (2013). Risk modeling, assessment, and management. Hoboken, N.J: Wiley.
Haas, C. N., Gerba, C. P., & Rose, J. B. (1999). Quantitative microbial risk assessment. New York, NY [u.a.: Wiley.
. Workman, M., Phelps, D. C., & Gathegi, J. N. (2013). Information Security for