CHAPTER 6: CONTROLLING BUSINESS RISKS

Unit of learning code: BUS/BM/CR/05/5

Related Unit of Competency in Occupational Standard: Control Business Risk

6.1 Introduction to the unit of learning

This unit specifies the competencies required to control business risks. It involves
assessing business risks, establishing risk management team, developing risk mitigation
plan, monitoring risk management process and preparing business risk management
report.
6.2 Summary of Learning Outcomes

1. Assess business risks

2. Establish risk management team
3. Implement risk mitigation plan
4. Monitor and evaluate risk management process
5. Prepare business risk management report
6.2.1 LEARNING OUTCOME 1: ASSESS BUSINESS RISKS

Introduction
Small to medium businesses are exposed to risks all the time. Such risks can directly affect day-
to-day operations, decrease revenue or increase expenses. Their impact may be serious enough
for the business to fail. Most business managers know instinctively that they should have
insurance policies to cover risks to life and property. However, there are many other risks that all
businesses face, some of which are overlooked or ignored. Every business is subject to possible
losses from unmanaged risks. Sound risk management should reduce the chance that a particular
event will take place and, if it does take place, sound risk management should reduce its impact.
Sound risk management also protects business wealth. Risk management starts by identifying
possible threats and then implementing processes to minimize or negate them.
Risk management is a process in which businesses identify, assess and treat risks that could
potentially affect their business operations.

Performance standards

1. Business risks are identified according to the strategic plan, SWOT analysis and
PESTEL analysis
2. Risk scenarios are analyzed from crisis reports and publications
 3. Risk assessment matrix is prepares according to risk scenarios and organizational
procedures
4. Risk perspectives are classified according to type of organization and nature of
business

Information Sheet

Definition of terms
Business risks
The term refers to the possibility of a commercial business making inadequate profits (or even
losses) due to uncertainties - for example: changes in tastes, changing preferences of
consumers, strikes, increased competition, changes in government policy, obsolescence etc.
Risk control
Risk control is the set of methods by which firms evaluate potential losses and take action to
reduce or eliminate such threats.
A risk matrix
This is also called a business risk assessment matrix. It is a graph that one would use to plot the
probability of certain risks occurring against the impact this would have on a business.

Business risks are identified according to the strategic plan, SWOT analysis and PESTEL
analysis

Every business organization faces various risk elements while doing business. Business risk
implies uncertainty in profits or danger of loss and the events that could pose a risk due to some
unforeseen events in future, which causes business to fail.

For example, a company may face different risks in production, risks due to irregular supply of
raw materials, machinery breakdown, labour unrest, etc. In marketing, risks may arise due to
fluctuations in market prices, changing trends and fashions, errors in sales forecasting, etc. In
addition, there may be loss of assets of the firm due to fire, flood, earthquakes, riots or war and
political unrest which may cause unwanted interruptions in the business operations. Thus
business risks may take place in different forms depending upon the nature of a company and
its production.

SWOT analysis (or SWOT matrix) is a strategic planning technique used to help a person or
organization identify strengths, weaknesses, opportunities, and threats related to business
competition or project planning.

Scenarios in which his organization uses SWOT analysis for risk identification and
management.
These include the evaluation of business processes, technology interfaces, existing software,
proposed solutions, and customer service centers.

The following procedure may be used efficiently in carrying out SWOT analysis for risk
identification and management.

1. For the strengths, brainstorm corresponding strength and record them.

2. Analyze and collect suitable strengths.
3. Prioritize strengths in forced rank order or the nominal group method.
4. Follow the same steps (i.e. 1-3) for weaknesses, opportunities, and threats.
5. Define the strategies.

PESTLE Analysis in the Risk Management Framework

PESTLE analysis is a popular business analysis tool that involves identifying and evaluating
Political, Economic, Sociocultural, Technological, Legal, and Environmental factors that affect a
business. It can be a particularly useful tool in the context of risk management, where it provides
a straightforward framework that business analysts can use to identify potential risks.
PESTLE analysis forces a business to consider a wide variety of variables in the greater business
environment. By doing so, it allows the business to uncover potential risks in areas that may have
otherwise be ignored. To understand this, it’s helpful to look at how risks can be found in each of
the six PESTLE categories:

 Political. Changes in the greater Political environment affect some businesses more so
than others. For example, software houses will rarely have to worry about changing
Politics; however, if a business is largely dependent on trade or travel (especially where
there are unstable connections with other countries), looking at the Political outlook may
help to identify new risks.
 Economic. Especially on longer time frames, the Economic factors affecting a business
may have a lot to say about potential risks. For example, a rising minimum wage or
growing competition might both impact a business in a negative way if no protective
measures are employed.
 Sociocultural. People are the lifeblood of any business, in that they always play the role of
the customer in one way or another. As a result, changes in the Socio cultural environment
can have a massive impact on businesses. Examples include changes in consumer eating
habits, clothing preferences, or hobbies.
 Technological. As new technologies are developed, it may make some businesses
redundant. Once again, Technological changes tend to happen over a longer timeframe,
but they can have huge impacts on a business’ bottom line.
 Legal. The threat of Legal action is one of the biggest risks any business faces. Whether
that refers to Legal proceedings initiated by a customer or fellow competitor, it can still be
a serious risk. What adds more risks is the lack of knowledge of the confusing financial
terms and legal lingo.
 Environmental. With the growing relevance of Environmental issues, businesses also
need to look at these factors to identify potential risks. These risks may result from
 Environmental changes themselves, such as rising sea levels or less predictable weather
cycles, or from regulation surrounding these changes.
It’s important to note that PESTLE analysis usually takes into account both positive and negative
factors affecting a business. However, in the case of risk management, it’s the negative factors
which are most interesting. As a result, an analyst using PESTLE analysis for risk management
purposes should focus only on negative factors.

Risk scenarios are analyzed from crisis reports and publications

Analyzing Risk Scenario

Business risks can arise due to the influence by two major risks: internal risks (risks arising
from the events taking place within the organization) and external risks (risks arising from the
events taking place outside the organization):

 Internal risks arise from factors (endogenous variables, which can be influenced) such as:
o human factors (talent management, strikes)
o technological factors (emerging technologies)
o physical factors (failure of machines, fire or theft)
o operational factors (access to credit, cost cutting, advertisement)
 External risks arise from factors (exogenous variables, which cannot be controlled) such
as:
o economic factors (market risks, pricing pressure)
o natural factors (floods, earthquakes)
o political factors (compliance demands and regulations imposed by governments)

The following graphic is a good frame of reference when it comes to the risk analysis cycle:

Figure 57 risk analaysis cycle

Classifications of Business Risks

Business risk is classified into five different types:

1. Strategic Risk: They are the risks associated with the operations of that particular
industry. These kind of risks arise from:

(a)Business Environment: Buyers and sellers interacting to buy and sell goods and
services, changes in supply and demand, competitive structures and introduction of
new technologies.
(b)Transaction: Assets relocation of mergers and acquisitions, spin-offs, alliances and
joint ventures.
(c)Investor Relations: Strategy for communicating with individuals who have invested in
the business.
2. Financial Risk: These are the risks associated with the financial structure and
transactions of the particular industry.
3. Operational Risk: These are the risks associated with the operational and administrative
procedures of the particular industry.
4. Compliance Risk (Legal Risk): These are risks associated with the need to comply with
the rules and regulations of the government.
5. Other risks: There would be different risks like natural disaster (floods) and others
depend upon the nature and scale of the industry.

Risk control

It is a technique that utilizes findings from risk assessments, which involve identifying potential
risk factors in a company's operations, such as technical and non-technical aspects of the
business, financial policies and other issues that may affect the well-being of the firm. It can also
be defined as uncertain future events which could influence the achievement of the
organization’s strategic, operational and financial objectives. Two aspects of risk to note are
uncertainty and exposure.

Theories of Risk Management

The normal hypothesis

The transactions which incur higher risk will yield higher returns. Under the normal hypothesis
of risk, firms are assumed to take a view that the more risk they take, the more the return. This
approach attaches a positive correlation between risk and return such that the profitability of an
organization is intricately linked to the risk appetite of the organization. Profit seeking
organizations are therefore assumed to be risk takers given the relationship between risk and
profit.
Hypothesis of increasing marginal disutility of risk
The relationship between risk and return is not always linear as suggested under the normal
hypothesis of risk. Although not necessarily contradictory to the normal hypothesis of risk
theory, the marginal disutility of risk approach postulates that a firm can increase its risk taking
activities only up to a certain point after which the return will start to decline regardless of how
much more risk is assumed. Therefore, the firm will have to take a decision on whether it is
necessary to continue assuming more risk when the returns are diminishing. This approach is
generally consistent with economic theory on utility. Risk is therefore primarily concerned with
evaluating potential losses. The two concepts used in this regard are Loss frequency and Loss
severity. These concepts are particularly useful in helping a firm to rank loss exposures
according to their relative importance. In addition, the relative frequency and severity of each
loss exposure needs to be estimated so that an appropriate technique or a combination of
techniques can be selected to treat the loss exposure. Regardless of the approach used for
measuring severity; it must seek to determine the maximum possible loss and the maximum
probable loss. The maximum possible loss is the worst loss that could possibly occur to the firm
during its lifetime. On the other hand, the maximum probable loss is the worst loss that is likely
to happen to a firm.

Risk assessment

A firm should make every attempt to assess its risks within the context of both the external and
internal operating environment. This is a useful process as it assists in understanding the key
drivers of the risks the firm may face in its every day operations.
Steps in Risk Management Process

Step 1: Identification of organizational risks Frequency and severity

The objective of risk identification is to determine the risks that may affect the firm and
document their characteristics. Risk identification may be done through various stakeholders to
the firm as well as external experts

Tools & Techniques for Risk Identification:

1. Documentation reviews: This can be done by conducting a structured review of previous

documentation and reports of the firm. This is in order to ascertain whether there are any
historical issues likely to influence the nature and direction of risks faced by the firm.
2. Information gathering techniques: Several methods of information gathering can be used in
risk identification. These include;
(a) Brainstorming: probably the most used risk identification technique. The goal is to compile a
comprehensive list of risks that can be addressed later in the risk analysis processes. It usually
consists of a multidisciplinary set of experts. Under the leadership of a facilitator, they generate
ideas about a firm's risks. The process proceeds without interruption and without any expression
of judgment or criticism of ideas and without regard to one's position in the organization.
Sources of risk are identified in broad scope and discussed by the whole team. Risks are then
categorized by type and their definitions sharpened. Brainstorming can be more effective where
participants prepare in advance and the facilitator develops some risks in advance and the
meeting is structured by operational activity and risk category.
(b) Delphi Technique: This is a method by which consensus of experts can be reached on risk.
Experts are identified but participate anonymously. Delphi technique helps reduce bias and
minimizes the influence of any one person on the outcome. A facilitator uses a questionnaire to
solicit ideas about the important risks facing the firm and responses are submitted and put into
risk categories. The risks are then circulated for expert review. Consensus on major risks is
reached after a few rounds of this process.

3. Information Gathering

i. Interviews: Risks can be identified by interviews with experienced and skilled experts
within the firm. The appropriate individuals are selected and briefed. The interviewees
identify risks based on their experience in their respective operational areas and any other
sources they find useful.
ii. SWOT Analysis: ensures examination of risks from each of the SWOT perspectives to
increase the scope of risks considered. A scan of the internal and external environments is
an important strategic analysis of business risks. Environmental factors that are internal
to the firm can be classified as strengths (S), weaknesses (W) and those external to firm
are classified as opportunities (O), and Threats (T).Such analysis of the strategic
environment is referred to as SWOT analysis. This analysis enables a firm to take a
strategic position so as to turn weaknesses into strengths and try to direct threats into
opportunities.
iii. Checklist: It is useful for organizations to develop checklists of risks based on
information collected from past activities. This could include loss event data etc. The
checklist is a quick way of identifying potential risks and should not be considered as
complete. It should factor the possibility of other risks emerging and being addressed.
iv. Assumptions Analysis: There is a need to consider the underlying assumptions and
scenarios used in the various operational activities of the firm. Assumptions analysis is a
technique that explores the accuracy of the assumptions. It identifies risks relating to the
firm arising from inaccurate, inconsistent and incomplete assumptions. This is a useful
technique given the role of that assumptions play in the planning process of any firm.
v. Diagramming technique Cause and effect diagrams useful for identifying causes of risk:
System or process flowcharts show how various elements of a system interrelate and the
mechanism of causation. Similarly, influence diagrams provide a graphical representation
of a problem showing causal influences, time ordering of events and other relationships
among variables and outcomes
vi. PESTEL Analysis: This analysis answers six key questions relating to Political,
Economic, Social, Technological, Environmental and Legal aspects that pose as risk to
businesses.
- Political: what are the political factors that are likely to affect the business?
- Economical: What are the economic factors that will affect the business?
- Sociological: what are the cultural aspects likely to affect the business?
- Technology: what technological changes may affect the business?
- Environmental: What are the surrounding considerations that affect the business?
- Legal: What current and impending legislation that will affect the business?
Step 2: Analyze the Risk

Once a risk has been identified it needs to be analyzed. The scope of the risk must be determined.
It is also important to understand the link between the risk and different factors within the
organization. To determine the severity and seriousness of the risk it is necessary to see how
many business functions the risk affects. There are risks that can bring the whole business to a
standstill if actualized, while there are risks that will only be minor inconveniences in analyzed.
In a manual risk management environment, this analysis must be done manually. When a risk
management solution is implemented one of the most important basic steps is to map risks to
different documents, policies, procedures, and business processes. This means that the system
will already have a mapped risk framework that will evaluate risks and let you know the far-
reaching effects of each risk.
Step 3: Evaluate or Rank the Risk

Risks need to be ranked and prioritized. Most risk management solutions have different
categories of risks, depending on the severity of the risk. A risk that may cause some
inconvenience is rated lowly, risks that can result in catastrophic loss are rated the highest. It is
important to rank risks because it allows the organization to gain a holistic view of the risk
exposure of the whole organization. The business may be vulnerable to several low-level risks,
but it may not require upper management intervention. On the other hand, just one of the highest-
rated risks is enough to require immediate intervention.
Step 4: Treat the Risk

Every risk needs to be eliminated or contained as much as possible. This is done by connecting
with the experts of the field to which the risk belongs to. In a manual environment, this entails
contacting each and every stakeholder and then setting up meetings so everyone can talk and
discuss the issues. The problem is that the discussion is broken into many different email threads,
across different documents and spreadsheets, and many different phone calls. In a risk
management solution, all the relevant stakeholders can be sent notifications from within the
system. The discussion regarding the risk and its possible solution can take place from within the
system. Upper management can also keep a close eye on the solutions being suggested and the
progress being made from within the system. Instead of everyone contacting each other to get
updates, everyone can get updates directly from within the risk management solution.
Step 5: Monitor and Review the Risk
Not all risks can be eliminated – some risks are always present. Market risks and environmental
risks are just two examples of risks that always need to be monitored. Under manual systems
monitoring happens through diligent employees. These professionals must make sure that they
keep a close watch on all risk factors. Under a digital environment, the risk management system
monitors the entire risk framework of the organization. If any factor or risk changes, it is
immediately visible to everyone. Computers are also much better at continuously monitoring
risks than people. Monitoring risks also allows your business to ensure continuity.

Risk assessment matrix is prepared according to risk scenarios and organizational procedures

Risk Assessment Matrix

Risk matrix is the explanation of how likely is it that an identified risk will actually happen, and
how severely it will affect a business if it does.
The Risk Matrix tool works especially well because of its clear visual nature. By providing a
simple visualization of potential risks, one can easily see which ones are high priorities and
which ones can be ignored – for now.

Preparing risk assessment matrix

A risk matrix template focuses on two key aspects:

Severity: The impact of a risk and the negative consequences that would result.
Probability: The probability of the risk occurring.

RISK ASSESSMENT MATRIX

UnlikelyPossibleVery Likely

Medium: 3 High: 7 High: 9 Extreme: 12

Probability

Low: 2 Medium: 5 High: 8 Extreme: 11

Low: 1 Medium: 4 Medium: 6 High: 10

Minor Moderate Significant Severe

RiskSeverity

Figure 58: Risk assessment matrix

Firstly you need to decide on the severity rating for each identified risk. On the matrix, move
along the x axis until you’ve reached the appropriate rating: Minor, Moderate, Significant or
Severe.

Then, by moving along the y axis, assess at the probability of it happening. Starting from
Unlikely: almost no possibility of this happening; then Possible: this has the potential to happen;
lastly, highly likely: risks that are bound to happen. Continue in this manner for each risk you’ve
identified.

After you’ve placed each risk in the template matrix according to their severity and likelihood,
you will be able to clearly see which risks require the most attention, based on their color-coded
rating of the box they appear in.

 Green = Low: The consequences of the risk are minor, and it is unlikely to occur. These
types of risks are generally ignored.
 Yellow = Medium: Somewhat likely to occur, these risks come with slightly more serious
consequences. If possible, take steps to prevent medium risks from occurring, but
remember that they are not high-priority and should not significantly affect organization
or project success.
 Orange = High: These are serious risks that both have significant consequences, and are
likely to occur. Prioritize and respond to these risks in the near term.
 Red = Extreme: If any risks appear in the final two red squares labelled 11 or 12, these
are catastrophic risks that have severe consequences and are highly likely to occur.
Extreme risks are the highest priority and need to be mitigated immediately to ensure
survival of the organization or project.

It’s important to address those deemed extreme and high risk by making a response plan.
Meanwhile, those risks that fall into the medium and low categories can often be monitored, but
depending on your teams time and resource limits, these probably don’t need to be addressed.
However, it is important to keep monitoring your risks until the project is complete.

Reasons/Importance of Risk Management to an organization

Everyone has to manage risk

Every organization faces risks. As most business people know well, sometimes risk is inevitable
in order to achieve success.
Risk management makes jobs safer

Health and safety are critical parts of a risk manager’s role. They actively seek out problem areas
in the organization and look to address them. They use data analysis to identify loss and injury
trends and implement strategies to prevent them from reoccurring. This clearly benefits
employees in physical work environments, such as construction, but can also help office
employees and those in similar positions through methods such as ergonomics. A safer
workplace is better for everyone and is dramatically impacted by risk management.
Risk management enables project success
No matter the department, risk managers can help employees succeed with their projects. Just as
they assess risks and develop strategies to maximize organizational success, they can do the
same for individual projects. Employees can reduce the likelihood and severity of potential
project risks by identifying them early. If something does go wrong, there will already be an
action plan in place to handle it. This helps employees prepare for the unexpected and maximize
project outcomes.
Risk management reduces unexpected events

Most people don’t like surprises, especially when it has an organizational impact. A risk
manager’s goal is to map out all potential risks and then work to prevent them or best manage
them.
Risk management creates financial benefits

The risk department should not be viewed as a cost centre for the organization. In fact, it directly
creates value. With trend analysis, risk managers can spot high-frequency events and work to
minimize repetitive losses. Incidents will be less likely to occur and have less of an impact when
they do, potentially saving the organization thousands if not millions of dollars. Risk managers
are also the experts who procure the appropriate levels of insurance to maximize the financial
impact of the risk management program.
Risk management saves time and effort

Employees at all levels spend time submitting data into the risk management department when
incidents occur. These tasks are often completed in disjointed and inefficient ways. By
streamlining these tasks, the risk department is able to alleviate the burden of tedious data
submission from employees, allowing them to direct time and energy towards their true roles.
Risk management improves communication

Horizontal and vertical communication are essential for organizational and employee well-being.
They promote understanding of internal and external issues and help everyone work together
effectively. While many employees know this, it can be difficult to put into practice if some
parties don’t understand the impact it can have. Risk managers can help. They aid horizontal
communication by providing a centralized touch point for all risk data and providing reports and
analysis. Risk managers promote vertical communication by setting expectations and relating
data to organizational goals. Each additional method of communication benefits employees.
Risk management prevents reputational issues

Many risks involve a reputation factor: something happens that causes the public to negatively
view the organization. Reputational issues could impact individual employees as well, even if
they weren’t actually involved. A formal risk department greatly decreases the likelihood of this
fallout. When an incident inevitably occurs, a formal risk management program and processes
will quickly contain the event and lower the chance of escalation and widespread negative
consequences.
Risk management benefits culture

A strong risk management culture is better for all parties: frontline employees, risk managers,
executives, and decision-makers. It creates a mind-set of prevention and safety that permeates
the organization and influences the actions of employees. It sets expectations of performance and
sends a positive image to the public.
Risk management guides decision-making

Decision-making is a challenging process, especially when making significant choices that will
have a large impact on future success. Risk management data and analytics can guide employees
in making wise strategic decisions that will help meet and exceed company objectives. They can
also advise on the strengths and weaknesses of a decision alternative and provide
recommendations on what risks to pursue and which to avoid. The risk department is an
excellent source of guidance for employees in all areas.

Principles of Risk Management

There are specific core principles in regards to risk management. When looking to perform an
actual risk assessment, the following target areas should be part of the overall risk management
procedure (as defined by the International Standards Organization; ISO):

 The process should create value

 It should be an integral part of the organizational process
 It should factor into the overall decision making process
 It must explicitly address uncertainty
 It should be systematic and structured
 It should be based on the best available information
 It should be tailored to the project
 It must take into account human factors
 It should be transparent and all-inclusive
 It should be dynamic and adaptable to change
 It should be continuously monitored and improved upon as the project moves forward

Techniques of Managing Risks

Once risks have been identified and assessed, all techniques to manage the risk fall into one or
more of these four major categories:

 Avoidance (eliminate, withdraw from or not become involved)

 Reduction (optimize – mitigate)
 Sharing (transfer – outsource or insure)
 Retention (accept and budget)

Risk avoidance

This includes not performing an activity that could present risk. Refusing to purchase a property
or business to avoid legal liability is one such example; avoiding airplane flights for fear of
hijacking. Avoidance may seem like the answer to all risks, but avoiding risks also means losing
out on the potential gain that accepting (retaining) the risk may have allowed. Not entering a
business to avoid the risk of loss also avoids the possibility of earning profits. Increasing risk
regulation in hospitals has led to avoidance of treating higher risk conditions, in favor of patients
presenting with lower risk.
Risk reduction

Risk reduction or "optimization" involves reducing the severity of the loss or the likelihood of
the loss from occurring. For example, sprinklers are designed to put out a fire to reduce the risk
of loss by fire. This method may cause a greater loss by water damage and therefore may not be
suitable. Acknowledging that risks can be positive or negative, optimizing risks means finding a
balance between negative risk and the benefit of the operation or activity; and between risk
reduction and effort applied. By effectively applying Health, Safety and Environment (HSE)
management standards, organizations can achieve tolerable levels of residual risk

Risk Transfer

This may simply mean sharing with another party the burden of loss or the benefit of gain, from
a risk, and the measures to reduce a risk. For example, a personal injuries insurance policy does
not transfer the risk of a car accident to the insurance company. The risk still lies with the policy
holder namely the person who has been in the accident. The insurance policy simply provides
that if an accident (the event) occurs involving the policy holder then some compensation may be
payable to the policy holder that is commensurate with the suffering/damage.
Risk retention

Risk retention involves accepting the loss, or benefit of gain, from a risk when the incident
occurs. Risk retention is a viable strategy for small risks where the cost of insuring against the
risk would be greater over time than the total losses sustained. All risks that are not avoided or
transferred are retained by default. This includes risks that are so large or catastrophic that either
they cannot be insured against or the premiums would be infeasible. War is an example since
most property and risks are not insured against war, so the loss attributed to war is retained by
the insured. Also any amounts of potential loss (risk) over the amount insured are retained risk.
This may also be acceptable if the chance of a very large loss is small or if the cost to insure for
greater coverage amounts is so great that it would hinder the goals of the organization too much.

Risk mitigation involves development of mitigation plans designed to manage, eliminate, or

reduce risk to an acceptable level. Once a plan is implemented, it is continually monitored to
assess its efficacy with the intent of revising the course-of-action if needed.
The most appropriate strategy is selected from these mitigation options:

 Risk Avoidance
 Rick Controlling
 Risk Transfer/Sharing
 Risk Assumption
Learning Activities

1. Knowledge Learning activity Special instructions

 Identifying business risks The trainee to visit o Prepare assessment
 Analyzing risk scenarios a nearby tools
 Preparing risk assessment supermarket and o Seek proper
matrix identify the business authorization
 Classifying risk risks there, analyse 1. Present the information
perspectives the risk scenarios in power point
and prepare a risk identifying all the areas
assessment matrix, of Assessing Business
classifying the risk Risks
perspectives

Self-Assessment
In this instance you are provided with a case study for your use. Study the case and answer the
questions below.
Lians Complex Ltd runs a supermarket at Marsabit town. The business sells household goods,
clothing and motor bike spares. However, the business has been recording marginal profits for
the last 3 months. As the business manager you are required to advice the management on the
methods to use to gather information during risk assessment for the business.

1) Define Business Risk.

2) What are the five classifications of business risk?
3) What are the two major risks scenarios?
4) Name two theories of risk management?
5) What is a risk assessment matrix?
6) Outline five steps in risk management process?
7) Explain four techniques of managing risk?
8) List any five importance of risk management to an organization.

Tools, Equipment, Supplies and Materials

 Computer
  Tablet
 Internet connectivity
 Stationery
 Format templates
 Case studies

References

 Dorfman, Mark S. (2007). Introduction to Risk Management and Insurance (9 ed.).

Englewood Cliffs, N.J: Prentice Hall. ISBN 978-0-13-224227-1.
 Jolly, Adam (2003). Managing Business Risk: A Practical Guide to Protecting Your
Business. Kogan Page Limited. pp. 6–7. ISBN 0-7494-4081-3.
 Miles, D. Anthony (2011). Risk Factors and Business Models: Understanding the Five
Forces of Entrepreneurial Risk and the Causes of Business Failure. Dissertation.com.
p. 1. ISBN 978-1-59942-388-3.