SEMESTER: FALL 2024

LECTURER: DR. JOHN MIRICHII

GLG 4045 A: RISK MANAGEMENT

666484: JEMIMMA C. WAMBUI WANDUTU

ANSWER BELOW QUESTIONS BASED ON THE VIDEO WATCHED

1) Mention and briefly describe the risks identified

2) State the mitigation strategies proposed

3) Key issues identified as potential risks identified in the examples

4) Mitigation measures put in place in the examples

 The Risks Identified
In the modern interconnected and rapidly evolving business environment, risks arise from
various sources and can have widespread implications for operations, finances, customer
satisfaction, and long-term sustainability. The video identifies six types of risks, each with its
own characteristics, potential impacts and demand specific responses. Below is an extensive
exploration of these risks:

1. Financial Risk
Financial risk is one of the most prevalent and potentially destabilizing risks faced by businesses.
It pertains to uncertainties surrounding financial outcomes, such as changes in interest rates,
currency fluctuations, inflation, credit defaults, and more. Businesses with substantial debt are
especially vulnerable to financial risk. For example, when interest rates rise, the cost of
borrowing increases, which can lead to decreased profitability. Fluctuating currency values can
similarly impact companies engaged in international trade, potentially lowering revenue when a
strong local currency diminishes the value of foreign income. It also encompasses credit risk,
where clients or counterparties may fail to fulfill their financial obligations. In sum, financial risk
threatens cash flows stability, investments value and overall profitability of a business.
Effectively managing this risk requires constant financial monitoring, the use of hedging
instruments, and prudent financial planning to ensure that businesses can maintain steady
performance even in volatile markets.

2. Operational Risk
Operational risk originates from internal disruptions that can arise from equipment failures,
supply chain disruptions, human errors, or unanticipated incidents within the production and
service processes. Operational risks are significant because they directly impact productivity,
product quality, and customer satisfaction. For example, in manufacturing, a company that relies
on a single supplier for critical parts faces severe risk if that supplier fails to deliver due to a
natural disaster, strike, or other unforeseen event. This risk also encompasses internal issues,
such as equipment malfunctions, inadequate staffing, or process inefficiencies that can interrupt
the flow of operations. The consequences of operational risk are often tangible and immediate,
potentially leading to lost revenue, reduced customer satisfaction, and damage to brand
reputation. Successful management of operational risk requires robust contingency plans,
diversified supplier networks, efficient equipment maintenance, and staff training to minimize
errors.

3. Legal and Regulatory Risk

With increasingly complex regulatory landscapes, legal risks have become more prominent.
These risks arise from the possibility of changes in laws or regulations—such as those related to
labor, environmental standards, tax policies or data protection—that may affect firm’s ability to
operate effectively. Heavily regulated industries like healthcare, finance and energy, face
heightened exposure to this risk. Compliance failure can result in legal liabilities, fines and
reputation damage, further impacting customer trust and financial performance. Managing legal
and regulatory risk demands a proactive approach to monitoring changes in legislation, regularly
reviewing compliance measures, and implementing robust internal policies to adhere to legal
requirements.

4. Reputational Risk
Reputation is one of a company’s most valuable assets, and reputational risk involves any events
that could tarnish a company’s public image, customer perception, or investor confidence.
Negative media coverage, customer complaints, product recalls, or data breaches are just a few
examples that can lead to reputational damage. For instance, a food company that experiences a
product recall due to contamination may find that its customers are reluctant to trust the safety
and quality of its products. Reputational risk can also arise from unethical practices or
environmental missteps, which may provoke backlash and diminish brand loyalty. Its
consequences are extensive, as they affect not only current sales but also long-term customer
relationships and market positioning. Effective reputational risk management involves strong
crisis communication strategies, adherence to ethical standards, and proactive customer service
practices.

5. Strategic Risk:
Strategic risks are closely linked to a company’s overarching goals and long-term plans. They
stem from uncertainties associated with decisions around expansion to new markets, new
products or pursuing mergers and acquisitions. Not investing in research and development for a
new product risks failure if the product does not meet market expectations or it falls short of
revenue goals. The implications are significant, as they can influence long-term growth,
sustainability and competitive edge. Managing strategic risk requires thorough market analysis,
scenario planning, and constant reassessment of goals to ensure alignment with current market
conditions and customer needs.
6. Cybersecurity Risk:
In the digital age, cybersecurity risk has become one of the most pressing challenges. It arises
from potential cyberattacks, like hacking, phishing or malware, that can compromise the
confidentiality, integrity, and availability of data. A data breach not only exposes sensitive
customer information but also damages brand reputation and can lead to costly legal
repercussions. Cybersecurity risk is unique in that it continuously evolves, with new threats
emerging as technology advances. Managing cybersecurity risk involves a combination of
technical defenses, employee training on digital safety, and rigorous security policies that
safeguard data and prevent unauthorized access.

The Mitigation Strategies Proposed

Mitigating risk requires a systematic approach to identifying, assessing, and managing potential
issues. The video outlines a structured series of steps to ensure that risks are effectively
addressed, each serving as a pillar in risk management framework, supporting a firm’s ability to
identify and respond to challenges proactively. Here’s an expanded exploration of these
mitigation strategies:

1. Identifying Potential Risks

This first step in risk management is a thorough identification of internal and external risks that
could impact operations. It involves evaluating threats from various angles, including market
volatility, supply chain vulnerabilities, regulatory changes, and cybersecurity threats. By
mapping out all conceivable risks, businesses lay the groundwork for a comprehensive risk
management strategy. Effective risk identification involves cross-functional collaboration,
ensuring input from departments such as finance, operations, and IT. Advanced risk
identification tools, like risk assessment matrices and SWOT analysis, can also help in
documenting these risks systematically.

2. Assessing Risks
Next step is evaluating each identified risk based on likelihood and potential impact. Assessment
phase requires a nuanced understanding of both quantitative and qualitative factors, estimating
the probability of occurrence and projecting the consequences if the risk materializes. For
financial risks, this might mean analyzing past trends and market forecasts, while operational
risks may require examining reliability of machinery or suppliers. By assigning risk rating,
companies can better understand which risks are most critical and prioritize their mitigation
efforts accordingly.
3. Prioritizing Risks
Given that resources are finite, businesses must prioritize risks according to their severity. This
step involves ranking identified risks based on their potential impact on the organization’s
objectives. By focusing on most severe risks first, companies can ensure that their resources are
allocated where they will have the greatest effect. Risk prioritization tools, such as risk heat
maps, are useful in visualizing which risks pose the highest threat and thus require immediate
attention. This strategic focus allows businesses to manage their most significant vulnerabilities
effectively.

4. Developing Mitigation Strategies

Developing a response plan for each prioritized risk is essential. It might include implementing
controls to reduce risk likelihood, such as diversifying suppliers to mitigate supply chain risks or
using financial hedging to manage currency fluctuations. Other strategies may involve
contingency planning, where companies prepare response protocols for when risks materialize.
For example, a firm concerned about cybersecurity might invest in advanced firewall, data
encryption and incident response teams as part of mitigation plan. Developing mitigation
strategies requires alignment with company goals and collaboration across departments to ensure
that all contingencies are covered.

5. Implementing Strategies
Effectiveness of a risk management plan depends on its execution. Once strategies are
developed, they must be seamlessly integrated into day-to-day operations. This may involve
updating standard operating procedures, providing employee training, and ensuring that all
relevant teams understand their roles in risk management. Implementing strategies successfully
means embedding them in the organizational culture, where employees are consistently vigilant
and prepared to respond to potential risks. Training employees in areas like cybersecurity
awareness or operational protocols is essential to make sure that they can follow and execute the
risk strategies effectively.

6. Monitoring and Reassessing Risks

Risk management is not a one-time activity but a dynamic, ongoing process. As the business
environment evolves, so do the risks. Monitoring and reassessing risks involve reviewing current
mitigation measures and adjusting strategies to adapt to new conditions. For example, changes in
regulations or market shifts may necessitate an update in financial risk strategies, while
technological advances could impact cybersecurity protocols. Regular risk assessments, audits,
and risk management reviews ensure that the organization remains prepared and that its risk
management framework evolves with the changing landscape.

7. Communicating Risks
Communication helps maintain transparency and trust among stakeholders, such as management,
employees, investors, and customers. A clear framework ensures all relevant parties are aware of
potential risks, steps taken to mitigate and any updates to risk management strategy. Regular risk
communication also helps in managing expectations and building confidence among investors
and customers, who appreciate knowing the company is actively managing potential challenges.
This involves establishing channels for timely reporting and discussion of risk-related
developments, as well as ensuring everyone in the organization understands the role they play in
managing risks.

Key Potential Risks and Mitigation in the Examples

The video provides two detailed real-world examples of risk management from Zoom and Ford,
illustrating specific risks and challenges. Let us discuss the potential risks presented in each.
 Zoom's Risk Issues during the Pandemic (2020):
The video provides valuable insights into Zoom’s response to a sudden increase in demand
during the COVID-19 pandemic. The platform’s rapid growth in users led to multiple potential
risks across security, infrastructure, and customer experience, requiring Zoom to act swiftly and
decisively. Below, I discuss the specific risks Zoom identified during this period.

1. Infrastructure Load and Scalability Risks

In COVID-19 pandemic, Zoom saw an unprecedented surge in demand as businesses, schools,
and individuals worldwide shifted to remote communication. This rapid user increase strained
Zoom’s infrastructure, thus platform might become overloaded risks, leading to service
disruptions and compromised user experience. Infrastructure overload can result in poor call
quality, lagging video streams, dropped connections, and general system instability. For a
platform like Zoom, known for its seamless communication, any failure to manage the
infrastructure load would risk eroding customer trust and damaging its reputation as a reliable
virtual communication provider.
2. Security and Privacy Risks
As the user base expanded exponentially, security vulnerabilities became a central concern.
Zoom had initially been designed for corporate environments where IT teams could configure
secure setups, but as it became widely used for personal and educational purposes, it encountered
new security challenges. Key risks included unauthorized access, "Zoombombing" (where
uninvited participants disrupt meetings) and potential data breaches. This posed operational and
reputational risks, as Zoom risked losing users if it could not safeguard their data and provide a
secure platform. Scrutiny from regulators and media also intensified pressure to address security
issues promptly.

3. User Experience and Platform Usability Risks

With a diverse user base, including individuals unfamiliar with virtual meeting technology,
Zoom faced the challenge of ensuring a positive and accessible user experience. There was a risk
that the influx of inexperienced users could lead to confusion, misconfiguration, and frustration,
ultimately impacting user satisfaction and retention. For Zoom, which relies on ease of use as a
competitive advantage, ensuring an intuitive user interface and a streamlined experience was
essential to maintain its reputation and competitive edge in the growing video conferencing
market.

4. Customer Support and Adaptation Risks

The rapid increase in users created significant demands on customer support infrastructure, with
Zoom needing to respond quickly to questions, concerns, and technical issues. Limited support
capacity could lead to delayed responses, lower satisfaction, and the potential for user
complaints. Zoom’s reputation hinged not only on the platform’s functionality but also on its
ability to provide timely support for users adapting to new technologies. Failure to meet
customer expectations in support services could have damaged Zoom’s brand and driven users
toward competitors.

5. Communication and Trust Risks

With heightened media scrutiny and users relying on Zoom for critical communication,
transparency and proactive communication became essential. There was a risk that any perceived
lack of responsiveness from Zoom’s leadership could erode public trust. This reputational risk
was especially pronounced in light of the heightened expectations around privacy and security. A
transparent and responsive approach to communication was necessary to mitigate this risk and
maintain user confidence during a period of intense public attention.

Mitigation Measures Implemented by Zoom

To counter these risks, Zoom implemented a series of robust mitigation strategies, focusing on
improving infrastructure, enhancing security, upgrading the user experience, expanding support,
and maintaining transparent communication. Here is a comprehensive exploration of each:

1. Scaling Infrastructure to Handle Increased Load

Recognizing its strain on infrastructure, Zoom rapidly expanded its server capacity and
optimized its network to accommodate the growing number of users. This involved investing in
additional data centers, upgrading servers and enhancing load-balancing mechanisms to
effectively distribute traffic thus could handle large volumes of simultaneous users without
compromising performance.
o Impact: This strategic investment in infrastructure allowed Zoom to maintain high-
quality service, reduce connection issues, and prevent server crashes. Users benefited
from a stable, uninterrupted experience, reinforcing Zoom’s reputation for reliability.
The upgrades were essential to handling peak usage times, ensuring schools,
businesses and families could continue to rely on Zoom without fear of technical
disruptions.

2. Enhancing Security and Privacy Measures

In response to rising concerns over security, Zoom introduced several critical security
enhancements, including end-to-end encryption, improved password protection and waiting
rooms for meetings. These changes gave hosts more control over who could access meetings,
reducing incidents of Zoombombing and unauthorized entry. Zoom also made it easier for hosts
to manage participants, mute disruptive attendees, and control screen-sharing permissions.
o Impact: By addressing security vulnerabilities head-on, Zoom mitigated significant
reputational risk and reassured users that their data was secure. These measures were
especially important in regaining trust among users in sectors with strict privacy
requirements, such as education and healthcare. The addition of waiting rooms and
better control over participants created a safer virtual environment, allowing users to
engage confidently without concerns over unwanted interruptions.
3. Improving User Experience and Platform Usability
Zoom focused on making the platform more user-friendly, particularly for individuals who were
unfamiliar with virtual meeting tools. It introduced intuitive features such as virtual backgrounds,
breakout rooms, and integrations with third-party applications to enhance the user experience.
The goal was to create a platform that could serve both personal and professional needs
seamlessly. Zoom also invested in user interface improvements to ensure that features were
easily accessible, even to those with limited technical expertise.
o Impact: These user experience enhancements helped Zoom retain its competitive
advantage as a simple, versatile platform. By adding features like virtual backgrounds
and breakout rooms, Zoom provided tools that catered to the diverse needs of its
 users, from professional meetings to social gatherings. A well-designed and
accessible user interface contributed to customer satisfaction, making Zoom the go-to
platform for individuals and organizations alike.

4. Expanding Customer Support and Training Resources

To manage the influx of new users and increased demand for support, Zoom significantly
expanded its customer support capacity. This involved hiring additional support staff, improving
response times, and providing a variety of training resources, including tutorials, user guides, and
webinars. Zoom created detailed documentation and video walkthroughs to help users maximize
the platform’s potential and troubleshoot issues independently.
o Impact: By investing in customer support, Zoom improved user satisfaction and
minimized frustration among its new and existing user base. This helped
organizations, educators and individuals quickly adapt to platform. Also, self-help
resources allowed users to solve common issues on their own, reducing the overall
load on support staff and enhancing the company’s ability to respond to more
complex inquiries promptly.

5. Proactive Communication and Transparent Leadership

Zoom’s leadership, including the CEO, engaged in proactive and transparent communication
with stakeholders. It publicly acknowledged its challenges and communicated the steps it was
taking to improve security, scalability and usability. The open approach included regular updates
on security improvements, policy changes and service enhancements, fostering trust and
accountability.
o Impact: Transparent communication was critical in maintaining public confidence
during a period of rapid growth and scrutiny. By being open about its challenges and
responsive to user concerns, Zoom managed uphold brand reputation and demonstrate
a commitment to continuous improvement. This was valuable as it reinforced Zoom’s
credibility in a time of heightened security and privacy expectations, especially in
sectors like healthcare and education, where trust in digital tools is paramount.

6. Continuous Monitoring and Adaptation of Risk Management Strategies

Zoom’s approach to risk management was iterative, involving continuous monitoring and
adaptation: regularly assessed user feedback, conducted security audits, and collaborated with
security experts to identify and address emerging risks. This process allowed Zoom to respond
proactively to new challenges and maintain the effectiveness of its mitigation strategies.
o Impact: By embedding continuous monitoring into its risk management framework,
Zoom was able to stay ahead of potential issues and make timely improvements. This
adaptability allowed to keep up with evolving user needs and technological changes,
ensuring security, infrastructure, and support measures remained relevant and
effective. This proactive approach helped maintain service quality and customer
satisfaction over the long term, reinforcing Zoom’s position as a trusted leader in
video conferencing.

Conclusion
Zoom’s response to the challenges posed by the pandemic highlights a proactive, multi-layered
approach to risk management that allowed them to scale successfully while maintaining user
trust and satisfaction. The issues identified—ranging from infrastructure load to privacy
concerns, user experience and customer support—required comprehensive strategy for service
continuity and reliability. Through robust infrastructure investment, rigorous security upgrades,
user experience improvements, expanded customer support and open communication, it was able
to effectively mitigate these risks. Zoom’s ability to address both immediate operational needs
and long-term strategic goals showcases the company’s commitment to risk management and
adaptability. The measures taken not only helped Zoom navigate the peak of the pandemic’s
challenges but also reinforced its resilience and positioned it as a reliable communication
platform for the future.

Ford's Challenges with the Semiconductor Shortage (2021):

Ford’s case is an insightful example of managing unforeseen operations disruptions. The
pandemic disrupted supply chains globally, creating a severe shortage of semiconductor chips—
an essential component for modern vehicles, particularly those with advanced electronics. The
shortage threatened production, market share and profitability. Below is a deep dive into the
specific risks Ford identified and the extensive mitigation strategies it deployed to navigate the
crisis.

Key Issues Identified by Ford as Potential Risks

1. Production Delays and Reduced Output
Ford relies heavily on semiconductor chips for the production of both essential and non-essential
systems in its vehicles. With the shortage, there was a significant risk that the company would
not be able to produce cars at the required pace. This disruption could lead to:
o Delays in fulfilling customer orders.
o Temporary or long-term halts in production at certain facilities.
o Missed sales targets and loss of revenue due to the inability to meet market demand.
2. Loss of Market Share to Competitors
The automotive industry is highly competitive, with companies racing to meet demand for
popular models. If Ford failed to maintain its production schedule, customers could turn to
competitors with better inventory management. This posed a direct threat to its position in the
market, especially for high-demand models like the F-150 pickup truck.

3. Dependency on a Limited Number of Suppliers

Ford identified that a significant portion of its chip supply came from a small number of
specialized suppliers. The reliance on a narrow supply base heightened the company’s
vulnerability to supply chain disruptions. If these key suppliers faced issues, such as pandemic-
related shutdowns or production backlogs, Ford’s operations would be adversely affected.

4. Inability to Meet Demand for Electric Vehicles (EVs)

With the shift toward electric vehicles (EVs), Ford’s investment in models like the Mustang
Mach-E was at risk. The production of EVs relies heavily on advanced chips for features such as
power management, infotainment systems, and safety technologies. A shortage of these
components could slow Ford’s transition to the EV market and damage its reputation as a
competitive player in the rapidly evolving automobile industry.

5. Inventory Build-up of Incomplete Vehicles

Another significant risk was that Ford would have to produce vehicles without the necessary
chips, leading to a backlog of partially completed cars. Managing this incomplete inventory
would require additional storage, logistical coordination, and the challenge of retrofitting
vehicles later once chips became available. This created both financial and operational risks.

6. Long-Term Vulnerability to Future Supply Chain Shocks

Beyond the immediate crisis, Ford identified that the chip shortage exposed a deeper issue: a lack
of resilience in its supply chain. The company faced the risk of future shortages if it did not
diversify its suppliers and build more robust production networks. The situation highlighted the
importance of strategic planning for supply chain continuity.

Mitigation Measures Implemented by Ford

Ford adopted multi-pronged approach to mitigate the semiconductor chip shortage, focusing on
both short-term solutions to maintain production and long-term to build supply chain resilience.
It employed several strategies, balancing immediate operational needs with future preparedness.

1. Prioritizing the Production of High-Demand Models

Ford chose to focus production on its most profitable and popular vehicles, such as the F-150
pickup truck and the Mustang Mach-E electric vehicle. These models are core to Ford’s brand
identity and revenue stream, and meeting demand for these vehicles was critical to maintaining
market share and customer loyalty. By prioritizing these models, Ford could optimize the limited
supply of semiconductor chips.
o Impact: This strategy allowed Ford to meet demand for its best-selling vehicles while
minimizing revenue losses. It also maintained customer confidence, as buyers could
still access the most sought-after models despite the industry-wide chip shortage.

2. Producing Partially Completed Vehicles

In an innovative move, Ford decided to manufacture vehicles without certain non-essential chips,
delivering these cars to customers more quickly and retrofitting the missing components later
when chips became available. This approach ensured that production lines remained active and
that customers did not face indefinite delays in receiving their vehicles.
o Impact: While not an ideal solution, this strategy allowed Ford to avoid complete
production halts. It also ensured that vehicles were available in dealerships,
preventing customers from turning to competitors. Retrofitting, though costly, was a
manageable trade-off compared to the potential losses from shutting down assembly
lines entirely.

3. Exploring and Diversifying Alternative Suppliers

Ford took proactive steps to diversify its supply base by identifying and engaging with additional
semiconductor manufacturers. This strategy aimed to reduce the company’s reliance on a limited
number of suppliers and mitigate the risk of future shortages.
o Impact: Expanding supplier network increased Ford’s access to critical components,
creating a buffer against future disruptions. Although this strategy required time and
investment, it was a necessary step to build long-term resilience in Ford’s supply
chain.
4. Making Long-Term Investments in Domestic Chip Production
Recognizing the strategic importance of semiconductor chips, Ford collaborated with other
stakeholders to invest in new chip manufacturing facilities. This initiative aimed to increase
domestic chip production capacity, reducing Ford’s dependence on overseas suppliers.
o Impact: This long-term investment reflected a broader shift in the industry toward
supply chain localization. By supporting domestic production, Ford not only reduced
its future vulnerability but also contributed to broader efforts to strengthen the
automotive sector’s supply chain infrastructure.

5. Adjusting Production Schedules and Enhancing Communication with Dealers

Ford maintained close communication with its network of dealerships to manage customer
expectations. Adjusting production schedules and keeping dealers informed about potential
delays helped the company maintain transparency with both its customers and business partners.
 o Impact: Transparency mitigated reputational risks by ensuring that customers and
dealers were not caught off guard by delays. Managing expectations effectively also
preserved customer relationships, reducing the likelihood of brand damage.

6. Fostering Collaboration with Government and Industry Partners

Ford worked closely with government agencies and industry partners to address the structural
issues causing the semiconductor shortage. By participating in collaborative efforts, Ford
positioned itself as a proactive industry leader.
o Impact: This collaboration not only helped in the short-term crisis but also paved the
way for more coordinated responses to future supply chain challenges. It reinforced
Ford’s commitment to sustainable operations and industry resilience.

Conclusion
Ford’s response to the semiconductor chip shortage illustrates how a company can manage
complex risks through a combination of short-term tactical measures and long-term strategic
planning. The risks identified—production delays, loss of market share, supplier dependency,
and inventory challenges—posed significant threats to the company’s operations. However, by
prioritizing high-demand models, producing partially completed vehicles, diversifying suppliers,
and investing in domestic production, Ford was able to navigate the crisis effectively.
The company's ability to adapt to the crisis while maintaining transparency with customers and
dealers reflects a mature risk management approach. Moreover, Ford’s investments in domestic
chip production and supply chain diversification demonstrate a forward-thinking strategy that
will help mitigate similar risks in the future. This case serves as an excellent example of how
companies must balance immediate problem-solving with long-term resilience planning to thrive
in uncertain environments. Through these mitigation measures, Ford not only minimized the
impact of the chip shortage on its current operations but also positioned itself as a more resilient
and adaptable organization for the future.