Question 1

Potential Income 6 400 000,00

Loan 5 000 000,00

Total Income 11 400 000,00

Expenses 8 878 440,00

Next Income (BT) 2 521 560,00

Tax @28% 706 036,80

Net Income (AT) 1 545 523,20

1
Question 2

No Risk factors Risk exposure and consequences Mitigation measures

1 External risk Another potential threat to this Mr Baloyi must consider the insurance
business is the exposure to road that will cover trucks and trucks driver
accidents involving the trucks and the for legal costs.
risk must be considered.

2 People Unskilled employees may result in Employees must undergo proper training
business objectives not achieved due by skilled professionals’ workers so that
to) staff falling ill, taking leave, they acquire proper skills needed by the
scarcity of skills. business.

3 External risk Non-delivery of cement on specified Insurance against accidents, 3rd party
times due to strikes at factories and cover against non-delivery.
road accidents resulting in penalties.

4 External Trucks may be stolen thus negative • Trucks should be kept in a safe
events impact to the business environment with (24/7) security.
• Install security tracking devices
in the trucks in case they get
stolen or misuse by staff
5 Processes Trucks may not be serviced at regular Install a system to monitor and report
intervals which may result in them not when a truck is due for a service.
available when needed for delivery/
business

6 Systems Failure to monitor trucks in terms of its A proper system in place is needed to
fuel usage, the oil services and the monitor the trucks in terms of fuel
kilometres travelled, could lead to usage, kilometer travelled, to ensure that
serious problem when the service of the trucks are serviced when it is due.
trucks are due.

2
Question 3

3.1 Inherent risk rating

Risk description Risk ID LIKELIHOOD IMPACT Probability

SCALE SCALE (LxI)
Non-delivery A 2 3 6
Unskilled B 3 3 9
employees
Unavailability of C 3 3 9
diesel
Trucks stolen D 2 3 6

3.2 Residual risk rating

Risk description Risk ID LIKELIHOOD IMPACT Probability

SCALE SCALE (LxI)
Non-delivery A 1 3 3
Unskilled B 2 3 6
employees
Unavailability of C 1 3 3
diesel
Trucks stolen D 1 3 3

After the proper training is done the risk of unskilled employees the likelihood will move from
the 3 to 2 and the impact scale will remain the same.

when the proper system has been put on place to monitor the trucks, the likelihood will move
from the 2 to 1 and the impact scale will remain the same.

The non-delivery of cement likelihood will move from 2 to 1 if the management decide whether
to terminate or avoid the risk.

Question 4

4.1

Risk quadrant Examples of losses Possible decision that can be

3

High frequency/high severity
High frequency/low severity
Low- frequency/high severity
Low frequency/low severity
4.2
(Severity
Impact)
High
These losses are usually linked to Avoid the business and risk.
a specific business. For example,
Non-delivery of cement due to
strike. Management should decide
if this risk should be avoided.
Work not done properly due to
unskilled employees.
losses resulting from
example truck stolen
Unavailability of diesel
4
taken
Internal controls should be place.
More training is required.
theft Third party insurance. The
business should consider third
party insurance so that it covers
itself against such risks in future.
Accept as operating. The business
should just accept these losses as
normal operating losses because
their impact is insignificant to the
back.
 Truck stolen Non-delivery of cement due to strike.
Third party insurance Avoid the risk
(Transfer) (Terminate)
Unavailability of diesel Unskilled workers
Accept the risk Control the risk
(Tolerance) (Treat)

Low frequency /probability

high

Non-delivery of cement due to strike category falls in the high-frequency/ high-severity

quadrant, management should decide if the business exposed to these potential losses should be
avoided, Since non-delivery of cement will have catastrophic consequences to business.

Unskilled workers category falls in the high frequency/low severity quadrat, the exposure can be
controlled in the internal controls and internal mitigating measures. If employees do not have
appropriate skills the business activities will not be performed.

The effect of losses in the low frequency/high severity quadrant can be minimized by means of
say third party insurance. Like truck stolen business can minizines the risk by mean of third-
party insurance.

Losses in the last quadrant of low frequency/ low severity are usually accepted as part of daily
operation, hence the proper training will be provided as this can lead to task been unproperly
done.

Section B

Question 5

5
(Young, 2015) Risk reporting is an important features of risk management to successfully
communicate to various risk information to stakeholders.

Loss history

The losses of data for internal and external are involved in the loss history methodology to
identify risks that are based on the events that happened previously which can be used to manage
or avoid similar risks incidents. (Young, 2015) Clarify that internal and external data deliver the
historical base for examining risk and quantification for operational losses. Total losses and
mean average are primary objectives of report and important for statistics. Daily reporting is vital
hence it includes relevant external losses, news associated to regulation and competitors that may
stimulate interest. The inherent risk of an organization can be determined by the input from the
report on loss data once collecting the risk register. Incident report can be obtained from
information, reflecting the details of a loss that occurred.

Risk and control self-assessments (RCSA)

According to Young (2014), This is the methodology that uses the lowest process to measure the
operational risks. Business areas are completed by self-assessments and consolidated to deliver a
qualitative profile of risk through the business and associated action items. The outcomes are
transmitted though risk maps, graphics results.(Young, 2015) The identification and assessment
of the inherent risk includes the self-assessment and current control procedures to control the
residual risk that are upcoming accomplished. The potential future risks are method that should
be managed and the consequences of the RCSA must be reported into the risk register.

Key Risk Indicators (KRIs)

The identification of KRIs can result from the RCSA procedure and must be achieved on a daily
basic to concentrate on the current risk exposures and to assist as an initial warning of a potential
risk incident to management. According to (Young, 2015) key risk indicators may also be
reported, including related growth criteria, clarifications of any extremes and identified trends.
Risk register can control KRIs and achieve the status of the current risks to serve early warning
of possible loss incidents. The consolidated report procedure and risk information can be used to
determine the operational risk profile.

6
Scenarios

The opinions of skilled, concerns and the experience are involved in the scenarios to identify the
roles of the organization to get the potential threat and exposures for the organization. (Young
2014). The future of penitential risks is included in the input of risk register report. There are
several ways to confirm the reporting action and to protect against the danger of creating
valueless reports hence, scenarios can be utilized to find out the previous and the future risk
exposures, resulting in a risk register and incidents reports. It is authoritative to openly describe
the procedures which will guarantee the consolidate operational risk reporting approach. The risk
profile is vital for results of the risk management procedures and could assist an input for many
activities in the business planning process and the view of the organization operational risks.

Question 6

7
(Blunden and Thirlwell, 2010) Risk appetite describes the types and grade of operational risk
that an organization is organized to experience.

Inserting a risk management culture which should include the setting of risk appetite.

Ensuring that risk management forms an integral part of the strategy planning process.

Monitoring the progress of achieving business objectives within the set tolerance levels of the
risk appetite statements.

Approving of any charges in the tolerance levels of the risk appetite statements.

The role and responsibility of top management is to ensure that risk management forms part of
the strategy planning process.

periodically assess the effectiveness of its operational risk governance practices and oversight.

determine that senior risk executives are qualified, and fit and proper to manage operational risk.

provide oversight of operational risk, and question and insist upon straightforward explanations
from senior management.

make sure the information it receives is appropriate and of sufficient quality to support and not
hinder its risk oversight role.

receive on a timely basis sufficient information to judge the performance of senior management
regarding operational risk, using the work conducted by the internal audit function, external
auditors, and the various internal control functions.

References
8
Blunden, T. and Thirlwell, J. (2010) Mastering Operational Risk. Available at:
https://books.google.com.mt/books/about/Mastering_Operational_Risk.html?
id=DiFyRAAACAAJ&pgis=1.

Young, J. (2015) ‘Guiding criteria for operational risk reporting in a corporate environment’,
Corporate Ownership and Control, 13(1CONT10), pp. 1241–1256. doi:
10.22495/cocv13i1c10p10.

Appendix

9
10
11