Universiti Utara Malaysia School of Economics, Finance and Banking A211 - 2021 / 2022 Bwrr5073 Risk Assessment & Decision Making

UNIVERSITI UTARA MALAYSIA
SCHOOL OF ECONOMICS, FINANCE AND BANKING
A211 - 2021 / 2022
BWRR5073 RISK ASSESSMENT & DECISION MAKING

_____________________________________________________________
RISK ASSESSMENT PORTFOLIO
For
FINANCIAL INSTITUTION
Submitted to:
DR. DIARA MD JADI
Submitted by:
Group 5
No. Name Matric No.
1 Prathaban Supramaniam 828381
2 Ong Yan Zhi 828732
3 Menaga A/P Subramaniam 828503
21st November 2021

CONTENT
Page No
1. Table 1: Risk Identification Techniques / Tools Used 1-3
2. Table 2: Risk Identification Summary 4-6
3. Table 3: Risk Control Matrix 7
4. Table 4(i) – Table 4(x): Justifications & Recommendations 8-17
5. References 18-19
6. Appendices
Table 1: RISK IDENTIFICATION TECHNIQUES / TOOLS USED
Tools & Target respondent? What is the information obtained from this
Techniques technique?
Limitation(s) of this technique?
Checklists  Branch Manager The checklist helps the financial institution (FI)
 Regional Manager to identify general and specific money
 Head of AML laundering risks a financial institution is facing,
Compliance determining how these risks are mitigated by a
firm’s Anti Money Laundering (AML) programme
controls and establishing the residual risk that
remains for the FI.
Through the outcomes of the checklist, it helps
FI to identify their weakness in AML compliance
as well as factors that lead to the causes of
failure in AML compliance.
Limitation:
• The questions on the checklist may not be
specific enough.
• Mismatch Can Lead to Damaging
Consequences
• Time Consuming
ICOR Analysis  Information The ICOR technique maps out "Improvements,
Technology (IT) Challenges, Opportunities and Risks" on the
Department targeted department. IT department is
 Business Unit a key function to ensure cybersecurity and
safeguard the customer information
confidentially. Meanwhile, business unit is a
customer facing department, and always get in
touch with external parties, thus, there is the
risk exposure for the business unit intentionally
shared customer information to third parties.
Therefore, we have used the tool to analysis the
department. From the analysis, we get to know
about there is the risk of bank's employee
intentionally shared customer's information to
irrelevant third-party.
Limitation:
• Tends to produce high-level generic risks, not
project-specific.
• Detailed analysis is almost always needed.
• Analysis will be low because tool is highly
subjective and relies on perception of resources
that generated it.
1
ICOR Analysis  Human Resources The ICOR technique maps out "Improvements,
Department Challenges, Opportunities and Risks" on the
 Senior targeted department. The Human Resources
Management Department responsible for managing
 Board of Director organisation's human resources effectively.
Thus, we have used the tool to conduct analysis
on the department and we found out there is
the risk of high attrition and the issue of losing
Key Dependency Staff.
Limitation:
• Tends to produce high-level generic risks, not
project-specific.
• Detailed analysis is almost always needed.
• Analysis will be low because tool is highly
subjective and relies on perception of resources
that generated it.
ICOR Analysis  Directors, ICORs analysis commonly being used for process
 Associate Directors improvements, current challenges, business
 Senior Managers opportunities and top emerging risks that they
 Managers can anticipate. We have used the ICOR
technique to assess on processing and execution
risks.
Limitation:
•This analysis can be impossibly subjective
without the right information. Management
need to ensure right information being fed
during the analysis.
•ICOR creates a one-dimensional model which

categorizes each problem attribute as a
improvements, challenges, opportunities and
risk. As a result, each attribute appears to have
only one influence on the problem being
analysed. However, one factor might be both a
strength and a weakness.
Decision Tree  Senior This method is being used to help determine the
Analysis Management, best course of action wherever there is
 Stakeholders ambiguity in the consequence of possible events
 Group Risk or projected plans (all the relevant risks in the
Management risk table). We have used this analysis to review
the project risk.
Limitation:
• Any small change in the data can lead to a
2
large change in the structure of the optimal
decision tree.
•Hassle to start over when there's slight

changes. Time consuming and can lead to
overfitting of the data.
Brainstorming  Head of the Brainstorming is another common risk analysis
Department technique that widely adopted by many
 Department organizations and we had utilised it to review
Managers third party risk and business continuity risk
 Supervisors
 Senior Admin Limitation:
 Admin •Unable to identify the primary root cause as it
might involves few other factors.
•It might be one sided communication lead by

the HODs rather than collective discussion
SWOT analysis  Board of Directors, To assess an organization's strengths,
 Head of the weaknesses, opportunities, and threats of IT
Department, governance on managing disruption on the
 Head of IT banking system
Department
 Head of Security & Limitation:
Fraud • SWOT analysis failed doesn't provide solutions
 Group Risk or offer alternative decisions on the back of IT
Management disruptions and governance mechanism
• This analysis might generate a large amount of

data, but not all of it is useful or relevant to
mitigate the risk behind system failures and
adequate IT back-up.
Brainstorming  Board of Directors, Planning a strategy is the first stage with team
 Head of the members. Examining publications about the
Department, risks inherent and residually on the back of
 Head of IT fraud risk. Brainstorming was used to determine
Department, the reputational impacts and external and
 Head of Security & internal frauds.
Fraud
 Group Risk Limitation:
Management • Time consuming as this technique will take
time to generate ideas and can take up to few
hours.
• Extroverts or the senior management tend to
dominate group work. This means the more
introverted types or the mid-level executive
often don’t get the chance to speak up
3
• A lots of ideas will be generated but no-one
has thought through how to evaluate those idea
and follow up accordingly.
4
TABLE 2: RISK IDENTIFICATION SUMMARY
Analysis
Likelihood ? Impact ? Risk Note to
Risk Identified Risk Category ? Type of Exposure Score ? Risk Identification Summary Appendix
1 System failures - IT Risk  Financial 3 4 12 The future of financial services organisations is Refer to
failure of IT support,  Reputational being driven by technology, and large firms will Appendix
inability of recovery face growing difficulty in serving clients if they 1
time and insufficient IT fail to measure the importance of systems and
governance. disruption infrastructure correctly and invest effectively
on the bank system. and regulators.
2 Internal Fraud - Staff Fraud Risk  Financial 3 4 12 To Keep the workplace happy and thriving is Refer to
hijacking bank’s  Reputational becoming easier if banks protect it against Appendix
customer bank account internal fraud. Internal fraud can not only cost 2
and processing your firm a lot of money that could have gone
fraudulent transaction. to profits and bonuses, but it can also harm
(intentional illegal act) your company's morale by instilling distrust
and animosity.
3 Bank’s employee Conduct Risk  Reputational 2 4 8 In order to protect the interest of the Refer to
intentionally shared  Liability customer, financial institution is forbidding to Appendix
customer's information  Financial disclose any customer's information. It is 3
to irrelevant third- against the law (eg: Personal Data Protection
party. Act (PDPA)) for financial institution to simply
disclose the customer's information to
irrelevant third party for own self benefits. In
this instance, the misbehaviour of employees
will expose the financial institution to the risk
of loss of trust and diminished reputation.
4 Failure on abiding Anti Compliance  Reputational 4 5 20 Over the years, the number of criminals Refer to
4
Money Laundering Risk  Liability channels their ilicit funds into the financial Appendix
compliance  Financial system were growth rapidly. The authority has 4
requirement pay attention to lower the number of
criminals’ activities by draught relevant
regulation such as, Anti-Money Laundering,
Anti-Terrorism Financing and Proceeds of
Unlawful Activities Act 2001 (AMLATFPUAA
2001).
Therefore, the financial institution's anti-
money laundering (AML) compliance program
is to key to deter criminals from feeding their
illicit funds into the financial system. In this
instance, failure in abiding AML requirement
will lead the financial institution expose to
compliance risk.
5 External Fraud - Fraud Risk  Financial 3 4 12 If the bank have a solid external fraud Refer to
Digitally - Data Theft,  Reputational prevention programme, thus, the investors, Appendix
Malware, Phishing and partners, and auditors will all have more 2
online account confidence in the capacity to govern business.
takeover.
6 Third Party Risk - Third Party  Reputational 4 5 20 Third party risk is the potential threat Refer to
Failure of adhering to Risk  Liability presented to financial instution's' employee Appendix
SLA (Service Legal  Financial and customer data, financial information and 5
Agreement) and operations from the organization's supply-
contractual term with chain and other outside parties that provide
the bank products and/or services and have access to
privileged systems.
7 High attrition and People Risk  Financial 3 4 12 Human capital is the greatest asset for the Refer to
5
losing of Key organisation. The talent, skills and hard work Appendix
Dependency Staff of employees will all add value to the 6
organizations. Nevertheless, if the business
relies too heavily on one or small handful of
individuals, who holding too much of portfolio,
it could be setting the organization up for a
real problem, once those keymen are absent
for unpredictable extended period of time and
for sudden incident happened.
8 Adapting to WFH Business  Reputational 5 5 25 Business Continuity Risk had been identified as Refer to
model and other Continuity  Liability top and emerging risk as Coronavirus Appendix
resilience related risks. Risk  Financial pandemic forced all banks to quickly firm a 7
WFH plan. This haste of course leads to some
serious compromising on security. With
COVID-19, some of the banks had to
temporarily close their offices for several
weeks rather than a couple of days.
9 Poor change/ project Project Risk  Reputational 3 4 12 Project risk is an uncertain event that may or Refer to
management  Financial may not occur during a project. Failure in Appendix
assessing the incoming projects, system and 8
work migration prior implementing it.
1 Payment & Settlement Processing  Reputational 3 4 12 Processing Risk is the risk that deficiencies in Refer to
0 Failure and  Financial transaction processing or failure to adhere key Appendix
Execution controls due to lack of supervisory controls 9
Risk and absence of policies/procedures in the
financial institution.
6
TABLE 3: RISK MATRIX
Consequences
Likelihood 1 2 3 4 5
Insignificant Minor Moderate Major Catastrophic
5 Almost • Business Continuity Risk
4 Likely • Compliance Risk
• Third Party Risk
3 Moderate • People Risk
• IT Risk
• Internal Fraud Risk
• External Fraud Risk
• Project Risk
• Processing and Execution Risk
2 Unlikely • Conduct Risk
1 Rare
7
TABLE 4: Justification & Recommendations
Table 4(I): (IT Risk) - System Failure

1.Why does it become a risk to the business?
The risk might arise from the use of faulty or inappropriate technology, as well
as the use of untested or old technology.
2. Briefly explain the Likelihood and Impact?
Likelihood (3): Data theft, compromised accounts, destroyed files, and blocked
or degraded systems are all common and frequent issues occur from system
failure.
Impact (4): A failure in the banking system would probably prompt companies
to hoard cash and take longer to pay their bills, affecting the cash flow of
vendors
3. What is the best way to deal with this risk?
• Best way to deal with this risk?
a) Senior management is encouraged to place a high importance on
technology.
b) Developing a comprehensive risk management plan is the best method to
protect against the technology risk.
• Why do you select / recommend this solution?

Create a robust financial banking system with better governance and enhance
the cybersecurity.
Adequate back-up mechanism for IT servers and focus on technology risk
management culture to prevent risks posed by unknown weaknesses such as
phishing and hacking.
8
Table 4(II): (Fraud Risk) - Internal Fraud
One of the most serious internal-fraud concerns facing financial institutions is
the misuse of administrator credentials. Because banks only review user access
profiles once a month or once a quarter, an omission like this might provide a
rogue employee enough time to conduct fraud. This is why internal fraud
commit as risk to the financial institution.
Likelihood (3): Internal fraud is the most common source of loss for banks.
Employees commit 56 percent of fraud, according to PwC's Global Economic
Crime report from 2014, albeit this includes a broader range of industries than
just banking. Others estimate that insiders are involved in 70% of banking
fraud incidents.
Impact (4): Aside from the massive financial losses, the bank's reputation can
suffer substantial damage. Employees of banks are trusted and respected
persons, and any allegation that they might commit fraud reflects doubt on the
relationship that people have with that organisation. Simply said, customers
will lose faith in their bank if its employees cannot be trusted with their
money.
The following are the most important steps in preventing internal fraud:
a) increasing the effectiveness of bank governance, particularly through the
establishment of an internal control system and an effective and independent
board of directors" to reduce risks.
b) employ dual and triple controls
c) businesses should reconcile their corporate accounts on a daily basis.

Establishing a culture of morality, integrity, and honesty among employees and
supervisors in order to reduce internal fraud. Regular training to promote
ethics and conduct risk
Dual or triple check mechanism, whereby one person initiates the transaction,
a second person confirms it, and a third person transmits it. This can help to
protect the online transaction fraud systems and will be more secure process.
Reconciliation of banking accounts and transactions should be done at least
once a day, preferably at the end of the day.
9
Table 4(III): (Conduct Risk) - Bank’s employee shared customer's information to
third-party.
1. Why does it become a risk to the business?
In order to protect the interest of the customer, financial institution is forbidding to
disclose any customer's information. It is against the law (eg: Personal Data
Protection Act (PDPA)) for financial institution to leak the customer's information to
irrelevant third party. In this instance, the misbehaviour of employees will expose the
financial institution to the risk of loss of trust and diminished reputation. In Mar
2020, there is news report on thousands of Malaysian credit card details leaked in
massive breach, and available for sale in the dark Web.
Likelihood (2): Information leaks may not always appear if the system security is well
managed. Nevertheless, the leaks of information will directly hamper the business
and indirect repercussions.
Impact (4): Businesses that fail to bring conduct risk in line face regulatory action,
fines, and reputational damage, which can harm a business for years beyond the
event.
Why do you select / recommend this solution?
a) Develop, Set, and Enforce Information Security Policy and Procedure
b) Enhance Cybersecurity Monitoring

a) This is because the information security policy and procedure helps the Financial
Institution to clearly define a roadmap for the information security in day-to-day
operations. For instance, the policy will state the limit of user access, identify all
critical data, endpoint devices, hardware and structure connected to the network,
usage of VPNs when connecting via external networks and etc.
b) This is because the enhancement in cybersecurity monitoring enable to detect

broader range of cyber threats, prevent information leakage or breaches and etc. For
instance, Security incident and event management (SIEM) abke to identify, monitor,
record and analyze real-time IT security events or incidents, which will able to lower
down risk of information leakage.
10
Table 4(IV): (Compliance Risk): Failure on abiding Anti Money Laundering compliance requirement
Over the years, the number of criminals channels their ilicit funds into the financial system were
growth rapidly. The authority has pay attention to lower the number of criminals activities by
draught relevant regulation such as, Anti-Money Laundering, Anti-Terrorism Financing and Proceeds
of Unlawful Activities Act 2001 (AMLATFPUAA 2001).
Therefore, the financial institution's anti-money laundering (AML) compliance program is to key to
deter criminals from feeding their illicit funds into the financial system. In this instance, failure in
abiding AML requirement will lead the financial institution expose to compliance risk. For instance,
in Jul 2015, Bank Negara Malaysia had raided AMBank (M) Bhd branch, to assist investigations in
relation to purported breaches of the Anti-Money Laundering, Anti-Terrorism Financing and
Proceeds of Unlawful Activities Act. Eventually, in Novenber 2015, the bank was fined RM53.7mil by
Bank Negara due to breaches in regulations.
Likelihood (4): The legal enforcement agency aims to reduce the financial crime activities in the
country, thence, the government tend to strengthen the AML's regulation and set higher AML
compliance benchmark, which it brings the consequences of more strict regulation for the financial
industry. As such, the likelihood of compliance risk will increase simultaneously.
Impact (5): Failure to comply with AML laws and regulations and breaches of financial sanctions can
have serious consequences: punitive fines, criminal proceedings, damaged reputations, sanction as
well as revoke of license. It can lead to serious damage to a financial institution’s credibility and
performance.
Conduct Bank-wide AML Risk Assessment periodically. Anti Money laundering (AML) Risk
Assessment, is an analytical process applied to a financial institution to measure the possibility of
money laundering or terrorist financing.

The AML risk assessment is recommended because it drives improvements in the financial
institution's financial crime risk management by identifying the general and specific money
laundering risks, determining how these risks are mitigated by a FI's AML programme controls.
The results of a risk assessment can be used for a variety of reasons, which including:
• identify gaps or opportunities for improvement in AML policies, procedures and processes
• make informed decisions about risk appetite and implementation of control efforts, allocation
of resources, technology spend
• assist management in understanding how the structure of a business unit or business line’s
AML compliance programme aligns with its risk profile
• develop risk mitigation strategies including applicable internal controls and therefore lower a
business unit or business line’s residual risk exposure
• ensure senior management are made aware of the key risks, control gaps and remediation
efforts
• assist senior management with strategic decisions in relation to commercial exits and disposals
• ensure regulators are made aware of the key risks, control gaps and remediation efforts across
the FI
• assist management in ensuring that resources and priorities are aligned with its risks.
11
Table 4(V): (Fraud Risk) - External Fraud
When someone imitating a bank, official tries to steal money or other assets
from a financial institution or its customers than it became a risk to the
financial institutions. For instance, a credit card dump is a type of crime in
which a criminal copy a credit card in an unlawful digital format. Furthermore,
external fraud is the risk of unanticipated financial, material, or reputational
loss as a result of fraudulent behaviour by third parties. According to Basel,
losses owing to conduct of a type designed to defraud, misappropriate
property, or bypass the law by a third party.
Likelihood (3): Forged paperwork are frequently used to hide external frauds,
banks are famous for diligently counting their cash. Financial stress and
difficulty are common causes of external fraud.
Impact (4): According Adeyemo (2012), the result is a decrease in
organizational assets and a rise in liabilities. In the banking industry, it may
cause public trust issues, jeopardize the bank's ability to continue operating,
and eventually result in bank failure.
a) Monitor the data.
b) Implement the company's confidentiality and nondisclosure policies.

a) Proactively analysing transactional data for irregularities that could indicate
fraud.
b) Protect the company's data by deploying monitoring technology.
Consult the data security expert for the best solution for monitoring and
securing your sensitive data.
c) Implement the policies and compel each of the employees to adhere to
current fraud prevention policies and remind them to be vigilant.
12
Table 4(VI): (Third Party Risk) - Failure of adhering to SLA (Service Legal
Agreement) and contractual term with the bank
Third party risk is considered as a potential threat on the back of the financial
instruction’s' employee and customer data, financial information and
operations from the organization's supply-chain and other outside parties that
provide products and/or services and have access to privileged systems. In
April 2017, Scottrade Bank acknowledged a data breach that exposed the
personal information of 20,000 of its customers because a third-party vendor
uploaded a file to a server without adequate cybersecurity protections.
Likelihood (4) The like hood is considered to be moderate as the third parties’
supplier would have ensured to secure the information prior signing the
agreement.
Impact (5) if there been a mishap or inadequate governance, the impact can
be major as any leakage of financial institution's information and their
customer data will lead to reputational damages, severe financial impact and
even regulatory impact (DPA)
Ensuring the proper service level agreement are signed with the third-party
suppliers. And due diligence/regular audits to be conducted on the back of this
risk. This will work as check mechanism for all the system or services that
provided by 3rd parties.

This recommendation was selected as we need proper governance on
managing third party risk. Regular sanity check will help with a key risk
indicator
13
Table 4(VII): (People Risk) - High attrition and losing of Key Dependency Staff
Human capital is the greatest asset for the organisation. The talent, skills and hard work of
employees will all add value to the organizations. Nevertheless, if the business relies too
heavily on one or small handful of individuals, who holding too much of portfolio, it could be
setting the organization up for a real problem, once those keymen are absent for
unpredictable extended period of time and for sudden incident happened. In August 2021,
the Chief Executive Director of MBSB Bank (M) Bhd, Datuk Seri Ahmad Zaini Othman has
passed away after battling with Covid-19 complications. The sudden lost of key men had
bring huge impact to the organization.
Likelihood (3): The losing keymen is unlikely to happens if there is a proper planning on the
human resources, work plan and handover.
Impact (4): Relying on key individuals carries risks that, if not properly managed, may cripple
profits, productivity, and confidence among stakeholders. Also, at stake is the company's
image, which is particularly critical for those that rely on earning and keeping trust.
a) Purchase of Key Man Insurance as the key person insurance is a life insurance policy that
a company purchases on the life of an owner, a top executive, or other critical individual.
b) Provide employee empowerment program

a) It is because it offers a financial cushion to the company, if there is sudden loss of key
person who would profoundly negatively affect the company's operations.
Also, key man insurance policy will protection the company, which including:
• Provide temporary personnel and, if necessary to finance the hiring and training of a
replacement.
• Insurance to protect the companies’ profits. For example, offsetting lost income from lost
sales
• Losses resulting from the delay or cancellation of any project that the key person was
involved in.
• Insurance to protect shareholders or partnership interests.
b) The employee empowerment program such as sending the employee to job-related

training/course, and arrange a proper career development plan, will helps to decrease the
employee dissatisfaction, absenteeism and turnover can be greatly reduced if employees
can feel instant satisfaction with a sense of accomplishment and knowledge that develops
their capabilities
14
Table 4(VIII): (Business Continuity Risk) - Adapting to WFH model and other
resilience related risks
Business Continuity Risk had been identified as top and emerging risk as
Coronavirus pandemic forced all banks to quickly firm a WFH plan. This haste
of course leads to some serious compromising on security. With COVID-19.
some of the banks had to temporarily close their offices for several weeks
rather than a couple of days. The COVID-19 pandemic has urged financial
institution to operate in new working model for adaptability, shifts in customer
demand, and look into the risks to workforce health. These banks need to have
the ability to respond to critical contingencies that is crucial for continuing
business. Back in 2016, Delta Airlines suffered a critical IT infrastructure
outage. There was a severe delay in the backup systems kicking in, which cost
the airline over $100 million dollars in lost revenue, along with reputational
damages
Likelihood (5) Due to COVID 19, most of the financial institution had adapted
the work from home model and the like hood had been rated as ' Almost'
Impact (5) Without a proper IT security, DR back and proper BCP planning,
there are high changes for leakages of data or even fraud attempt
a) Setting up a BCP Steer Committee within senior management and BCP team
to govern on adapting work from home model.
b) Closely monitor on the progress of BCP / Disaster recover testing. Raising
Risk Acceptance for the risks that can't be mitigated due to WFH model.

With proper governance from the senior management, there will be right
traction of actions to ensure that these plans will be executed in timely
manner.
15
Table 4(IX): (Project Risk) - Poor change/ project management
Project risk is an uncertain event that may or may not occur during a project.
Failure in assessing the incoming projects, system and work migration prior
implementing it.
Likelihood (3) Likelihood had been rated as moderate as the changes of
incoming projects or migration that are not properly assessed with proper
governance
Impact (4) Significant impact due to incoming projects or system migration

with unknown inherent risk that were failed to be identified, which can lead to
financial exposure or data leakages.
a) Create a decision tree analysis of project risks, good and bad, and plan for
how the project would navigate the potential effects.
b) Project manager to monitor the risk until the project ends or the risk
expires. This should be done within the project management dashboard.

Due to uncertain of any event that may or may not occur during a project, it is
best to use the solutions above to anticipate, monitor and follow up on the risk
accordingly.
16
Table 4(X): (Processing and Execution Risk) - Payment & Settlement Failure
Payment, clearing and settlement systems are basically exposed to a lot of risk,
that includes Fraud, systemic and execution risk. In a recent incident, Citibank
had wrongly credited $500 million to creditors and this error occurred despite
there were three individuals verify details of every wire transfer, a contractor
executing the Revlon transaction checked the wrong box on a digital payment
form.
Likelihood (3) The likelihood had been rated as moderate due to the chances
of overlooking on the data input (human error) or failure in adhering on the
policies/procedures.
Impact (4) Due to overlook, the impact can be significant as it can lead to
material events like losses, gains or near misses.
a) Investments in technology and automation can help prevent operational risk
breakdowns
b) To regularly check and re-check the viability of their incumbent risk
management systems
c) Improve the technical skills and knowledge of the processing staffs

The primary reason of choosing these solutions as it can mitigate the
processing and execution risk and it will help to improve
the current control mechanism in the banking process.
17
References
ASSOCIATES, L. &. (2014, July 1). Why Fraud Prevention Really Matters. Retrieved from
https://blog.lowersrisk.com/why-fraud-prevention-matters/
A-Z of internal banking fraud. (2021). Retrieved from NetGuardians:
https://www.netguardians.ch/internal-banking-fraud/
Bajaj, T. (2016, June 13). Preventing system failures that result from weak conduct and
culture practice. Retrieved from Accenture:
https://financialservicesblog.accenture.com/preventing-system-failures-that-result-from-
weak-conduct-and-culture-practice
Brown, L. (2021, September 27).Top 8 risk management tools and techniques in 2021.
Retrieved from Invensis: https://www.invensislearning.com/blog/risk-management-tools-
techniques-in-pm/
External fraud. (n.d.). Retrieved from Mediawiki:
https://www.openriskmanual.org/wiki/External_Fraud
Gallagher, B. (2013, July 16). Prevent Internal Fraud With Awareness and a Solid Strategy.
Retrieved from Partners: https://www.ispartnersllc.com/blog/prevent-internal-fraud-with-
awareness-and-a-solid-strategy/
Geelong. (2016, June 9). Risk Matrix: The Benefits & Challenges. Retrieved from SafetyZone:
https://www.safetyzone.net.au/2016/06/risk-matrix-the-benefits-challenges/
Harry Hall, P. P.-R. (2021). 7 ways to identify risk. Retrieved from Project risk coach :
https://projectriskcoach.com/7-ways-to-identify-risks/
McGlasson, L. (2010, May 17). 5 Tips to Reduce Banking Fraud. Retrieved from Bank info
security: https://www.bankinfosecurity.com/5-tips-to-reduce-banking-fraud-a-2534
Pricewaterhousecooper. (n.d.). Fraud-A guide to its prevention, detection and investigation .
1-47.
Queensland Government. (2017, July 18).Benefits and limitations of SWOT analysis.
Retrieved from Business Queensland :
https://www.business.qld.gov.au/starting-business/planning/market-customer-research/
swot-analysis/benefits-limitations
Risk Identification tools and techniques. (n.d.). Retrieved from GreyCampus:
https://www.greycampus.com/opencampus/certified-associate-in-project-management/
risk-identification-tools-and-techniques-in-capm
Technology risks in business. (2021). Retrieved from N-able:
https://www.n-able.com/features/technology-risks-in-business
Todd, K. (2017, October 17). 5 Ways to Mitigate Fraud Risk. Retrieved from ACFE Insights:
https://www.acfeinsights.com/acfe-insights/2017/10/17/5-ways-to-mitigate-fraud-risk
18
Westland, J. (2019, October 13). The Best Risk Management Tools & Techniques for PM Pros.
Retrieved from Projectmanager: https://www.projectmanager.com/blog/risk-management-
tools-techniques
Redscan (2021) Cyber Security Monitoring : https://www.redscan.com/services/managed-
detection-and-response/cyber-security-monitoring/
Technopedia (2019) Security Incident and Event Management (SIEM) :
https://www.techopedia.com/definition/4097/security-incident-and-event-management-
siem
Al-suraihi, Walid & Siti, Aida & Al-Suraihi, Abdullah & Ibrahim, Ishaq & Samikon, & Al-suraihi,
Al-Hussain & Ibrhim, Ishaq & Samikon, Siti. (2021). Employee Turnover: Causes, Importance
and Retention Strategies. European Journal of Business Management and Research
Bisson, D (2017). Scottrade Confirms Third-Party Data Breach Exposed 20,000 Customers’
Private Data: https://www.tripwire.com/state-of-security/latest-security-news/scottrade-
confirms-third-party-data-breach-exposed-20000-customers-private-data/
Doherty. K & Dolmetsch. C (2021) Citi Defeat on $500 Million Error Was Wrong, Groups Say :
https://www.bloomberg.com/news/articles/2021-05-07/citi-s-defeat-on-500-million-error-
was-wrong-professors-argue
Tsai. P (2017). Delta Outages Reveal Flawed Disaster Recovery Plans:
https://www.networkcomputing.com/data-centers/delta-outages-reveal-flawed-disaster-
recovery-plans
19
Appendix
Appendix 1
Appendix 2
20
Appendix 3
21
Appendix 4
22
Appendix 5
Appendix 6
23
Appendix 7
Appendix 8
24
Appendix 9
25

Universiti Utara Malaysia School of Economics, Finance and Banking A211 - 2021 / 2022 Bwrr5073 Risk Assessment & Decision Making

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Universiti Utara Malaysia School of Economics, Finance and Banking A211 - 2021 / 2022 Bwrr5073 Risk Assessment & Decision Making

Uploaded by

Copyright:

Available Formats

UNIVERSITI UTARA MALAYSIA

SCHOOL OF ECONOMICS, FINANCE AND BANKING

A211 - 2021 / 2022

BWRR5073 RISK ASSESSMENT & DECISION MAKING

RISK ASSESSMENT PORTFOLIO

DR. DIARA MD JADI

No. Name Matric No.

1 Prathaban Supramaniam 828381

2 Ong Yan Zhi 828732

3 Menaga A/P Subramaniam 828503

21st November 2021

•ICOR creates a one-dimensional model which

•Hassle to start over when there's slight

•It might be one sided communication lead by

• This analysis might generate a large amount of

Table 4(I): (IT Risk) - System Failure

• Why do you select / recommend this solution?

• Why do you select / recommend this solution?

• Why do you select / recommend this solution?

b) This is because the enhancement in cybersecurity monitoring enable to detect

• Why do you select / recommend this solution?

• Why do you select / recommend this solution?

• Why do you select / recommend this solution?

• Why do you select / recommend this solution?

b) The employee empowerment program such as sending the employee to job-related

• Why do you select / recommend this solution?

Impact (4) Significant impact due to incoming projects or system migration

• Why do you select / recommend this solution?

• Why do you select / recommend this solution?

You might also like