Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 8



The Summary:

1. NCCP is charitable organization

2. Purpose: to look after of the welfare of the people in the North of Ceeville (a city in Teeland)
3. Reason being, the North of Ceeville is believed to be less developed – UNFAIR
4. NCCP relies heavily on funding by the local government (City Council)
5. Recently, NCCP facing the pressure to obtain funding from the City Council. The city council
does have requirements on NCCP
6. NCCP also provide some courses. Most of these courses received subsidy from the local gov
7. Recently, a new ceo joined – Mr Allen, is from commercial background
8. Allen planned to introduced a premium art course to NCCP. He is targeting the wealthy
people in the community. This course will be charged at premium price. The rationale is, any
surplus, it could be used to subsidies other courses.
9. So, the controversy: will this premium art course contradict the original purpose of NCCP?
10. Staffs (paid & volunteers) are complaining, their dissatisfaction level rise tremendously if
compared to the previous year
11. Is the risk mgt that practiced by NCCP considered adequate? Sufficient? Professional
12. Take note that NCCP does not take it seriously – THE RISK OF BEING ATTACKED IN THE
13. Overall, NCCP is facing the challenge of their SOURCES OF FUNDING are shrinking.
14. Technically, whether the proposed ART COURSE is financially feasible?



Internal Stakeholders

Staff (paid)
Th board (don’t specify ED or
NED as both natures are

External Stakeholders

The local government: The Ceeville Council is considered as the key players to
Ceeville Council NCCP. It is powerful as it is the local gov of Ceeville, it has
got power over administration of the area and also the
setting of policy. Most importantly, it is the biggest fund
contributor no NCCP (% in 20X5). On another angle, the
Ceeville Council vested significant interest in NCCP, as it
definitely wanted to witness the most effective use of
fund by NCCP, particularly in the societal role.
So, it is absolutely critical for NCCP to be so clear with the
expectations and terms and conditions written in any
formal documents with Ceville Council. It is advisable that
NCCP hold regular dialogue with representative of the
Ceeville Councl, so that we could clarify our strategic
moves or if they have any doubts over negative publicity
about NCCP. We could not afford any chance to lose of
Ceeville Council.
Corporate and individuals
The Ceeville community
The volunteers

b) Possible answer (SWOT analysis)

1. NCCP have got a group of committed volunteers who heavily support the workforce of
NCCP all this while. This will greatly reduce the operational cost or increase the
operating margin of the courses run by NCCP. As we don’t pay to volunteers.
2. The history of NCCP is closely attach to the development and the well-being of the North
of Ceeville community. Meaning, NCCP will not just be reviewed as ‘another charity’,
instead, it is a charity that represents the community that is believed to be treated
unfairly by the government. So in the respect, there is a ‘emotional’ element or
attachment that other charity do not have. This would promote loyalty of members to
NCCP (provided it do not break the nature of loyalty).
3. The funding support from the Ceeville Council. Although in recent years the local
government has become more conservative in its allocation of funding support to
charity, it is undeniably that NCCP has more a steady and credit worthy steam of income
source compared to other charities that do not get support from government.
Therefore, the proposal by Mr. Allen, the new CEO, must be evaluate very cautiously. So
that, we do not disqualify ourselves for the sponsorship of the Ceeville Council granted
to us.
4. One important uniqueness of NCCP from other charities would be, NCCP offer courses
that will help to improve the skills and competencies of the residence in North Ceeville.
These skills and competencies (covered by 4 courses) will greatly enhance the
employability of the participant. This certainly will make NCCP outstanding from other
competitors. However, there is a worrying trend that may suggest old courses may not
be out-dated in the current market.
5. Actually, NCCP revenue stream is considered rather diverse. Other than the main
contribution from the Ceeville Council, NCCP also receive donations from corporations
and individuals. On top of these, although the courses offered are charged at low price
(since they are subsidized), these courses still bring some income to NCCP. In other
words, this diversified structure of income will give some room to NCCP to any negative
fluctuations of ‘profit’ resulting got competition.


a) Possible ideas – not including in the appropriate tone (cannot scold the directors)
1. The executive board used to think that they are not required to involve in risk
management. All this while before 20X4, only the operational staff were asked to handle
risk management. This is not the right understanding of implementing an effective risk
management practice. (risk)

According to the COSO framework that gives essential guidance on establishing a risk
management system, everyone in the organization should get involved in this process,
including those in the strategic level, tactical level (i.e. the middle management), and
also the operational staff should all be participating in establishing in the risk
management process. (recommendation)

2. Effective risk management is a long-term effort. It is a process that we have to regularly

review at the suitable interval (e.g. every 6 months, every year). But the executive board
sounded like ‘they were forced’ by the trustee to do it this time in 20X4. And, they did
not sound like they have systematic plan for the next review on the risk management
process, but an uncertain expression has been used, they said ‘some point in the future’.

Instead, a long-term strategic review schedule on the various expect of risk

management, for example, the risk that NCCP are exposed to, or whether, the
corresponding risk response still remain relevant and effective should be established
clearly with specific review timeframe.

3. The ‘action designed’ were too superficial and seemed like just fulfilling the form filling
purpose (because it was a request by the trustee). Considerations on ‘monitoring and
control’, the respective breakdown of risk strategies (e.g. TARA), including the reporting
and target set on each category of risk, should all be looked into.

Improvised points to fulfill the ‘communication skill’.

Briefing Notes

FAO: Executive Board

Subject: The current risk management approach at NCCP

The purpose of this briefing is to share with all the executive directors some of the findings
about our risk management approach at NCCP, after taking the opinion and advise from our
appointed external management consultant.

First of all, we used to think as executive directors we are not required to get involved in risk
management. All this while before 20X4, only the operational staff were asked to handle risk
management. Regretfully, to remind all of you that, this is in fact not right understanding of
implementing an effective risk management practice.

Our management consultant has enlightened me that according to the COSO framework
gives essential guidance on establishing a risk management system, everyone in the
organization should get involved in this process, including those in the strategic level, tactical
level (i.e. the middle management), and also the operational staff should all be participating
in establishing in the risk management process.

I wish you to take note that effective risk management is a long-term effort. It is a process
that we have to regularly review at the suitable interval (e.g. every 6 months, every year).
Frankly, the practice of seeing the review on risk management process has a random,
unplanned and ad-hoc event is less adequate. We must not carry out this review merely
because the pressure from the trustee, we must genuinely appreciate the dynamic nature of
risk event and the control environment. They keep changing.


External shareholders Interest in internal controls of Why information(example)

NCCP of internal controls should
be shared with them?
The local government: Yes, because gov funding was  So that they have
Ceeville Council allocated to NCCP. They must timely fact/results
make sure that the internal to monitor the
controls were there to assure effectiveness of the
the proper use of the funds. functioning of
Donors: Yes, they rely on the internal control
Corporate and individuals effectiveness of the internal  So that, they have
controls to give them this information to
assurance that their donations serve as the basis to
reach the hand of judge how
beneficiaries. successful NCCP has
The Ceeville community Very likely, this population been achieving its
would be the beneficiary of mission and goals.
donation of NCCP. The internal  With this
control related to deployment information
of the funds, will certainly be provided to
affecting the kind of respective
welfare/benefit that the stakeholders, it
Ceeville community receive. promotes principle
The volunteers Volunteers contribute their of the integrity,
effort to NCCP without pay, transparency and
based on belief and faith, in accountability. All
common with NCCP. They will these will further
need the internal control to strengthen the
assure them that NCCP is confidence of the
discharging charitable mission public towards
as promised. NCCP.
 This will help to
establish a formal
system of reporting
and disclosure
which in turn will
deter and prevent
frauds and the
attempts of
corruption and
bribery in a charity


a) 1. Increase/decrease %
2. the highest/popular – website design
3. the least – business skill but still need to run because requirement for NCCP to be funded
by gov

b) 1. The purpose of the new art course

- to charge higher price to the courses, so that it brings more revenue to NCCP
- Target: the wealthy people in the community
- sceptical concern: this may contradict with the initial purpose of setting up NCCP

2. The implementation of new art course

- the CEO claimed himself will take charge (he claimed he was so familiar with art)
- the CEO engaged his friend to design the course materials (chargeable) and to
deliver the course
- the art course will be run on weekend
- sceptical concern: the process of granting this job is questionable, lack of
transparency. The supplier is the CEO’s friend.

3. The financial forecast of the new art course

Break-even point (unit) = fixed cost/contribution per unit

No. of participants to break-even How many art courses NCCP need to

= $800/ ($125 - $25 -$8) run in order to cover the initial cost of
= 9 participants in order to break even designing paid to the CEO’s friend:
per each course. = $12,000/$1,040
= 12 courses
Generally, getting 9 students in a class,
should be an achievable target. But This may imply if we run a course per
the, in long run, whether this is an month, then it will take a year to
achievable or not, it may not be recover the initial cost.
certain, if especially the art course is
not the interest of majority.

4. The response of our key stakeholders

Sceptical concern:

 If the art course distracted NCCP attention and allocation of resources away
from the expectation of Ceeville Council. There is a risk that, they no longer
consider sponsoring us.
 NCCP current members who attended the courses on weekend, may be
affected if the art courses will also be arranged during the weekend. This will
give negative impacts on our existing members.
 With this introduction of art course that aims at making more profit for the
organization may mark the beginning NCCP changed to be more commercial
oriented. This may trigger the disappointment of the volunteers further.


The need for cybersecurity Practical action should take

Prevent fraudulent of money Data encryption
- To secure the fund
Legal duty most country applied data Outsourcing expert to audit the
protection act
- To protect & safeguard personal
Enhance internal control of IT as NCCP Training – to educate about SOP
associate with local government
Economic condition – make hacker Draft policies to guide on handling data
desperate – so they have motive because
NCCP has fund
The smaller organization has been hacked Contingency plan/ disaster recovery plan/
– should be an alarm for NCCP continuity plan
- In case if being attack
Give confidence to community – so that
donors continue to support

b) Email

To: The CEO

From: Operation Director
Subject: Project sponsor and Project Manager/ The Cybersecurity Project
Date: 15 June 20X5

Dear Mr. Allen,

I hope you are doing well yada yada…..

The following would be the rationale why I think I am only suitable to take the role of project
sponsor but not as project but not as project manager at the same time:

- I need to apologize but humbly admit that I am lack of experience to deal with the
technical matters related to cybersecurity. As a project manager, one is playing an
important role in coordinating with whole team. Although, there will be other
technical experts in the team providing the necessary support, I carry view that I lack
the technical capacity to lead such a project team for the task which are highly
technology related.
- However, I am delighted and I feel honored to accept the appointment of being the
project sponsor. I am confident and believed that my position as the operations
director will give me the privilege and advantage of accessing to various types of
resources (financial or other forms) that are required and relevant to this
cybersecurity project.
- Project sponsor and project manager, if these roles are played by 2 different
individuals, they could serve very well naturally as a mechanism and check control.
The project manager is executing the project team task and leadership; whereas the
project sponsor will be in the position of monitoring the utilization of resources.
From this aspect, I would strongly recommend you to consider appointing another
colleague to take up the role of project manager.

You might also like