Ciara Hanlon

18010773

ENRM7312 Assignment
Question One

Q1.1. According to Valsamakis, Vivian and du Toit (2010) well-established management principles is
applied to manage risk when it comes to the concept of risk. MYMG (2011) states that planning for
potential risks and developing solutions to mitigate negative impacts allows managers to solve the
challenge by planning ahead for possible risks and reducing the likelihood of their occurrence.

Q1.2. According to Valsamakis, Vivian and du Toit (2010) an incident that results in a loss is a peril,
while a hazard is an event that increases the likelihood of an incident occurring. For example getting
into a car accident or crashing your car due to for a peril would be getting into a car accident or
crashing your car due to spilled oil on the road or during icy wet roads during a snowstorm. The peril
would be the car accident/crash and the hazard would be the spilled oil on the roads or the icy wet
roads from the snowstorm.

Q1.3. According to CFI (2021) formal reasoning is the process of determining a priori probability, also
called classical probability. By contrast, the probability of an event is derived from logical
examination. The probability of a priori (as opposed to subjective probability) does not differ from
person to person. An example of priori probability would be a coin toss. According to Valsamakis,
Vivian and du Toit (2010) subjective probabilities are those that a decision-maker must approximate
for themselves. It is usually done in comparison to an established probability. According to CFI
(2021) probabilities derived from personal experience or judgment are subjective probabilities. For
example a trader analyst is using subjective probability if they believe that there is an 75% chance
that the S&P 500 will peak within the next month.

Q1.4. This principle is important in risk management because companies of all kinds face risks,
whether they are financial or not. Controlling risk is therefore very important. Detecting risks,
analysing risk variables, managing risks, and reducing risks are all part of risk management. Risk
management strategies should include early warning signs to prevent problems from occurring. As
explained in Principle 2 of the First King Report, risk management is an approach that has principles,
procedures, benefits, and steps. Moreover, it examines fraud and credibility risk management as
well as how a negative reputation can affect operations and profitability. Besides that, it would also
assist the board in its work if risk management and control roles were independent of profit centres,
and a chief risk officer or comparable position reported directly to the board as already suggested in
the 2nd Principle for roles reporting to or are similar to the audit committee (Michalsons, 2021).

Q1.5 According to Valsamakis, Vivian and du Toit (2010) an organisation's macro-risk identification
consists of identifying threats that possess the potential to financially harm the organisation, while
its micro-risk identification consists of identifying the smaller risks within a major risk that are
essential to achieving risk control objectives. Sherman (2021) states that the term macro risks are
often defined as having an impact on entire industries due to economic trends or government
initiatives. For example every individual is affected when inflation or unemployment unexpectedly
increase or new laws on banning plastic grocery bags can affect the entire industry that retail
organisations operate in. Sherman (2021) states that the micro risks you face are unique to your
company and your circumstances. For example tariffs imposed by the SA government on overseas
suppliers are a macro risk that affects many companies in the country.
Question Two

Q2.1. According to Valsamakis, Vivian and du Toit (2010) there are 5 measures used to describe
possible loss more accurately:

 Full asset value (FAV) - Amount the organisation has to invest in all its assets, regardless of
where they are located (Edgelearningmedia, 2017).
 Maximum foreseeable loss (MFL) - A maximum foreseeable loss is defined as the value of
the loss that can be reasonably foreseeable from a single event in the face of the most
challenging circumstances (Valsamakis, Vivian & du Toit, 2010).
 Estimated maximum loss (EML) - The estimated maximum loss is the maximum loss that
might be incurred as a result of a single event, since the risk control measures enacted may
not include all the features aimed at containing and reducing losses. It is typically less than
the total loss and the maximum possible loss (Valsamakis, Vivian & du Toit, 2010).
 Normal loss expectancy (NLE) - When all risk control measures are operating according to
plan, normal loss expectancy is the expected loss that can be incurred from a single event
(Valsamakis, Vivian & du Toit, 2010).
 Expected aggregate annual loss (EAAL) - This is the most important estimate of loss because
it's the sum of individual losses over the year (Valsamakis, Vivian & du Toit, 2010).

Q2.2. According to Valsamakis, Vivian and du Toit (2010) there are 10 risk management principles
that the risk management culture should address:

 Every employee at every level of the organisation should be involved. It is important for the
management and the workforce to challenge the old way of doing things and develop a
more flexible approach in order to cope with the more complex and changing environment
that businesses now find themselves in (Valsamakis, Vivian & du Toit, 2010).
 It is important that all staff become familiar with the organisation's risk reporting and
decision-making policy (Valsamakis, Vivian & du Toit, 2010).
 Every staff member should be instilled with a sense of ethics in relation to risk management,
which includes a code of conduct (Valsamakis, Vivian & du Toit, 2010).
 Staff members should be made aware of their levels of authority to carry out their tasks
related to risk management (Valsamakis, Vivian & du Toit, 2010).
 There should be incentives in place to encourage risk management performance. It is
important to monitor performance and to reward those individuals who perform well
against set targets, and to discipline those who do not perform well (Valsamakis, Vivian & du
Toit, 2010).
 To identify and effectively address operational risk exposures, staff need to be adequately
trained and skilled in risk management (Valsamakis, Vivian & du Toit, 2010).
 Business processes should be aligned with the external environment in which it operates so
that they meet or exceed expectations (Valsamakis, Vivian & du Toit, 2010).
 Every day should be devoted to managing operational risk. It is imperative that operational
risk forms part of every employee's daily routines due to its dynamic nature (Valsamakis,
Vivian & du Toit, 2010).
  The policies and procedures of the organisation should promote compliance with legal and
regulatory requirements (Valsamakis, Vivian & du Toit, 2010).
 Business objectives and culture, as well as changing conditions in the business environment,
will determine a company's risk appetite (Valsamakis, Vivian & du Toit, 2010).

Q2.3. According to Valsamakis, Vivian and du Toit (2010) organisational structure and control
structure are the two components for governance structures for operational risks.

Organisational Structure

Valsamakis, Vivian and du Toit (2010) state that organisations need a formal operational risk
management structure to ensure a successful operational risk management function. Management
strategies and approaches to operational risk management should be incorporated into this
structure. The implementation of this structure can be done in two ways. The structure of
operational risk management can first be determined according to the functional risk management
activities and secondly by the organisational structure of the business. An operational risk
management process can be categorised based on its components, which are: identification of risks;
evaluation of risks; monitoring and controlling risks and financing risk (Valsamakis, Vivian & du Toit,
2010).

Control Structure

According to Valsamakis, Vivian and du Toit (2010) control is a crucial part of any risk management
program. Risk monitoring and risk reporting are two aspects of risk control. Risk monitoring is the
process of monitoring progress towards action plans in relation to risk controls. The integration of it
into the business processes and risk management culture is therefore vital. Valsamakis, Vivian and
du Toit (2010) state that monitoring risk should not only guide responses to identified risks, but also
identify changes within the organization that might result in the emergence of new risks and this is
why it is closely related to business processes. Monitoring risk should provide early warnings to
business management regarding new risks exposures or threats. Management will be able to be
prepared in maintaining control measures in terms of new exposures (Valsamakis, Vivian & du Toit,
2010). In terms of risk management, risk reporting can be considered an essential element.
Valsamakis, Vivian and du Toit (2010) state that for top management, risk reporting involves
gathering and analysing information related to risk. During the process of risk reporting, a number of
important factors must be considered, for example: An accurate and timely risk assessment is
essential; an analysis of risk data is essential to ensure that only relevant data is included in a risk
report; information must be included in risk reports to allow management to use it to make
informed decisions concerning the implementation of control measures and the sharing of
information with all stakeholders. According to Valsamakis, Vivian and du Toit (2010) The
governance of a company's risk management is another critical aspect of risk reporting. According to
the Institute of Directors in Southern Africa's King III report, a board may appoint a dedicated risk
committee to assist it in managing risk. The board should carefully consider the risks that can hinder
the sustainability of the organisation, such that it may be appropriate for the board to mandate a
committee to oversee sustainability, which must include reviewing the sustainability report and
recommending it to the board for approval. As part of the risk management process, the board risk
committee plays an important role. Those who serve on the board risk committee should: oversee
insurance arrangements and accept risks that are not covered; oversee IT strategy, governance, and
risk management; evaluate the maturity of risk management within the organization, the status of
rich management activities and the significant risks facing the organisation (Valsamakis, Vivian & du
Toit, 2010).

Question Three

According to Dickinson (2001) companies began using risk management as a formal part of their
decision-making processes in the late 1940s and early 1950s. Risk management practice used to be
divided into two strands, but they have been incorporated under the broader concept of enterprise
risk management over the past few years. An important aspect of these strands is the management
of financial and insurance risks. Many risk types can be transferred from companies to insurers for
many years. Some types of commercial risk can also be transferred, such as credit risk, as the
insurance market expands. These transferred risks were linked to natural catastrophes, accidents,
human error, and fraud (Dickinson, 2001). Managers were forced to consider alternatives to buying
insurance as a result of the existence of these insurance markets. Through effective loss-prevention
and control systems, companies could prevent or mitigate some of these insurable risks, and
maintain others and fund them from within. As a result, insurable risks were treated with a broader
approach. Dickinson (2001) noted that as a result of the availability of financial derivatives,
companies had to consider carefully how risks could be priced, how risk could be financed internally,
and how much value was added by investment banks. It was also recognized by companies that
insurable risks and financial risks should be managed together, since the acquisition of insurance and
the acquisition of derivatives to mitigate financial risks were essentially the same. New risk transfer
products have been developed more recently that combine both types of risk. Honeywell in 1997
undertook a multi-year contract that combined insurances to cover its property and liability risks,
along with options to hedge currency fluctuations on its reported overseas profits as early example
of this more integrated approach to risk management. According to Silitch and Runchey (2018) over
the past 50 years, the business models of governments and banks have continued to evolve. They
have gone from simple and local risk exposures to the current environment of global exposures and
complexity. Over the last few decades, risk management has evolved from individual, transaction-
based decisions, based on a mix of judgment and underwriting criteria, to aggregated portfolios that
are enabled by more sophisticated analytical tools (Silitch and Runchey, 2018). Despite continued
updates in risk management tools and techniques, the "us versus them" dynamic between risk and
the business has largely remained the same. The risk perspective and desired profile were seen as
risk's cues to say "yes" or "no" to business leaders in the past, resulting in a rise with business
leaders and revenue generators having a distinct advantage (Silitch and Runchey, 2018).The financial
crisis forced regulators to consider risk organizations more important and to demand a seat at the
table without changing dialogue - turning many groups into compliance officers with regulatory
agendas (Silitch and Runchey, 2018).

Question Four

According to EKU (2021) identification of risks is important as it is the process of identifying threats
an organisation, its operations, or its staff may face. When and if threats occur, businesses that
develop robust risk management plans will likely be able to minimize their impact. Risk identification
could, for example, include an assessment of IT security threats such as malware and ransomware,
accidents, natural disasters, and other potentially harmful events that may disrupt business
operations. By identifying risk factors, companies are able to identify what, where, when, why, and
how they might affect their ability to operate. EKU (2021) states, that a business can minimize
harmful events through the identification of risks before they occur and by identifying any business
risks that might hinder its operation is the primary objective of risk identification making it an
important step. A few examples of these risks include lawsuits, thefts, technology breaches,
economic downturns, or natural disasters such as wild fires in the Western Cape

EKU (2021) states risk evaluation is important step, because each risk is weighed according to its
prominence and outcome. It may be necessary to weigh the effects of a possible wildfire against the
effects of a possible mudslide, for example. According to the Britishsafetycouncil (2021) if risks
occur, it is crucial to evaluate how serious it can be and to establish appropriate and effective
controls to reduce it as much as possible. Health and safety is ensured in this way by addressing all
relevant factors, such as: evaluating the possibility of harm occurring; evaluating the severity of
harm that might occur; evaluating available knowledge of how to eliminate, reduce, or control
hazards and risks; evaluating effective measures for eliminating, reducing or suitably controlling the
risks and an evaluation of the costs associated with the available control measures designed to
minimize, eliminate, or properly control the risk. Britishsafetycouncil (2021) notes the importance of
risk evaluation as an evaluation of a risk's significance involves estimating the chances of its
occurrence and measuring how serious the consequences could be. A risk evaluation will also take
into consideration the duration and frequency of exposure, the number of persons affected, the
competence of those exposed, the type and condition of the equipment, and the availability of first-
aid and/or emergency support.

Question Five

According to Valsamakis, Vivian and du Toit (2010) in the context of insurance, market failure is
often referred to as public, merit or private. The term is most often used to describe the failure of a
market to offer some specific goods or services, or, more specifically, to provide some goods or
services to one particular type of person. In this context, insurance frequently features. The elderly
may, therefore, not be able to afford medical treatment and in this instance, the market is said to be
failed. As a result, there are consumers who need medical treatment, but they cannot find it on the
private market. Consequently, government intervention is necessary to provide goods and services
the market is unable to provide. Therefore, it is not uncommon to discuss market failure in an
insurance context. So the central question is whether the government has the right to supply
particular goods or services or if this should be left to the private sector. Public goods can be argued
to be provided by the state, private goods by the private sector, and merit goods are in a grey area
between the two. According to Valsamakis, Vivian and du Toit (2010) in market failure and insurance
there are several contexts in which market failure is possible. If, for example, there is a demand for a
good and the market fails to provide it, you can say that the market has failed. In Insurance the
market has failed where elderly people need medical care, but medical suppliers refuse to provide it.
Another example would be a limited exclusion. It may be the case that an 18-year-old cannot buy
motor vehicle insurance unless it is included in the policy of their parents. As a result, it can be said
that the market failed to provide insurance for this class of person. People are generally able to
purchase insurance, so there hasn't been a collapse of the market. A failure of an insurance company
is another example. There is a belief that governments should intervene, this time by regulating
insurers so that they don't fail (Valsamakis, Vivian & du Toit, 2010).
Question Six

Q6.1 The following are possible systematic approaches that could be used to identify risk at Wells
Fargo.

Risk Inspections - According to Valsamakis, Vivian and du Toit (2010) identifying risks is generally
accomplished through a physical inspection, which is an obvious and common method. An
advantage of this method is the first-hand view of a site/plant and, more importantly, the
opportunity to meet with those people who can provide you with most of the information you
require about workplace hazards and risks (Valsamakis, Vivian & du Toit, 2010).The disadvantages of
this method, however, are numerous. It is a time-consuming exercise, even if it does not require
traveling a great distance to reach the site. A lot of preparatory work must be done and should be
carried out before an inspection is conducted (Valsamakis, Vivian & du Toit, 2010). Typically, this
preparatory work involves pre-planning or programming to ensure that other tasks will be
completed in conjunction with the visit (Valsamakis, Vivian & du Toit, 2010). By incorporating a
logical method for risk identification, such as the design and use of an inspection report that is to be
completed as you inspect the site, you will minimize the risk of overlooking important points
(Valsamakis, Vivian & du Toit, 2010). The effectiveness of any inspection is determined by how
competent and knowledgeable the person conducting it is. It is necessary to have expertise in a wide
variety of fields, especially for operations with many facets. Inspectors follow the law of diminishing
returns when it comes to inspections. Upon returning to the same site a second time, the same
individual may not find anything else besides what they found previously. Implementing surprise risk
inspections often will allow for the board of Wells Fargo to be aware of what is going on inside their
company. According to Minsky (2016) risk oversight and the company's knowledge of its material
risks are absolutely the responsibility of the board and senior management of their companies. In
accordance with SEC rule 33-9089, they have a responsibility to ensure that efficient risk
management programs and software systems are in place to ensure that scandals like these do not
happen again.

Legislation and codes of Practice - According to Valsamakis, Vivian and du Toit (2010) legislation and
codes of practice ensure both compliance with regulations and risk management. This methodology
also serves as an instrument for identifying risks, which is not obvious at first glance. Risk
identification techniques may not identify all the sources of product liability claims, for example,
during the manufacturing process. Usually, the risk source can only be identified after a defective
product is returned and a claim is filed against it (Valsamakis, Vivian & du Toit, 2010).The risk of
defective products will be clearly mitigated by the systematic compliance with legislation and other
authoritative standards for quality assurance. In such a system, the compliance process covers a
range of potential sources, and these sources are identified through the compliance process, and
risk control measures are implemented (Valsamakis, Vivian & du Toit, 2010). By implementing safety
laws and codes it is evident that the same outcome will be achieved in the field of occupational
safety. Wells Fargo must ensure that they have an effective risk management strategy in place and
this can help them when entering legal cases because Minsky (2016) states that corporate managers
whose risk management programs have proven effective are largely exempt from punitive damages,
class actions, and DOJ jail time. ERM systems prevent scandals and associated litigation, litigation
costs, and jail time for many organizations in similar situations.
Research - According to Valsamakis, Vivian and du Toit (2010) risks cannot always be identified easily
in certain situations. In cases like these, specialist research is mandatory to identify and evaluate the
effects of associated risk, often over a long period of time due to the complexity of the product.
Moreover, this type of situation is complex, as the circumstance and the risk may be time-related,
and even a product that is only dangerous under certain conditions or environments but not under
all conditions (Valsamakis, Vivian & du Toit, 2010). It is unfortunate that these aspects indicate that
research is conducted after the loss occurs, which shows that research is not an identification
process but a process of understanding risk and perhaps mitigating its effects (Valsamakis, Vivian &
du Toit, 2010). Research on loss events (accidents, insurance claims, near misses and so on) is a type
of research that is particularly relevant. By examining loss events, lessons can be learned. This gives
rise to the identification of risks as a result of events (Valsamakis, Vivian & du Toit, 2010).

According to Minsky (2018) implementing an effective bank risk management tool is a good way for
Wells Fargo to assess risk. This software facilitates:

Experts and front-line supervisors are engaged- Risk is managed through the efforts of supervisors
and experts on the frontline. Any risk management program will not be successful without the
involvement of these individuals since they are most familiar with incidents (Minsky, 2018). The CEO
of Wells Fargo will be aware of all potential risks as well as he would’ve been aware of the accounts
created by employees (Minsky, 2016).

Business integration across silos - Identifying downstream and upstream dependencies is enabled
when risk managers connect risks occurring across silos. Common root causes are brought to light,
and mitigation and monitoring efforts are tied together so that the risk teams can determine
whether their controls are effective and to prevent cascading collateral damage (Minsky, 2018).

Escalating top risks to the appropriate person - Identifying the risks that will have the greatest
impact on operations, financial performance, and reputation becomes more objective when they are
tied to common root causes and existing controls (Minsky, 2018).

In order to successfully manage risk, a risk management program must have workflows that assign
risk to individuals who can allocate the necessary resources (Minsky, 2018). The Wells Fargo risk
management team could have prevented 100% of the scandals that have occurred in the last two
years and the financial consequences that resulted (Minsky, 2016).

Charteredaccountants (2021) state that businesses can ask themselves the following questions to
assist with identifying risks:

1. What would happen if someone were to disrupt our work? (Charteredaccountants, 2021).
2. Are there any possible pitfalls? (Charteredaccountants, 2021).
3. Where could we go wrong? (Charteredaccountants, 2021).
4. How can we succeed if something goes wrong? (Charteredaccountants, 2021).
5. Where are our weaknesses? (Charteredaccountants, 2021).
6. How can we guard our assets? (Charteredaccountants, 2021).
7. Would employees deliberately break rules? (Charteredaccountants, 2021).
By asking these questions Wells Fargo will get ideas of what their potential risks are. This can allow
for them to look at their employees for example as seen in the case study who was their main cause
of the scandal that they faced in 2016.

Charteredaccountants (2021) note the following techniques businesses can use to identify risks:

 A continuous process of risk identification – Here every member of the staff can identify and
raise risks (Charteredaccountants, 2021). This will allow for all staff and management of
Wells Fargo to report potential risks the company many face on a regular basis. This will also
allow for employees to report risks caused by other employees to management as what was
seen in the case study where in many cases, thousands of accounts were opened without
consent of the customer, resulting in overdraft fees and other fees (Minsky, 2016).
 Desk-based risk assessment - involves discussions and assessments of the risks and controls
relating to a given activity or process with the personnel who operate that process or activity
on a daily basis (Charteredaccountants, 2021). This correlates when Minsky (2016) states
that in designing Wells Fargo's incentive program, why did risk assessments not reveal that
the sales goals were unrealistic? Minsky (2016) is right in asking if mitigation activities were
created to safeguard against customer account manipulation as well as asking when did risk
monitoring activities pick up on the two million accounts appearing over a 5-year period. It is
important that assessments are in place to pick up on these risks. This will solve this problem
as well as future risks Wells Fargo may face.

Q6.2 According to Valsamakis, Vivian and du Toit (2010) a business enterprise's boards of directors
and people in charge of its direction should follow the following 15 principles of the King I code of
corporate governance:

Principle 1: Director of the corporation should possess leadership, enterprise, integrity and judgment
to guide the enterprise towards continuing prosperity, acting in the best interests of the enterprise
according to the principles of transparency, accountability, responsibility and fairness (Valsamakis,
Vivian & du Toit, 2010).

Principle 2: By virtue of a managed and effective process, ensure that board appointments are made
that result in a mixture of competent directors, each of whom can contribute value and bring
independent judgment to the work of the board (Valsamakis, Vivian & du Toit, 2010). According to
Minsky (2016) risk oversight and the company's knowledge of its material risks are absolutely the
responsibility of the board and senior management of their companies. In accordance with SEC rule
33-9089, they have a responsibility to ensure that efficient risk management programs and software
systems are in place to ensure that scandals like these do not happen again.

Principle 3: The third principle states that a corporation needs to determine its purpose and values,
determine its strategy for achieving its purpose and implementing its values, and ensure that
procedures and practices for protecting its assets and reputation are in place (Valsamakis, Vivian &
du Toit, 2010).

Principle 4: The fourth principle focuses on monitoring and evaluating the performance of strategies,
policies, management criteria, and business plans (Valsamakis, Vivian & du Toit, 2010). Minsky
(2016) states that in designing Wells Fargo's incentive program, why did risk assessments not reveal
that the sales goals were unrealistic? Minsky (2016) is right in asking if mitigation activities were
created to safeguard against customer account manipulation as well as asking when did risk
monitoring activities pick up on the two million accounts appearing over a 5-year period. It is
important that assessments are in place to pick up on these risks.

Principle 5: The organisation must comply with all applicable laws, regulations and codes of business
conduct (Valsamakis, Vivian & du Toit, 2010).

Principle 6: An organisation must ensure that it communicates effectively with its stakeholders and
shareholders (Valsamakis, Vivian & du Toit, 2010). Minsky (216) asked why the employees of Wells
Fargo were driven by unrealistic sales quotas what was the purpose of not overseeing compensation
for these practices. There is no communication between management and employees here if the
CEO states that he didn’t know what was going on.

Principle 7: As a business, it must serve the legitimate interests of its shareholders and provide a full
accounting to them (Valsamakis, Vivian & du Toit, 2010).

Principle 8: Identify the corporation's internal and external stakeholders and establish a relationship
with them according to the policy, or policies, the corporation develops (Valsamakis, Vivian & du
Toit, 2010).

Principle 9: Have a balance of power and authority on the board that is not dominated by any single
person, which reflects, notably, by the separation of the roles of the CEO and chairman, as well as a
balance between executive and non-executive directors (Valsamakis, Vivian & du Toit, 2010).

Principle 10: Maintain a high level of accuracy and decision-making capability in their financial
reporting and decision-making processes by regularly assessing their internal control systems
(Valsamakis, Vivian & du Toit, 2010).

Principle 11: Regularly evaluate the corporation as a whole, and its directors, including the CEO,
individually (Valsamakis, Vivian & du Toit, 2010). Minsky (2016) states that the chief risk officer,
Claudia Russ Anderson, of Wells Fargo was replaced. Risk executives are also at fault for any risk
management negligence, since they have a fiduciary duty to provide the board with the information
it needs via sound risk management systems and processes. While Claudia Russ Anderson was not
directly involved in the propagation of these activities, she is being held responsible because they
took place during her time as director. So it’s important to always evaluate directors of companies to
avoid risks like this to occur again in the future.

Principle 12: Securing the appointment of a CEO as well as participating in the selection of senior
management. Ensuring the protection of the company's intellectual capital as well as ensuring that
managers and employees receive adequate training and that a succession plan is in place for senior
management (Valsamakis, Vivian & du Toit, 2010). Minsky (2016) states that the CEO of Wells Fargo,
is responsible for ensures that the risk management processes are in place and all departments in
the company are operating well and there are no problems etc. All CEOs of all companies have this
responsibility not just the CEO of Wells Fargo so Minsky (2016) is right in saying the CEO of Wells
Fargo was negligent as how could he not know that these activities of were going on for 5 years in
his company? Very suspicious.
Principle 13: If the corporation must be competitive and run properly, it must have the right
technology and systems in place to do so (Valsamakis, Vivian & du Toit, 2010).

Principle 14: Monitor key performance indicators and risk areas of the business enterprise
(Valsamakis, Vivian & du Toit, 2010).

Principle 15: Assure the corporation's continuation to its next fiscal year as a going concern
(Valsamakis, Vivian & du Toit, 2010).
References

Britishsafetycouncil. 2021. Risk Assessments: what they are, why they're important and how to
complete them. [Online]. Available at: https://www.britsafe.org/training-and-learning/find-the-right-
course-for-you/informational-resources/risk-assessment/ [Accessed 1 November 2021].

CFI. 2021. A Priori Probability: A probability that is deduced from formal reasoning. [Online].
Available at: https://corporatefinanceinstitute.com/resources/knowledge/other/a-priori-
probability/ [Accessed 1 November 2021].

Charteredaccountants. 2021. Identify Risks. [Online]. Available at:

https://survey.charteredaccountantsanz.com/risk_management/small-firms/identify.aspx [Accessed
2 November 2021].

Dickinson, G. 2001. Enterprise Risk Management: Its Origins and Conceptual Foundation. The Geneva
Papers on Risk and Insurance, 26(3): 360-366. [Online]. Available at:
https://www.actuaries.org.uk/system/files/documents/pdf/03062015-birmingham-actuarial-
society-enterprise-risk-management-event-enterprise-risk-management-it.pdf [Accessed 2
November 2021].

Edgelearningmedia. 2018. Full Asset Value (FAV), 3 May 2017. [Online]. Available at:
https://edgelearningmedia.com/2017/05/03/full-asset-value-fav/ [Accessed 1 November 2021].

EKU. 2021. Risk Identification: 7 Essentials, EKUOnline. [Blog]. Available at:

https://safetymanagement.eku.edu/blog/risk-identification/ [Accessed 1 November 2021].

Michalsons. 2021. King Report and King Code on Corporate Governance. [Online]. Available at:
https://www.michalsons.com/focus-areas/information-technology-law/king-report-king-code-on-
corporate-governance [Accessed 1 November 2021].

Minsky, S. 2021. The Wells Fargo Scandal is a Failure in Risk Management, 20 September 2016.
[Online]. Available at: https://www.logicmanager.com/erm-software/2016/09/20/wells-fargo-
scandal-risk-management/ [Accessed 1 November 2021].

Minsky, S. 2021. Overcoming Failures in Risk Management: Is Wells Fargo Getting the Message?, 19
September 2018. [Online]. Available at: https://www.logicmanager.com/erm-
software/2018/09/19/overcoming-failures-risk-management-wells-fargo-getting-message/
[Accessed 2 November 2021].

MYMG. 2021. Project Risk Planning Process: The Key Steps, 21 April 2011. [Online]. Available at:
https://mymanagementguide.com/project-risk-planning-process-the-key-steps-of-the-process/
[Accessed 1 November 2021].

Sherman, F. 2021. Macro vs. Micro Risk Management, 14 January 2021. [Online]. Available at:
https://smallbusiness.chron.com/macro-vs-micro-risk-management-32620.html [Accessed 1
November 2021].
Silitch, N. and Runchey, C. 2021. The Next Step in Risk Management’s Evolution, 7 September 2018.
[Online]. Available at: https://www.cfo.com/risk-management/2018/09/next-step-risk-
managements-evolution/ [Accessed 2 November 2021].

Valsamakis, AC., Vivian, RW. and du Toit, GS. 2010. Risk Management. Cape Town: Pearson South

Africa (Pty) Ltd.