RSK4801 ASSIGNMENT 02 FOR 2024

Instructions:
- Answer both questions below.
- Remember to submit your final document as a PDF on myUnisa.
- Use Ariel 12-point font and 1.5 line spacing to answer the questions.
- Include page numbers in your document and answer the questions in the correct
sequence.
- All work should be referenced, including the prescribed textbook; insert a reference list at
the end of your document. Please do not use Wikipedia or ChatGPT as a reference, as
these are not regarded as academic sources. We will check for plagiarism.

CASE STUDY: RISK MANAGEMENT – THE ROLE OF A RISK MANAGER

Since 2020, many incidents and events have caused organisations to adopt a focused
approach towards risk management and the role of risk managers. Examples of these events
are the COVID-19 pandemic and its severe effects on many countries, economies, and
businesses. South Africa was not excluded from the pandemic and was further hampered by
severe power interruptions and inadequate service delivery. These are all risk-related
incidents/events involving risk managers to assist in the management thereof. According to
an article in Enterprise Risk Magazine (2023), uncertainty also boosted the profile and role of
risk managers. Large-scale risks are happening more often, which requires sound risk
management to cope with the increasingly unclear business and physical environments. As
such, it seems imperative that the role of risk managers and appropriate risk management
tools is clear. The classic three lines of defence in the risk governance model endeavour to
demarcate the various roles regarding the management of risks. Although there are many
issues surrounding this model, it provides a foundational guideline for the roles of the main
role-players in risk management.

Regarding the tools for operational risk management, it seems that there are concerns over
the predictive powers of key risk indicators (KRIs), the value of risk and control self-
assessments (RCSAs), and the subjectivity of scenario analysis to manage operational risks
(Enterprise Risk Magazine, 2023). In addition, embedding an operational risk management
framework is becoming essential. However, it appears that there is only a vague
understanding of the exact role of a risk manager. Furthermore, according to Enterprise Risk
Magazine (2023), excessive effort is being expended on issues that generate too little value
when using operational risk management tools. For example, RCSAs are tools that should
provide value to organisations by identifying the primary inherent risks, which can be used for
analysing risk scenarios and determining and managing KRIs. In addition, RCSAs can
determine control weaknesses in managing the residual risks effectively. Enterprise Risk
Magazine (2023) mentioned that organisations should focus their RCSA efforts on the
effectiveness and adequacy of controls in mitigating low-, medium-frequency/medium and
high-impact operational risks. Risks leading to high-frequency and low-impact operational loss
incidents should be managed by means of more real-time monitoring of KRIs. This could
ensure obtaining value from the RCSA activity.

According to the Institute of Risk Management (IRM, 2023), the year 2024 will see certain risk
events escalate, requiring a more “aggressive” and formal approach by risk managers to assist
organisations in coping with these risk events. Some of these risks, specifically for South
Africa, were identified by various risk managers as follows:
• future disasters, such as ongoing floods, global warming, and drought
• the constant negative influence of the energy crisis on the economy
• the slow pace of sustainability and investment projects
• poor maintenance and development of infrastructure
• increasing cyber risks and cybercrimes
• inadequate handling of fraud and corruption

General comments on the above points seem to indicate a lack of effective business continuity
processes and disaster management to manage future disasters. This is true of both the public
and private sectors. Fraud and corruption are creating a negative view of the country, causing
investors to be unwilling to invest in a deteriorating economy. This, in turn, leads to
unemployment, poverty and social inequalities. Technology also needs to be insourced
because of a lack of adequate expertise, which makes the country more vulnerable to cyber
risks. Qualified people are emigrating to other countries because of the uncertainties
surrounding South Africa’s well-being. The energy crisis is also playing a large role in
undermining the country’s economy. Loadshedding is causing businesses to fail and is
hampering service delivery. This, in turn, leads to the poor maintenance of infrastructure and
a shortage of water and sanitation services. Unmaintained infrastructure also affects the
environment, economy, and society, creating a negative impact on sustainability and
investment projects.
Note: For training purposes, some fictitious information has been included in this case study.

Analyse the case study and answer the related questions.

Question 1 (30 marks)

Draw a diagram illustrating the three lines of defence to indicate the roles of risk management.
Explain in detail the differences between the roles of the head of operational risk management
and the third line of defence.

Question 2 (20 marks)

Define “operational risk” and discuss in detail the use of a risk and control self-assessment
(RCSA) as an operational risk management tool.

TOTAL MARKS: 50
©
UNISA 2024

-------------------------------------------------------------
References:
Enterprise Risk Magazine (2023). Spring. www.enterpriseriskmag.com (Accessed 4 May 2024).
Blunden, T. and Thirwell, J. (2013). Mastering Operational Risk. Pearson Education.
The Institute of Operational Risk – Part of the IRM Group. Risk Trends 2023. www.theirm.org (Accessed
5 May 2024)