Professional Documents
Culture Documents
Summary
1.0
Introduction
- Risk control : risk avoidance & risk reduction
- Risk Avoidance : avoid activities that create risk :
negative & last resort
- Risk reduction : treat or influence risk
i) Loss prevention : reduce probability (frequency) of
loss
ii) Loss control : reduce severity of loss
1
3.0
Example :
1) Avoid production of certain medical drugs due to
potential large liability claims
2) No nuclear power plant; no hand phone ( ear
cancer!)
3) Business risks : o/s expansion, M & A, new product
line;
- Assume benefit is less than cost imposed by risky
activity
- Last resort in dealing with risk : NO other
alternatives
- Appropriate for exposure that has catastrophic loss
potential and risk cannot be reduced or transferred.
5
Example :
- Ban smoking : reduce probability of fire loss
- Impose speed limit : reduce frequency of road
accident
Information Available
Cost of sprinkler system
Saving in annual insurance premium
Annual maintenance cost
Reduction in uninsured loss (cost)
RM10,000,000
RM1,900,000
RM400,000
RM500,000
10
- (10,000,000)
(400,000)
500,000
2,000,000
11
12
13
14
15
Definition of an accident
An accident is any unplanned, uncontrolled event in
which the action or reaction of an object, substance,
person, or radiation could result in personal injury or
property damage
- Injury in accident : end result of the combination of
five factors in sequence manifest in a chain reaction
- An "accident" is one the five factor in a sequence of
factors that may lead to an injury.
- A series of dominoes standing on edge; when one
falls, the linkage required for a chain reaction is
completed.
16
Personal Injury
Accidents
Faults of Persons
Ancestry or Environment
20
21
22
23
24
25
27
28
pre-event actions
ii)
simultaneous-with-event actions
iii)
post-event actions
Prior to
Event
At Time of
Event
After Event
Individual
Machinery
29
Question
Classify the following fire control measures in the
matrix in the previous slide
-Fire safety campaign; Fire drill; Fire safety rule
;Smoking ban
-Installation of fire alarm; smoke detector; portable
fire extinguisher
-Fire resistance building
-Use of non flammable raw materials
-Salvage of partially damage stock after the fire
-Disaster plan or contingency plan
30
31
a) Prevention of fire
- Removal of one of three elements of a fire triangle
(fire prevention measures)
- Ban smoking; No heating or welding process; No
electricity current?
b) Minimization of fire loss
-Extinguishing fire( remove one of the elements in the
fire triangle) : water (remove heat); powder (remove
air); foam (remove air)
-Use of non-combustible material; separation of
storage of goods ; construct fire resistance walls to
prevent quick spread of fire
33
2)
3)
4)
34
1)
35
2)
-Prohibiting smoking /
-Good Housekeeping (spont./combustion,
LP; reduced fuel & spread of fire, LC)
Mechanical
Electrical
- Proper maintenance
- Proper training
- Adequate wiring
36
37
4) Fire Extinguishment
Fire extinguishing Agent
- water, chemical power, carbon dioxide,foam
Fire extinguishing equipment
a) Portable fire extinguishers
b) Automatic sprinkler system
38
3.2
39
42
1. Negligence
2. Breach of Warranty
3. Strict Liability
43
44
4.0
4.1
Introduction
- Operational
ERM
47
4.2
48
50
4.2.2
Accounting Controls
51
2) Access Controls
-Stringent access controls reduces theft of
merchandise and other property ( including currency,
confidential documents and trade secrets) by limiting
access to target property to a limited number of key
employees.
-Authority to sign cheques, purchase orders, and
contracts : selected employees who cannot operate
without this access
3) Personal Screening :
-Proper screening filters out dishonest applicants.
-Gathering information about applicants background
and referee before applicants is hired
52
4) Separation of duties :
- Proper separation of duties makes it difficult for any
one employee to steal without the collaboration or
cooperation of at least one other employee.
-Conditions for effectively separation of duty :
a) No individual should have total control over every
phase of any significant transaction or sensitive job.
Example, those who maintain inventory records do
not participate in physical stock check
b) Work flow should proceed from one person to
another so that, without duplication, the work of the
second acts as a check upon that of the first.
53
4.3
4.3.1
Introduction
55
56
57
58
59
2)
- Perils :
- Fraud, embezzlement, and sabotage, which occur as
a result of manipulation of data
- Theft of data through surreptitious listening gear or
the covert removal of tapes
a) Unauthorised access
- staff either out of curiosity or malice
- An intruder ( hacker )
- Both resulting in loss of secret or loss of data
60
Risk control
-i) Firewall effective defense against many hackers
ii) Passwords : unique to individual and change
frequently.
- Monitor the number of failed passwords : targeted by
hackers
- Implementing policies & procedures that guarantee
high level of security
b) Viruses
-Viruses : malicious program that enter computer
network and set out to cause damage to the data
( logic/time bomb; worm; Trojan horse
- Source : download from internet or introduce from
program disk
61
62
- Downtime : expensive
- Measure time lapse after which an IT system
downtime will affect turnover & have adverse
consequences on relations with clients
Risk control measures:
i) Back-up procedures and system ( may involve
agreement with hardware and software producers or
reciprocal arrangement with other organizations)
ii) Implementing business continuity and disaster
programs.
63
64
65
68
69
5.1 introduction
- No matter how effective is loss prevention measures
the probability of loss cannot be reduced to zero.
- Losses from risks with low probability and high
severity may occur.
- Need to for potential large losses (the crisis) through
contingency planning
- Contingency plan provides a coordinated, effective
responses through planning and organizing the
companys resources and activities immediately
before, during and after crisis.
70
Loss Phase
Preparation and
practice of
contingency plan
Implement crisis
management : To save
lives & limit damage
Implement business
recovery plan :
To Initiate speedy
and effective
recovery
72
l______________l___________l__________________l
RM program
Crisis Mgt
Bus Recovery plan
plan
( BCP)(BCM)
73
74
Sources of crisis
- Example
1) The Tylenol case (1982) - Crisis created by sabotage
through product tamper (Johnson & Johnson)
2) Union Carbide, USA : Leakage of toxic cyanide
vapour in its factory in India that killed thousands
of residents in the surrounding area.
3) Companies occupied the twin towers of World trade
Centre , terrorist attack
4) Commercial Union Insurance Ltd, UK (terrorist
bombing)
Crisis arising from bombing of its headquarter by
terrorist on Friday . However, it managed to operate
its business on following Monday in an alternate
premise through the implementation of its crisis
management plan : Famous slogan in its
advertisement Business as usual on Monday.
76
77
l
l-->Crisis --->Inaction --->Recognition--->Change-->improvement
l
Management
error
l
Failure
78
17
14
Mismanagement
12
10
Labour disputes
Casualty accidents
Consumer activitism
Catastrophes
Financial damages
Source : ICM
81
Rank
Supermarket
Investment banking
Restaurants
Aerospace industry
Telecommunication
Discount stores
10
Source : ICM
82
83
84
5.2.3
86
87
88
4.3.3
89
90
92
94
95
96
99
Case
Effective Crisis Management : The Tylenol Case
Company : Johnson & Johnson (J & J) USA (1982)
In September 1982, seven people in Chicago died from
taking Tylenol capsules, a pain- killer capsule made by
J & J. Police investigation discovered
that someone had removed the packages from
the shops and added cyanide(a highly toxic
chemical) to the capsules and placed packages back
to the shelves in these shops, ( at the time, tamper resistant proof packaging were not used).
100
102
103
.
- to provide alternative premises for
manufactures, storage or administration;
- alternative plant and machinery or perhaps
involving contracting out or other channel of
distribution of products.
105
Summary,
- Contingency plan should be carefully developed,
detailed in writing, adequately implemented, and
constantly revised to meet changing conditions of
dynamic business environment.
- Contingency planning enables
i) planning to be done at leisure, when all the
necessary specialist advice can be obtained
ii) organization to take actions with minimum of
delay
106