College of Central Florida Wk 1 Risk Management Chapter Discussion

FIND A SOLUTION AT Academic Writers Bay

01 Approaches to defining risk Definitions of risk The Oxford English Dictionary definition of risk is as follows: ‘a chance or possibility of danger, loss, injury or other adverse consequences’, and the definition of at risk is ‘exposed to danger’. In this context, risk is used to signify negative consequences. However, taking a risk can also result in a positive outcome. A third possibility is that risk is related to uncertainty of outcome. Take the exle of owning a motor car. For most people, owning a car is an opportunity to become more mobile and gain the related benefits. However, there are uncertainties in owning a car that are related to maintenance and repair costs. Finally, motor cars can be involved in accidents, so there are obvious negative outcomes that can occur. It is also important to remember the legal obligations associated with car ownership and the rules that must be obeyed when the car is being driven on a road. Definitions of risk can be found from many sources, and some key definitions are set out in Table 1.1. An alternative definition is also provided to illustrate the broad nature of risks that can affect organizations. The Institute of Risk Management (IRM) defines risk as the combination of the probability of an event and its consequence. Consequences can range from positive to negative. This is a widely applicable and practical definition that can be easily applied. The international guide to risk-related definitions is ISO Guide 73, and it defines risk as the ‘effect of uncertainty on objectives’. This definition appears to assume a certain level of knowledge about risk management and it is not easy to apply to everyday life. The meaning and application of this definition will become clearer as the reader progresses through this book. An earlier version of Guide 73 (2002) also notes that an effect may be positive, negative, or a deviation from the expected. These three types of events can be related to risks as opportunity, hazard or uncertainty, and this relates to the exle of motor car ownership outlined above. The guide notes that risk is often described by an event, a change in circumstances, a consequence, or a combination of these and how they may affect the achievement of objectives. Approaches to defining risk The Institute of Internal Auditors (IIA) defines risk as the uncertainty of an event occurring that could have an impact on the achievement of objectives. The IIA adds that risk is measured in terms of consequences and likelihood. Different disciplines define the term risk in very different ways. The definition used by health and safety professionals is that risk is a combination of likelihood and magnitude, but this may not be sufficient for more general risk management purposes. Given that there are many available definitions for the word risk, it is important that the organization chooses the definition that is most suitable for its own pur- poses. The definition can be as narrow or as comprehensive as the organization wishes. As a version of a comprehensive definition of the word risk, the author offers the following: An event with the ability to impact (inhibit, enhance or cause doubt about) the effectiveness and efficiency of the core processes of an organization. Risk in an organizational context is usually defined as anything that can impact the fulfilment of corporate objectives. However, corporate objectives are usually not fully stated by most organizations. Where the objectives have been established, they tend to be stated as internal, annual, change objectives. This is particularly true of the personal objectives set for members of staff in the organization, where objectives usually refer to change or developments, rather than the continuing or routine operations of the organization. TAb LE 1. 1 Definitions of risk Organization Definition of risk ISO Guide 73 ISO 31000 Effect of uncertainty on objectives. Note that an effect may be positive, negative, or a deviation from the expected. Also, risk is often described by an event, a change in circumstances or a consequence. Institute of Risk Management (IRM) Risk is the combination of the probability of an event and its consequence. Consequences can range from positive to negative. Orange Book from HM Treasury Uncertainty of outcome, within a range of exposure, arising from a combination of the impact and the probability of potential events. Institute of Internal Auditors The uncertainty of an event occurring that could have an impact on the achievement of the objectives. Risk is measured in terms of consequences and likelihood. 16 Approaches to defining risk It is generally accepted that risk is best defined by concentrating on risks as events, as in the definition of risk provided in ISO 31000 and the definition provided by the Institute of Internal Auditors, set out in Table 1.1. In order for a risk to materialize, an event must occur. Therefore, perhaps a risk can simply be considered to be ‘an unplanned event with unexpected consequences’. Greater clarity is likely to be brought to the risk management process if the focus is on events. For exle, consider what could disrupt a theatre performance. The events that could cause disruption include a power cut, the absence of a key actor, or a substantial transport failure or road closures that delay the arrival of the audience, as well as the illness of a significant number of staff. Having identified the events that could disrupt the performance, the management of the theatre needs to decide what to do to reduce the chances of one of these events causing the cancellation of a performance. This analysis by the management of the theatre is an exle of risk management in practice. types of risks Risk may have positive or negative outcomes or may simply result in uncertainty. Therefore, risks may be considered to be related to an opportunity or a loss or the presence of uncertainty for an organization. Every risk has its own characteristics that require particular management or analysis. In this book, risks are divided into four categories: ● ● ● ● compliance (or mandatory) risks; hazard (or pure) risks; control (or uncertainty) risks; opportunity (or speculative) risks. In general terms, organizations will seek to minimize compliance risks, mitigate hazard risks, manage control risks and embrace opportunity risks. However, it is important to note that there is no ‘right’ or ‘wrong’ subdivision of risks. Readers will encounter other subdivisions in other texts and these may be equally appropriate. It is, perhaps, more common to find risks described as two types, pure or speculative. Indeed, there are many debates about risk management terminology. Whatever the theoretical discussions, the most important issue is that an organization adopts the risk classification system that is most suitable for its own circumstances. There are certain risk events that can only result in negative outcomes. These risks are hazard risks or pure risks, and these may be thought of as operational or insurable risks. In general, organizations will have a tolerance of hazard risks, and these need to be managed within the levels that the organization can tolerate. A good exle of a hazard risk faced by many organizations is that of theft. There are other risks that give rise to uncertainty about the outcome of a situation. These can be described as control risks and are frequently associated with project management. In general, organizations will have an aversion to control risks. Uncertainties can be associated with the benefits that the project produces, as well as 17 Approaches to defining risk uncertainty about the delivery of the project on time, within budget and to specification. The management of control risks will often be undertaken in order to ensure that the outcome from the business activities falls within the desired range. The purpose is to reduce the variance between anticipated outcomes and actual results. At the same time, organizations deliberately take risks, especially marketplace or commercial risks, in order to achieve a positive return. These can be considered as opportunity or speculative risks, and an organization will have a specific appetite for investment in such risks. Opportunity risks relate to the relationship between risk and return. The purpose is to take action that involves risk to achieve positive gains. The focus of opportunity risks will be towards investment. The application of risk management tools and techniques to the management of hazard risks is the best and longest-established branch of risk management, and much of this text will concentrate on hazard risks. There is a hierarchy of controls that apply to hazard risks, and this is discussed in Chapter 16. Hazard risks are associated with a source of potential harm or a situation with the potential to undermine objectives in a negative way and hazard risk management is concerned with mitigating the potential impact. Hazard risks are the most common risks asso- ciated with operational risk management, including occupational health and safety programmes. Control risks are associated with unknown and unexpected events. They are sometimes referred to as uncertainty risks and they can be extremely difficult to quantify. Control risks are often associated with project management and the implementation of tactics. In these circumstances, it is known that the events will occur, but the precise consequences of those events are difficult to predict and control. Therefore, the approach is based on managing the uncertainty about the potential impacts and consequences of these events There are two main aspects associated with opportunity risks. There are risks/ dangers associated with taking an opportunity, but there are also risks associated with not taking the opportunity. Opportunity risks may not be visible or physically apparent, and they are often financial in nature. Although opportunity risks are taken with the intention of obtaining a positive outcome, this is not guaranteed. Nevertheless, the overall approach is to embrace the opportunity and the associated opportunity risks. Opportunity risks for small businesses include moving a business to a new location, acquiring new property, expanding a business and diversifying into new products. Risk description In order to fully understand a risk, a detailed description is necessary so that a common understanding of the risk can be identified and ownership/responsibilities may be clearly understood. Table 1.2 lists the range of information that must be recorded to fully understand a risk. The list of information set out in Table 1.2 is most applicable to hazard risks and the list will need to be modified to provide a full description of control or opportunity risks. 18 Approaches to defining risk TAb LE 1. 2 Risk description Statement of risk, including scope of risk and details of possible events and dependencies Nature of risk, including details of the risk classification and timescale of potential impact Stakeholders in the risk, both internal and external Risk attitude, appetite, tolerance, limits for the risk and/or risk criteria Likelihood and magnitude of event and consequences should the risk materialize at current /residual level Control standard required, target level of risk or risk criteria Incident and loss experience Existing control mechanisms and activities Responsibility for developing risk strategy and policy Potential for risk improvement and level of confidence in existing controls Risk improvement recommendations and deadlines for implementation Responsibility for implementing improvements Responsibility for auditing risk compliance So that the correct range of information can be collected about each risk, the distinction between compliance, hazard, control and opportunity risks needs to be clearly understood. The exle below is intended to distinguish between these four types of risk, so that the information required in order to describe each type of risk can be identified. range of computer risks better results by installing the new software, but it is possible that the new software will fail to deliver all of the functionality that was intended and the opportunity benefits will not be undermine the operations of the organization. 19 Approaches to defining risk Inherent level of risk It is important to understand the uncontrolled level of all risks that have been identified. This is the level of the risk before any actions have been taken to change the likelihood or magnitude of the risk. Although there are advantages in identifying the inherent level of risk, there are practical difficulties in identifying this with some types of risks. Identifying the inherent level of the risk makes it possible to identify the importance of the control measures in place. The IIA has previously held the view that the assessment of all risks should commence with the identification of the inherent level of the risk. The guidance from the IIA has previously stated that: ‘in the risk assessment, we look at the inherent risks before considering any controls.’ Although there is considerable debate about whether to undertake risk assessment at inherent or current level, the purpose of any risk assessment remains the same. It is to identify what is believed to be the current level of the risk and identify the key controls that are in place to ensure that the current level is actually achieved. Often, a risk matrix is used to show the inherent level of the risk in terms of likelihood and magnitude. The residual or current level of the risk can then be identified, after the control or controls have been put in place. The effort that is required to reduce the risk from its inherent level to its current level can be clearly indicated on the risk matrix. Terminology varies and the inherent level of risk is sometimes referred to as the absolute risk or gross risk. Also, the current level of risk is often referred to as the residual level, net level or the managed level of risk. The exle in the box below provides an exle of how inherently high-risk activities are reduced to a lower level of risk by the application of sensible and practical risk response options. Crossing the road is paid to the control measures in place, because the perception of risk is much higher. Risk classification systems Risks can be classified according to the nature of the attributes of the risk, such as timescale for impact, and the nature of the impact and/or likely magnitude of the risk. They can also be classified according to the timescale of impact after the event 20 Approaches to defining risk occurs. The source of the risk can also be used as the basis of classification. In this case, a risk may be classified according to its origin, such as counterparty or credit risk. A further way of classifying risks is to consider the nature of the impact. Some risks can cause detriment to the finances of the organization, whereas others will have an impact on the activities or the infrastructure. Further, risks may have an impact on the reputation of the organization, or on its status and the way it is perceived in the marketplace. Risks may also be classified according to the component or feature of the organization that will be impacted. For exle, risks can be classified according to whether they will impact people, premises, processes or products. An important consideration for organizations when deciding their risk classification system is to determine whether the risks will be classified according to the source of the risk, the component impacted or of the consequences of the risk materializing. Individual organizations will decide on the risk classification system that suits them best, depending on the nature of the organization and its activities. Also, many risk management standards and frameworks suggest a specific risk classification system. If the organization adopts one of these standards, then it will tend to follow the classification system recommended. The risk classification system that is selected should be fully relevant to the organization concerned. There is no universal classification system that fulfils the requirements of all organizations. It is likely that each risk will need to be classified in several ways in order to clearly understand its potential impact. However, many classification systems offer common or similar structures, as described in Chapter 11. Risk likelihood and magnitude Risk likelihood and magnitude are best demonstrated using a risk matrix. Risk matrices can be produced in many formats. Whatever format is used for a risk matrix, it is a very valuable tool for the risk management practitioner. The basic style of risk matrix plots the likelihood of an event against the magnitude or impact should the event materialize. Figure 1.1 is an illustration of a simple risk matrix, also referred to as a risk map or heat map. This is a commonly used method of illustrating risk likelihood and the magnitude (or severity) of the event should the risk materialize. The use of the risk matrix to illustrate risk likelihood and magnitude is a fundamentally important risk management tool. The risk matrix can be used to plot the nature of individual risks, so that the organization can decide whether the risk is acceptable and within the risk appetite and/or risk capacity of the organization. Throughout this book, a standard format for presenting a risk matrix has been adopted. The horizontal axis is used to represent likelihood. The term likelihood is used rather than frequency, because the word frequency implies that events will definitely occur and the risk matrix is registering how often these events take place. Likelihood is a broader word that includes frequency, but also refers to the chances of an unlikely event happening. However, in risk management literature, the word ‘probability’ will often be used to describe the likelihood of a risk materializing. 21 Approaches to defining risk The vertical axis is used to indicate magnitude in Figure 1.1. The word magnitude is used rather than severity, so that the same style of risk matrix can be used to illustrate compliance, hazard, control and opportunity risks. Severity implies that the event is undesirable and is, therefore, related to compliance and hazard risks. The magnitude of the risk may be considered to be its gross or inherent level before controls are applied. Figure 1.1 plots likelihood against the magnitude of an event. However, the more important consideration for risk managers is not the magnitude of the event, but the impact of the event and the consequences that follow. For exle, a large fire could occur that completely destroys a warehouse of a distribution and logistics company. Although the magnitude of the event may be large, if sufficient insurance is in place, the impact in terms of financial costs for the company could be minimal, and if the company has produced plans to cope with such an event, the consequences for the overall business may be much less than would otherwise be anticipated. The magnitude of an event may be considered to be the inherent level of the event and the impact can be considered to be the risk-managed level. Because the impact (and the associated consequences) of an event is usually more important than its magnitude (or severity), every risk matrix used in the remainder of this book will plot impact against likelihood, rather than magnitude against likelihood. FIg URE 1. 1 Risk likelihood and magnitude Magnitude Low likelihood High magnitude High likelihood High magnitude Low likelihood Low magnitude High likelihood Low magnitude Likelihood 22 Approaches to defining risk The risk matrix is used throughout this book to provide a visual representation of risks. It can also be used to indicate the likely risk control mechanisms that can be applied. The risk matrix can also be used to record the inherent, current (or residual) and target levels of the risk. Shading or colour coding is often used on the risk matrix to provide a visual representation of the importance of each risk under consideration. As risks move towards the top right-hand corner of the risk matrix, they become more likely and have a greater impact. Therefore, the risk becomes more important and immediate and effective risk control measures need to be in place. 23 24 02 Impact of risk on organizations Level of risk Following the events in the world financial system during 2008, all organizations are taking a greater interest in risk and risk management. It is increasingly understood that the explicit and structured management of risks brings benefits. By taking a proactive approach to risk and risk management, organizations will be able to achieve the following four areas of improvement: ● ● ● ● Strategy, because the risks associated with different strategic options will be fully analysed and better strategic decisions will be reached. Tactics, because consideration will have been given to selection of the tactics and the risks involved in the alternatives that may be available. Operations, because events that can cause disruption will be identified in advance and actions taken to reduce the likelihood of these events occurring, limit the damage caused by these events and contain the cost of the events. Compliance will be enhanced because the risks associated with failure to achieve compliance with statutory and customer obligations will be recognized. It is no longer acceptable for organizations to find themselves in a position whereby unexpected events cause financial loss, disruption to normal operations, damage to reputation and loss of market presence. Stakeholders now expect that organizations will take full account of the risks that may cause disruption within operations, late delivery of projects or failure to deliver strategy. The exposure presented by an individual risk can be defined in terms of the likelihood of the risk materializing and the impact of the risk when it does materialize. As risk exposure increases, the likely impact will also increase. Guide 73 refers to this measurement of likelihood and impact as being the current or residual ‘level of risk’. This level of risk should be compared with the risk attitude and risk appetite of the organization for risks of that type. The risk appetite will sometimes be described as a set of risk criteria. Throughout this book, the term ‘magnitude’ is used to indicate the size of the event that has occurred or might occur. The term ‘impact’ is used to define how the event affects the finances, operations, reputation and/or marketplace (FIRM) of the organization. This use of terminology is also consistent with the use of impact in Impact of risk on organizations business continuity planning evaluations. This is a measure of the risk at the current level. The term ‘consequences’ is used in this book to indicate the extent to which the event results in failure to achieve effective and efficient strategy, tactics, operations and compliance (STOC). Injury to key player a significant length of time. There is likely to be a substantial impact, which will be most obvious on the pitch where the success of the team is likely to be reduced. to reduce the potential for loss of income should also be considered. Impact of hazard risks Hazard risks undermine objectives, and the level of impact of such risks is a measure of their significance. Risk management has its longest history and earliest origins in the management of hazard risks. Hazard risk management is closely related to the management of insurable risks. Remember that a hazard (or pure) risk can only have a negative outcome. Hazard risk management is concerned with issues such as health and safety at work, fire prevention, avoiding damage to property and the consequences of defective products. Hazard risks can cause disruption to normal operations, as well as resulting in increased costs and poor publicity associated with disruptive events. Hazard risks are related to business dependencies, including IT and other supporting services. There is increasing dependence on the IT infrastructure of most organizations and IT systems can be disrupted by computer breakdown or fire in server rooms, as well as virus infection and deliberate hacking or computer attacks. Theft and fraud can also be significant hazard risks for many organizations. This is especially true for organizations handling cash or managing a significant number of financial transactions. Techniques relevant to the avoidance of theft and fraud include adequate security procedures, segregation of financial duties, and authorization and delegation procedures, as well as the vetting of staff prior to employment. It is worth reflecting on terminology, because this is especially important in relation to hazard risks, if an event occurs. If a hazard risk materializes, it may have a very large magnitude, such as the destruction of the main distribution warehouse of an organization. This large magnitude event will have an impact on the organization related to potential financial costs, destruction of infrastructure, damage to reputation and the inability to function in the marketplace. Magnitude represents the gross or inherent level of the risk. 25 Impact of risk on organizations However, the impact of the event will be reduced because of the controls that are in place. Impact represents the net, residual or current level of the risk. These controls reduce the financial impact, the extent of destruction of infrastructure, as well as controls designed to protect reputation and marketplace activities. But, what is also important for the organization is the consequences of the major warehouse fire. These consequences relate to the effect that the fire might have on the strategy, tactics, operations and compliance activities within the organization. It is possible that a major fire will cause significant financial loss that is covered by insurance, so that this large magnitude event has little impact on the finances of the organization. Effective crisis management and business continuity will ensure that the consequences of this major fire from the point of view of customers will be so well managed that customers need not be aware that a major fire has taken place. Finally, the importance of compliance risks should not be underestimated. Compliance risks can be substantial for many organizations, especially those business sectors that are heavily regulated. In some cases, compliance with mandatory requirements, represents a ‘licence to operate’ and failure to achieve the level of compliance activities required by the relevant regulator can have a significant impact on the reputation of the organization and substantial consequences for routine business activities. of risks Although most standard definitions of risk refer to risks as being attached to corporate objectives, Figure 2.1 provides an illustration of the options for the of risks. Risks are shown in the diagram as being capable of impacting the key dependencies that deliver the core processes of the organization. Corporate objectives and stakeholder expectations help define the core processes of the organization. These core processes are key components of the existing nature and future enhancement of the business model and can relate to operations, tactics and corporate strategy, as well as compliance activities, as considered further in Chapter 19. The intention of Figure 2.1 is to demonstrate that significant risks can be attached to features of the organization other than corporate objectives. Significant risks can be identified by considering the key dependencies of the organization, the corporate objectives and/or the stakeholder expectations, as well as by analysis of the core processes of the organization. For exle, the failure of Northern Rock occurred because the wholesale money markets, on which the bank depended, stopped functioning. Another way of viewing the concept of of risks is to consider that the features shown in Figure 2.1 offer alternative starting points for undertaking a risk assessment. For exle, a risk assessment can be undertaken by asking ‘what do stakeholders expect of us?’ and ‘what risks could impact the delivery of those stakeholder expectations?’ In the build-up to the recent financial crisis, banks and other financial institutions established operational and strategic objectives. By analysing these objectives and identifying the risks that could prevent the achievement of them, risk management made a contribution to the achievement of the high-risk objectives that ultimately led to the failure of the organizations. This exle illustrates that attaching risks to 26 Impact of risk on organizations FIg URE 2.1 of risks Strategic or business plan (and annual budget) Stakeholder expectations objectives Core processes Key dependencies Support or deliver Impact or attach attributes other than objectives is not only possible but may well have been desirable in these circumstances. It is clearly the case that risks are greater in circumstances of change. Therefore, linking risks to change objectives is not unreasonable, but the analysis of each objective in turn may not lead to robust risk recognition/identification. In any case, business objectives are usually stated at too high a level for the successful of risks. 27 Impact of risk on organizations To be useful to the organization, the corporate objectives should be presented as a full statement of the short-, medium- and long-term aims of the organization. Internal, annual, change objectives are usually inadequate, because they may fail to fully identify the operational (or efficiency), change (or competition) and strategic (or leadership) requirements of the organization. The most important disadvantage associated with the ‘objectives-driven’ ap- proach to risk and risk management is the danger of considering risks out of the context that gave rise to them. Risks that are analysed in a way that is separated from the situation that led to them will not be capable of rigorous and informed evaluation. It can be argued that a more robust analysis can be achieved when a ‘dependencies-driven’ approach to risk management is adopted. It remains the case that many organizations continue to use an analysis of corporate objectives as a means of identifying risks, because some benefits do arise from this approach. For exle, using this ‘objectives-driven’ approach facilitates the analysis of risks in relation to the positive and uncertain aspects of the events that may occur, as well as facilitating the analysis of the negative and compliance aspects. If the decision is taken to attach risks to the objectives of the organization, it is important that these objectives have been fully and completely developed. Not only do the objectives need to be challenged to ensure that they are full and complete, but the assumptions that underpin the objectives should also receive careful and critical attention. Core processes are discussed in Chapter 19 and may be considered as the high- level processes that drive the organization. In the exle of a sports club, one of the key processes is the operational process of ‘delivering successful results on the pitch’. Risks may be attached to this core process, as well as being attached to objec- tives and/or key dependencies. Core processes can be classified as strategic, tactical, operational and compliance (STOC). In all cases, the core processes need to be effective and efficient. Mature (or sophisticated) risk management activities can then be designed to enhance the effectiveness and efficiency of core processes. Although risks can be attached to other features of the organization, the standard approach is to attach risks to corporate objectives. One of the standard definitions of risk is that it is something that can impact (undermine, enhance or cause doubt about) the achievement of corporate objectives. This is a useful definition, but it does not provide the only starting point for identifying significant risks. of risks to key dependencies and, especially, stakeholder expectations is becoming more common. The importance of stakeholders and their expectations is considered in more detail in Chapter 29. The use of key dependencies to identify risks can be a straightforward exercise. The organization will need to ask what are the features or components of the organization and its external context that are key to success. This will result in the identification of the strengths, weaknesses, opportunities and threats facing the organization. This is often referred to as a SWOT analysis. Having identified the key dependencies, as set out in Table 13.1, the organization can then consider the risks that will impact these dependencies. This approach is discussed in more detail with practical exles of risks provided in Table 13.1 and Table 15.2. 28 Impact of risk on organizations Risk and reward Another feature of risk and risk management is that many risks are taken by organizations in order to achieve a reward. Figure 2.2 illustrates the relationship between the level of risk and the anticipated size of reward. A business will launch a new product because it believes that greater profit is available from the successful marketing of that product. In launching a new product, the organization will put resources at risk because it has decided that a certain amount of risk taking is appropriate. The value at risk represents the risk appetite of the organization with respect to the activity that it is undertaking. When an organization puts value at risk in this way, it should do so with the full knowledge of the risk exposure and it should be satisfied that the risk exposure is within the appetite of the organization. Even more important, it should ensure that it has sufficient resources to cover the risk exposure. In other words, the risk exposure should be quantified, the appetite to take that level of risk should be confirmed, and the capacity of the organization to withstand any foreseeable adverse consequences should be clearly established. Not all business activities will offer the same return for the same level of risk taken. Start-up operations are usually high risk and the initial expected return may be low. Figure 2.2 demonstrates the probable risk versus reward development for a new organization or a new product. The activity will commence in the bottom righthand corner as a start-up operation, which is high risk and low return. FIg URE 2.2 Risk and reward Potential reward Mature operation Decline Start-up operation Level of risk 29 Impact of risk on organizations As the business develops, it is likely to move to a higher return for the same level of risk. This is the growth phase for the business or product. As the investment matures, the reward may remain high, but the risks should reduce. Eventually, an organization will become fully mature and move towards the low-risk and low-return quadrant. The normal expectation in very mature markets is that the organization or product will be in decline. The particular risks that the organization faces will need to be identified by management or by the organization. Appropriate risk management techniques will then need to be applied to the risks that have been identified. The nature of these risk responses and the nature of their impact is considered in Part Four of this book. The above discussion about risk and reward applies to opportunity risks. However, it must always be the case that risk management effort produces rewards. In the case of hazard risks, it is likely that the reward for increased risk management effort will be fewer disruptive events. In the case of project risks, the reward for increased risk management effort will be that the project is more likely to be delivered on time, within budget and to specification/quality. For opportunity risks, the risk versus reward analysis should result in fewer unsuccessful new products and a higher level of profit or (at worst) a lower level of loss for all new activities or new products. In all cases, profit or enhanced level of service is the reward for taking risk. The concept of the risk versus reward analysis in relation to strategic risks is considered in more detail in Figure 15.2. risk versus reward have proved to be a very good decision. In fact, the rain did not start for four or five laps, by which time the driver had been overtaken by most other drivers and his set of wet-weather tyres were ruined in the dry conditions. He had to return to the pits for a further set of new tyres more suited to the race conditions. In this case, a high-risk strategy was adopted in anticipation of significant resulted. Attitudes to risk Different organizations will have different attitudes to risk. Some organizations may be considered to be risk averse, whilst others will be risk aggressive. To some extent, the attitude of the organization to risk will depend on the sector and the nature and maturity of the marketplace within which it operates, as well as the attitude of the individual board members. 30 Impact of risk on organizations 31 Risks cannot be considered outside the context that gave rise to them. It may appear that an organization is being risk aggressive, when in fact, the board has decided that there is an opportunity that should not be missed. However, the fact that the opportunity entails high risk may not have been fully considered. One of the major contributions from successful risk management is to ensure that strategic decisions that appear to be high risk are actually taken with all of the information available. Improvement in the robustness of decision-making activities is one of the key benefits of risk management. Attitude to risk is a complex subject and is closely related to the risk appetite of the organization, but they are not the same. Risk attitude indicates the long-term view of the organization to risk and risk appetite indicates the short-term willingness to take risk. This is similar to the dif- ference between the long-term or established attitude of an individual towards the food they eat and their appetite for food at a particular moment in time. Other key factors that will determine the attitude of the organization to risk include the stage in the maturity cycle, as shown in Figure 2.2. For an organization that is in the start-up phase, a more aggressive attitude to risk is required than for an organization that is enjoying growth or one that is a mature organization in a mature marketplace. Where an organization is operating in a mature marketplace and is suffering from decline, the attitude to risk will be much more risk averse. It is because the attitude to risk has to be different when an organization is a startup operation rather than a mature organization, that it is often said that certain highprofile businessmen are very good at entrepreneurial start-up but are not as successful in running mature businesses. Different attitudes to risk are required at different parts of the business maturity cycle shown in Figure 2.2. The referendum in the UK on continued membership of the European Union (EU) in June 2016 resulted in a vote in favour of British exit (Brexit). The UK government has to activate the procedure for the UK to leave the EU. The text box below provides an outline of the most commonly discussed options available to the UK government. Overall, the challenge for the UK government is to ensure the continued success of the UK economy based on a Brexit strategy and tactics that will ensure the continued resilience of the UK. Brexit: what departure options exist for the UK Key benefits for businesses that arise from EU membership include: the existence of a single market: there are no tariffs or other barriers to trade; the freedom to provide services and freedom of establishment; ‘passporting’ that allows financial services to be traded across the EU; visa-free migration of people within the EU; access to EU free-trade agreements with 53 countries around the world. ▲ to retain. Broadly, there are three models that the UK could target. Impact of risk on organizations the norwegian model single market, but must adopt EU standards and regulations and is unable to impose immigration restrictions. Also, Norway must contribute towards the EU budget. the swiss model allows it to access certain selected parts of the Europeanmarket inreturnfor accepting EU legislation in relevant areas as well as making contributions to the EU budget. the Canadian model that has ever been created, and it is possible that the UK could aim to replicate this sort of relationship. Such an agreement might not allow the continued passporting of financial services. All these models struggle to reconcile the central issue of regulatory control. Using and opportunities for business. Risk and triggers Risk is sometimes defined as uncertainty of outcomes. This is a somewhat technical, but nevertheless useful, definition and it is particularly applicable to the management of control risks. Control risks are the most difficult to identify and define, but are often associated with projects. The overall intention of a project is to deliver the desired outcomes on time, within budget and to specification, quality or performance. For exle, when a building is being constructed, the nature of the ground conditions may not always be known in detail. As the construction work proceeds, more information will be available about the nature of the conditions. This information may be positive news that the ground is stronger than expected and less foundation work is required. Alternatively, it may be discovered that the ground is contaminated or is weaker than expected or that there are other potentially adverse circumstances, such as archaeological remains being discovered. Given this uncertainty, these risks should be considered to be control risks and the overall management of the project should take account of the uncertainty associated with these different types of risk. It would be unrealistic for the project manager to assume that only adverse aspects of the ground conditions will be discovered. Likewise, it would be unwise for the project manager to assume that conditions will be better than expected, just because s/he wants that to be the case. Because control risks cause uncertainty, it may be considered that an organization will have an aversion to them. Perhaps, the real aversion is to the potential variability 32 Impact of risk on organizations in outcomes that then need to be managed. A certain level of deviation from the project plan can be tolerated, but it must not be too great. Tolerance in relation to control risks can be considered to have the same meaning as in the manufacture of engineering components, where the components must be of a certain size, within acceptable tolerance limits. A means of representing the risk management process so that it becomes more accessible to managers and other stakeholders concerned with risk management activities is constantly developing. One of the tools for representing risk management activities that has recently been developed is the bow-tie. The bow-tie as a representation of the risk management process is used several times throughout this book. Figure 2.3 shows a simple representation of the bow-tie applicable to events that can cause disruption to normal efficient operations. FIg URE 2.3 Source Strategic Disruptive events and the bow-tie Category People Premises Impact Financial Products Tactical Infrastructure Disruption Reputational Marketplace The left-hand side of the bow-tie represents the source of a particular hazard and will indicate the classification system used by the organization for sources of risk. In Figure 2.3, these sources of risk used are the high-level sources of strategic, tactical, operational and compliance (STOC) risks. The right-hand side of the bow-tie sets out the impact should the risk events occur, and Figure 2.3 uses the high-level com- ponents of financial, infrastructure, reputational and marketplace (FIRM) impact of a risk materializing. In the centre of the bow-tie is the risk event. Table 3.2 indicates the categories of disruption that can affect organizations, and the same categories of people, premises, processes and products are used here. The purpose of using the bow-tie illustration is to demonstrate the risk classification systems used by the organization and the potential range of impacts should a risk materialize. Controls can be put in place to prevent the event occurring and these can be represented by vertical lines on the left-hand side of the bow-tie. In a similar manner, recovery controls can be represented on the right-hand side of the bow-tie. 33 Impact of risk on organizations The bow-tie representation of the risk management process can be used in many ways, including the representation of opportunity risks. Additionally, the bow-tie can be used to illustrate the various types of controls that are available to organizations and this is discussed in more detail in Chapter 13 on loss control. Use of the bow-tie has become widespread, especially in the public sector. The box below provides a practical application of the bow-tie to the identification of preventive and response controls related to a fire in the kitchen of a residential home. risk management and the bow-tie a risk is using a bow-tie. along with the preventive controls to stop the risk occurring. The impact of the risk is also risk should it occur. Source of risk Preventive controls Response controls Impact Event Asset Unattended cooking Supervision Fire extinguisher Kitchen fire Fire alarm Maintenance Faulty electrical equipment Smoke Death 34 Impact of risk on organizations 03 types of risks timescale of risk impact Risks can be classified in many ways. Hazard risks can be divided into many types of risks, including risks to property, risks to people and risks to the continuity of a business. There are a range of formal risk classification systems and these are considered in Chapter 11. Although it should not be considered to be a formal risk classification system, this part considers the value of classifying risks according to the timeframe for the impact of the risk. The classification of risks as long-, medium- and short-term impact is a very useful means of analysing the risk exposure of an organization. These risks will be related to the strategy, tactics and operations of the organization, respectively. In this context, risks may be considered as related to events, changes in circumstances, actions or decisions. In general terms, long-term risks will impact several years, perhaps up to five years, after the event occurs or the decision is taken. Long-term risks therefore relate to strategic decisions. When a decision is taken to launch a new product, the result of that decision (and the success of the product itself) may not be fully apparent for some time. Medium-term risks have their impact some time after the event occurs or the decision is taken, and typically this will be about a year later. Medium-term risks are often associated with projects or programmes of work. For exle, if a new computer software system is to be installed, then the choice of computer system is a long-term or strategic decision. However, decisions regarding the project to implement the new software will be medium-term decisions with medium-term risks attached. Short-term risks have their impact immediately after the event occurs. Accidents at work, traffic accidents, fire and theft are all short-term risks that have an immediate impact and immediate consequences as soon as the event has occurred. These shortterm risks cause immediate disruption to normal efficient operations and are probably the easiest types of risks to identify and manage or mitigate. Insurable risks are quite often short-term risks, although the exact timing and magnitude/impact of the insured events is uncertain. In other words, insurance is designed to provide protection against risks that have immediate consequences. In the case of insurable risks, the nature and consequences of the event may be understood, but the timing of the event is unpredictable. In fact, whether the event will occur at all is not known at the time the insurance policy is taken out. 35 Types of risks By way of exle, consider the operation of a new computer software system in more detail. The organization will install the new software in anticipation of gaining efficiency and greater functionality. The decision to install new software and the choice of the software involves opportunity risks. The installation will require a project, and certain risks will be involved in that. The risks associated with the project are control risks. After the new software has been installed, it will be exposed to hazard risks. It may not deliver all of the functionality required and the software may be exposed to various risks and virus infection. These are the hazard risks associated with this new software system. An increasingly important consideration for organizations is what will be the trigger mechanism that causes a risk to materialize. It may well be the case that the organization faces a number of serious risks and many of these might be catastrophic if they were to materialize. The challenge for management is then based on recognition of the circumstances in which one or more of the significant risk events may be triggered. The question of what would trigger such an event requires as much consideration as the source of the risk and the nature of the event if it was to happen. The box below considers the event that triggered the failure of Northern Rock. triggering major crises depositors for more than 150 years. to borrowers with a poor credit quality. the credit quality of the Northern Rock assets – its mortgages and loans – was in question. Four types of risk Chapter 1 states that risks can be divided into four categories and definitions of these four types of risk are also given in Appendix B. They are: ● ● ● ● compliance risks; hazard risks; control risks; opportunity risks. 36 Types of risks A common language of risk is required throughout an organization if the contribution of risk management is to be maximized. The use of a common language will also enable the organization to develop an agreed perception of risk and attitude to risk. Part of developing this common language and perception of risk is to agree a risk classification system or series of such systems. For exle, consider people reviewing their financial position and the risks they currently face regarding finances. It may be that the key financial dependencies relate to achieving adequate income and managing expenditure. The review should include an analysis of the risks to job security and pension arrangements, as well as property ownership and other investments. This part of the analysis will provide information on the risks to income and the nature of those risks (opportunity risks). As a practical exle of the nature of compliance, hazard, control and opportunity risks, Table 3.1 considers the risks associated with owning a car. In this case, the compliance risks relate to the legal obligations associated with owning and driving a car. The hazard risks relate to events that the owner does not want to occur. Uncertainties are the costs that are known to be involved, but these may vary. Finally, the opportunities are the benefits that car ownership offers. TAb LE 3.1 Risks associated with owning a car Opportunities of owning a car (events you hope will happen, but could fail to occur) 1. You can travel more easily than depending on others 2. Enhanced job opportunities because you will be more mobile 3. Save money on other forms of public transport Uncertainties of owning a car (events that you know will happen, but impacts are variable) 1. Cost of borrowing money to buy the car could change 2. Price of fuel (petrol or diesel) could go up or down 3. Maintenance, breakdown and repair costs will vary Hazards of owning a car (events that you do not want to happen and that can only be negative) 1. You pay too much for the car or it is in poor condition 2. You are involved in a collision or road accident 3. The car gets stolen or vindictively damaged Compliance requirements of owning a car (events that could result in regulatory enforcement) 1. Insufficient and/or inadequate third-party car insurance 2. Inattentive or aggressive driving results in traffic offence(s) 3. Tyres in poor condition and other maintenance obligations 37 Types of risks Regarding expenditure, the review will consider spending patterns to determine whether cost cutting is necessary (hazard risks). It will also consider leisure time activities, including holiday arrangements and hobbies, and there will be some uncertainties regarding expenditure and the costs of these activities (control risks). Hazard risks are the risks that can only inhibit achievement of the corporate mission. Typically, these are insurable-type risks or perils, and will include fire, storm, flood, injury and so on. The discipline of risk management has strong origins in the control and mitigation of hazard risks. Normal efficient operations may be disrupted by loss, damage, breakdown, theft and other threats associated with a wide range of dependencies. Table 3.2 gives exles of disruption caused by people, premises, processes and products (4Ps). These dependencies can also be sources of risk and the 4Ps can be considered to be an exle of a risk classification system. Control risks are risks that cause doubt about the ability to achieve the organization’s mission. Internal financial control protocols are a good exle of a response to a control risk. If the control protocols are removed, there is no way of being certain about what will happen. Control risks are the most difficult type of risk to describe, but Chapter 31 on project risk management will assist with understanding. Control risks are associated with uncertainty, and exles include the potential for failure to achieve legal compliance and losses caused by fraud. They are usually dependent on the successful management of people and effective implementation of control protocols. Although most organizations ensure that control risks are carefully managed, they may, nevertheless, remain potentially significant. Opportunity risks are the risks that are (usually) deliberately sought or embraced by the organization. These risks arise because the organization is seeking to enhance the achievement of the mission, although they might inhibit the organization if the outcome is adverse. This is the most important type of risk for the future long-term success of any organization. Many organizations are willing to invest in high-risk business strategies in anticipation of a high profit or return. These organizations may be considered to have a large appetite for opportunity investment. Often, the same organization will have the opposite approach to hazard risks and have a small hazard tolerance. This may be appropriate, because the attitude of the organization may be that it does not want hazard-related risks consuming the resources of the organization when it is putting so much value at risk investing in opportunities. As well as hazard, control and opportunity risks, the further category of compliance risks may require separate consideration. For highly regulated industries, such as energy, finance, gambling and transportation, compliance issues are very important. Because of the particular nature of compliance risks, they are often considered a separate category of risk and they are often managed or minimized differently. Many organizations will wish to ensure full compliance with all rules and regulations and run zero risk in this category. This may be possible for compliance risks, but is almost certainly not going to be the case for hazard, control and opportunity risks. Further consideration of compliance risks is included in Chapter 19, as part of the discussion of strategic, tactical, operational and compliance (STOC) risks. 38 Types of risks embrace opportunity risks Some risks are taken deliberately by organizations in order to achieve their mission. These risks are often marketplace or commercial risks that have been taken in the expectation of achieving a positive return. These opportunity risks can otherwise be referred to as commercial, speculative or business risks. Opportunity risks are the type of risk with potential to enhance (although they can also inhibit) the achievement of the mission of the organization. These risks are the ones associated with embracing business opportunities. All organizations have some appetite for seizing opportunities and are willing to invest in them. There will always be a desire for the organization to have effective and efficient operations, tactics and strategy. Opportunity risks are normally associated with the development of new or amended strategies, although opportunities can also arise from enhancing the efficiency of operations and implementing change initiatives. Every organization will need to decide what appetite it has for seizing new opportunities, and the level of investment that is appropriate. For exle, an organization may realize that there is a requirement in the market for a new product that its expertise would allow it to develop and supply. However, if the organization does not have the resources to develop the new product, it may be unable to implement that strategy and it would be unwise for it to embark on such a potentially highrisk course of action. It will be for the management of the company to decide whether they have an appetite for seizing the perceived opportunity. Just because the organization has that appetite, it does not mean that it is the correct thing to do. The board of the company should therefore be aware of the fact that, although they may have an appetite for seizing the opportunity, the organization might not have the risk capacity to support that course of action. Opportunity management is the approach that seeks to maximize the benefits of taking entrepreneurial risks. Organizations will have an appetite for investing in opportunity risks. There is a clear link between opportunity management and strategic planning. The desire is to maximize the likelihood of a significant positive outcome from investments in business opportunities. The exle below, related to personal lifestyle decisions, considers risk factors by classifying them as controllable and uncontrollable. Although the exle relates to personal health risk factors, consideration of whether business risks are within the control of the organization or not is an important component of successful business risk management. 39 Types of risks Heart disease risk factors risk factors does not mean a person will have a heart attack or stroke; however, with proper attentionto those risk factors that are controllable, onemayreduce the impact of thoserisk factors that cannot be controlled or changed. preventing and improving the controllable risk factors. Manage uncertainty risks When undertaking projects and implementing change, an organization has to accept a level of uncertainty. Uncertainty or control risks are an inevitable part of under- taking a project. A contingency fund to allow for the unexpected will need to be part of a project budget, as well as contingent time built into project schedules. When looking to develop appropriate responses to control risks, the organization must make the necessary resources available to identify the controls, implement the controls and respond to the consequences of any control risk materializing. The nature of control risks and the appropriate responses depend on the level of uncertainty and the nature of the risk. Uncertainty represents a deviation from the required or expected outcome. When an organization is undertaking a project, such as a process enhancement, the project has to be delivered on time, within budget and to specification. Also, the enhancement has to deliver the benefits that were required. Deviation from the anticipated benefits of a project represents uncertainties that can only be accepted within a certain range. Control management is the basis of the approach to risk management adopted by internal auditors and accountants. The risk management requirements of the UK corporate governance code (as at September 2016) concentrate on internal control with little reference to risk assessment. Control management is concerned with reducing the uncertainty associated with significant risks and reducing the variability of outcomes. There are dangers if the organization becomes too concerned with control management. The organization should not become obsessed with control risks, because it is sometimes suggested that over-focus on internal control and control management suppresses the entrepreneurial effort. 40 Types of risks Mitigate hazard risks As discussed in Chapters 1 and 2, organizations face exposure to a wide range of risks. These risks will be hazard risks, control risks and opportunity risks. Organizations need to tolerate a hazard risk exposure, accept exposure to control risks and invest in opportunity risks. In the case of health and safety risks, it is generally accepted that organizations should be intolerant of these and should take all appropriate actions to eliminate them. In practice, this is not possible and organizations will minimize safety risks to the lowest level that is cost-effective and in compliance with the law. For exle, an automatic braking system fitted to trains to stop them passing through red lights is technically feasible. However, this may represent an unreasonable investment for the train operating company. The consequences of trains going through red lights may be regarded as the risk exposure or hazard tolerance of the organization but the cost of introducing the automatic braking system may be considered to be prohibitively high. A less emotive exle is related to theft. Most organizations will suffer a low level of petty theft and this may be tolerable. For exle, businesses based in an office environment will suffer some theft of stationery, including paper, envelopes and pens. The cost of eliminating this petty theft may be very large and so it becomes costeffective for the organization to accept that these losses will occur. The approach to theft in shops may be very different in different retail sectors, as illustrated by the exle below. shop security standards are allowed into the shop one at a time. They are recorded on CCTV as they wait to enter. the shops suffer negligible rates of shoplifting. shoplifting. Shoplifting does occur, but at rates that are acceptable to the shop owners. Conversely, few potential customers are put off visiting the shop because of the measures. 41 Types of risks The range of hazard risks that can affect an organization needs to be identified. Hazard risks can result in unplanned disruption for the organization. Disruptive events cause inefficiency and are to be avoided, unless they are part of, for exle, planned maintenance or testing of emergency procedures. The desired state in relation to hazard risk management is that there should be no unplanned disruption or inefficiency from any of the reasons shown in Table 3.2. Table 3.2 provides a list of the events that can cause unplanned disruption or inefficiency. These events are divided into several categories, such as people, premises, processes and products. For each category of hazard risks, the organization needs to evaluate the types of incidents that could occur, the sources of those incidents and their likely impact on normal efficient operations. Management of hazard risks involves analysis and management of three aspects of the hazard risk. This is discussed in more detail in Chapters 16 and 23. In summary, the organization should look at the necessary actions to prevent the loss occurring, limit the damage that the event could cause and contain the cost of recovering from the event. Hazard management is traditionally the approach adopted by the insurance world. Organizations will have a tolerance of hazard risks. The approach should be based on reducing the likelihood and magnitude/impact of hazard losses. Insurance TAb LE 3.2 Categories of operational disruption Category exles of disruption People Lack of people skills and/or resources Inappropriate behaviour by a senior manager Unexpected absence of key personnel Ill-health, accident or injury to people Premises Inadequate, insufficient or denial of access to premises Damage to or contamination of premises Damage to and breakdown of physical assets Theft or loss of physical assets Processes Failure of IT hardware or software systems Disruption by hacker or computer virus Inadequate management of information Failure of communication or transport systems Products Poor product or service quality Disruption caused by failure of supplier Delivery of defective goods or components Failure of outsourced services and facilities 42 Types of risks represents the mechanism for limiting the financial cost of losses. Also, some hazard risks will be associated with regulatory requirements and may be considered to be compliance risks. Most organizations will seek to minimize compliance risks. When an organization considers the level of insurance that it will purchase, the hazard tolerance of the organization needs to be fully analysed. Organizations may be willing to accept a certain number of motor accidents as a financial cost that will be funded from the day-to-day profit and loss of the organization. This will only be tolerable up to a certain level and the organization will need to determine what level is acceptable. Insurance should then be purchased to cover losses that are likely to exceed that level. Minimize compliance risks All organizations will be aware of the wide range of compliance requirements that they have to fulfil. These compliance requirements vary considerably between business sectors, and many sectors are highly regulated with their own dedicated regulator for the industry or sector. For exle, organizations operating in the gambling or gaming industry have significant regulatory requirements placed on them in most countries in the world. Failure to comply with regulatory requirements may result in the ‘licence to operate’ being withdrawn by the regulator. If a regulator were to take this extreme action, the organization could ultimately cease to exist. All organizations that handle financial transactions are required to introduce procedures to reduce the chances of money-laundering activities being undertaken. Banks and other organizations that handle significant amounts of cash need to introduce money-laundering arrangements and, in many cases, a dedicated money-laundering senior executive. In the insurance industry, compliance issues are significant and can be complex. If an insurance policy is issued in one country to protect the assets and/or cover the liabilities in other countries, compliance issues present particular difficulties. Failure to comply with all obligations may result in insurance claims not being paid or, in the extreme, being illegal in a particular country, if an unauthorized type of insurance or illegal insurance policies have been issued. For organizations that do not have regulators dedicated to that industry or business sector, there are still a wide range of regulatory requirements that must be fulfilled. In particular, health and safety requirements exist in most countries in the world, and these place obligations on organizations to ensure the health, safety and welfare of employees and other persons who may be affected by their work activities. Typically, these safety requirements apply not only to the place of work under the direct control of the organization, but will extend to the health and safety of employees working in other countries. Also, detailed road safety obligations will apply to organizations that own vehicles, especially if they are engaged in the transportation of people or dangerous goods. Generally speaking, organizations will work towards ensuring full compliance with all applicable rules and regulations and, thereby, minimize the compliance risks. 43 Types of risks 44 In many cases, dedicated teams of specialist risk professionals will be employed and this is particularly the case in relation to health and safety, money-laundering and security arrangements. It is important for organizations to recognize their compliance risks and include consideration of these risks in their risk management activities. It is also important to ensure that the various areas of risk management expertise within the company co-operate with each other, so that an organized and/or co- ordinated approach to compliance is achieved.

Order from Academic Writers Bay
Best Custom Essay Writing Services


Why Choose Us?

  • non-plagiarized Papers
  • 24/7 /365 Service Available
  • Affordable Prices
  • Any Paper, Urgency, and Subject
  • Will complete your papers in 6 hours
  • On-time Delivery
  • Money-back and Privacy guarantees
  • Unlimited Amendments upon request
  • Satisfaction guarantee

How It Works

  • Click on the “Place Your Order” tab at the top menu or “Order Now” icon at the bottom and a new page will appear with an order form to be filled.
  • Fill in your paper’s requirements in the "PAPER DETAILS" section.
  • Fill in your paper’s academic level, deadline, and the required number of pages from the drop-down menus.
  • Click “CREATE ACCOUNT ; SIGN IN” to enter your registration details and get an account with us for record-keeping and then, click on “PROCEED TO CHECKOUT” at the bottom of the page.
  • From there, the payment sections will show, follow the guided payment process and your order will be available for our writing team to work on it.


AcademicWritersBay.comnbsp;is an easy-to-use and reliable service that is ready to assist you with your papers 24/7/ 365days a year. 99% of our customers are happy with their papers. Our team is efficient and will always tackle your essay needs comprehensively assuring you of excellent results. Feel free to ask them anything concerning your essay demands or Order. is a private company that offers academic support and assistance to students at all levels. Our mission is to provide proficient andnbsp;high quality academic servicesnbsp;to our highly esteemed clients. is equipped with competent andnbsp;proficient writersnbsp;to tackle all types of your academic needs, and provide you with excellent results. Most of our writers are holders ofnbsp;master's degreesnbsp;ornbsp;PhDs, which is an surety of excellent results to our clients. We provide assistance to students all over the world.
We provide high quality term papers, research papers, essays, proposals, theses and many others. Atnbsp;, you can be sure ofnbsp;excellent gradesnbsp;in your assignments and final exams.

error: Content is protected !!