21 Pages
5149 Words
Security And Risk Management - Managing The Crisis2 Assignment Sample
Introduction Of Security And Risk Management - Managing The Crisis Assignment Sample
Get free written samples from expert assignment writers and academic writing services in UK.
Part 1: Literature Review
Risk management has become one of the most prominent aspects of developing organisational facilities in the rapid era of globalisation. Management can face additional issues in workplace development during the development of the infrastructure. Organisations can face more issues in overcoming risks where the communication gap is available. The association of the team members is the best possible option to mitigate the challenges with the right strategies in the organisation.
Conceptual framework
Conceptual framework
(Source: Self-created)
Strategic level
Communication
Business management is accountable for managing applicable risks in the context of both internal and external matters. According to Weick, (1988), communication is the foremost challenge in managing the present risk at the strategic level. Management can work on the development of the communication framework to analyse the functional risk in the workplace and create strategies to overcome them.
The strategic internal and external level communication framework helps manage risk in the workplace. The crisis period in an organisation may lead to a worse situation when there is an information gap available due to a lack of communication between the associates. Due to lack of information, health and other public sectors may fall into facing more risks like health-affecting hazards. Some additional risks may occur in manufacturing, marketing, travelling, and the different industrial sectors due to the use of poor risk analysis methods.
Sense-making
Different occupational sectors fall into poor risk conditions due to the execution of the strategy. Poor strategic risk management refers to uncontrolled risk in the organisation. Crisis management indicates the management considers an appropriate approach that makes sense (Bigley and Roberts, 2001). The implication of the available resources, qualifications, and skills results in better utilisation of the crisis response strategies that need to be done as precautions. Organisations can feel chaotic and destructive due to poor risk appetite.
The use of knowledge and skills by the operational managers can make better strategic levels to mitigate the risk with strategies. Organisations can look for the execution of the game theory to improvise the existing risk management. Organisations can initiate various techniques for different situational factors by analysing the risk in depth. The notion of an organisation is about the same as improving productivity as well as enhancing the economic situation is the primary need (Dayton, 2004). Management can transform the risks into opportunities with the application of this theory.
Decision making
Crisis management is a procedure that develops by the identification of the risks and produces several strategies. Organisations that are lacking behind the possibilities are described with the “flight syndrome”. Management is accountable for the risk prioritisation to construct better planning and work on them accordingly. Thus, the process is involved better decision-making procedures (Comfort, 2007). As an example, if an organisation is encountering poor sales due to a lack of marketing strategies, then the decision-makers need to analyse how to improvise the marketing strategies instead of focusing more on production. Based on the statement of Burn and Stalker, (1961), certain factors are influential in managing a crisis where individuals are associated with the capability of decision-making. Organisations need to execute a communication framework to fight emerging circumstances with better decision-making techniques. The skills of handling pressure help the hierarchy to make effective decisions that are beneficial for everyone.
Complexity management
Complexity refers to a trait of risk management at different levels from different aspects. Sometimes complexity arises in the work environment to execute the decision. An organisation needs to focus on situational analysis to overcome the crisis and complexity at the same time. Agency theory is one of the effective methods that can help business management to make an appropriate evaluation. Drabek (1985) states that a competitive environment can add some complexity in the better running of business procedures where management needs to analyse the situation to construct better planning to overcome the issues. This theory can manage to handle any situation that creates an emergency. Maintenance of security protocols helps in overcoming complex situations and businesses can avoid any undesired risks. Several steps of 4P of risk management like prevention, planning practising and performing help administration to mitigate the known risk.
Challenges in crisis management
Successful management of a business crisis is dependent on several factors of organisational operations. Any crisis can be managed properly with five key steps. These are detection of crisis, prevention, damage containment, recovery and learning from the whole process (Chavhan et al. 2020). The four P’s of crisis management can be evaluated to understand the relevance of this in a successful business.
4 Ps in crisis management
(Source: Self-created)
Issues at the strategic level
Management of risk includes some issues at almost all levels.
- Strategic level issues are mostly found in the acknowledgement of crisis and in the management of the transition.
- Any organizational crisis management team is often found to face difficulties in preparing a framework based on which the management of the crisis is mainly undertaken. A framework is necessary to present an overview of the whole risk and crisis management process in a minimized way (Bigley and Roberts, 2001).
- Another important issue, faced by the risk management team at the strategic level is the lack of support in continuing the already existing beneficial operations.
- On the other hand, a lack of knowledge about information exchange and the operating picture is another issue in risk management.
- Improper creation of the operating picture and identifying priorities of work are crucial factors in crisis management procedures.
Tactical level
Businesses can follow different levels of tactics for the development of strategic planning in managing risk. Organisations that are facing disasters due to different issues need to make situational analyses and perform several tasks that can help produce better strategies. Based on the environment in the different industries, organisations can seek scope to work on the structures to deliver solutions for the risk (Weick, 1993). Various internal resources can make help in the recognition of the risk and the sources of the risk. The tactical level of risk management ensures that organisations are using accurate strategies to encounter and mitigate the issues accordingly.
The hierarchical and centralised structure in a business has become a traditional sector that is constructing more issues. Contradictorily, Dynes, (1994) states that the tactical level of the risk management is accountable to the administration and financial sections for the development of the managing risk. Businesses that lack communication cannot decide to manage risk accordingly. The business administration is liable to respond to the operation that is associated with the “command and control system”. Bernoulli’s utility theory helps business administrators to indicate the sources of the errors. Management can consider revising the decision-making process with the application of this theory. Organisations can still face some tactical levels of risk mitigation are lack of execution, lack of communication, supply chain, required resources, and management of the evolution.
Issues at the tactical level
- Organizational risk management processes are often found to be disrupted by certain issues. At the tactical level, the risk management teams are found to face the below-mentioned issues.
- Response deployment is a concerning area of crisis management’s tactical level, where the management team mostly found complications.
- The establishment of responsible command centres in the required places is very important to manage any crisis in an emergency.
- C3 centres (Communication, command and control) are one such concerning area where the risk management team often requires adequate support (Burns, 1963).
- Lack of support from the higher risk management team and logistical support generates issues in the crisis management process.
- The mitigation of a crisis requires sufficient and continuous support from the resource source.
- Lack of proper coordination among risk management teams is also effective and threat to the risk management procedure.
- Lack of immediate response from the team members is also effective in managing any crisis properly.
- Implementation of proper tools and theoretical approaches to the risk management process is necessary for handling these issues.
Operational level
Concept of security and risk management
Management of security is an integral part of an organizational business process that includes protecting organizational assets and maintaining confidentiality regarding employees and business-related information. According to Alzahrani and Seth (2021), almost all organizations are found to implement security management strategies based on some security policies. The main aim of considering security management is to ensure employee safety and to assure that all business data are safeguarded.
Loss of infrastructure
Most of the leading organizations in current times are facing difficulties in maintaining their business infrastructure. There is a certain reason behind the crisis. Lack of responses from the operational management team within proper time is a concerning factor. On the other hand, lack of support from emergency vehicles is also included in the infrastructure loss of an organization (Bigley and Roberts, 2001). In order to mitigate issues in infrastructure loss, an organization can increase its efficiency in operational management. As an example, when the business model of an organisation is focused on the shipment and delivering different orders to the end users, any type of objections in transportation can lead to additional issues. Different community integration strategies can lead to work for the development of the objects (Dynes, 1994). Businesses can use external communications and transportation protocols to overcome crises.
Issues at the operational level
Most of the crisis management teams of an organizational business are found to face several issues at the operational level and some of these issues are as follows.
- Problems in managing initial responses and assessing critical situations are a critical part of risk management’s operational level.
- Difficulties in developing all the innovative solutions are another concerning area of this level.
- Lack of proper monetarization in situational feedback often creates difficulties in maintaining risk management (Burns and Stalker, 1961).
- Based on the requirements, an adaptation of operational responses is often found very critical.
- The consideration of liaising with all responsible tactical Crisis management teams is another concerning area that includes difficulties in risk management at the operational level.
Conclusion
From this study, it can be concluded that managing risk is necessary for all organizations to perform the best in any business. At the time of any crisis, having proper and effective infrastructure can help an organization handle the crisis more confidently than and as quick as possible as well. The management of risk factors is dependent on several factors among which authentic identification of risk factors and understanding of effective mitigation procedures are important.
Part 2: Report
Executive Summary
The overall development of a company is dependent on individual capability regarding the management of risks and crises. In this report, different areas in risk management are analysed. Improvement of employees’ performance and financial condition of the company is also dependent on security measures and crisis handling capability of the organisational management team. Proper crisis management is helpful in reducing risk in business and in increasing product safety-related concerns. Three theories of risk management are mentioned here that includes Bernoulli’s utility theory, Game theory, and Agency theory. The importance of these theories in future business is a key aspect of this report.
The anticipation of an organization in mitigating potential problems is also a concerning factor regarding the company’s risk management processes. This report also depicts that making a risk management plan, based on current scenarios is necessary for a successful business. Challenges in the implementation of risk-mitigating strategies are identified in this report. The impact of crisis management strategies on the current business processes is another important part of this report. The preparation of a more impactful crisis management framework is a crucial part of an organizational developmental procedure. Key foundational theories are identified in this report that can be very much effective in ensuring a continuously growing business.
Introduction
Modern risk and crisis management is an important consideration for an organization to ensure stable business growth. In this study, the theories of risk management are evaluated. The base of developing a crisis management network is also explained in this study. An in-depth analysis of current business scenarios and the necessity of proper risk management are important areas of this study. A clear understanding of all risk and crisis management-related strategies is also presented here. Recommendations to improve risk management strategies are also included in this study. The contribution of the current risk and security management theories in current business scenarios is analysed in this study.
Current security and risk management scenarios
Current business scenarios present different scopes for organizations to improve their risk mitigation capabilities. The understanding of modern risk in business is developed by analysing risk factors and their associated mitigation strategies. As opined by Harrald and Jefferson (2007), the current business processes within almost all industries are facing risk issues in the four most important areas. Implementation of risk management strategies is necessary for these areas.
Key scenarios in current security and risk management
(Source: Self-created)
Risks emerged from political changes
Continuous political changes are creating challenges for organizations in identifying possible risk factors. Different political situations are found to create different political issues in which the overall development of an organization is hampered (Mälksoo, 2018). As a result, the security measure of an organizational business is getting difficult to implement. Trade tariffs, environmental regulations and labour laws-related considerations are creating issues in current business areas.
Cyber security threats
One of the most important issues in current business is found in the area of maintaining safety from cyber security threats. Risk management in this area is needed to be taken care of as massive disruption of infrastructure is found here (Zoidze, 2021). Incorporating cyber protection and making the risk management process more impactful is an important concern of current business processes. Managing the security of a business is very necessary also in terms of maintaining the integrity of employees’ confidential information and about personalized business information.
Issues in retaining a business reputation
The reputation of a business is dependent on the organization’s capability in mitigating issues and risk factors. As stated by Howitt and Leonard (2006), the management of a business crisis is dependent on the knowledge of the management team in current innovative technological knowledge. Customers' support and growth of the business are impacted by these factors. A reputed company possesses the capability to mitigate business issues with efficiency. Successful risk and security management can only ensure finding the most appropriate risk control measure and increasing business reputation.
Mergers and acquisitions regarding issues
An integral and huge part of a business is mergers and acquisitions. According to the considerations of some influential risk management professionals, managing risk factors are necessary to ensure successful and stable business growth. The differences in organizational culture and lack of proper communication among employees are creating difficulties in implementing security management as well (Sultana and Wahid, 2019). The planning of risk management is needed to be adaptive and based on the current business scenarios. Crisis in business is to be handled as well by implementing theoretical approaches to risk and security management.
Application of “Bernoulli’s theory” in mitigating issues in risk management
The application of “Bernoulli’s theory” ensures the utility functions for the development of risk-taking and managing behaviour. The purpose of Bernoulli’s theory is applicable in the contemporary time to manage the risk capability. Based on the present circumstance, one needs to under the capability of risk-taking in the business environment before performing any decision. The risk appetite of business management requires following the strategic theory of Bernoulli. The utility process of Bernoulli is used to estimate a situational analysis over time in the business environment. According to the theory, it is believed that the marginal utility in a business environment is inversely proportional to the finance module of the business (Leo et al. 2019). There are different advantages available to the application of “Bernoulli’s theory”.
The hypothesis of Bernoulli represents the risk tolerance performed by the investors. Additionally, it applies several advantages for the organisation where the business management can understand the risk appetite that needs to be followed. For instance, in a situation where the business is falling due to competition at the contemporary time, management can decide the next decision based on the application of the hypothesis developed by Bernoulli. Supply chain, cyber risk, and fraud management are contemporary issues that can be solved with the theory of Bernoulli where the geometric mean is used to measure the risk. Additionally, business management can decide whether they want to go with aggressive pricing or they will stick to the existing pricing strategy and fight in the market with the available potential (Fox, 2018). The risk appetite of businesses can be decided in the marketing analysis performed by the experts and the solutions can be driven based on the meeting with the stakeholders. Based on the applied theory it can be stated the risk that has arrived is temporary.
The implementation of “Game theory” in business crisis management
Organisations can apply “Game theory” to analyse the available issues and make them convert to the decision-making process from the available risk. There are different applications of the theory to ensure that the management has comprehended the available amount of risk and applied several performance criteria with the possible solutions. Once, the management of the business can find the interrelation between the risk and possibilities they can operate several programs for the development of business by the application of the decision-making approach in the right way. “Game theory” is integrated with the approach of risk management to apprehend any chance that a company can turn danger into opportunity. For supervisors in a business who deals with a massive quantity of data, the application of the “Game theory” is thoroughly an alternative philosophy with which the business management can consider the process of problem-solving. Companies these days are trying to concentrate on the present issues that can solve the matter of manufacturing, processing, and handling the logistics issues (Pournader et al. 2020). For instance, organisations that are facing issues with supply chain and logistics can make their developed structure for logistics on their own can convert issues to opportunities.
Every business at some point might face some risks that make them allow find the technique that helps in the retention of risk. Stakeholders can seek help from the experts that are allowing several possible outcomes from the application of the “Game theory”. Additionally, businesses often left the potential of having risks that are related to finance, supplier, and other business transactional factors. Risk transfer is one of the applied aspects of the “Game theory” that can deliver assistance through the application of the contracts (Coombs and Laufer, 2018). Different payment systems are useful for the interaction of the developing solutions regarding offsetting the positions. Outsourcing can be regarded as another instance of risk transfer. The application of the “Game theory” can help the managers to seek out help in managing to outsource the materials (Anton, 2018). Managers in different situations can seek help from stakeholders in adjusting the relationship with the internal and external suppliers. This strategy can provide additional help to the business in fixing the issues and converting the threats to opportunities in the process of risk management.
Impacts of agency theory in managing organizational business crisis
Agency theory examines the situations and explanations linked to contingent tasks from headliners to agents in the context of contradicting interests between the detachments. The application of the “agency theory” ensures that organisations can recognise the surrounding competition and process by which the market is performing on internal matters (sciencedirect, 2022). Based on the effective resolution, there are different applied solutions that can be driven by addressing contemporary problems. Agency theory justifies the behaviour of a company from the stands of various agreements between different groups (Baryannis et al. 2019). Additionally, different companies these days are working on the application of the agency theory that can deliver possible solutions beyond the matrix that are making approaches on the possible negotiated matters. The aim of the theory is to provide guidance to the stakeholders so they can estimate the way to detect the available risk.
The risk management of the business can play a great role in the development of organisational benefits. Additionally, with the help of applying this theory, one can decide how the organisational context can make possible solutions and if the managers are needed to sign any contracts to ensure more activities that will detect the issues in future. For example, with the application of the agency theory, an organisation can execute the principal to monitor the performances of the associates that will help them retrieve the additional process to recover the undergoing losses. Analysis of threats can help in the determination of the modern age techniques that help in protecting the environment (Araz et al. 2020). “Agency theory” plays an essential role in comprehending “corporate governance” in the previous century as well as in the present time. It donated significantly to comprehending the agency involved in the working of businesses to negotiate the available issues and find solutions together for the development of the business environment.
Recommendation
An organization can improve its risk management capability by estimating and prioritising risk factors. Identification of risk factors can also be done as soon as possible so that the best strategies can be implemented at right time (Misuri et al. 2019). The security measure of organizational business can be more impactful in case the company learn from its past mistakes in the security maintenance process. The areas in which lack of maintainers found in past can be developed and more concern can be shown in those areas. Each employee can take individual responsibility to handle risk factors within associated departments. Only then the overall performance of an organization can be developed, more impressive and customer apprehensive.
Summary
The crisis management framework of any organization can be improved by considering the effective implementation of risk management strategies. Management of risk includes several steps in which the risk factor is identified and analyzed and the best possible solutions are evaluated. Based on current business scenarios, changes in risk management frameworks are to be implemented as well. All the mentioned models of risk management are important in the individual areas and therefore a successful implementation of SRM is necessary for modern risk and crisis management.
References
Literature review
Journals
Alzahrani, L. and Seth, K.P., 2021. The Impact of Organizational Practices on the Information Security Management Performance. Information, 12(10), p.398.
Arbanas, K. and ajdela Hrustek, N., 2019. Key success factors of information systems security. Journal of Information and Organizational Sciences, 43(2), pp.131-144.
Bharosa, N., Lee, J. and Janssen, M., 2010. Challenges and obstacles in sharing and coordinating information during multi-agency disaster response: Propositions from field exercises. Information Systems Frontiers, 12(1), pp.49-65.
Bigley, G. A., and Roberts, K. H. (2001). The Incident Command System: High-reliability organizing for complex and volatile task environments. Academy of Management Journal, 44(6), 1281-1299.
Birkland, T.A., 2009. Disasters, catastrophes, and policy failure in the homeland security era 1. Review of Policy Research, 26(4), pp.423-438.
Bongiovanni, I., 2019. The least secure places in the universe? A systematic literature review on information security management in higher education. Computers & Security, 86, pp.350-357.
Burns, T. (1963). Mechanistic and organismic structures. Organization Theory. Selected readings, 4ªed., Penguin Books, London.
Burns, T. E., and Stalker, G. M. (1961). The management of innovation.University of Illinois at Urbana-Champaign's Academy for Entrepreneurial Leadership Historical Research Reference in
Chavhan, S., Gupta, D., Garg, S., Khanna, A., Choi, B.J. and Hossain, M.S., 2020. Privacy and security management in intelligent transportation system. IEEE Access, 8, pp.148677-148688.
Cicho?, M., 2019. Risk and Banking Security Management in a Financial Organization. ZESZYTY NAUKOWE POLITECHNIKI CZ?STOCHOWSKIEJ RESEARCH REVIEWS OF CZESTOCHOWA UNIVERSITY OF TECHNOLOGY, p.20.
Comfort, L.K. (2007) Crisis Management in Hindsight: Cognition, Communication, Coordination and Control Pubic Administration Review 67:189-197
Dayton, B.W., 2004. Managing crises in the twenty-first century. International studies review, 6(1), pp.165-165.
Drabek, T.E., 1985. Managing the emergency response. Public Administration Review, 45, pp.85-92.
Dynes, R. R. (1994). Community emergency planning: False assumptions and inappropriate
Entrepreneurship.
Ford, J.K. and Schmidt, A.M., 2000. Emergency response training: strategies for enhancing real-world performance. Journal of hazardous materials, 75(2-3), pp.195-215.
Fowler, K.L., Kling, N.D. and Larson, M.D., 2007. Organizational preparedness for coping with a major crisis or disaster. Business & Society, 46(1), pp.88-103.
Hou, Y., Gao, P. and Nicholson, B., 2018. Understanding organisational responses to regulative pressures in information security management: The case of a Chinese hospital. Technological Forecasting and Social Change, 126, pp.64-75.
Jung, H.C. and Seo, K.K., 2020. Prioritizing cloud service threats for succession to information security management system. International Journal of Digital Contents and Applications for Smart Devices, 7(1), pp.1-8.
Karvounidis, T., Kallergis, D., Garofalaki, Z. and Douligeris, C., 2021, November. A Methodology for Adopting Security Management Principles in Health Sector Environments. In 25th Pan-Hellenic Conference on Informatics (pp. 495-499).
Lampe, G.S., Maftei, M., Surugiu, I. and Ionescu, R.C., 2020. Study on Information Security Management System and Business Continuity Management in the Context of the Global Crisis. New Trends in Sustainable Business and Consumption, p.942.
Mäkká, K., Kampová, K., Love?ek, T. and Petrlová, K., 2021. An Environmental Risk Assessment of Filling Stations Using the Principles of Security Management. A Case Study in the Slovak Republic. Sustainability, 13(22), p.12452.
Merchan-Lima, J., Astudillo-Salinas, F., Tello-Oquendo, L., Sanchez, F., Lopez-Fonseca, G. and Quiroz, D., 2021. Information security management frameworks and strategies in higher education institutions: a systematic review. Annals of Telecommunications, 76(3), pp.255-270.
Richard Baldwin, (1994), "Training for the Management of Major Emergencies", Disaster Prevention and Management: An International Journal, Vol. 3 Iss 1 pp. 16 - 23
Singh, A.N. and Gupta, M.P., 2019. Information security management practices: case studies from India. Global Business Review, 20(1), pp.253-271.
Weick, K. E. (1988). Enacted sensemaking in crisis situations. National Emergency Training Center
Weick, K. E. (1993). The collapse of sensemaking in organizations: The Mann Gulch disaster. Administrative science quarterly, 628-652.
Yang, R., Qu, D., Gao, Y., Qian, Y. and Tang, Y., 2019. NLSALog: An anomaly detection framework for log sequence in security management. IEEE Access, 7, pp.181152-181164.
Report
Journals
Anton, S.G., 2018. The impact of enterprise risk management on firm value: Empirical evidence from Romanian non-financial firms. Engineering Economics, 29(2), pp.151-157.
Araz, O.M., Choi, T.M., Olson, D.L. and Salman, F.S., 2020. Data analytics for operational risk management. Decis. Sci., 51(6), pp.1316-1319.
Baryannis, G., Validi, S., Dani, S. and Antoniou, G., 2019. Supply chain risk management and artificial intelligence: state of the art and future research directions. International Journal of Production Research, 57(7), pp.2179-2202.
Coombs, W.T. and Laufer, D., 2018. Global crisis management–current research and future directions. Journal of International Management, 24(3), pp.199-203.
Fox, C., 2018. Risk Management Lessons From The Financial Crisis: A Textual Analysis of The Financial Crisis Inquiry Commission's Report. Journal of Business Strategies, 35(1), pp.71-97.
Harrald, J. and Jefferson, T., 2007, January. Shared situational awareness in emergency management mitigation and response. In 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07) (pp. 23-23). IEEE.
Howitt, A.M. and Leonard, H.B., 2006. Beyond katrina: Improving disaster response capabilities.
Leo, M., Sharma, S. and Maddulety, K., 2019. Machine learning in banking risk management: A literature review. Risks, 7(1), p.29.
Mälksoo, M., 2018. Countering hybrid warfare as ontological security management: the emerging practices of the EU and NATO. European security, 27(3), pp.374-392.
Misuri, A., Khakzad, N., Reniers, G. and Cozzani, V., 2019. A Bayesian network methodology for optimal security management of critical infrastructures. Reliability Engineering & System Safety, 191, p.106112.
Pournader, M., Kach, A. and Talluri, S., 2020. A review of the existing and emerging topics in the supply chain risk management literature. Decision Sciences, 51(4), pp.867-919.
Sultana, T. and Wahid, K.A., 2019. IoT-guard: Event-driven fog-based video surveillance system for real-time security management. IEEE Access, 7, pp.134881-134894.
Zoidze, G., 2021. Importance of Euro-Atlantic Integration: Democracy, Security and Economic Development. Three Seas Economic Journal, 2(3), pp.1-7.
Websites
instituteforpr, 2022, Crisis management and communications. Available at: https://instituteforpr.org/crisis-management-and-communications/ [Accessed on: 16th September 2022]
sciencedirect, 2022, Strategic leadership in organizational crises: A review and research agenda. Available at: https://www.sciencedirect.com/science/article/pii/S002463012100087X [Accessed on: 16th September 2022]
tuckerhall (2022), Risk Management. Available at: https://tuckerhall.com/specialties/risk-management-crisis-management/#:~:text=Risk%20management%20is%20essentially%20crisis,of%20a%20crisis%20situation%20arising. [Accessed on: 16th September 2022]