University of Technology, Sydney Rita Nusheiwat Autumn 2014 49006- Risk Management in Engineering Risk Management Plan for a Small BusinessUniversity of Technology, Sydney Risk Management Plan for a Small Business 49006 – Risk Management in Engineering Rita Nusheiwat | 11458039 Date: March 2014 Page 1 of 33 EXECUTIVE SUMMARY This report presents the risk management strategy focused on the financial risks of running a fictional convenience store located in the suburb of Bella Vista in Sydney. This study is based on the AS/NZS ISO 31000:2009 standard framework, shown in Figure 1 below. After starting with an overview of the project, the report establishes the context, which sets the groundwork on what risks to focus on. A communication and consultation plan of the risk management study is then set up. Subsequent sections include risk identification using techniques such as brainstorming and checklists, risk analysis using methods such as Failure Mode and Effect Analysis (FMEA), and risk evaluation using qualitative and quantitative techniques such as the ALARP chart. The last sections of this report consist of the risk treatment plan, which explores possible options if the identified risks come to realisation followed by the monitoring and review process to maintain the effectiveness of those treatments. The main highlights of this report are that, while there are many options for treating risks, the appropriate method will depend on factors such as number of treatments, cost, implementation time, suitability, and acceptability of residual risk. On the other hand, unless treatment costs greatly outweigh the benefits, every attempt should be carried out to try to reduce the risk to a level that is “As Low As Reasonably Practical”. It can be also concluded that for a large share of the identified risks, there is a relationship between the relevant stakeholders’ ability and the business performance. As a result, a heavy emphasis on selecting the right personnel, comprehensive training sessions and education is recommended. Furthermore, small businesses should always consider establishing a strategy or “backup plan” to help with the continuity of the business should a high threatening event occurs.University of Technology, Sydney Risk Management Plan for a Small Business 49006 – Risk Management in Engineering Rita Nusheiwat | 11458039 Date: March 2014 Page 2 of 33 Figure 1: Risk Management Process Word count: 4598 wordsUniversity of Technology, Sydney Risk Management Plan for a Small Business 49006 – Risk Management in Engineering Rita Nusheiwat | 11458039 Date: March 2014 Page 3 of 33 TABLE OF CONTENTS EXECUTIVE SUMMARY ................................................................................................................ 1 LIST OF FIGURES ........................................................................................................................... 4 LIST OF TABLES ............................................................................................................................. 4 1. INTRODUCTION ...................................................................................................................... 5 1.1 Overview ............................................................................................................................... 5 1.2 Business Scope ...................................................................................................................... 5 1.3 Business Objectives ............................................................................................................... 5 2. ESTABLISHING THE CONTEXT .......................................................................................... 6 2.1 Internal ContexT.................................................................................................................... 6 2.2 External Context .................................................................................................................... 7 2.3 Risk Management Context .................................................................................................... 8 3. RISK CRITERIA........................................................................................................................ 8 4. RELEVANT STAKEHOLDERS ............................................................................................ 10 4.1 Stakeholder identification.................................................................................................... 10 4.2 Stakeholder Analysis ........................................................................................................... 10 5. COMMUNICATION AND CONSULTATION .................................................................... 12 6. RISK IDENTIFICATION ....................................................................................................... 13 7. RISK ANALYSIS ..................................................................................................................... 15 7.1 Existing controls and their effectiveness ............................................................................. 18 8. RISK EVALUATION .............................................................................................................. 19 8.1 Example of Risk Analysis & Evaluation ............................................................................. 20 9. RISK TREATMENT ................................................................................................................ 22 10. MONITORING & REVIEW ................................................................................................... 24 REFERENCES ................................................................................................................................. 26 APPENDIX ....................................................................................................................................... 27University of Technology, Sydney Risk Management Plan for a Small Business 49006 – Risk Management in Engineering Rita Nusheiwat | 11458039 Date: March 2014 Page 4 of 33 LIST OF FIGURES Figure 1: Risk Management Process .................................................................................................... 2 Figure 2: Power / Interest grid ........................................................................................................... 11 Figure 3: ALARP Principle................................................................................................................ 20 Figure 5: Fish-Bone Analysis for Loss of Sales ................................................................................ 21 Figure 6: Risk Treatment Process ...................................................................................................... 23 LIST OF TABLES Table 1: Risk Evaluation Criteria ......................................................................................................... 9 Table 2: Stakeholder Identification .................................................................................................... 10 Table 3: Stakeholders and their interests ........................................................................................... 11 Table 4: Potential Risks ..................................................................................................................... 15 Table 5: Definitions of Risk Terms .................................................................................................... 15 Table 6: Likelihood Scale .................................................................................................................. 16 Table 7: Impact Scale ......................................................................................................................... 16 Table 8: Risk Matrix .......................................................................................................................... 17 Table 9: Risk Level ............................................................................................................................ 17 Table 10: Example of Risk Analysis & Evaluation ........................................................................... 22 Table 11: Risk Identification Check list ............................................................................................ 27 Table 12: FMEA Analysis ................................................................................................................. 31University of Technology, Sydney Risk Management Plan for a Small Business 49006 – Risk Management in Engineering Rita Nusheiwat | 11458039 Date: March 2014 Page 5 of 33 1. INTRODUCTION 1.1 OVERVIEW The proposed convenience store, to be named Fadjo, is a small business that intends to accommodate the basic grocery needs of residents living within a radius of 2 km from the store’s proposed location in Bella Vista. Fadjo, scheduled to open to the public on the 15th of August 2014, has been designed to provide the surrounding community an easily accessible convenient store. With Fadjo, local residents will be able to pick up groceries without having to drive to the current closest supermarket, which may take as much as 20 minutes during peak hour traffic. The convenient store will be located on Brighton Drive, on a 250 square meters vacant property amongst coffee shops and restaurants. A variety of goods and products that are commonly on offer on the average supermarket will be available, including products commonly found in the bakery, butcher, and fruits and vegetables section. 1.2 BUSINESS SCOPE The scope of the project involves the following:  Council approval of building after basic amenity re-installations  Basic renovation of property, installation of heavy duty floor and general painting  Fitting of furniture and appliances, including refrigerators, freezers, aisles, check-out counters and display cabinets  Council approval of site  Approval of licenses and regulations required to operate a convenience store 1.3 BUSINESS OBJECTIVES The business objective is to take the initial investment of $250,000 put forward by business partners and the owner, to fund and operate a profitable business.University of Technology, Sydney Risk Management Plan for a Small Business 49006 – Risk Management in Engineering Rita Nusheiwat | 11458039 Date: March 2014 Page 6 of 33 The business intends to do this by winning over a large market share from the local residents through the following:  By providing local residents, a local store that sells products and produce for everyday needs  By putting an emphasis on excellent customer service, and a wide variety of high quality products  By establishing a heavy emphasis on marketing, including advertising on social media  By running frequent promotions and specials  By having a charity donation program 2. ESTABLISHING THE CONTEXT In order to implement the risk management strategy using AS/NZS ISO 31000:2009, the context on which the risks are based on needs to be defined. This context is established below. 2.1 INTERNAL CONTEXT The convenience store Fadjo, will be divided into different categories that comprise of the internal context of the business. The business partners, which are part of the internal context, have responsibilities that further embed into the context of the business including all financial aspects of the store. Additionally, the marketing strategy and day to day operations of the business will be managed by the general manager. The financial context of the business covers responsibilities over all the revenue, operating costs, initial investment fund, the re-investment strategy and staff wages. Fluctuation in the store’s finances will resonate into all parts of the business, which will be tracked and managed by both the business partners and general manager. Marketing, also part of the internal context of the business, will be associated with the business image of the store, as well as the advertisement medium used. While the operations responsibilities of the business will cover day to day running of the business includingUniversity of Technology, Sydney Risk Management Plan for a Small Business 49006 – Risk Management in Engineering Rita Nusheiwat | 11458039 Date: March 2014 Page 7 of 33 customer service, stock replenishment, staff rosters, site management, store policies and staff guidelines. The marketing and operations aspect of the business will be the responsibility of the general manager. Lastly the staff, which form the group that run the day to day business, are also part of the internal context. They are further divided into different categories within the store: cashier, stock pickers, bakers and butchers. Aside from peak times (i.e. Thursday nights), the store will have only one person running the cashier, which will be responsible for charging customers and bagging items. Stock pickers will work from 6am -12pm Monday to Friday, and 8am-12pm Saturday to Sunday, and will be responsible for replenishment of stock on the shelves from the storeroom. Butchers and bakers will work from 6am to 5pm, with only one person running their respective post. 2.2 EXTERNAL CONTEXT The external context of the proposed convenience store constitutes of direct and indirect influences in the internal and surrounding environment. In addition to providing fresh business and gaining more potential customers through bringing a new service to the local neighbourhood, the store will have a positive impact on the local environment through offering more job opportunities for the locals. Suppliers, financial institutions and the property owner stand to be influenced from the opening of the store as well, as they have the possibility to increase business from sales, loan repayments and rent respectively. Similarly, the council will also have a direct interest on the convenience store to ensure regulations and guidelines are followed. On the other hand, existing stores and shops might be negatively affected by the competition resulting from the new convenience store which might lead to losing some of their market share. Furthermore, local residents might incur a reduction on parking spaces and an increase of ambient noise and pedestrian traffic, which may attract negative interest to the new business.University of Technology, Sydney Risk Management Plan for a Small Business 49006 – Risk Management in Engineering Rita Nusheiwat | 11458039 Date: March 2014 Page 8 of 33 Economy is another aspect that lies within the external context; it can have both positive and negative impact depending on the timeframe. If the economy is bad, this could potentially affect customers’ consuming behaviour and lead to undesirable changes in revenue. Whereas, if the economy is going well and business growth is evident, the convenience store could potentially attract more investors. . 2.3 RISK MANAGEMENT CONTEXT In this study, the risk management context will only focus on managing the financial risks associated with opening a convenience store. The end goal of this study is to assess the relevant risks, treat them, and continue monitoring them to achieve the financial goals, more specifically, to manage the risks of the convenience store not bringing enough revenue to survive. The following are the goals of the risk management plan:  Reduce the risk of business failure in its first years.  Establish and grow a business that fits the purpose of providing a new service to the locals.  Ensure the business performance is aligned with the goal of making profit within an agreed timeframe.  To train personnel accordingly within the risk management framework.  Evaluate the risks involved with opening up a new business against the return on investment for better decision making. 3. RISK CRITERIA As the scope of this report is only concerned with the financial aspect of opening up a new business, risk criteria will be established to address only the financial risks in conjunction with the policies and objectives of the business set beforehand. The following points were considered when establishing the risk criteria:University of Technology, Sydney Risk Management Plan for a Small Business 49006 – Risk Management in Engineering Rita Nusheiwat | 11458039 Date: March 2014 Page 9 of 33  The nature of the new business with respect to its internal goals and objectives.  The types of the consequences and likelihood of risks as well as methods of measurement.  The immediate and delayed impacts of the risks.  A method for determining the degree of threat to the business and prioritizing those threats.  The business available resources and how much the business can afford for treating risks.  Setting up a tolerability benchmark. With the aim to:  Help the manager/ business partners with their decision making processes  Consider various scenarios and their impact on achieving the business objectives  Allocate resources at early stages to mitigate high level risks  Provide a simple, easily understood and common tool for clear communication Fadjo internal goals  Must be in compliance with local regulations and laws  Profit must not be less than 10%  First year costs must not exceed 5% over the planned budget  Service seeks customer satisfaction to increase sales  Zero turnover rate to avoid unnecessary costs rising from training new staff members  Create opportunities for further advancement through marketing and caring for the customers Table 1: Risk Evaluation CriteriaUniversity of Technology, Sydney Risk Management Plan for a Small Business 49006 – Risk Management in Engineering Rita Nusheiwat | 11458039 Date: March 2014 Page 10 of 33 The risk assessment process in the subsequent sections will provide further elaboration on the risk criteria 4. RELEVANT STAKEHOLDERS 4.1 STAKEHOLDER IDENTIFICATION The following are identified as the stakeholders of the proposed convenient store: Internal Stakeholders External Stakeholders Business partners External Stakeholders General Manager Local residents Staff / Personnel Customers Suppliers Property owner Financial institutions Council Competitors Table 2: Stakeholder Identification 4.2 STAKEHOLDER ANALYSIS After identifying stakeholder’s interests and influences on the table below, the subsequent power/interest grid categorises the stakeholders according to the level of interest and influence they have on the business. Stakeholder Influence/ interest Internal Business partners - Business profitability - Increase return on investment - Sustainability and growth Staff - Reasonable working hours, work load and wages - Safe working conditions (OHS) - Incentives and appreciation for their hard work - Proper training - On time wage paymentUniversity of Technology, Sydney Risk Management Plan for a Small Business 49006 – Risk Management in Engineering Rita Nusheiwat | 11458039 Date: March 2014 Page 11 of 33 General manager - Day to day operations - Sales and marketing functions - Achieve customer satisfaction External Local residents - Impact on local environment (i.e. pedestrian traffic, noise disturbance) Suppliers - Timely payments - High volume and steady demand - Future prospect to continuous business Customers - Good customer service - Variety and quality of products - Value for money Property owner - Long term lease contract - Tenant pays on time - Tenant looks after the property Financial institutions - Loan terms (i.e. interest rates) Competitors - Secure a bigger customer base - Fair competition Council - Business compliance with regulations (WHS, fair work) Table 3: Stakeholders and their interests Power High Keep satisfied - Council - Property owner - Financial institutions - Suppliers Key player/ Manage closely - Business partners - Management - Competitors Low Monitor (minimum effort) - Local residents Keep informed - Staff - Customers Low High Interest Figure 2: Power / Interest gridUniversity of Technology, Sydney Risk Management Plan for a Small Business 49006 – Risk Management in Engineering Rita Nusheiwat | 11458039 Date: March 2014 Page 12 of 33 5. COMMUNICATION AND CONSULTATION The aim of engaging relevant stakeholders through a communication and consultation plan is to:  Extract information and provide data that is relevant to each stakeholder  Address stakeholders’ interests and concerns  Identify roles and responsibilities of relevant parities to manage risk  Recognize potential risks associated with opening up the new business and build awareness in regards to their significance Following the identification of all internal and external stakeholders in Section 4.1, and the analysis of their interests and power using the power interest grid tool in Section 4.2, a communication and consultation plan is established as follows. Low Power / Low Interest Stakeholders Communication and consultation will be least pronounced in this group, and will be done in a way to mass address the stakeholders. A noticeboard with numerous promotions, store activities, available positions and community news will be available at the front of the store, and will be updated weekly. Low Power / High Interest Stakeholders As this group has a high interest on the business activities, communication will be frequent. It will include store promotions, new item arrivals, special prices and job opportunities. Communication will not include business strategy nor the store’s finances. Mass communications to this group will be made every few days through social media, e-mail newsletters and advertisement. High Power / Low Interest Stakeholders Communication with this group will be very specific and formally addressed, such as through letters or e-mail. Communication will not be made unless needed, as this group has a low interest level in the day to day activities of the store.University of Technology, Sydney Risk Management Plan for a Small Business 49006 – Risk Management in Engineering Rita Nusheiwat | 11458039 Date: March 2014 Page 13 of 33 Consultation will be made a priority, and will be made in an attempt to keep this group satisfied. Feedback through any form will be reviewed continuously, and there will be an attempt to address any issues or concerns whatever size quickly. High Power / High Interest Stakeholders Communication with this group will be specific and frequent, and will only involve management and business partners. It will include everything such as the store’s financial information (i.e. revenue, operating costs and market trends) or operational information (i.e. review of guidelines, new employees) to the day and day activity (i.e. shelf life expiry of certain products, staff rosters). Communication will be made with face to face meetings, emails or phone calls. Consultation with this group will be taken seriously, and feedback will be used to make strategic decisions within the store. There will always be an open communication and consultation channel with this group. On the other hand, competitor’s communication will be limited but closely managed. Assessments of how well the store is doing in comparison with others will be frequently considered. 6. RISK IDENTIFICATION For the purpose of risk identification, two methods were used; brainstorming and check lists. A Brainstorming session was performed with the investing partners and general manager in two face to face meetings and the minutes of these minutes were then analysed and refined to identify the risks below. The risk management guide for small to medium businesses (CPA Australia Ltd 2009) was also used to assist with the brainstorming session and preparing a checklist (Table 11 in Appendix) The outcome of these methods is a comprehensive list of potential risks that can potentially affect the financial aspect of the business.University of Technology, Sydney Risk Management Plan for a Small Business 49006 – Risk Management in Engineering Rita Nusheiwat | 11458039 Date: March 2014 Page 14 of 33 Risk area Potential risks Culture  Business culture incongruent with customer views Goods  Variety and quality of goods needed not available  Goods spoiling prematurely  Low demand on goods sold in the store Legal  Restrictions forced by council (i.e. opening hours)  Complaints from local residents  Changes in council regulations Management  Exit of investing partner  Decision making with inadequate research / knowledge  Management style incongruent with staff views Technology  Unreliable performance of cashier computer  Malfunction of security system  Malfunction of equipment (i.e. freezers, refrigerators) Financial transactions  Mistakes resulting from handling cash, credit sales  Fee changes from financial institutions and credit card /EFTPOS merchants Available funds  Insufficient savings to cover unexpected adverse events Interest rate  Inflation of interest from the Federal Bank of Australia affecting current bank loans Suppliers  Misunderstanding of vendor buyer agreement resulting in hidden costs  Unreliable suppliers  Change of suppliers’ policy (e.g. delivery of goods, payment method, quantities supplied, end of agreement)  Increase costs from the suppliers (i.e. due to changes in supplier management, fluctuation of commodity prices, etc.) Sales  Fluctuation of sales and not meeting the desired profit levels Market/ economy  Economic depression can affect the customer consumption behaviourUniversity of Technology, Sydney Risk Management Plan for a Small Business 49006 – Risk Management in Engineering Rita Nusheiwat | 11458039 Date: March 2014 Page 15 of 33 Risk area Potential risks Landlord/ property owner  Change of terms of contract  Increase in lease payment terms Location  Visibility and ease of accessibility to future customers  Convenience to potential customers Staff  Unreliable staff members  Incompetent staff members (i.e. lack of training, unfit for role)  Unmotivated staff members (i.e. low pay, harsh working conditions) Future competition  Unexpected competition arises that could affect business stability Security  Theft of goods Table 4: Potential Risks 7. RISK ANALYSIS A simple risk analysis tool is adopted from “Risk management - A tool for small-to-medium sized businesses” (AUSTRAC n.d.) modified and used in the analysis and evaluation of risks related to this business. This tool demonstrates the relationship between the probability of a risk occurring and the amount of damage it might have on the business in order to measure the severity of risk. This relationship is represented in a form of a matrix as shown in Figure 8. Since the level of risk is determined from the combination of probability and consequence, the following tables will provide definitions of these terms in addition to defining a scale to measure them. Term Definition Likelihood The probability of occurrence Consequence the outcome of an occurring event (usually it is considered negative or undesirable) Risk level Measurement of the severity of risk (risk level= Likelihood x consequence) Table 5: Definitions of Risk TermsUniversity of Technology, Sydney Risk Management Plan for a Small Business 49006 – Risk Management in Engineering Rita Nusheiwat | 11458039 Date: March 2014 Page 16 of 33 Rating Likelihood Definition 5 Almost certain (90-100%) The chances of this event happening are almost definite, these events are expected to occur without fail. 4 Likely (60-90%) The chances of this event occurring are very high, and should be expected to occur during any time. 3 Moderate (30-60%) This event might or might not happen. 2 Unlikely (5-30%) It could happen but limited number of times within a year. 1 Rare (0-5%) The chances of an event occurring is very minimal but not impossible. Table 6: Likelihood Scale Rating Impact Definition 5 Catastrophic Has catastrophic impact on the business, and might require not only all internal resources, but outside help to remedy. Financial impact: >$50,000. 4 Major Consequence is critical, and can severely cripple the business. Might take a significant amount of resources and time to remedy, if possible. $15,000 - $50,000 3 Moderate Medium effect, business can bounce back over a period of time. Financial impact: $5,000 - $15,000 2 Minor Slight impact on bottom business, event can quickly be resolved. Financial impact: $500 - $5,000 1 Insignificant Negligible impact on business. Financial impact: <$500 Table 7: Impact ScaleUniversity of Technology, Sydney Risk Management Plan for a Small Business 49006 – Risk Management in Engineering Rita Nusheiwat | 11458039 Date: March 2014 Page 17 of 33 Almost certain Medium 5 High 10 High 15 Extreme 20 Extreme 25 Likely Medium 4 Medium 8 High 12 High 16 Extreme 20 Moderate Low 3 Medium 6 Medium 9 High 12 High 15 Unlikely Low 2 Medium 4 Medium 6 Medium 8 High 10 Rare Low 1 Low 2 Low 3 Medium 4 Medium 5 Likelihood Impact Insignificant Minor Moderate Major Catastrophic Table 8: Risk Matrix Rating Risk level Description 1-3 Low  Risk has very small effect and can be negligible  Minimal efforts are required to solve the issue  Routine monitoring may be required 4-9 Medium  Risk has moderate consequences  Allocate resources to manage risk  Consider additional controls 10-20 High  Risk has serious consequences and controls are important  Develop a specific mitigation plan  Report to management 20- 25 Extreme  Risk has catastrophic consequences and controls are essential  Immediately notify management and business shareholders  Develop and implement immediate action plan Table 9: Risk LevelUniversity of Technology, Sydney Risk Management Plan for a Small Business 49006 – Risk Management in Engineering Rita Nusheiwat | 11458039 Date: March 2014 Page 18 of 33 Upon identifying all potential risks, a comprehensive analysis was carried out on each risk using the FMEA tool. The likelihood and consequence of each risk was determined in accordance with the definitions set previously and a risk score was recorded using the risk Matrix. The following section provides a detailed example of risk analysis applied to drop in sales volume, however a complete representation of the results of the FMEA is found in the Appendix. 7.1 Existing controls and their effectiveness Controls are to be established to minimise the probability of any risks from occurring, with resources allocated to risks with more severe consequences and higher likelihoods of occurrence. The existing controls and their effectiveness were discussed among the Business Partners and General Manager, and are to be frequently reviewed by management, personnel, and safety inspectors. Due to the large human element involved in its operation, human error is inevitable a significant consideration in the risks controls. An emphasis on personnel training will be established as a control system, incurring a large portion of resource allocation which has been approved by the Business Partners. A comprehensive induction program is to be followed at the start of employment, with on the job training focusing on risk prevention and treatment every six months. Although the effectiveness cannot be quantitatively measured, management is a strong believer of the value of training. Similarly, controls are guidelines that have been careful written, and are to be reviewed once a year for every operational process that occurs within the store. These guidelines, which are to be implemented in the personnel handbook given to staff at the beginning of their employment period, contain all identifiable risks within the store. In order to maximise their effectiveness, the General Manager devises a test on which awards applications above a certain test mark with store credit.University of Technology, Sydney Risk Management Plan for a Small Business 49006 – Risk Management in Engineering Rita Nusheiwat | 11458039 Date: March 2014 Page 19 of 33 8. RISK EVALUATION After full analysis of risks in terms of their probability and consequence, each risk was allocated a unique risk rating/ score and classified according to its severity. An evaluation method is then established to determine which risks are to be treated and the level of treatment required. In this case, the ALARP (As Low as Reasonably Practical) principle was applied for this purpose. The main objective of using this tool is to try to reduce the risks to a level that is “As Low As Reasonably Practical”. Figure 3 shows three categories which illustrate the significance and urgency of risk treatment. Each treatment was assessed against this categorization through comparison of the sacrifice required (money, time) versus benefits gained in order to validate it. Risks falling in the middle and upper bands are regarded as unacceptable, and treatment measures are undertaken to reduce them. Risks in the lower region are generally considered tolerable, and can be denoted as negligible. One vital point to highlight is that risks which are classified to be in the broadly acceptable region, does not necessarily mean that further reduction of those risks is impractical (NOPESMA 2012). Controls and treatment methods should always be considered to try to lower the risks unless the cost/ benefit ratio is considerably large.University of Technology, Sydney Risk Management Plan for a Small Business 49006 – Risk Management in Engineering Rita Nusheiwat | 11458039 Date: March 2014 Page 20 of 33 Figure 3: ALARP Principle 8.1 EXAMPLE OF RISK ANALYSIS & EVALUATION Area of Risk: Sales Risk identified: Negative fluctuation of sales, sales volume and profits not meeting targets. Description: Experiencing a high instability of sales puts the business under the risk of not meeting the defined targets. This could lead to a growth hindrance, or if severely underperforming to the closure of the business. In order to detect the possible causes of loss of sales, a fish-bone analysis tool was implemented, seen below in Figure 5. Extreme High Medium Low Unacceptable Region Risk cannot be tolerated Tolerable Region Risk tolerable only if Cost/ Benefit ratio is extremely high Broadly Acceptable Region No necessary measures are required. Normal precautions are adequate RPN <= 3 RPN >=10 4< RPN <9University of Technology, Sydney Risk Management Plan for a Small Business 49006 – Risk Management in Engineering Rita Nusheiwat | 11458039 Date: March 2014 Page 21 of 33 Figure 4: Fish-Bone Analysis for Loss of Sales With this in mind, considering the attractive location as well as the uniqueness of the business in terms of size and product range, the store is in the best position to maximise its sales. This is further cemented due to the fact that the policies established, including those regarding the management of resources and suppliers, as well as a list of contingency plans for the identified risks, make this business improbable to a significant drop in sales. Stage Identification Risk area: Sales Risk Hazard: Drop of sales Analysis Likelihood: Low chance of occurrence Consequence: Severe financial impactUniversity of Technology, Sydney Risk Management Plan for a Small Business 49006 – Risk Management in Engineering Rita Nusheiwat | 11458039 Date: March 2014 Page 22 of 33 Evaluation Likelihood scale: 2- Unlikely Consequence scale: 4 - Major Present controls: Acceptable - however, regular monitoring and update is required Risk score: 8 - yellow Risk Rating: Medium- risk has mediocre threat to the business financial security Table 10: Example of Risk Analysis & Evaluation 9. RISK TREATMENT AS/ NZS ISO 31000:2009 identifies several options to treat risks:  Eliminate the risk  Change the likelihood of occurrence  Change the consequences  Transfer the risk  Retain the risk The application of each of those methods is not always practical or cost effective to all types of risks. A risk treatment process is shown in Figure 6 which serves as a guidance to identifying the measure of treatment or control that best suit the risk and aids in the monitoring and review stage of the risk management plan.University of Technology, Sydney Risk Management Plan for a Small Business 49006 – Risk Management in Engineering Rita Nusheiwat | 11458039 Date: March 2014 Page 23 of 33 Figure 5: Risk Treatment Process (NSW Department of State and Regional Development 2005) Identification of appropriate treatments: As noted previously several methods can be applied to treat risks as well as a combination of them. The following approach was adopted from the risk management guide for small businesses (NSW Department of State and Regional Development 2005) in choosing the appropriate measure of treatment. 1- Number of controls/ treatments needed 2- Cost of treatment 3- Time period for implementing the treatment 4- Suitability and usefulness of treatment chosen 5- Reason for choosing a certain treatment over other existing alternates 6- Positive outcomes of the treatment 7- Acceptability of residual risk 8- Compliance with legislationsUniversity of Technology, Sydney Risk Management Plan for a Small Business 49006 – Risk Management in Engineering Rita Nusheiwat | 11458039 Date: March 2014 Page 24 of 33 For example: money loss resulting from mistakes in financial transactions, whether it is cash handling or credit sales, cannot be entirely eliminated due to human nature. However, the likelihood of this happening and its consequence can be controlled through proper training of staff and setting up policies to increase awareness when handling cash. Another example is the possibility of theft. A reasonable way to handle such risk is to have an insurance policy that protects the business owners should this event happens A comprehensive risk treatment schedule is developed in accordance with the above principles and represented in Table 11 in appendix B Risk recovery For a small business like Fadjo it is important to have a risk recovery strategy in order to handle unexpected extreme adverse impacts (NSW Department of State and Regional Development 2005). This is reflected in the contingency plan which includes: 1. Business continuity planning  A set of defined procedures established to ensure a sufficient record of ongoing processes (e.g. stocktaking, shift schedules, cash flow analysis)  Consideration of other resources (e.g. suppliers) should existing resources become unavailable 2. Crisis management planning  Establishing a back-up plan should a financial threat becomes substantial. This may include not using borrowing power from financial institutions unless it is absolutely needed. 10. MONITORING & REVIEW Risk monitoring and control are required to ensure the effectiveness of controls employed to manage risks and keep track of level of residual risks. The following monitor and review strategy is recommended to be put in place (Appriss 2007):  Risk management process should be periodically repeated and updated to capture new risks  Risk management plan should be examined and reviewed annuallyUniversity of Technology, Sydney Risk Management Plan for a Small Business 49006 – Risk Management in Engineering Rita Nusheiwat | 11458039 Date: March 2014 Page 25 of 33  Observed risks shall be recorded on a risk register and reported to management during biweekly meetings  Decisions shall be made by management (could be in consultation with business partners) in regards to allocating resources for mitigation of risks  Internal audits to be conducted monthly to help assess the financial status of the business  External audits to be conducted half yearly through an accounting organisation The following table list some of the responsibilities of different individuals required for the monitoring and review stage. Who Responsibilities All personnel  Report any risks that come to realisation  Ensure guidelines are followed to prevent/ minimise the occurrence of risks  Assist in monitoring and minimising impacts of risks that occur General Manager  Ensure all personnel are aware of risks  Ensure guidelines are followed by personnel to minimise risks  Train personnel properly to effectively manage and treat risks  Generate a data base of risks, which can be added to in the future  Prioritise resources for risk treatment and management Business Partners  Approve resource allocation for risk treatment and management  Approve resource allocation for personnel training  Approve resource allocation for safety inspections Table 10: Monitoring and review processUniversity of Technology, Sydney Risk Management Plan for a Small Business 49006 – Risk Management in Engineering Rita Nusheiwat | 11458039 Date: March 2014 Page 26 of 33 REFERENCES - Appriss 2007, Documents/Reports, viewed 9 March 2014, - Australian Transaction Reports and Analysis Centre n.d., Risk Management – A tool for small- toMedium sized businesses, AUSTRAC, Melbourne, VIC - Australian/ New Zealand Standard 2009, AS/NZS ISO 31000:2009: Risk Management- Principles and guidelines, Standards Australia and Standards New Zealand - CPA Australia Business and Management Centre of Excellence, 2009, Risk management guide for small to medium businesses, CPA Australia Ltd, Melbourne, VIC - International Standards 2009-11, IEC/ ISO 31010 Risk Management- Risk Assessment Techniques, 1st edn, IEC, Geneva, Switzerland - National Offshore Petroleum Safety and Environmental Management Authority 2012, Guidance note, N-04300-GN0166, Rev 4, NOPESMA, Perth, WA - NSW Department of State and Regional Development 2005, Risk Management Guide for Small Business, Global Risk Alliance Pty Ltd and NSW Department of State and Regional Development, Sydney, NSWUniversity of Technology, Sydney Risk Management Plan for a Small Business 49006 – Risk Management in Engineering Rita Nusheiwat | 11458039 Date: March 2014 Page 27 of 33 APPENDIX Date: Checklist Action taken if ‘No’ Yes No 1 Adequate training sessions are prepared for staff 2 Guidelines for shelf life checks are established 3 Operational guidelines for all staff are prepared 4 Employee policy is written 5 Maintenance schedule is made for all equipment 6 All documents are approved by council 7 A profile on the residents of the area is made 8 Budget to open store is established 9 Credit card merchant is established 10 Savings fund with $20,000 is established 11 Assessment of relevant local suppliers is finalised 12 Advertisement mediums are established 13 Advertisement style is established 14 Intended store stock is established 15 Ovens and refrigerators are installed and commissioned 16 Cashier machines are installed 17 Signs outside store are installed 18 Store is insured 19 Loans terms from financial institutions are established 20 Security system is installed and commissioned Table 11: Risk Identification Check listUniversity of Technology, Sydney Risk Management Plan for a Small Business 49006 – Risk Management in Engineering Rita Nusheiwat | 11458039 Date: March 2014 Page 28 of 33 Function Potential failure Effect on system Root cause Risk before action taken Action to reduce risk* Risk after action taken P S R P S R Staff - Unreliable / poor staff performance - Mistakes resulting from handling cash, credit sales - Poor customer service - Customer dissatisfaction / frustration - Damaged goods - Loss of customers - Incompetent staff members (i.e. lack of training, unfit for role) - Unmotivated staff members (i.e. low pay, harsh working conditions) - Insufficient number of staff - Poor staff hiring decisions 4 4 16 - (P) Preliminary staff training - (P) Incentives (i.e. employee of the month) - (P) Develop effective interview process - (P) Continuously review staff requirements 2 2 4 Management - Exit of investing partner - Poor business decisions - Increase financial burden on other partners - Inadequate allocation of resources - Lost opportunities for growth - Financial hardship - Poorly thought business plan - Ineffective process procedures - Unclear expectations between business partners - Inexperienced or incompetent management 3 5 15  (C) Education and training program for management  (C) Re-structure business procedures and guidelines 2 3 6University of Technology, Sydney Risk Management Plan for a Small Business 49006 – Risk Management in Engineering Rita Nusheiwat | 11458039 Date: March 2014 Page 29 of 33 Security - Break-ins - Loss of cashier money or goods - Damage to store - Security system malfunction - Security system limitations 3 5 15 - (P) Conduct regular maintenance of security system - (C) Acquire insurance 1 3 4 Legal - Restrictions forced by council - Complaints from local residents - Changes in council regulations - Limited operating hours - Extra fees to be paid - Inclusions of certain undertakings that imposes extra costs (i.e. provision of ramp for disabled people) - Inadequate research and understanding of local regulations - Intentional noncompliance of regulations 3 4 12 - (P) Ensure comprehensive understanding of local council regulations - (P) Ensure only official information from relevant organisations are obtained 2 4 8 Technology - Malfunction - Customer frustration - Poor maintenance of technology / electronics - Improper use by customers / staff 4 3 12 - (P) Maintenance schedule - (P) Staff training on proper use of technology / electronics 2 3 6 Suppliers - Misunderstanding of vendor buyer agreement - Change of supplier’s policy - Delivery of products with short shelf life, delivery of poor quality goods - Unexpected costs that have to be paid to supplier - Increase costs from the supplier - Goods going off before they can be sold, customer frustration - Unreliable supplier - Changes in supplier management, fluctuation of commodity prices - Lack of communication 4 3 12 - (P) Ensure effective analysis of suppliers before coming to an agreement - (P) Ensure agreement terms on par with business strategy - (P) Regular quality check of goods before they are available for sale 2 3 6 Culture - Business culture incongruent with customer views - Loss of customers - Limited chances for expanding customer base - Rigid management style - Inadequate market research 3 3 9 - (P) Conduct surveys to relevant stakeholders to identify customer needs - (P) Perform regular 1 3 3University of Technology, Sydney Risk Management Plan for a Small Business 49006 – Risk Management in Engineering Rita Nusheiwat | 11458039 Date: March 2014 Page 30 of 33 assessment of management procedure and policies Goods - Variety and quality of goods needed not available - Goods spoiling prematurely - Low demand on goods sold in the store - Customer complaints - Refund requests - Customer looking for other options - Poor market analysis - Poor choice of suppliers 3 3 9 - (C) Perform quality check of goods upon delivery to ensure claims can be made before they are available to customers - (P) Market research to define what goods have the most selling potential 1 4 3 Sales - Fluctuation of sales are not meeting the desired profit levels - Increase of commodity prices - Decline / loss of sales - Economic depression can affect the customer consumption behaviour - Unexpected competition arises 2 4 8 - (P) Monitor commodity prices and alter prices even if leads to a slight decrease in margin - (C) Amend complaints from customer feedback - (P) Run specials and promotions regularly - (P) Advertise aggressively to win over bigger market share - (P) Increase perceived value of items through excellent customer service and a clean store 1 3 3 Marketing - Low growth rate of sales - Competitors taking bigger market share - Location (poor visibility or inconvenient location for potential customers) 2 4 8 - (P) Develop effective marketing plan - (P) Hire appropriate people to look after marketing / 1 3 3University of Technology, Sydney Risk Management Plan for a Small Business 49006 – Risk Management in Engineering Rita Nusheiwat | 11458039 Date: March 2014 Page 31 of 33 - Poorly targeted advertisement campaign - Using wrong mediums to promote business - Ineffective graphic design quality in marketing material advertisement - (P) Ensure understanding of target markets Landlord / property owner - Change of terms on contract - Increase in rent - Improperly defined agreement / contract 2 3 6 - (P) Ensure lease terms are thoroughly understood before coming to an agreement - (C) Consult with a lawyer if any contract breaches have been made 1 2 2 *P – preventive action, C – corrective action Table 12: FMEA Analysis