FACULTY OF ADMINISTRATIVE SCIENCE AND POLICY STUDIES

EMA703-INFORMATION TECHNOLOGY MANAGEMENT

RISK MANAGEMENT REPORT

PREPARED FOR:

DR. AZMA ASNAWI SHAH ABD HAKIM

PREPARED BY:

ASLINDA BINTI RAMELY

2013133307

AM7702A

Page 1 of 13

NOVEMBER 4, 2014

1.Various Definition of Risk Management

“A group of actions that are integrated within the wider

context of a company organization, which are directed toward

assessing and measuring possible risk situations as well as

elaborating the strategies necessary for managing them” (EWF,

n.d)

“The process of identifying, assessing and judging risks,

assigning ownership, taking actions to mitigate or anticipate

them, and monitoring and reviewing progress” (NSW Government,

n.d)

2.Concept if Risk Management in Islam (Jeroen, n.d)

Surah Yusuf verse 67

Source: Quran.com

Page 2 of 13

From the above translation, when it stated that “do not enter

from one gate but enter from different gates”, we can said that

we should try to do or get something from different ways and

even try to solve our problem through different kind of

solution. At the end, only Allah will come out with the

decision on that and we as slave of Allah have to feel free to

accept it.

Same goes if we try to relate this verse with risk management.

We should try to avoid risks from many ways and method such as

identifying risks, analyzing the identified risks, assessing or

evaluating the risks, treating or managing the risks,

monitoring and reviewing the risks and risk environment

regularly as well as continuously communicating, consulting

with stakeholders and reporting (Berg, 2010). Then at the end,

once we have try our best, then just leave to Allah to decide

on it either the risks can be control or not.

Hadith from Prophet Muhammad s.a.w

Prophet (peace be upon him) once asked a Bedouin who has left

his camel untied, “Why do you not tie your camel?” The Bedouin

answered, “I put my trust in God.” The Prophet PBUH then said,

“Tie up your camel first then put your trust in God.”

From the above definition, we can make a conclusion that we as

the slave of Allah need to put trust and full depend on Him.

However, at the same time we also need to make some effort to

solve our own problem and both trust in Allah and full effort

need to be exist at the all the time without missing each

other. Same goes if we put the situation of risk management

Page 3 of 13

here. We as slave of Allah need not only put trust on Allah to

protect our company for example in preventing from having risk

but we also need to make our own effort to prevent, minimize or

even control risks, which is by having or implementing risk

management.

3.What are the needs to have the risk management in the

organization?

Risk exist because entities, companies and organizations have assets of“ ”a material or immaterial nature that could be subject to damage that has

consequesces on the entity in question (CLUSIF, 2008).

Protecting people from harm (Insurance Bureau of Canada, 2014)Occupational Health and Safety Act 2000 required that organizations

take reasonable measures to prevent loss, harm or injury to the

organization and all stakeholders (NSW Government, n.d). there are

few factors that lead risk to happen. For example is in the events

or actions that can lead to the occurrence of a risk such as

accident, fire and media theft; actions or methods of action that

make the occurence of risk possible without causing it such as

abuse of privilege, illegal rights or identity theft; as well as effects

related to and which indicate undetermined causes such as

saturation of an information system (CLUSIF, 2008). All these factors

might lead harm to the organization and also the stakeholder.

So, by having a proper risk management, it give the organization an

early preparation to prevent, control or even minimize all those

things from giving impact to stakeholder or even to the organization

itself. This is because, the process if risk management involved

identifying risks, analyzing the identified risks,

assessing or evaluating the risks, treating or managing

the risks, monitoring and reviewing the risks and risk

environment regularly as well as continuously

communicating, consulting with stakeholders and reporting

(Berg, 2010). By having a proper risk management, it

Page 4 of 13

provides the organization with a proper plan starting

before, during and after risk take place.

Protecting the reputation and public image of the

organization (Insurance Bureau of Canada, 2014)If any risk exist in an organization either small or huge, it for sure

will give some impact to the organization and to stakeholder too

neither in term of monetory nor non-monetary such as reputation

and public image. Obviously when risk exist in an organization, for

sure some monetory expenses will be incurred such as loss for the

damaged assets or even for the conservative action after the risk

happened such as by outsorcing onother party to repair for all

those damages.

Risk management failures that happen to National Australia Bank in

2004, Allied irish Bank in 2001, LTCM Hedge Fund in 1998,

Sumitomo Yasuo Hamanaka in 1996, Orange Country, USA in 1994

as well as what happen at Societe Generale, France in 2008

(Jeroen, n.d) obviously has put down the reputation and public

images of all those companies and it not only cause some losses

during the risk happen but also some losses after the risk happen

such as the shifting of the customers to the another rival company

due to the reducing the level of trust among customers.

4.Risk Management in Toyota Motor Corporation

Basic Philosophy of Risk Management

After facing controversial quality-related issues in 2010

which is 14 safety related recalls (Cole, 2011) on its cars

worldwide, Toyota has come out with their own Risk

Management Council in June 2010 that has been established

under Corporate Social Responsibility (CSR) Committee. The

appointment of risk managers and the other measures has take

place globally during that time in order to prevent,

Page 5 of 13

overcome and control risks that might disturb their daily

operations.

Organization and Structure

Appointment of Risk Management Personnel

Position Job SpecificationGlobal Chief Risk Management Officer (CRO)

Head global risk management and established systems under the Global CRO to monitor riskson a daily basis. This makes it possible to respond immediately in the event that a risk occurs.

Regional CROs (underthe Global CRO)

Oversee individual regions, and each region has its own risk management system

Chief Officers and functional secretariats

Managing risks within the company according to function, and they coordinate and support regional risk management relating to their specific functions

Actions of the Risk Management Council

Meets twice annually to identify all risks that may

impede business activities and take action to prevent

those risks. The Council is chaired by the Global CRO,

and its members include regional CROs and all Senior

Managing Officers and Chief Officers.

Works to manage and prevent risks by reporting on

major risks in each region, confirming all current

risks, and reporting on the status of measures

addressing immediate and serious risks.

Organization of the Risk Management Council

Page 6 of 13

Source: Toyota Motor Corporation Sustainability Report 2013

Basic Philosophy and Background Regarding Business Continuity

management

Damage to Toyota and various Group companies by the past

large-scale disasters such as Great East Japan

Earthquake and Thailand floods could severely impact

production and other activities. So, learnt from past

experience, it is essential for Toyota to make

preparations to enable early recovery and due to that,

Toyota has come out with its own business continuity plan

(BCP). Aiming to enrich the lives of communities, Toyota

works on recovery after disaster in the following

priority order along with the basic guidelines as below:

Source: Toyota Motor Corporation Sustainability Report 2013

Page 7 of 13

Humanitarian Aid and Early Recovery of Disaster-

affected Sites

Toyota concluded a comprehensive disaster

support agreement in October 2013 with Toyota

City, where Toyota’s Head Office is located, and

with Miyoshi City, where neighboring plants are

located, in February 2014 in order to improve the

feasibility of the basic guidelines, which give higher

priority to regional recovery following disaster and

help build disaster-resilient communities.

These agreements call for Toyota to provide

humanitarian and regional recovery support in

seven areas through collaboration with the

governments. Toyota has incorporated these

requirements into its business continuity plan

(BCP) and is taking various steps to remain

prepared, such as establishing implementation

structures. Toyota plans to accordingly study and

discuss optimum methods for working with other

municipalities where its offices are located

Details of Aid

1. Post-disaster rescue and relief

2. Provision of temporary evacuation sites (taking in regional citizens affected disaster)

3. Provision of facilities for use as evacuation sites

4. Provision of food, drinking water and daily necessities to the government (citizens)

Page 8 of 13

5. Cargo handling assistance at Toyota/Miyoshi City relief supply facilities

6. Provision of land necessary for regional infrastructure such as plumbing, roads for recovery construction

7. Employee participation in local recovery activities

Restoration of Company Operations and Production

To ensure the continuation in delivering better

cars and services throughout the world, Toyota

reassessed its existing disaster-preparedness

plan to achieve the following three objectives: (1)

Recovery from the customer’s viewpoint, (2)

Preparedness during normal times to enable

autonomous recovery, and (3) Involvement of the

entire supply chain including “All Toyota” and all

suppliers.

Toyota has defined production resumption goals for

high-priority vehicle models and strives to be

prepared at all times in order to enable recovery

from the customer’s viewpoint and to minimize

impact on customers.

Toyota aims to fortify its production facilities

while making them easy to repair should they be

damaged in order to maintain preparedness during

normal times.

The supply chain required for purchasing the

extremely large number of parts and materials

utilized in car manufacturing has become a huge

Page 9 of 13

network and restoring production means restoring

the entire supply chain. Thus, Toyota shares its

restoration goals with its entire supply chain in

order to achieve the quickest possible recovery in

the event of a disaster.

Toyota has surveyed the entire supply chain to

build a database that will give a visual

representation of the entire situation to allow

assessment of the impact a disaster-damaged

parts or material plant would have on the entire

supply chain.

Comments

In my own opinion, Toyota Motor Corporation (TMC) is really

learned from past experienced. As what has been disclosed in the

above, Toyota has reinforced their risk management by

come out with their own Risk Management Council,

established under Corporate Social Responsibility (CSR)

Committee after facing controversial quality-related

issues in 2010 (TMC Sustainability Report, 2014). TMC is

trying to control any risks that might become barriers

and obstacles to their daily operations because any kind

of risk might lead the company to facing with losses

neither monetary nor non-monetary such as remedy to the

customers and recall management cost, time and effort

taken, or even the reputation and credibility of the

company itself.

Page 10 of 13

Preparing for risk management is not easy as ABC because

it involved many steps and methods such identifying

risks, analyzing the identified risks, assessing or

evaluating the risks, treating or managing the risks,

monitoring and reviewing the risks and risk environment

regularly as well as continuously communicating, consulting

with stakeholders and reporting (Berg, 2010). However, we

as external observer cannot get what is the real risk

management of TMC but some information contained in their

Sustainability Report 2014 might give some brief idea on

that.

Even though we can use Malay idioms sudah terhantuk baru

terngadah or sudah kalah baru berkubu since TMC implemented

their own Risk Management Council after facing

controversial quality-related issues in 2010, but at

least TMC has done a precautionary action and is trying

to do something better in future for the seeks of the

customers.

Page 11 of 13

References

Berg, H, P. (2010). Risk Management: Procedures, Methods and

Experiences. Volume 1 Retrieved on November 1st, 2014 from

http://gnedenko-forum.org/Journal/2010/0220

10/RTA_2_2010-09.pdf

Cole, R. E. (2011). What Happened to Toyota? Retrieved on November 1st, 2014 from

http://www.eoq.org/fileadmin/user_upload/Documents/Congress_proceedings/Budape

st__June_2011/Proceedings/12_1_cole_slides.pdf

CLUSIF, 2008 Risk Management: Concept and Methods Retrieved on November 1st, 2014 from https://www.google.com.my/search?newwindow=1&q=CLUSIF%2C+2008+Ris k+Management%3A+Concept+and+Methods&oq=CLUSIF%2C+2008+Risk+Manage ment%3A+Concept+and+Methods&gs_l=serp.3...29363.29363.0.29612.1.1.0.0.0.0.73 .73.1.1.0....0...1c.2.58.serp..1.0.0.nMBY2GAtRoE

European Federation for Welding, Joining and Cutting (n.d) Fundamental of Risk Management http://www.ewf.be/media/documentosDocs/doc_16_ewf-644-08-

fundamentals-of-risk-management.pdf

Page 12 of 13

Insurance Bureau of Canada, (2014) Getting Started Managing Your Risk Retrieved on October 29th, 2014 from http://www.ibc.ca/en/Business_Insurance/documents/brochur

es/RM_Getting%20started_Process.pdf

Jeroen P.M.M. Thijs, n.d) Risk Management in Islamic Banking.

Retrieved on October 29th, 2014 from

http://www.bankislam.com.my/en/Documents/shariah/RiskMgmtinIsla

mic Bkg.pdf

NSW Government, (n.d) Risk Management Retrieved on October 29th, 2014 from https://

www.adhc.nsw.gov.au/__data/assets/file/0009/228753/969_ItsYourBusiness- Chapter6-RiskManagement_web.pdf

Quran.com. (2014). Surah Yusuf verse 16. Retrieved on November 1st, 2014 from http://quran.com/12/67

Toyota Motor Corporation (2014). Sustainability Report 2014. Retrieved on November 1st, 2014 from http://www.toyota-global.com/sustainability/report/sr/

Page 13 of 13