Risk Analysis at Tesco Ltd, Free Essay in Risk Management

A risk is defined as any problem, challenge or issue that influences the ability of an organization in meeting its objectives (Committee of Sponsoring Organizations (COSO), 2004). For any organization to be successful, there is the need for taking calculated risks to identify danger areas in the company that can be a threat to its performance, growth, and success. In this case, enterprise risk management would entail a process that is affected by the administration, director and other staff of the organization with the responsibility of identifying risks and set the strategies for their mitigation. Therefore, risk analysis becomes an essential aspect of any organization that wants to ensure it stays within the line of achieving its objectives. To efficiently analyze risk, two steps are critical including risk assessment and risk management, the components that form the risk analysis framework. The current research paper will be performing a risk analysis for a selected company named Tesco. The aim is to identify the risks that affect the company's performance, prioritize those risks using a recognized framework, and analyze their likelihood and impact as well as practical management or mitigation strategies. First, it is essential to have a background of the Tesco Company and the organization structure with management positions responsible for risk assessment and management.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

Tesco PLC

Tesco is one of the leading businesses in the retail industry. It is ranked 4th in the list of the 2009/2010 Deloitte's Global Powers of retailing in the world (Woods, 2011). Tesco is a group of companies that operate in different formats including convenience stores, department stores, discount department stores, hypermarket, superstore, supermarket, and supercenter. The company was launched in the year 2000 with the Tesco personal finance currently known as the Tesco Bank being started in the year 2010. The headquarters are in the UK. However, the overseas subsidiaries form 80% of the entire Tesco business group.

Organization Structure

The organization structure at Tesco PLC can be framed based on Risk Assessment and Risk Management Responsibilities. It is a flat structure that flows from the board to the group compliance committee as shown below.

Groups Chief Executive and Executive Committee

Board

Audit Committee

Group Compliance Committee

In risk assessment and management, the board has the overall responsibility of managing risk within the enterprises; It participates directly with the other departments in assessing, mitigating as well analyzing the risk appetite. The audit committee oversees the risk framework within the organization and takes the necessary controls on behalf of the board of directors. The group chief executive and executive committee have the entire accountability for controlling and managing risks within the enterprise. Individual members of the group report to the group chief executive and executive committed regarding responsibility for particular risks. The groups' compliance committee at Tesco PLC oversees the primary regulatory as well as compliance risks on behalf of the executive committee. It also ensures that it reports to the audit committee twice a year. The departments in Tesco PLC show that risk analysis is done efficiently for the entire group to provide the identification of dangerous areas and development of strategies necessary for mitigating these threats.

Risk Assessment

Risk assessment can be described as the process that the management of a business takes to identify the potential problems or issues that threaten the performance of the company and analyzed their impact on the organization in the event of the occurrence. Based on the COSO framework, risk assessment involves evaluating the type of risk that poses a threat to the business including the inherent and managed risk. Evaluation of risk also entails looking its likelihood of occurrence and impact to the store after happening. The managed risk within a company depends on the quality of management controls that have been put in place to mitigate the risks. When the inherent risk is executed, then there is a residual risk that remains within the business that must be maintained from time to time to ensure the enterprise is in a stable position to fight any threats to its performance. Residual risk must be assessed to find whether it is too high, or low to impact on the business operations in the future. In this case, evaluating the overall risk appetite, tolerance, the need for costs to reduce further and the relationship of the risk to the benefits, it's accruing for the business after occurrence is critical. Based on the above information, the following section describes the risks in Tesco PLC limited.

Top Key Risks and Impacts

After evaluating the company's operations and business in its entirety, eleven principal risks were identified as threatening the performance of the company. They include customer proposition, Tesco Bank, the transformation of the economic model, liquidity, competition and markets, safety, people, technology, brand reputation and trust, regulatory and compliance, data security and privacy. These are the inherent risks in the business that pose a threat to its growth and performance. The uncertainties in Tesco PLC can be classified as financial, compliance, reputational, operational and strategic.

Risk Prioritization

Risk prioritization is based on the impact assessment made whereby the probabilities and consequences of risk events are identified (COSO, 2012). Risks are prioritized to establish those with the most and least significance to the performance of the organization. In Tesco PLC, the dangers were categorized based on their likelihood of occurring and impact as shown in Table 1 below. The risk score was obtained by getting the average of probability and impact to know the level of risk that the Tesco Company is facing. The risk matrix in Appendix 1 was referred when rating the likelihood and impact.

Table 1: Risk Prioritization

Risk factor Risk Likelihood/Probability Impact Risk Score

1 Customer proposition H VH H

2 Tesco Bank M M M

3 The transformation of the economic model H H H

4 Liquidity H VH H

5 Competition and markets VH VH VH

6 Safety L M L

7 People M H M

8 Technology L M L

9 Brand reputation and trust H VH H

10 Regulatory and compliance M M M

11 Data security and data privacy L L L

Effective risk prioritization is the starting point of risk mitigation. When risks in a company are prioritized appropriately, the management understands the severity of each of them towards the business performance and growth. The risk prioritization analysis in Tesco PLC follows this criterion to effective risk prioritization, and the report reveals various findings of risk assessment of the Company. Looking at the results, it is evident that Tesco faces five critical risks whose significant is high to the performance of the business. These five core risks for Tesco include customer proposition, the transformation of the economic model, liquidity, competition, and markets as well as brand reputation and trust. These risks provide a high or very high rating on the risk matrix scale. It shows that the company must be keen in observing the trend of occurrence of these risks continuously and give them a priority during mitigation. The analysis confirms the challenges that Tesco has been facing due to the primary risks.

The moderate risks such as people, Tesco Bank as well as regulatory and compliance also pose a threat to the company although at a lower range. However, when these risks are not mitigated, then they will result in having a more significant impact on the company. Their probability and impact will become high. Therefore, the respective management responsibility must take the required measures to ensure that medium risks are monitored and mitigated efficiently to avoid their adverse effects on the performance of the company.

Tesco faces the low risks of data security and data privacy, technology, and safety. It means that these risks have a low probability of occurring within the business. However, their occurrence may have a low impact on the company's performance. These events are attributable to the Tescos' effective management across departments within its subsidiaries. Data are well managed, carefully used and stored correctly to ensure the maximum safety and security. It is essential to understand that such measures need to be assured consistently in the business to ensure data safety and security is never compromised. Failure to monitoring these risks will lead to them having a high probability of occurring and resulting in a more significant impact on the business.

Risk Mapping Analysis

A risk heat map was used to have a better understanding of Tesco's risk profile, appetite, clarity of the nature and impact of risks. A two-dimensional matrix showing the likelihood and impact of risk was used as the data visualization tool to help in identifying the risks that require more attention.

Table 2: The Heat Risk Map

Likelihood

Impact

Negligible Minor Moderate Significant Severe

Almost Certain (81% - 100%) 1, 3 5, 4, 9

Moderate (61% - 80) 2, 10 Likely (41% - 60%) 6, 11 Unlikely (21% - 40%) 8 Rare (1% - 20%) Key

Low Risk

Minimum Risk

Moderate Risk

High Risk

Extreme Risk

Based on the analysis, the results in the heat map confirm those in the risk prioritization table. The customer proposition, the transformation of the economic model, liquidity, competition, and markets, as well as brand reputation and trust risks, were presented as having a severe impact on the business. Their occurrence is also almost certain as they have 81% and above the frequency of occurrence. It is the highest expected rate in the heat map that shows the need for more significant attention for such risks in a company. It means that the management at Tesco needs to give more attention to these five top risks during the mitigation planning. Therefore, the company resources including money and time should be highly focused on priority risks that have been identified in the heat map. These are the risks with the highest damaging effect on the organization.

The medium risks of people, Tesco Bank as well as regulatory and compliance have a lower range of 61% - 80% frequency of accurate and moderate impact on the company performance. It means that they require modest attention when compared to the initial top five risks. The low risks of data security and data privacy, technology and safety at Tesco shows that they require minimum attention unlike the other types of hazards. They have 21% - 60% likelihood of occurring and a minor severity of impact on the company's performance. Hence, their attention should be focused at the time of occurrence, and continuous monitoring is also essential to keep them at their minimum.

Risk Management

Risk Appetite Analysis

COSO (2004) defines risk appetite as the amount of risk when taken on a broader level of the organization willingness to accept and purse its management for better value addition. The organization targets different goals with the intention of adding value. Therefore, it is critical to understand the type of risk that it is willing to accept and pursue. The following Table 2 shows an analysis of the risk appetite level at Tesco PLC Company. The rating of risk appetite factor levels was based on a five-point scale, from 5 to 1. Where 5 is the highest lev...