1. Risk Management Policy Framework
Airline industries face various financial risks just
as any other business does. Hence, this management policy framework is
established to assist the facilitation of risk management process. It ensures
that the information derived from the risk management process is understandable
and used for the purpose of decision making and assigning responsibility for all
relevant organization levels. Effective risk management requires different
parties putting in efforts and responsibility in the management process.
The Board Directors of Unlimited Airway have the
responsibility for the risk oversight and the management of the risks. They should
be focusing on the areas that either may be subject to risk or may be
non-compliant with the best practices implemented by the company on risk
management, from a domestic and global viewpoint. Boards can fulfil their roles
in risk oversight by:
policies and procedures that are compliant with Unlimited Airway’s strategies
and risk tolerance.
up on management’s development of risk management policies and procedures
the presence and implementation of an appropriate framework and strategy.
steps to raise risk awareness
Risk are managed by more than one committee, which are
the risk management committee and the audit committee. The risk management
committee should beware of Unlimited Airway’s most critical risks and mitigate
these risks. They identify and analyze these risks, develop a management plan for
these risks and use policies and procedures established to enforce it. On the
other hand, the audit committee should inspect the relevant financial policies
and processes, the financial reporting processes, compliance and auditing. The
audit committee, usually in coordination of the risk management committee, will
conduct the internal audit as well as monitor ongoing compliance problems to
produce risk assessment plan. Both
parties should ensure that the risks are identified and managed before
reporting it to the Board Directors.
Risk Management Process (With
reference to Diagram 1)
Within the Risk Management Policy Framework, a simplified
Risk Management Process is adopted to ensure effective communication,
understanding and application by all levels of staff. The steps are to
establish goals and context, identify risks, analyze risks, evaluate risks,
treat the risks, monitor and review.
goals and context
Before risks can be clearly understood and dealt with,
it is pivotal to understand the purpose of it and the importance of the
uncertainties. For example, in the context of Unlimited Airway, it should be
well-prepared with risk assessment plan ready to deal with uncertainties in the
event of economic crisis and fluctuation.
The risk management team has to discover, recognize
and describe risks that might affect Unlimited Airway’s projects or its
outcome. The risks involved can be
credit, market and operational risks. In Unlimited Airway’s case, the company encountered credit and market
risks. Examples of these risks include Unlimited Airway facing credit risks if
the Great Flight fails which causes no or late coupon payout of the bonds
invested and company encountering market risks as loss of sales and changing
variable interest rate may happen in the event of economic downturn.
& Evaluate the risks
After all the financial risks associated to Unlimited
Airways are identified, likelihood and consequence of each risk can be examine
using likelihood and impact scale respectively.
To examine the likelihood and consequence of each
of likelihood scale (With reference to Diagram 2)
of impact scale (With reference to Diagram 3)
By using likelihood and impact scale, the priority of
the risk can be evaluated by combining the effects of likelihood and impact of
consequences. The greater the combined score of the parameters, the higher the
risk factor should be prioritized for mitigation. If the risks are small or
acceptable, they can be continued with minor adjustments/treatments.
Treat the risks is also known as Risk Response
Planning. At this step, the management team has to evaluate the most prioritized
risks and establish a plan to treat or modify these risks to attain an acceptable
level. Risk mitigation strategies, preventive and contingency plans are
created. The highest ranked risks should be treated as a matter of urgency. The
management team of Unlimited Airway should take into account the cost of conducting
each activity while choosing the most suitable risk treatment.
There are various options to treat
the risks. It includes:
Avoid – terminating the activity that introduced the unacceptable
risks and choosing a less risky alternative or alternative that meets the
Reduce – developing a strategy that aims to reduce the likelihood
or consequence of the risk to an acceptable level
Share or Transfer – Establishing a strategy that
shares or transfers the risk to another party. The third party accepting the
risk should be aware of and agree to accept this obligation. In the context of
Unlimited Airway, insurance acts as a protection against risks it is exposed
to. In this case, the insurance company accepts this obligation and accept the
risks on behalf of the Unlimited Airway.
Accept – accepting the risk if it is at an acceptable level but ongoing
monitoring is still required.
Monitor and Review
The management team is required to make use of the
practices mentioned above and use it to monitor, track and review the risks. Any
actions or events that change the status of a risk are documented, for example:
to a risk evaluation as a result of improvements in controls
control breach and near miss should be logged at the time of the event
new risk that has been identified
As risk are not eliminable, some risks still remained.
Factors that might affect the probability and consequences of an outcome may
change, as the factors that will affect the suitability or cost of various
treatment strategies. Therefore, Review is an integral part of risk management
treatment plan. Hence, Unlimited Airway made sure to revisit their risk management
policy frequently to ensure efficiency.
Business continuity and disaster recover
Business Continuity Plan (BCP) refers to maintaining
business function or quickly resuming them in the event of a major disruption.
It outlines procedures and instructions an organization must follow in the face
of disasters. Disaster recovery plan focuses mainly on restoring IT
infrastructure and operations after a crisis.
There are certain things that need to be included in
protection against hazards
Employees of the Unlimited Airway have their own roles
and responsibilities in the event of disaster. First of all, the board
directors must come together to review the plan regularly to make sure it is
plausible so that the company will still be able to continue operating. All the
employees must be given the opportunities to review disaster preparation and
emergency action plan procedures with their department head. Mock disaster
training must be conducted annually and should involve police and fire authorities.
By implementing this plan, Unlimited Airway can reduce the impact and cost of
disruptions and insure the unacceptable risks.
Consulting with employees
Consultation with employees and their health and
safety representatives is required at each step of the risk management process.
By drawing on the experience, knowledge and ideas of its employees, the
Unlimited Airway is more likely to identify all hazards and utilize the
effective risk controls on the hazards.
The employees must be trained to follow safety
instructions and procedures and aware of how the procedures work. They should
also be encouraged to report any hazards and health and safety problems
immediately so that risks can be managed efficiently before an accident/incident