After a major fire had destroyed an office block belonging to Saltoc Company, the fire assessment reported that the most likely cause was an electrical problem. It emerged that the electrical system had suffered from a lack of maintenance in recent years due to cost pressures.
Meanwhile in the same week, it was reported that a laptop computer containing confidential details of all of Saltoc’s customers was stolen from the front seat of a car belonging to one of the company’s information technology (IT) mid-managers.
This caused outrage and distress to many of the affected customers as the information on the laptop included their bank details and credit card numbers. Some customers wrote to the company to say that they would be withdrawing their business from Saltoc as a result.
When the board met to review and consider the two incidents, it was agreed that the company had been lax in its risk management in the past and that systems should be tightened. However, the financial director, Peter Osbida, said that he knew perfectly well where systems should be tightened.
He said that the fire was due to the incompetence of Harry Ho the operations manager and that the stolen laptop was because of a lack of security in the IT department led by Laura Hertz. Peter said that both colleagues were ‘useless’ and should be sacked. Neither Harry nor Laura liked or trusted Peter and they felt that in disputes, chief executive Ken Tonno usually took Peter’s side.
Both Harry and Laura said that their departments had come under severe pressure because of the tight cost budgets imposed by Peter. Ken Tonno said that the last few years had been ‘terrible’ for Saltoc Company and that it was difficult enough keeping cash flows high enough to pay the wage bill without having to worry about ‘even more’ administration on risks and controls.
Peter said that Harry and Laura both suffered in their roles by not having the respect of their subordinates and pointed to the high staff turnover in both of their departments as evidence of this.
Mr Tonno asked whether having a complete risk audit (or risk review) might be a good idea. He shared some of Peter’s concerns about the management skills of both Harry and Laura, and so proposed that perhaps an external person should perform the risk audit and that would be preferable to one conducted by a colleague from within the company.
Required:
1- Explain what external risk auditing contains and construct the case for an external risk audit at Saltoc Company.
2- Discuss whether or not a risk should be embedded in Saltoc company.
3- Assess whether or not saltec's management culture is suitable for implementing embedded risk systems.
4- Elaborate risk mitigation strategies that saltoc company can use in managing risks.