1.WHAT IS RISK RELATING TO MANUFACTURING INDUSTRY?

In a manufacturing process consideration needs to be given to the potential risks associated

with ongoing day to day activities. Risks can arise due to the nature of the materials in use, the
equipment, the people, etc.. It is important to have a program in place which can identify the
various risks that can arise, to understand the probability of the risks arising and the potential
impact on the business, the staff, the shareholders, customers, suppliers and the community, were
a risk to be realized.

Depending on individual perspective the focus of a risk management program can be to

minimize injury to staff, to customers, or the local community. Alternatively the focus may be
financial, where the financial health of the business is a key concern or the potential impact on
shareholder financial returns. Many organizations place a high focus on reputation, any potential
damage to business reputation could have long term effects, therefore, the risks which could
impact on the reputation of the organization need to be identified and controls implemented to
minimize the potential of such risks being realized.

Whatever the reason for wanting to understand and control risks, in every manufacturing
process there will be a need for a comprehensive risk identification, risk assessment, risk
measurement, risk minimization and risk monitoring program. Such a program will need to
encompass all aspects of the business to ensure all key areas of risk concern are captured.
CATEGORIES OF RISK

 Macroeconomic risks likely to affect their organization’s growth opportunities

 Strategic risks the organization faces that may affect the validity of its strategy for
pursuing growth opportunities 

o Engages in activity at variance with its stated objectives

o Fails to engage in an activity that would support its stated objectives
 Financial
I Reduction in funding
II Failure to safeguard assets
III Poor cash flow management
IV Lack of value for money
V Fraud / theft
VI Poor budgeting

 Operational risks that might affect key operations of the organization in executing its
strategy

o These risks result from failed or inappropriate policies, procedures, systems or

activities e.g
I Failure of an IT system
II Poor quality of services delivered
 III Lack of succession planning
IV Health & Safety risks
V Staff skill levels
VI No process to track contractual commitments

 Governance & Compliance

o Lack of oversight by Board

o Segregation of duties not defined formally
o Ensuring compliance with funders terms and conditions
o Compliance with applicable legislation
I Safeguarding of vulnerable individuals
II Taxation Law
III Data Protection
IV Health & Safety Law
 Reputational
o Organization engages in activities that could threaten it’s good name
I Through association with other bodies
II Staff / members acting in a criminal or unethical way
o •Poor stakeholder relations

2.WHO ARE THE RISK MANAGER? WHAT ARE THE FUNCTIONS OF RISK
MANAGER?
Risk managers work with companies to assess and identify the potential risks that may hinder
the reputation, safety, security and financial prosperity of their organisation.
Once these risks have been identified, assessed and evaluated, risk managers are then tasked with
implementing processes and procedures to ensure that their client is fully prepared to deal with
any potential threats.

A risk manager’s job is inspired by the mantra, “prevention is better than cure.” It’s all about
avoiding threats and mitigating the effects of those which are essentially unavoidable.

Risk management careers are highly analytical and a large part of your time will be focused on
conducting detailed risk assessments. This process involves analysing documents, statistics,
reports and market trends. You’ll also be required to assess the organisation’s previous risk
management policies and protocols.

Risk management is also about understanding an organisation’s business objectives. You’ll

need to gather information about your client’s outgoings, legal responsibilities and
environmental policies, and then evaluate the effects of any proposed risks against these current
processes.
Life as a risk manager, however, is not just about going through information with a fine tooth
comb: you’ll also need to have the ability to build relationships with your clients and their
stakeholders. For instance, based on your analysis, you’ll have to produce risk reports, attend
meetings and present your proposals to senior members of staff.
 The kind of solutions which risk managers suggest and implement are likely to include
insurance, health and safety policies, disaster recovery measures and business continuity plans.
Once these have been put in place, risk managers will often return to organisations again in the
future to conduct additional audits and assessments.

Responsibilities

 Conduct assessments to define and analyze possible risks

 Evaluate the gravity of each risk by considering its consequences
 Audit processes and procedures
 Develop risk management controls and systems
 Design processes to eliminate or mitigate potential risks
 Create contingency plans to manage crises
 Evaluate existing policies and procedures to find weaknesses
 Prepare reports and present recommendations
 Help implement solutions and plans
 Evaluate employees’ risk awareness and train them when necessary
 Identifying and analyzing various risks (e.g. business, financial)
 Developing risk management controls and contingency plans
 Communicating recommendations to management

3.GIVE SOME SCENARIO OR SITUATION THAT YOU MAY ENCOUNTER IN THE

MANUFACTURING INDUSTRY….

Conflicts of Interest

A conflict of interest could be defined as a situation that occurs when a person or company acts
in a manner to promote self-interests rather than the established best interest of the business or
customer. A conflict of interest may cause a situation that is unethical, that violates current
policy or the law, or all of the above.

Dealings involving insiders – Dealings with persons or entities connected with the [company] in
a way that might affect its judgment represent a potential conflict of interest or self-dealing
activity.
Inappropriate financial benefit – A [company] may gain an inappropriate financial benefit if it
generates additional fee-based business for itself or an affiliate in one of the following ways: by
using an affiliated company’s income-producing services, by charging undisclosed fees to
accounts for security transactions, or by receiving payment for other services that are normally
included in fiduciary administration fees. If a [company] obtains financial benefits (including
goods and services) from a service provider (whether affiliated or not), the benefits must be
authorized and must not be provided in exchange for using that provider.
Employees’ unethical conduct – Employees’ unethical conduct can undermine the [company’s]
ability to fulfill its duty of loyalty to [customers and vendors]. A [company] that publishes a code
of ethics for employees that clearly communicates the [company’s] expectations may reduce the
risk of unethical conduct. Management should have monitoring systems in place to detect
employee conduct that conflicts with the [company’s] responsibilities. Systems should be
sufficient to alert the [company] when a [company] employee serves [a customer or vendor of]
the [company] for a fee, competes with the [company], receives loans from fiduciary clients,
accepts gifts or bequests from fiduciary clients, receives goods and services from vendors, or
executes personal securities transactions that are counter to the best interests of account
beneficiaries.

Bribery
“The act of taking or receiving something with the intention of influencing the recipient in some
way favorable to the party providing the bribe. Bribery is typically considered illegal and can be
punishable by jail time or stiff fines if authorities find out about the bribe.”

To be considered a bribe, the thing given or accepted generally must be of some significant
value; however, many organizations take a zero-tolerance approach to gift value. Even a gift or
gratuity of little monetary value, if it influences the actions of the receiver, could be considered a
bribe. Some organizations follow IRS guidelines for de minimis benefits. In general, a de
minimis benefit is “one for which, considering its value and the frequency with which it is
provided, is so small as to make accounting for it unreasonable or impractical.” Usually,
traditional practices or customs in the workplace, such as giving birthday cakes or holiday foods,
are excluded from bribery prohibitions. It is unlikely these types of things sway anyone’s
judgment, and no one wants vendors to stop sending complimentary boxes chocolates or fruit
baskets for the Christmas or New Year holidays!

Compliance Management
Most sound business practices begin with an established commitment by management and a
stated policy, and, the management of conflicts of interest, ethics, and prohibitions on activities
like bribery or kickbacks is no different.

Codes of Ethics or Conduct – The stated commitment to and general guidelines about ethics,
conflicts of interest, and other expectations are the starting point. Most large companies have a
published code of ethics—a set of general guidelines to encourage employees to behave ethically
and responsibly and others may implement a policy of the same nature. Smaller institutions may
have a more informal approach, but, any commitment by management must be clearly
communicated to all employees. Training is a good idea.
Organizations often have established codes of ethics based on the industry or trade. For example,
both the National Association of Mortgage Brokers and the Florida Association of
Mortgage Professionals have a Code of Ethics, and there are many more.
Monitoring and auditing for compliance – Periodic reviews of company operations or records
should include compliance to ethical standards as well as legal and regulatory requirements.
 
When faced with situations that feel like they might be unacceptable, stop and think, “Do we
have a code of conduct or something similar that covers this?” If not, consult management for
direction. In any case, if the hairs on the back of your neck are bristling, proceed with caution. It
could be the best pause you ever take.

4. PICK ONE AND DO YOUR ANALYZATION TO PREVENT THE RISK…

 Manage risk

Every business faces risks that could present threats to its success.

Risk is defined as the probability of an event and its consequences. Risk management is the
practice of using processes, methods and tools for managing these risks.

Risk management focuses on identifying what could go wrong, evaluating which risks should be
dealt with and implementing strategies to deal with those risks. Businesses that have identified
the risks will be better prepared and have a more cost-effective way of dealing with them.

This guide sets out how to identify the risks your business may face. It also looks at how to
implement an effective risk management policy and program which can increase your business'
chances of success and reduce the possibility of failure.

 The risk management process

 The types of risk your business faces
 Strategic and compliance risks
 Financial and operational risks
 How to evaluate risks
 Use preventative measures for business continuity
 How to manage risks
 Choose the right insurance to protect against losses
The risk management process
Businesses face many risks, therefore risk management should be a central part of any business'
strategic management. Risk management helps you to identify and address the risks facing your
business and in doing so increase the likelihood of successfully achieving your businesses
objectives.

A risk management process involves:

 methodically identifying the risks surrounding your business activities

 assessing the likelihood of an event occurring
 understanding how to respond to these events
 putting systems in place to deal with the consequences
 monitoring the effectiveness of your risk management approaches and controls
As a result, the process of risk management:

 improves decision-making, planning and prioritisation

 helps you allocate capital and resources more efficiently
 allows you to anticipate what may go wrong, minimising the amount of firefighting you
have to do or, in a worst-case scenario, preventing a disaster or serious financial loss
 significantly improves the probability that you will deliver your business plan on time
and to budget
 Risk management becomes even more important if your business decides to try something new,
for example launch a new product or enter new markets. Competitors following you into these
markets, or breakthroughs in technology which make your product redundant, are two risks you
may want to consider in cases such as these.
The types of risk your business faces
The main categories of risk to consider are:

 strategic, for example a competitor coming on to the market

 compliance, for example the introduction of new health and safety legislation
 financial, for example non-payment by a customer or increased interest charges on a
business loan
 operational, for example the breakdown or theft of key equipment
These categories are not rigid and some parts of your business may fall into more than one
category. The risks attached to data protection, for example, could be considered when reviewing
your operations or your business' compliance.

Other risks include:

 environmental risks, including natural disasters

 employee risk management, such as maintaining sufficient staff numbers and cover,
employee safety and up-to-date skills
 political and economic instability in any foreign markets you export goods to
 health and safety risks
Strategic and compliance risks
Strategic risks are those risks associated with operating in a particular industry.

They include risks arising from:

 merger and acquisition activity

 changes among customers or in demand
 industry changes
 research and development
For example you might consider the strategic risks of the possibility of a US company buying
one of your Canadian competitors. This may give the US company a distribution arm in Canada.
You may want to consider:

 whether there are any US companies which have the cash/share price to do this
 whether there are any Canadian competitors who could be a takeover target, perhaps
because of financial difficulties
 whether the US company would lower prices or invest more in research and development
Where there's a strong possibility of this happening, you should prepare some sort of response.

Compliance risk

Compliance risks are those associated with the need to comply with laws and regulations. They
also apply to the need to act in a manner which investors and customers expect, for example, by
ensuring proper corporate governance.
 You may need to consider whether employment or health and safety legislation could add to
your overheads or force changes in your established ways of working.

You may also want to consider legislative risks to your business. You should ask yourself
whether the products or services you offer could be made less marketable by legislation or
taxation – as has happened with tobacco and asbestos products. For example, concerns about the
increase in obesity may prompt tougher food labelling regulations, which may push up costs or
reduce the appeal of certain types of food.

Financial and operational risks

Financial risks are associated with the financial structure of your business, the transactions your
business makes and the financial systems you already have in place.

Identifying financial risk involves examining your daily financial operations, especially cash
flow. If your business is too dependent on a single customer and they are unable to pay you, this
could have serious implications for your business' viability.
You might examine:

 the way you extend credit to new customers

 who owes you money
 the steps you can take to recover it
 insurance that can cover large or doubtful debts
Financial risk should take into account external factors such as interest rates and foreign
exchange rates.

Rate changes will affect your debt repayments and the competitiveness of your goods and
services compared with those produced abroad.

Operational risks

Operational risks are associated with your business' operational and administrative procedures.
These include:

 recruitment
 supply chain
 accounting controls
 IT systems
 regulations
 board composition
You should examine these operations in turn, prioritise the risks and make provisions for such a
risk happening. For example, if you are heavily reliant on one supplier for a key component you
should consider what could happen if that supplier went out of business and source other
suppliers to help you minimise the risk.

IT risk and data protection are increasingly important to business. If hackers break into your IT
systems, they could steal valuable data and even money from your bank account which at best
would be embarrassing and at worst could put you out of business. A secure IT system
employing encryption will safeguard commercial and customer information.

How to evaluate risks

Risk evaluation allows you to determine the significance of risks to the business and decide to
accept the specific risk or take action to prevent or minimise it.

To evaluate risks, it is worthwhile ranking these risks once you have identified them.

This can be done by considering the consequence and probability of each risk. Many businesses
find that assessing consequence and probability as high, medium or low is adequate for their
needs.
These can then be compared to your business plan - to determine which risks may affect your
objectives - and evaluated in the light of legal requirements, costs and investor concerns. In some
cases, the cost of mitigating a potential risk may be so high that doing nothing makes more
business sense.

There are some tools you can use to help evaluate risks. You can plot on a risk map the
significance and likelihood of the risk occurring. Each risk is rated on a scale of one to ten. If a
risk is rated ten this means it is of major importance to the company. One is the least significant.
The map allows you to visualise risks in relation to each other, gauge their extent and plan what
type of controls should be implemented to mitigate the risks.
Prioritising risks, however you do this, allows you to direct time and money toward the most
important risks. You can put systems and controls in place to deal with the consequences of an
event. This could involve defining a decision process and escalation procedures that your
company would follow if an event occurred.
Use preventative measures for business continuity
Risk management involves putting processes, methods and tools in place to deal with the
consequences of events you have identified as significant threats for your business. This could be
something as simple as setting aside financial reserves to ease cash flow problems if they arise or
ensuring effective computer backup and IT support procedures for dealing with a systems failure.
Programs which deal with threats identified during risk assessment are often referred to
as business continuity plans. These set out what you should do if a certain event happens, for
example, if a fire destroys your office. You can't avoid all risk, but business continuity plans can
minimise the disruption to your business.
Risk assessments will change as your business grows or as a result of internal or external
changes. This means that the processes you have put in place to manage your business risks
should be regularly reviewed. Such reviews will identify improvements to the processes and
equally they can indicate when a process is no longer necessary. Choose the right insurance
to protect against losses
Insurance will not reduce your business' risks but you can use it as a financial tool to protect
against losses associated with some risks. This means that in the event of a loss you will have
some financial compensation. This can be crucial for your business' survival in the event of, say,
a fire which destroys a factory.

Some costs are uninsurable, such as the damage to a company's reputation. On the other hand, in
some areas insurance is mandatory.
 Insurance companies increasingly want evidence that risk is being managed. Before they will
provide cover, they want evidence of the effective operation of processes in place to minimise
the likelihood of a claim. You can ask your insurance adviser for advice on appropriate
processes.

Insurance products

You can use a business interruption policy, for example, to insure against loss of profit and
higher overheads resulting from, say, damaged machinery.
You may also want to consider:

 products liability insurance

 key man insurance
 group life assurance
Liability insurance - public and products liability insurance - is designed to pay any
compensation and legal costs that arise from negligence or breach of duty.

Key man insurance is designed to cover you for the financial costs of losing key personnel.

Group life assurance is provided by employers as part of a benefits package and pays out a lump
sum to an employee's family should the employee die.

Original document, Managing risk, © Crown copyright 2009

Source: Business Link UK (now GOV.UK/Business)
Adapted for Québec by Info entrepreneurs
Our information is provided free of charge and is intended to be helpful to a large range of UK-
based (gov.uk/business) and Québec-based (infoentrepreneurs.org) businesses. Because of its
general nature the information cannot be taken as comprehensive and should never be used as a
substitute for legal or professional advice. We cannot guarantee that the information applies to
the individual circumstances of your business. Despite our best efforts it is possible that some
information may be out of date.

As a result:

 The websites operators cannot take any responsibility for the consequences of errors or
omissions.
 You should always follow the links to more detailed information from the relevant
government department or agency.
 Any reliance you place on our information or linked to on other websites will be at your
own risk. You should consider seeking the advice of independent advisors, and should always
check your decisions against your normal business methods and best practice in your field of
business.
 The websites operators, their agents and employees, are not liable for any losses or
damages arising from your use of our websites, other than in respect of death or personal injury
caused by their negligence or in respect of fraud.