NAME
:
BOTHWELL
SURNAME
:
MASHORA
REG NUMBER
:
G200221350
MODULE CODE
:
101
MODULE TITLE
:
RISK AND SECURITY
MANAGEMENT
EXAM CENTRE
SUBMISSION DATE
:
PORTAL
:
05 JUNE 2020
QUESTION. 1.
Security is the best idea that organisations should improve to safeguard of their assets as a way of
maximising their profits. In doing such activities, organisations need to hire the risk and security
expert, or to seek advice pertaining their security from the risk and security experts or consultant
companies. Therefore, in return, it is the role of the risk and security experts to give a strong advice to
the organisation as to which is the best security approaches to be taken by any client organisation
seeking such advice. This write up is divided into two sections in which the first section provides
the organisational background while another section provides a justifiable report to the client
organisation, advising it on the best security approach to be used during its lifetime.
1a). THE ORGANISATIONAL BACKGROUND

Organisation name:
BATA Ltd-company profile

Type of the organisation:
Profit type of legal entity

Size of the organisation:
exceeds fifty thousand workers

Portfolio of products:

Customer base:
Business to Business or Business to Customer.

Security assessment:
The existing security approach is outsourced security
goods (shoe) production company
https://www.referenceforbusiness.com/history2/39/Bata-limited.htm/,01/02/2020
1b) THE JUSTIFIABLE REPORT.
TITLE:
JUSTIFYING THE BEST SECURITY APPROACH TO BE USED BY BATA Ltdcompany.
INTRODUCTION

This paper saves to justify the best security approach which is appropriate for this organisation. In it
the aim of the paper is clearly shown as well as the underlying theory with the method of research
mentioned therein. An analysis of the results and discussions; and the recommendations as well as the
conclusion and the summery are undoubtedly and clearly outlined in this paper.
AIM OF THE RESEARCH

TO DETERMINE THE BEST SECURITY APPROACH SUITED FOR THE ORGANISATION
DURING ITS BUSINESS LIFETIME.

TO JUSTIFY THE BEST SECURITY APPROACH NEEDED BY THE ORGANISATION USING
APPROPRIATE EVIDENCE.
UNDERLYING THEORY

Best security approach.
RESEARCH METHODS

Desk based research approach was used. (https://www.cles.orguk/2011)
SECURITY APPROACHES.
There are basically two approaches to security of an organisation and these include in-house and
outsourced security approaches. In-house approach is when a company is liable for any security
issues such as training its security workers and securing its premises, for example, in this case, Bata
Ltd may train its security guards and offers self-security service. Outsourced security is a vice-versa
to in-house security and it refers to when a company hires a security company so as to be offered the
security service, for example Bata may source security from a security company like Safeguard
Security Company. Here, a company which specialises in security service may be hired to offer
security to the hiring company ( https://www.ventures.co.uk/uncate, 22/02/19). Therefore there
are basically two security approaches available from which the organisation can choose one to use
so as to secure its assets and people.
DISCUSSION
For one to be able to make a good decision as to which approach to use, there are things to be considered
like the size, nature, products and etc of the company in question. Also the advantages of each approach
contribute a lot to the choice in question.
In-house approach of security has its own benefits which among others includes that there will be a full
amalgamation within the organisation culture. Each individual security personnel will be absolutely
immersed in the organisation’s culture than in the outsourced security approach. For example compliance to
ethics by workers due to a sense of belonging, can improve the organisations culture. Consistence is improved
when the because it the same team on site, providing familiarity with the customers and this improves
customer care, as compared to outsourced in which a guard can be changed any time from the premise and
result in complications in customer care.
In addition to the advantages of in-house security, there is an advantage in selection, where you select what
you want, like a workers, training, on which you can control the robustness of your training and supervising,
in which you can choose to maximise or minimise the supervision of the security guards. In addition a
relationship between the guards and the management is an improved one due to the fact that these people
interact together.
However there are disadvantages in using the in-house security approaches which includes the complexity
to detect poor performance because it may take time to change a guard than in an outsourced. Also, the
approach is very expensive to found due to its demands like uniforms, food, training etc.
(https://www.ventures.co.uk/uncate, 22/02/19)
Outsourced security approach has also it own advantages which includes that it is more flexible than inhouse. You can change a security guard in case of any inconveniences faster than it can take in in-house. In
addition it is also cost effective, that is you pay only for security services no other funds like health, pension
etc. Another advantage is the quality and best technology offered by outsourced organisation which is an
expert in security matters. Lastly, great support is given by the security company which is a benefit to the
hiring organisation. However, it has its own drawbacks which includes among others, the hiring organisation
may be rendered low quality services by the guard because the security guard has no a sense of belonging.
Also there is less control to the guard; the guard may take orders better from his or her actual employer than
on the contractor of the security company (https://www.monetarylibrary.com, 2015).
Therefore, considering the advantages and disadvantages cited above, it has been noted that each approach
has its own advantages and disadvantages. This can leads to a strong security approach, which can consist of
advantages from both approaches, and these advantages surpass and covers the disadvantage of each sister
approaches. Therefore, in choice of a best approach, these advantages are to be considered, and it is clear
that the amalgamation of the two approaches can make a robust and best security approach which is a giant,
for example Triangle Ltd use both approaches, in-house and outsourced. Some of the organisations that use
this approach include Hippo Valley Estates Ltd and Mkwasine Estates Ltd Company. By securing some
parts of the organisation using in-house and other areas can use outsourced, this is so considering the size of
the company which have braches in various parts of the world.
CONCLUSION
To sum up, it has been noted that there are two security approaches which includes the outsourced and the
in-house. These approaches have been defined and discussed giving attention to their advantages as a basis
of choosing the best approach. The discussion evaluated the approaches and found that the amalgamation of
the approaches is a better security approach than using one approach which is weakened by it disadvantages.
This choice has been done also considering the size of the organisation in question and has led to the
following recommendations.
RECOMMENDATIONS.
It is therefore recommended that:

The best security approach to use in this organisation the amalgamation of in-house and outsourced
security

Some parts of the organisation which use outsourced and some use in-house security

Critical parts of the organisation use both approaches.
SUMMARY
There are mainly two types of security approaches which can be used in securing organisations; which are inhouse and outsourced security approaches. Given the situation of Bata Ltd Company, when one thinks of
deciding the best security approaches; one needs to consider its background which includes size, product
portfolio, employee population and many more. Also, to select the best security approach there is need to
compare the advantages and disadvantages of the sister security approaches. In comparing, each approach
consist of advantage and disadvantage, therefore the advantage of another may cover the weakness of the other
approach, the best solution is to take all approaches and economically use them. In using them one can decide
when, and how to use which approach.
BIBILIOGRAPHY
https://www.referenceforbusiness.com/history2/39/Bata-limited.htm/, date accessed 01/02/2020
https://www.cles.orguk/2011, date accessed 01/02/2020
https://www.ventures.co.uk/uncate, 22/02/19, DATE ACCESSED 02/03/2020
https://www.monetarylibrary.com, 2015, date accessed 02/03/2020
QUESTION 2
(a) For the company identified in Question 1 (a) above, use any FIVE Risk and Security Techniques
available in identifying the security risks that the company is likely to face. [25 MARKS]
One of the duties of a risk and security manager in an organisation is the formulation a robust risk
management program. This program consists of several stages in which one of the stages is risk
identification. The risk identification task is done using risk identification techniques and tool so as to curb
the monster called risk. The risks can be identified in two stages which are the initial and ongoing risk
identification. Considering the case of Bata Ltd-company, the risk identification technique which has been
decided in this paper which can be used to identify the risk of that organisation includes the questionnaire
and checklist, hazard operability study (hazorps) among others.
The ISO Guide, ISO 31000, Guide 73, ISO 31010 defined;
Risk as “The effect of uncertainty upon objectives...The possibility that an event will occur and adversely
affect the achievement of objectives”. This shows that risk can be an adverse situation which can affect the
achievement of organisational objectives. Therefore risk identification refers to the process whereby risk
managers
exposes
or
discovers
risks
using
risk
identification
techniques.
(https://www.greycampus.com/opencampus ,04/03/20).
Bugajembo (2003-2018) defined Risk identification as “risk identification is the process of listing potential
project risks and their characteristics. The result of risk identification are normally documented in a risk
register, which includes a list of identified risks along with their sources, potential risk response, and risk
categories.” the information is used in risk analysis
to
support
responses.(http://study.com/academy/lesson-on/risk-identification-
creation
of
risk
purposehtn, (2003-2020).
Given a company like Bata, where shoe production is a core business, theft is one of the risks which can
seriously affect the overall objectives of the organisation. To identify this risk, a risk identification technique
which may be used is the risk register. A risk register is an up-to-date document which is recorded throughout
the life of the project. It is a living document with historical records of risks; the tool has a list of risks, potential
responses, and updated risk categories. It contains the risks which were encountered in the past, and this can
help one to identify the risks which are associated with the company. For example one can actually identify
risk while reading the risk register, that the company experienced theft severally as a risk.
Brainstorming is another technique which can be used to identify risks associated with the said company.
This includes a group of people focusing on risk identification project doing workshops so as to make people
articulate the risks which are known by members of the group. For example in the said company a group of
employees in the shoe manufacturing industry may be brought together to find out what is the cause of
accidents. In this exercise, people who work in the areas which the risks emanate are to form the group which
will be articulating the risks they encounter during their work. The brainstorming session is to be facilitated
by purposely trained experts to carry out such activities, (https://www.greycampus.com/opencampus
,04/03/20).
Risk identification in the company can also be done using root cause analysis. This is whereby route causes
are determined so as to identify the risks and these root cause can be further used to determine other risks
again. In this technique, risks are identified by their source or root cause. The why? Method will be employed
here so as to dig down why employees commit theft. For example, what might be the cause of them to engage
in theft, maybe it is because there are no guards, why they are no guards, there is someone neglecting his role
of increasing the number of security guards etc.
The company is also likely to face is the failure of machines used in the production of shoes, for example
sawing machines, the Hazard Operability Study (hazops) technique may be used. In this case experts in
engineering are asked to examine the operation of machines so as to determine the hazards from the
machines. For example, a group of engineers may examine the malfunctioning of one machine to ascertain
the consequences of on the whole facility. This is done so as to identify hazards from the sewing machines
and to lessen the accidents which may result.
Among the risks which may affect the objectives of the organisation, there are risks which may be identified
using a risk identification technique which is very simple. Physical inspections can help the company
decided by the writer to identify risks such as theft and fire. Physical inspection is an onsite check, a walk
through on the site inspecting the facility; to investigate the risks which may emanate from there. Risks are
identified if the inspect fount a change or a shift from the proper installation of the CCTV which may result
from that shift. For example, the inspector may walk around the ware house to determine if there CCTV are
well installed and check if the function well, or check for naked electricity wires which may result in fire at
the premises.
Lastly, a questionnaire can be used as a technique to identify the risks emanating from the company chosen
by the writer. A paper with some questions can be prepared and be reproduced; they are then sending to
various people to fill in the gaps. Data is collected and aggregated, thus risks are identified through the
answering of the questionnaire. For example, questions asking about the safety of the end product in the
storehouse. (https://www.greycampus.com/opencampus ,04/03/20).
In conclusion, the essay explained the five risk identifying techniques which can be used by security risk
personnel to identify the risk associated by Bata Ltd Company. The definition of risk has been explained,
and the information above shows that this organisation can be guaranteed its survival by having a seasoned
risk and security manager who can properly practice the techniques which fits the organisation.
BIBILIOGRAPHY
ISO GUIDE 31000 , Guide 73, ISO 31010.
https://www.greycampus.com/opencampus , 04/03/20- date accessed-02/03/2020
http://study.com/academy/lesson-on/risk-identification-purposehtn(2003-2020), date accessed02/03/2020
QUESTION 3,
Assuming the company you identified in Question 1(a) above is considering enhancing
its risk and
security management efficiencies by creating the post of Risk and Security Officer in the
organizational structure. Draft a memorandum addressed to the Human Resources Manager
highlighting the job description for the post.
Every investor looks for a return on the investment he or she may have done. A return on investment is the
fuel for investors to have power to invest. This also includes hiring experts who may run the investor’s
company, in most profit motive organisations, the investor always look back at the amount of return on the
investment made. Hiring experts may return if the organisation fully utilises the hired expert. In this case the
job description is a key to return on investment. The job description must enhance the company to benefit
more from the hired expert. Amongst the expert to be hired, the Risk and Security personnel is not spared in
today’s organisation. This essay will show a draft of a memorandum addressed to the Human Resources
Manager highlighting the job description for the risk and security personnel post in the organisation chosen
by the writer.
MEMORANDUM
To
: Human Resources Manager
From: B. Mashora, Risk and Security Consultant
Date: 02/23/20
Ref:
BM/RSC
SUBJECT: THE JOB DESCRIPTION OF A RISK AND SECURITY OFFICER
The job description of the risk and security offices of this company is as highlighted below:
1. Plans, designs and implements an overall risk and security management process for the organization;
2. Conducts security risk assessment, which involves analyzing risks as well as identifying, describing
and estimate the risks affecting the organization;
3. Prepares risk evaluation , which involves comparing estimated risks with criteria established by the
organization such as costs, legal requirements and environmental factors and evaluating the
organization’s ‘risk appetite’, i.e. the level of risk they are prepared to accept;
4. Prepares risk reporting in an appropriate way for different audiences, for example, to the Executive
Committee or the Board of Trustees, so they understand the most significant risks, to business heads to
ensure they are aware of risks relevant to their parts of the business and to individuals to understand their
accountability for individual risks;
5. Handles corporate governance involving external risk reporting to stakeholders;
6. Carries out processes such as purchasing insurance, implementing health and safety measures and
making business continuity plans, to limit risks and prepare for if things go wrong;
7. Ensures the Board of Directors, management and employees are in compliance with the rules and
regulations of regulatory agencies, that company policies and procedures are being followed, and that
behaviour in the organization meets the company's Standards of Conduct.
8. Conducts audits of policy and compliance to standards, including liaison with internal and external
auditors;
9. Provides support, education and training to staff to build risk awareness within the organization.
10. Assists in performing all tasks necessary to achieve the organization's mission and helps execute staff
succession and growth plans.
For one to understand that there is need also to know the definition of risk and security. A risk is a probability
or threat of damage, injury, liability, loss, or any other negative occurrence that is caused by external or
internal vulnerabilities, and that may be avoided through pre-emptive action. The word security means to
prevent and protect against damage, fraud, inversion of fraud, theft, and unlawful entry. It is a state of being
free from danger or any fear (https://www.businessdictionery.com /definition/security. htnl,(2018). A
manager is a person who is in charge of a certain task or branch of an organisation, which has a staff of
people reporting to him or her, for example, a bank may have a security manager responsible for the
security of an organisation and
in
(https://www.businesdictionery.com/
charge
of
security
duties
or
personnel
definition/manager. htnl, (2018).
In conclusion, this essay illustrated how a memorandum by the risk and security consultant to the Human
resources manager is written. The essay has also shown the job description of the risk and security official
in an organisation. It has been noted in the essay that, an organisation can maximise its return on investment
in employing the said official by rendering to him or her job description which is appropriate as shown in
the essays
BIBLIOGRAPHY
https://www.businessdictionery.com /definition/securty.htnl,(2018) , date accessed-02/03/2020.
https://www.businessdictionery.com.definition/manager.htnl, (2018), date accessed-02/03/2020.