Purpose – this dissertation aims to examine risk management planning based on Manchester Fire and Rescue Service with objective interest of determining structure of Manchester Fire and Rescue Service Risk Management planning, proportionate of Risk management planning to risks that might affect Manchester Fire and Rescue Service, determine resource allocation for Risk management planning and rationale that Manchester Fire and Rescue Service utilizes towards Risk management planning
Design/methodology/approach – The study adopted an exploratory research design that was delivered through use of Qualitative research method. The qualitative research method was conducted in form of Ethnography. Ethnography method of research was used in order to identify elements and components of risk management planning as they are applied by Manchester Fire and Rescue Service.
Findings – The study determined the risk management planning of Manchester Fire and Rescue service to be structured on Risk management matrix. The Manchester Fire and Rescue Services Risk management matrix is formulated in terms of input-output documentation of processes that integrates risk mitigation, risk analysis, risk evaluation, risk assessment, risk appraisal, risk monitoring and risk control metrics. The findings determined that risk management planning is informal documentation of risk management strategies that are driven by communication of risks, risk milestone management, risk transfer to third parties like insurance, and determination of threats and opportunities that influence on risk management planning. The findings established that risk management planning is a subset of Business Continuity planning through use of contingency plans, risk policy structures and process risk analysis. The results determined that risk management planning integrates organization risk tolerance, risk culture, learning culture and risk management tools and techniques that are geared toward reduction of risk opportunities.
Research limitations/implications – The study was based on a relatively restricted sample. Further research is needed to improve the external validity of the research.
Practical implications – organizations need to develop risk management planning that is supported by risk management infrastructure, and aligned to business continuity planning and technical approaches to risk management. The risk management planning should form part of business accountability, business transparency and business internal control processes.
Originality/value – The paper adds new knowledge into the literature of risk management planning by proposing that risk management planning should be updated continuously based on reviews on risk position and risk profile of the business. The paper recommends risk auditing as key element towards sustainable risk monitoring and control.
Institute of Risk Management (p.2-5) and Moteff (pp.20-22) have documented Risk management Planning in literature as a sustainable practice for identification, assessment, evaluation, prioritization of resource allocation towards risk mitigation and cost effective approaches towards implementation of a risk management framework that could result into reduction of risks and threats that might affect continuity of business processes. Similar observations have been put forward by Hubbard (p.467), Moteff (p.46) and Stoneburner et al (pp.129-131). Hubbard (p.124) data suggests continuity of business processes depends on capacity for management of residual risks. The sustainability of RMP should be based on pre-emptive rationale for risk management as opposed to alignment of RMP onto strategies for Business Continuity planning (BCP) as proposed by Covello and Allen (pp.98-102) data. Covello and Allen (pp.122-4) data suggested that the framework of BCP should seek to manage outcomes of residual risks that are associated with business processes and activities. BCP integration into RMP ensures business activities that predispose risks are documented and managed to reduce opportunities for occurrence of the risks. Literature studies on RMP have documented that unlikely activities could arise and contribute into risks that could affect business continuity, process efficiencies and impact negatively on bottom line. Businesses ought to identify differences between RMP and BCP in order to isolate functionality, structure and strategies that inform each of the processes as documented by Gorrod (p.45-6) and Crockford (pp.51-4). RMP should result into determination of processes that create environment for BCP for instance analysis and assessment of assets and resources, impact assessment of different business processes on RMP and BCP and cost structures of business processes that support RMP and BCP. Organizations ought to identify applicable business controls for organizational observed risks through risk assessment and risk appraisal (Gorrod, p.119). BCP includes RMP in its framework and structure. RMP differs from BCP in terms of pre-emptive approaches that are based on observation that risks and uncertainties occur at some point in business lifecycle.
Crockford (p.18) data suggests that RMP should be structured towards risk forecasts, estimation of effectiveness of risk control measures and creation of risk response plans that have capacity to mitigate, monitor and prevent the risks. Crockford (pp.20-21) suggestions have been documented by Dorfman (pp.59-62) and Stoneburner et al (pp.86-8) data. Moteff (pp.135-8) however indicated that risks affect capacity for achievement of project objectives as well as distorting project schedule, and continuity of business processes. Risks contribute into production waste based on lean principle of manufacturing through increased production cycle times, accumulation of inventory and incapacity to deliver manufacture to order as documented by Crockford (pp.66-71) and Hubbard (pp.465-9). Risks have been documented to arise from least suspect circumstances hence need for ongoing risk assessment and evaluation in order to implement risk controls that could address risks management at any instant. As a result, RMP should be built on strategies and analysis perspectives that manage risks regardless of their impacts (Dorfman, pp.34-5, pp.96-102). The organization ought o have ongoing review of its risk threats. This ensures risk reporting is close to business real time operations and reflects actual potential risks that could affect continuity of business operations and processes. As a result, RMP should be driven by sustainable risk management strategy. An organization risk strategy cycle should integrate capacity for accepting occurrence of the risk through clarity in understanding threat of occurrence of the risk, adopting measures meant to prevent and control likelihood of the risk, adopting measures towards risk mitigation via implementation of risk mediating steps and adoption of measures meant to transfer risks through risk outsourcing strategies into third parties like the insurance firms who have position to manage outcomes of the risks (Moteff, pp.34-37).
Gorrod (pp.24-29) data indicates that many organizations have failed to achieve stability of their economic growth due to failure to have structures for risk management. Institute of Management (pp.12-15, pp.17-8) data suggests that organizations have very low risk tolerances which predispose the companies into financial risks, and inability to improve on the health of their credit risk rating as documented by Covello and Allen (p.12) data and verified by Stoneburner et al (pp.75-79) data. Institute of Management (pp.18) and Covello and Allen (p.12-14) have documented that the structure for risk management planning in many organizations has failed to contribute into risk management. According to Covello and Allen (p.14) deficiencies in organizational risk management arises from lack of organizational risk operational plan, failure of management to develop a financial plan that could manage financial risks and poorly oriented marketing plan that are not aligned to risk management as well as lack of support risk management tools that could inform risk management through capacity for approval of risks management plans. In many instances organizations risk management planning doesn’t have adequate support from human capital that is competent to implement risk management planning as suggested by Dorfman (pp.101-111) data. Risk management planning, though has been identified to be driven by competencies of human capital, the benefits associated with risk management planning are not dependent on human capital because risks management is not human capital centered but centered on business processes. Dorfman (pp.124-6) data suggests that risk management planning should be focused on level of risk policy in place, procedures for risk management and response criteria for risks and management of results of risks. This study is based on Manchester Fire and Rescue Service risk management planning.
Goals and objectives
- To investigate risk management planning of Manchester Fire and Rescue Service
- To investigate structure of Manchester Fire and Rescue Service Risk management hence or otherwise determine current efforts towards risk management planning that are proportionate to the risks that affect Manchester Fire and Rescue service
- To determine rationale for resource or asset allocation towards risk management planning
- To determine rationale for Manchester Fire and Rescue risk evaluation and mitigation.
Expected outcomes of the study
The study findings would provide elements that should be taken into account when carrying out risk management planning. The findings will pave way forward for risk management planning as a vital element in Business Continuity planning. The findings will play a leading role in determination of processes that should inform risk management planning through identification of tasks, risk responsibilities, activities that should contribute into risk control and mitigation and budgetary allocation for sustainability of risk management planning. The study finding would highlight on the values of risk transfer and rationale for risk assessment and risk appraisal. The findings of the study will play a leading role towards formation of new positions of risk officers who would be responsible for over-seeing risks that the organization could be exposed to. The findings of the study would play a leading role in organizational capacity to develop risk management database that would contains elements like database opening date, title of risk in the database, descriptive information on the risk, probability of risk occurring, factors that could create environment for occurrence of the risk, risk control methods, risk mitigation procedures, and importance of the risk towards organization risk learning culture. The risks in databases would have a personnel designated to oversee their management and timeline or risk resolution milestone. The findings would result into capacity for the organization to develop anonymous reporting channels in order to create environment for anonymous whistle blowing on risks that might affect the organization. The findings would provide direction that would be adopted post whistle blowing on a risk through steps for risk handling hence make it possible to reduce negative impacts of the risk or potential of the risk escalating into a liability.
Theoretical framework of the study
This study builds on maturity model of a strategy which is based on Red Ocean business strategy transformation into Blue Ocean business strategy as proposed by Chan and Mauborgne (pp.28-9) data. A Red ocean business strategy involves adoption of business practices and strategies that are documented in literature which results into actions whose outcomes are known and can be measured (Hubbard, pp.465-9). In a blue ocean business strategy, a business adopts a learning culture where it develops new strategies based on new learning on different issues that affect business strategy implementation (Stoneburner et al, pp.107-19). The maturity model affirms that organization could gain competitive advantage if its strategies are aligned and documented towards Risk management planning through strategic approaches and activities that create value to risk integration into business processes (Moteff, pp.182-5). Maturity model affirms that irrespective of business strategy, the organization should develop capacity for risk tolerance through determined risk management tools and techniques that reduce and convert liabilities into organizational assets.
Organization of the dissertation
The previous section reported on introduction of risk management planning and provided goals and objectives of the study, expected outcomes of the study and theoretical framework of the study. The immediate section reports on literature review on risk management planning, chapter three reports on the methodology of the study, chapter four reports on the results that were obtained while chapter five reports on the conclusion.
In literature, Risk management planning (RMP) has been defined as capacity for identification, assessment, evaluation and prioritization of risks (Chan & Mauborgne, pp.44-6). The International Standards Organization (ISO), through ISO standards ISO 31000 recognize RMP as positive and negative outcome of uncertainty management of processes that influence on capacity for achievement of targeted objectives. RMP ought to include risks management aspects like economical resource utilization planning, prioritization of resources, monitoring and control of risks and risk profile analysis of events and activities that form framework for organization activities. RMP should contribute into maximization and optimization of resources hence potential to gains from return on opportunities (Covello & Allen, pp.145-7). Organizational risks are named and categorized based on the source of the risks for example, there are market uncertainty risks, financial risks, project failure risks, project continuity risks, legal risks and liabilities, risks of credit rating and risks of payment default.
The primary input that ought to be integrated into RMP has been documented as organizational based risk factors. The internal organizational environment capacity for risk management planning influences on attitudes and risk tolerance capacity for the organization. Managerial practices and managerial risk perspectives influence on risk tolerance capacity. The policy statement of an organization plays a leading role in determining position of the organization with regard to risks tolerance (Chan & Mauborgne, pp.89-92). The policy statement provides ethical position of the organization. The level of risk planning depends on organizational process assets. The organizational assets provide basis for organizational standards for risk management and risk mitigation approaches. The assets influence of approaches that the organization could employ in its risk categorization. Resources determine risk monitoring processes and their efficiencies in risk management and risk documentation (Moteff, pp.56-7). The sustainability of organizational economic growth depends on the risk profile assessment and documentation, risk management responsibilities of employees and level of authority on risks and decisions that are made on risk management. The organizational assets influences on level of qualitative risk management, level of quantitative risk management and capacity for descriptive risk structures that the organization adopts. Assets of organization determine standards for risk management which further determines project scope statement on risk management.
RMP should be driven by capacity for determination of risk management milestones. Risk management milestone identify process deliverables and associated risks which require implementation of a project management plan into RMP (Covello & Allen, pp.150-2). This implies, risk management approaches should be defined by element of time and costs. Information of project or business process milestones helps in developing risk execution activities and determination of safety measures that ought to be implemented at any instance during business activity progress. the risk management planning ought to inform on risk identified, provide documented qualitative and quantitative analysis of the risk, provide risk response methodologies and personnel required as well as level of risk monitoring required based on risk category and business process lifecycle which informs on risk mitigation and management strategies.
The RMP should be structured such that it has capacity to respond to individual capacity to manage risks (Crockford, pp.34-6). This should be subject to profiling of risks. Individual predisposing factors to risks should be documented and risk management strategies developed based on factors that create environment for occurrence of the risks. The structure for RMP should be governed by functional methodology on steps that should be taken towards control and mitigation of the risks. The risk methodology framework should document measures meant to prevent escalation of risk or increase of the risk (Hubbard, pp.122-3). There should be defined approaches, risk management tools and support of data on risk management which should inform organizational direction for future RMP sustainability. The organization should define time scale and schedule for achievement of different set key objectives for the RMP. The milestones should be based on frequency of RMP monitoring, assessment and life cycle of RMP activities (Moteff, pp.86-8). Other studies have determined that outcomes of RMP should be documented in order to inform future risk analysis and studies on previous data or database on risks. Budgeting assignments and allocations influence on success of RMP if the organization has categorized its risks and developed strategies for risk management based on risk categories. Risk categorization contributes into capacity for comprehensive understanding of risks that the organization may be exposed to and determination of rationale for risk handling through risk mitigation measures that are risk categorical. The sustainability of RMP is dependent on consistency of risk mitigation strategies which gains value from risk structure for different risk categories (Hubbard, pp.401-8).
An organization gains from RMP through investment of measures that manage risk probability and risk impacts. The organization ought to document its risk probability and risk impacts through consistencies in risk evaluation and assessment. The organization has to quantify its risk position and risk management strategies ought to identify intangible risks (Crockford, p.16-17). This has effect of identifying new risks that the organization could be exposed to subject to analysis of risk threat of processes and activities taking place. Deficiencies in documenting and conducting risk threat of activities results into failure to plan risk management strategies. Inadequate knowledge on risks vulnerability of business activities results into inability to identify risks which results into inability to design risk mitigation measures (Dorfman, pp.125-128). Participation of employees in risk identification and risk documentation depends on level of organizational risk learning culture which ought to contribute into organizational risk knowledge development. This ensures the organizational risk management is structured on relationship risk management hence probability of use of collaborative approaches in risk management (Stoneburner et al, pp.9-12). Through collaboration and relationship risk management, the organization is positioned to implement process risk engagement structures in risk management which ensures risk management is geared towards documentation of operational procedures and determination of risk threats based on operational procedures.
In many instances, lack of a risk learning culture results into inability to identify and measure employee productivity or develop framework for knowledge culture on risks which results into increase of production risks hence decreased returns on opportunities and returns on investment (Institute of management, pp.25-29). Risks have capacity to reduce service quality, reputation of a brand, value of a brand or service and loss of brand generic qualities. This makes it possible for organization to measure its productivity based on exploitation of values of intangible risk management. Incapacity of an organization to deploy risk resources impacts negatively on projection of values of opportunity costs (Dorfman, pp.158-164). This is because resources that risks consume reduce resources that could have been used to generate profits for the firm or be used to motivate employees. The risks that affect organizations result into inability of an organization to invest which impacts negatively on solvency of an organization and probability of an organization to be exposed into liquidity risks. The procedures for RMP should be constituent of procedures that identify, reduce and prioritize risks (figure 1)
Risk handling procedures should be based on capacity to design new business processes that support values and objective interests of the organizational risks structure (Gorrod, pp.23-6). Thus, the organization ought to have a built-in risk control and risk containment strategies which should be used as foundation for risk documentation. RMP are structured on basis of probability of emergence of new business processes. Thus, firm RMP should demonstrate capacity for built-in risk controls on emerging new business activities and processes. Additional business processes should be governed by corresponding analysis of risk profile. There should be risk quantification for all organizational business processes (Crockford, pp.132-5). Organization should engage in business activities that don’t qualify for high risk which make it possible for organizational identified risks to be managed by any risk mitigation approaches for instance, through adoption of risk avoidance approaches like elimination of risk opportunities or ceasing business processes that are high risk; reduction of probability of occurrence of the risk through optimization approaches to risk management and mitigation; adoption of risk sharing approaches where the risk is transferred to third parties like insurance agencies or adoption of risk retention approaches where organization invests in risk acceptance and allocates resources for risk management (Covello & Allen, pp.178-9).
Case controlled studies have determined that risk mitigation strategies may fail to contribute into risk quantification if the risk strategies are not formulated and aligned on organizational or business strategies. Risk control and prevention measures might include necessity for risk trade offs which might not be in line with ethical best practices for the organization. Unethical business practices contribute into added risks of lack of credibility, transparency of business processes and accountability which impact of healthiness of business internal control and monitoring (Dorfman, pp.112). As a result, risk should be developed on four key elements as illustrated by the figure 2 below:
The inability of an organization to gain value from RMP arises from deficiencies in risk assessment, and incapacity to prioritize risks which result into wastage of time in risk management which translate into loss of resources. Organizations should identify rationale for risk management planning that could not contribute into diversion of resources from risk management planning. This implies, organizations ought to devise methods for retention of risks with objective interest of managing the positive or negative outcomes of the risks when they arise (Moteff, pp.204-6).
In many instances organization adopt qualitative risk management approaches which don’t contribute into positive outcomes because qualitative risk management strategies are subjective which implies qualitative risk approaches are not consistent. Consistency in risk management is important tool in sustainability of risk management. as a result, quantifying risks and numerical representation of risk profile and risk position provides organizational direction that could be justified by formal processes involved in risk assessment and evaluation (Gorrod, pp.25-6). This implies, risk management should be a function of legal perspectives or bureaucratic orientation. Through legal and bureaucratic perspectives in risk management, the organization gains from prioritization of risks hence capacity for resource allocation that could support risk management processes.
Risk mitigation and risk handling measures should not interfere with business process continuity which makes risk management planning to be a subset of business continuity planning. Tasks and processes that define business profit activities should not be distorted by measures towards risk management. Organizations fail to identify differences between risks and uncertainties in their capacity for risk management. Risks are measured and evaluated on basis of probability of risk occurring and impacts of the risk on business processes (Moteff, pp.115-118). As a result, every probable risk ought to have a pre-formulated risk plan which should be instituted towards management of the risk. Risk categorization therefore is important element in risk management planning since it provides information on risk consequences and capacity to identify risk contingencies in the event a business process activity escalate into a business liability.
Mathematical modeling has been employed in measurement of risk costs. The average cost of managing an employee as internal stakeholder is used to determine cost accrual ratio for the employee. Through use of employee cost accrual ratio, the risk management team could document costs of risks associated with the employee activities and tasks. The cost of an employee in a given time frame could be used to provide analysis of estimated time lost when a risk occurs associated with employee activities (Gorrod, p.52). This result into employee risk cost impacts which could be used to determine organizational cost impacts of risks. Integration of lean principles of manufacturing identify risks management increases time of production which translates into build-up of inventory in manufacturing cycle hence inefficiencies in cycle times management. Employees that demonstrate high costs impacts have been identified to have greatest input in risk management. The higher the risk scale of an employee, the higher the returns associated with the employee (Crockford, pp.99-104). High risk employees contribute into positive outcomes of an organizational bottom line and take part in improving reputation of the firm.
Crockford (pp.88-89) data suggests that risk management requires risk management team to categorize risks based on causes of the risks. Crockford (p.89) and Stoneburner et al (p.92) have claimed that there exist two risk categories. Crockford (p.9) data has identified special cause variation risks (p.10) and common cause variation risks (p.14) as documented by Stoneburner et al (p.92-99). Crockford (p.91, p.93) documents that common cause variation risks play important role towards informing risk management team on direction of risk approaches and risk management direction. Gorrod (p.225) data indicates that different risk perspectives could contribute into capacity for organization to manage special and common cause risk variations. Crockford (p.98, p.103-5) notes that risk management could be achieved through transfer of risk to third parties for instance insurance or reinsurance companies. Crockford (p.104) data suggests risk transfer has capacity to contribute into organizational management of common cause risk variation. Similar observations have been documented by Stoneburner et al (pp.105-6). Crockford (p.97) data indicates that special cause risk variation are common. Similar recommendations have been proposed by Dorfman (pp.228-9). Transfer of risks involves insuring the [probability of the risks after risk appraisal and assessment which results into sharing of burden of the risks losses or economic benefits of the risks. Risk transfer is important element in business continuity planning since it influences on capacity to adopt measures that could contribute into reduction of risks or minimization of occurrence of the risks.
Risk outsourcing has been determined as probable method for risk transfer. In the event of risk transfer, the insurance firm might get exposed into liquidity problems that might impact negatively on the insurance firm solvency (Covello & Allen, pp.305-6). This would translate into probability of the risk being reverted into the first party as opposed to the insurance firm. This implies risk transfer is valid if the third party is solvent and has no liquidity problems; otherwise the company seeking risk transfer still maintains legal responsibilities for any risks or losses that might arise (Hubbard, p.67). Transfer of risk ensures that any risks incurred are compensated based on quantity of risk in terms of monetary value of the risks. As a result, there is need for a firm to have security controls over risks in order to reduce opportunities for occurrence of risks. The firm risk management planning should identify and conform to statement of risk applicability through identification of risk control goals that should be structured on basis of risk category (Stoneburner et al, 24). It is essential to prepare and document a risk treatment plan that should be used and followed in the event of risk.
Methodology of the study
This section reports on the method of study that was used to conduct studies on Risk management planning of Manchester Fire and Rescue Service, in UK.
Perspectives of the study methodology
The study used exploratory research technique (Cook & Campbell, pp.45-8). Exploratory research method was used in order to make the study independent from past studies on Risk management planning (Greene & Caracelli, pp.5-7).
Methodology of the study
The study was conducted by using non-probability sampling. This was delivered through use of Ethnographic Content Analysis (ECA). ECA was used together with Ethnographic Hermeneutical Analysis (EHA) and Ethnographic Domain analysis (EDA). Grounded theory was applied throughout the study (Caracelli & Greene, pp.33-5; pp.61-2). Comparative analysis was applied and integrated into the grounded theory (Fetterman, eds. p.45-6).
Reasons for using the method of study
ECA was used because it makes it possible for the ethnographer to identify, retrieve and analyze various documents which have relevant content that could add significance and meaning to the study objective interests hence be applied in representing relationships between variables of the study (Christensen, pp.87-9). ECA was employed because it could make it possible for the ethnographer to track respondent’s discourse and points of arguments hence providing foundation for issues that respondents addressed and capacity to align study objectives to the study frame of reference.
The study was carried out in Manchester Fire and Rescue Service headquarters in Manchester, UK
The study was structured to use Ethnographic Content Analysis and Ethnographic Narrative Analysis. The study construct and design was structured on concepts and techniques for qualitative social research (Elmes, pp.102-3). The study was structured to utilize text based methods for data collection. The research design integrated field-based methods of ethnography (Cook & Campbell, pp.67-72).
Research data analysis construct
Data analysis was achieved through use of coding methods and theoretical sampling (Lincoln & Guba, pp.11-4; pp.77-8). Coding method and theoretical sampling were implemented in order to make it possible to monitor variables that form framework for risk management planning (Caracelli & Greene, pp.19-21; pp.25-8). The analysis utilized emergent sampling and theoretical sampling of Manchester Fire and Rescue Services documents (Boring, pp.157-62). Analysis of the findings was structured to be based on ethnographer’s field notes, systemic analysis and constant comparison and verification of principles that Manchester Fire and Rescue Services uses to manage her risk management planning.
Recruitment of study variables
The study respondents were recruited through convenience sampling. The respondents were identified by Manchester Fire and Rescue Services study mentor in, UK.
Procedure of collecting the data
The process of collecting the data involved four step cyclic processes which involved identification of the data that needed to be collected, followed by observation on the attributes that characterize the type of the data to be collected (Fetterman, eds. pp.81-3). This was followed by analysis of the factors and their influence and lastly recommendations on the impacts of the collected data on structure, features and construct of a Manchester Fire and Rescue Services risk management planning (Christensen, pp.142-5).
Method of data collection
The data was collected by using three main methods namely ethnographer’s observation of processes of Manchester Fire and Rescue Services risk management planning in their natural setting, carrying out interviews and holding focus discussion meeting with risk assessment and appraisal team of Manchester Fire and Rescue Services and analysis of documents on risk management planning of Manchester Fire and Rescue Services (Guba & Lincoln, pp.229-231).
Method of data presentation
The collected data was presented in form of text for analysis by using respondent’s description of risk management planning of Manchester Fire and Rescue Services (Elmes, pp.28-30). The respondent’s accounts on risk management planning were presented as a narrative for analysis.
Measures of data validity
The study design was structured such that study construct validity was not going to have negative impacts on reliability of the study findings (Fetterman, eds. p.101-2). Many sources were consulted in order to arrive at the framework of Manchester Fire and Rescue Services risk management planning (Fetterman, p.87-9). The Manchester Fire and Rescue Services assigned supervisor reviewed the study outcomes and ensured they represented the mechanism through which Manchester Fire and Rescue Services conducts runs her risk management planning (Martin, pp.101-2; pp.105-8).
Method of data analysis
The data analysis was carried out by using four principle methods. The first applied method of data analysis involved use of grounded theory and constant comparative analysis of collected data. The comparative analysis and grounded theory depended on the field notes and interview collected notes which were compared with data obtained through document analysis (Greene & Caracelli, pp.6-7). The collected data was categorized based on study goal relevance and coded based on consistency and differences. The consistencies observed in the collected data were regrouped together based on perceived and contextual meanings and significance. Attributes that were not relevant to the construct of risk management planning were discarded. The consistent categories were considered to be saturated when no other factors or contextual meanings could be gained from further textual data compression (Fetterman, eds. pp.103-5).
The second applied method for data analysis involved use of Ethnographic Domain Analysis (EDA) (Guba & Lincoln, pp.244-7). The process involved arrangement of concepts that could result into sustainability of risk management planning of Manchester Fire and Rescue Services. Domain analysis took standards applied in Quantitative Content analysis where concepts are taken as factors or attributes that affect functionality of a risk management planning. This was backed by analysis of social situations and cultural patterns, level of employee motivation, internal and external organizational environment and findings on semantic relationships and their relationships with regard to functionality of risk management planning of Manchester Fire and Rescue Services (Cook & Campbell, pp.40-5). The process of EDA involved ethnographers settings of factors that contribute into sustainability of risk management planning and comparison with domain analysis worksheet as observed and obtained following data collection which was further compared with statements obtained from textual responses from the respondents.
The third applied method of data analysis involved use of Ethnographic Hermeneutical Analysis (EHA) which was delivered through analytical evaluation and assessment of observed data collected (Martin, pp.78-9). This resulted into analysis of the process of risk management planning of Manchester Fire and Rescue Services as if the data was not collected by the ethnographer himself. This helped to remove ethnographer’s bias and ethnographer’s personal perception on the collected data (Fetterman, eds. p.97).
The fourth method of analysis that was employed involved use of Ethnographic Content analysis. The approach of Ethnographic Content Analysis took framework of typological analysis which was a function of analysis of documents on risk management planning of Manchester Fire and Rescue Services, textual interpretation and respondent’s interview analysis (Caracelli & Greene, pp.26-7). Content analysis involved the main ideas on operational efficiencies of a risk management planning of Manchester Fire and Rescue Services and its sustainability; and mechanism risk management planning of Manchester Fire and Rescue Services has achieved competitive advantage over competitors and performance metrics that advise the process of risk management planning of Manchester Fire and Rescue Services (Greene & Caracelli, pp.23-5)
Limitations of the study
The limitation of the study lay in time required to carry out full study on the Manchester Fire and Rescue Service (Martin, pp.41-4)). The disadvantage of time was reduced by making use of document analysis as primary form of data collection. The second limitation lay in the method of data analysis with regard to application of narrative analysis in ethnography. The methods that were used to carry out analysis were prone to overestimation of contextual and textual analysis that would have helped to derive meanings and significance of contextual and textual analysis.
Ethical considerations for the study
The study satisfied ethical considerations for use of humans as study subjects. The study satisfied principle of anonymity, principle of autonomy, principle of voluntary participation and principle of malfeasance (Elmes, pp.99-102). The study respondents were dully informed on the procedures of the study, expected outcomes of the study and ethical implications for their participation before their informed consent for participation were obtained.
Results and discussion of the results
This section reports on the results that were obtained after data collection using ethnographic narrative analysis.
The document analysis of Manchester Fire and Rescue Service (MFRS) determined that MFRS risk management planning “is a structured on input-output documentation of processes” that are involved in risk “mitigation, risk analysis, risk management and risk control”. The MFRS Risk Management Planning (RMP) “outlines mechanism through which “risks on MFRS projects are managed”.
Definition of a risk management planning
The MFRS document analysis determined that MFRS RMP “is internal informal documented structure for risk management that forms basis for formalizing risk strategies, risk communication and risk evaluation and assessment criteria”. The document analysis determined that “MFRS RMP depends on project deliverables and risk milestones”. The risk plan for the MFRS is dependent on the “application or size of the project” or “risk issues that might arise during progress of the project” and capacity to “manage escalation of minor risks into major incidents”. The MFRS risk management planning is dependent on “nature of risk that is expected”, “credit worthiness of the risk”, “capacity of the MFRS to plan for the risk” and “capacity for determination of economic risk costs” that might be incurred. The MFRS RMP “is structured on capacity for management of risk vulnerability” that is founded on capacity to “conduct risk assessment” in order to “quantify risks and determine costs disadvantages of the risks”. The risk framework for the MFRS is “dependent on capacity” to identify “rate of insurance” and capability for “planning for adverse risks outcomes”.
MFRS rationale for risk management planning
The MFRS has a rationale that forms foundation for RMP. Focus groups with the risk assessment and risk appraisal team determined that “MFRS has risk innovation team” that conduct analysis on “threats and opportunities that could result into risks” in order to document rationale for “future risk management”. The Risk appraisal manager noted that “MFRS risk is measured in terms of effect thus positive or negative outcomes of the risks”. The MFRS risk structure is defined in terms of “events or series of events that affect continuity of business processes, capacity to deliver service quality or deliver ethical business practices”. The risk research personnel noted that “MFRS risk vulnerability is measured and expressed in terms of probability of an event to occur and negative impacts that the event has on quality of life, quality of service and continuity of processes”.
The MFRS risk management planning is structured on “enterprise risk intelligence”, “enterprise risk events and activities” and “enterprise risk compliance” that form foundation for MFRS risk management. The risk activity documentation for risk management planning includes determination of “events that could result or predispose occurrence of risks”, “economic costs that include indirect economic costs of the risks events and direct economic costs of the risk events”, determination and analysis of probability of the risk taking place and “processes that could contribute into control and prevention of the risks”, the evaluation and assessment of the “outcomes and consequences of the risks”. The document analysis of MFRS helped to identify “processes that inform MFRS risk probability” through identification of processes and activities that could reduce occurrence probability of the risk and determination of “efficiencies of the proposed method for risk management planning”. The MFRS RMP is a product of “risk contingency planning through determination and documentation of processes that could decrease “impacts of the risks”. The MFRS risk manager proposed that “risk planning is a function of risk reduction strategies” which are based on “framework for risk mitigation and risk contingency planning”. The reduction strategies for the risks are dependent on level of “risk exposure” that is a difference between “risks identified and risk reduction strategies”.
The MFRS structure for risk exposure
The MFRS risk exposure is measured and expressed in terms of “risks that are identified and potential of risk reduction strategies to manage the identified risks”. Thus, risk MFRS RMP is structured on “quantified risks that cannot be avoided”. The Risk research personnel noted that the MFRS risk structure is constituent of key elements that “inform MFRS risk management policy” namely “quantified threat of the risk”, “quantified MFRS liability of the documented risk”, “quantified severity of the risk in terms of direct and indirect economic costs”. The structure of risk exposure “is based on “capacity of determined and quantified risk management processes to control and prevent risk occurrence”. Risk exposure, based on focus discussion on risk assessment and risk appraisal, “is supposed to highlight on risk cost factors and risk management strategies benefits planning”. The structure of MFRS risk exposure is used to evaluate, monitor and assess if the “risks of implementing risk management and exposure are high or low compared to capacity to implement risks controls for the risk exposure”. The MFRS structure for risk exposure is dependent on MFRS rationale for “assumed risk”. The MFRS RMP is further dependent on “level of assumed risk” which means “adoption and implementation of RMP is influenced by choices for risk identification, risk mitigation measures and alignment of risk controls on statutory legislation and regulation on RMP”. The MFRS structure of assumed risk is measured in terms of “dollar unit value” of the expected risk management outcomes which in turn influences on the “profitability of managing the risk based on the RMP”. The risk manager personnel interview noted that assumed risk and risk exposure “are vital in prioritization of risks and impacts of the risks”. As a result, MFRS RMP provides data on risks that are “high, moderate or low”.
The MFRS RMP integrates “stakeholder risk tolerance” in its RMP. Stakeholder risk analysis involves “planning for risks that different stakeholders are exposed to”. The risk manager added that “determination of stakeholder risks provides opportunity for personalization of risks that stakeholders are exposed to” and ensure the MFRS understand criteria for risk management for the different stakeholders. Stakeholder risk tolerance also “forms basis for determination of future stakeholder business relationship hence projection of company profitability”. MFRS has a risk reporting format which provides “risk contents that should be reported” which plays a vital role in “documentation of the risks, analysis of risks and communication of risks to stakeholders”. Risk reporting framework, based on document analysis, indicated that “risk tracking is important component in risk communication”. Documentation of the risks plays an important role of “communicating experiences of the risks, communicating on response measures for future risks, communication lessons learned from the risks and rationale for risk auditing”.
The document analysis indicated that the MFRS RMP is founded on capacity towards “capability for employee motivation towards risk assessment, risk identification and mitigation and “development of capabilities for future risk management”. The document analysis indicated that “employees are trained on risk assessment and evaluation” in order to ensure risk “management is aligned to objectives and goals for risk elimination”. Training is meant to “improve on employee competence towards risk analysis”. Training helps to position “MFRS to measure capacity for achievement of risk management objectives”. The MFRS document analysis indicated that “RMP is structured on a cost allocation model” that has made it possible to adopt variable cost structure towards risk management”.
MFRS risk culture
Document analysis determined that culture on risks influences on capacity for organizational risk management. The MFRS documents analysis provided “framework that MFRS utilizes in her risk management”. The documents provided “steps that should be followed in risk identification, risk assessment and description of a risk” and “threats to business bottom line that the risk poses”. MFRS therefore has structure that provides foundation for “risk indicators” and “contingency plans that ought to be implemented towards management of identified risk indicators”. MFRS foundation for risk assessment is based on key elements that are used “to determine potential for risk indicators” as provided by extension box below (extension box 1).
- Activity structure for accomplishments and threats to accomplishments of tasks
- Consequences of the identified threats to task completion and corresponding draft of summary of possible risk on a worksheet
- Probability of the risk occurrence based on identified threats and documented on a summary of task worksheet
- Ranking of the identified threat and potential of a risk based on risk calculation index which should be plotted on a risk ranking based value
- Operations and tasks that are affected by the identified threat or risks
- Budget and task schedules that are affected and potential for continuity that are documented and measured for efficiency, and sustainability
- Determination of threat of risk propagation
The MFRS risk management practices
The MFRS has a documented risk management practices that are based on four key elements provided by figure 3.
Document analysis of MFRS demonstrated that MFRS risk assessment criteria is structured towards “capacity for risk ownership”. Risk ownership plays an important role in “acceptance of the risk” hence capacity for adoption of “risk management approaches” that are in line with identified “risk indicators”.
Focus discussion with the risk assessment team determined that “MFRS risk management approaches” are structured on risk management goals through identification of the risks which is informed by “risk description” hence formulation of risk management structures based on risk description approaches. The MFRS risk management approaches are based on key milestones that “risk management strategies should achieve”. MFRS RMP is based on “use of appropriate method for risk mitigation” which is based on “risk specific tasking”. Focus discussion with risk manager resulted into “MFRS risk specific tasking” elements which are namely “design of method of risk mitigation”, “testing of methods that should be used for risk management”, “analysis of cost-benefit of the risks identified”, and “simulation of the risk management approaches” to determine their sustainability in risk management. The risk manager noted that MFRS RMP is meant to result into adoption of “risk specific schedules” which are structured on “MFRS risk specific budgets” which play a leading role in “utilization of appropriate risk management tools” as provided by figure 5.
The MFRS RMP is therefore a product of “risk management decision points” which provide potential for adoption of alternative risk management approaches. The focus discussion with the risk assessment team determined that “risk knowledge, risk culture and management support for risk management” is important in risk management. There is therefore need for management awareness on risk “since this provides basis for acceptance of the risks” and capacity for alignment of risks to the “organizational objectives”. It also provides basis for “alignment of corporate policies on risks”.
MFRS risk structure and risk management processes
The risk manager noted that MFRS has a risk “structure and risk management processes that are structured on need for realization of accountability and transparency”. Clarity of risk accountability “is essential component towards risk monitoring and control”. The MFRS risk structure is “mandated to evaluate emerging risks, review efficiencies of risk management strategies, review risk mitigation strategies and report on risk approaches to risk manager”. The document analysis agreed with focus discussion with risk assessment and appraisal team that “risk auditing is key to risk management”.
MFRS risk resources and risk management capacity
Document analysis indicated that MFRS has deployed sufficient “resources and risk management capabilities” towards reduction of risk incidents. The risk resources include “development of a learning culture on risks”, adoption of a “knowledge driven economy” which ensures stakeholder collaboration in risk control and mitigation. MFRS has invested in training and development programs on risks whose content is reviewed based on emerging risks needs. Reviews on risk based materials for in-house training and development “ensure risk monitoring is sufficient and processes for risk mitigation are standardized based on risk mitigation and prevention.
MFRS tools and techniques for Risk management planning
The risk management scheme for MFRS involves use of “risk recovery planning” which is structured towards integration of marketing plans, financial plans and infrastructure support for risk management”. The MFRS has developed a website for reporting on risks to ensure risk management is timely. This is supported by a reward structure for motivating employees and stakeholders on risks. The risk management structure, based on document analysis, is supported by “renewal of administrative information systems on risk mitigation” which ensures enterprise wide risk management approach is implemented.
MFRS risk matrix
The MFRS RMP is driven by “MFRS risk matrix” which provides a reflection of “MFRS degree of risk”. The “risk matrix” provides a breakdown of risks based on “risk categories”. The MFRS RMP based on risk matrix represents “MFRS quality of risk management”. The risk matrix design is meant to “map feasibility of risks and uncertainties” and measure “capacity for risk system alignment to risk scheduling and requirements”. The risk matrix provides information on current status of organizational risk profile through determination of “support resources” that could support risk documentation and determination of activities and impact of different risk management processes towards reduction of risks occurrence.
The document analysis identified that MFRS has a functional RMP which is structured towards BCP. These are structured and aligned to MFRS risk management program plan which is built on key elements for risk management. The risk management integrates employee training and development which has own independent “risk training plan” as “in-house training program” and “out-of-house training program” where employees attend external training programs on risks management. The MFRS RMP is structured on use of risk managers who are responsible for coordination of MFRS RMP. Document analysis of MFRS RMP provided that MFRS has a “risk program plan” which is structured towards utilization of the following risk management tools which is structured on key elements as represented by program plan (extension box 2).
- Concise Description of risk Program and ongoing review of risk structure
- End Items and Major Interfaces for risk structure
- Major Goals and Priorities on risk management
- Customer and Users risk tolerance and risk vulnerability
- Performing Organization and Key Personnel risk audit
- Schedule risk milestones and Primary Ground rules for risk management
- Technical Approach application in risk mitigation and management
- Verification Approach adoption for risk process analysis
- Facilities utilization based on risk category
Document analysis determined that MFRS risk management planning is supported by MFRS risk leadership and risk based strategies, risk accountability and risk reinforcement measures, communication framework of risks and supportive risk management infrastructure.
This section reports on whether the study achieved its goals and objectives with regard to risk management planning.
The study achieved its objectives by determining the structure for Manchester Fire and Rescue Service risk management planning. The results demonstrated that Manchester Fire and Rescue service risk management planning is structured on Risk management matrix. Risk management matrix has been used to develop structure for risk management planning based on input-output documentation of processes. The input-output processes involve activities that contribute into risk mitigation, risk assessment, monitoring and controls of risks to identify opportunities for the risks, risk analysis to determine approaches that could be appropriate for risk mitigation, and identification of capacity for organizational risk tolerance hence capacity for sustainability of business continuity planning.
The study findings determined structure of Manchester Fire and Rescue Services Risk management planning to be dependent on risk management tools which include evaluation of risk indicators, adoption of technical approaches to risk management, verification of risk management approaches in order to identify appropriateness of the risk management approaches to specific risks. The results determined that the rationale for risk management planning should be based on measures for risk mitigation that involve training and development of employees so that they are positioned to participate in risk assessment and reporting protocol and standards on risks that affect the business continuity planning. The results established that risk policies influence on the capacity for risk monitoring, risk evaluation and risk documentation. Risk policies influence on capacity for employees to participate in risk reporting and communication of risk to appropriate personnel. Risk policies influence on efficiency of risk whistle blowing and potential for protection of risk whistle blowers. Thus, risk policies play a leading role in stakeholder risk tolerance which impacts on organizational risk tolerance capacity.
The results demonstrated that risk management planning provides foundation for quantification of risks and determination of cost advantages of risks based on direct and indirect economic costs of risks. The risk management planning influences on capacity for organizational risk vulnerability subject to determination and sustainability of risk management strategies. The findings established that risk auditing plays an important role in determination of risk profile of organization and provides basis for risk management approaches that should be taken towards reduction of risks. The results demonstrated that risk culture, risk learning culture and alignment of risk management planning strategies influences on capacity for utilization of risk management tools and techniques that could translate into resource utilization and optimization of returns on risk opportunities.
The findings established that risk communication provides foundation for lessons learned from risk management, which position the Manchester Fire and Rescue Services to utilize new knowledge learned from previous risks encountered and enhance quality of risk auditing, risk mitigation, risk control, risk assessment, risk appraisal and provide opportunity for development of risk-aware organization. As a result of risk communication, risk management planning should result into improvement of risk accountability and transparencies hence improve on internal control. This has effect of improving ethical best practices for management and hence improvement of organizational stakeholder confidence and trust. It also provides opportunity for stakeholder engagement
The results established that a cost allocation model is important in sustainability of risk management planning. Risk management planning is resource intensive hence resource allocation influences on capacity for risks to have positive or negative effects on organizational bottom line through its influence on the liquidity of the organization. Liquidity of organization is influenced by level of risk exposure which should be determined in order to provide foundation for credit risk rating of the organization. Risk budgeting; (as a function of cost allocation model), influences on capacity for the achievement of risk management planning objectives which translate into reflection of level of risk that the organization could be exposed to. Risk management planning includes personnel risk auditing in order to identify role and responsibilities of key personnel in risk management.
Caracelli, Valerie J. and Greene, Jennifer C. Crafting mixed-method evaluation design, In J. C. Greene and V. J. Caracelli (eds.), Advances in mixed-method evaluation: The challenges and benefits of integrating diverse paradigms: New Directions for Program Evaluation, No. 74. San Francisco, CA: Jossey-Bass, 1997. pp. 19-32.
Chan W. Kim, and Renée Mauborgne. Blue Ocean Strategy, Harvard: Havard Business School Press. 2005
Christensen, Larry B. Experimental Methodology. 5th ed. Boston: Allyn and Bacon. 1991.
Cook, Thomas D. and Campbell, Donald T. Validity. In T.D. Cook and D.T. Campbell. Quasi-experimentation: Design and analysis for field settings. Boston, MA: Houghton Mifflin, pp. 37-94. 1979.
Covello, Vincent T. and Allen, Frederick H. Seven Cardinal Rules of Risk Communication. Washington, DC: U.S. Environmental Protection Agency. OPA-87. 1988
Crockford, Neil. An Introduction to Risk Management (2 ed.). Cambridge, UK: Woodhead-Faulkner. 1986. p.18
Dorfman, Mark S. Introduction to Risk Management and Insurance (9 ed.). Englewood Cliffs, N.J: Prentice Hall. 2007
Elmes, David G. Research Methods in Psychology. 4th ed. St. Paul: West Publishing Company. 1992.
Fetterman, David M. Ethnography, 2nd ed., Thousand Oaks, CA: Sage Publications. 1998b
Fetterman, David M. Ethnography: Step by Step, Applied Social Research Methods Series, Vol.17, Walnut Creek, CA: Sage Publications, Inc. 1998a
Gorrod, Martin. Risk Management Systems: Technology Trends (Finance and Capital Markets). Basingstoke: Palgrave Macmillan. 2004
Greene, Jennifer C. and Caracelli, Valerie J. Defining and describing the paradigm issue in mixed-method evaluation. In J. C. Greene and V. J. Caracelli (eds.). Advances in mixed-method evaluation: The challenges and benefits of integrating diverse paradigms. New Directions for Program Evaluation, No. 74. San Francisco, CA: Jossey-Bass. 1977. pp. 5-18.
Guba, Egon G. and Lincoln, Yvonne S. Judging the quality of fourth generation evaluation. In E.G. Guba and Y. Lincoln. Fourth generation evaluation. Newbury Park, CA: Sage, 1989. pp. 228-51.
Hubbard, Douglas. The Failure of Risk Management: Why It’s Broken and How to Fix It. Oxford: John Wiley & Sons. 2009: p. 46
Institute of Risk Management/AIRMIC/ALARM. A Risk Management Standard. London: Institute of Risk Management. 2002
Lincoln, Yvonne S. and Guba, Egon G. Naturalistic inquiry. Beverly Hills, CA: Sage. 1985.
Martin, David W. Doing Psychology Experiments. 2nd ed. Monterey, CA: Brooks/Cole
Moteff, John. Risk Management and Critical Infrastructure Protection: Assessing, Integrating, and Managing Threats, Vulnerabilities and Consequences. Washington DC: Congressional Research Service. 2005
Stoneburner, Gary; Goguen, Alice and Feringa, Alexis. Risk Management Guide for Information Technology Systems. Gaithersburg, MD: National Institute of Standards and Technology. 2002