Case Study 5: IT Security Risk Management Phase 2

CASE STUDY 5 Case Study Phase 2 IT Security: Risk Management: ISSC 363 Dr

Generally speaking, a risk is defined as the chance that a certain loss would occur. These losses are the result of attacks that expose weaknesses in the system (Lave, 2013). Every business organization is exposed to risks, and the consequences of these risks differ from one company to the next. Some dangers are of significant size and have the potential to bring the company to its knees (Lave, 2013).

Other risks are insignificant in terms of their effect, and they may be disregarded since the cost of providing a remedy is more than the cost that would be paid if the risk event happens. Risk assessment methodologies are used to quantify the related risk that may arise once components have been identified and classified separately. In conducting a risk assessment technique, two types of data are collected: quantitative and qualitative (Lave, 2013). It is necessary to apply the quantitative approach when data can be entered into preset formulae. At the same time, the qualitative methodology is necessary when we do not have access to real facts related to the danger we are investigating (Lave, 2013).

To calculate costs and the two main data points, likelihood and impact, we would need subject matter experts to establish averages or views, which we would then have to use in conjunction with the other data points. To apply our technique to the example of the General Motors Corporation, we shall use a quantitative methodology. We can see that when we look at a company as large as General Motors, there would be a significant quantity of data to analyze (Williams, 2020). Inside the quantitative method, we will focus on the annual loss expectation (ALE), which is a tool for determining how much money might be lost in a year if a problem is not immediately managed.

More than 10 million vehicles are produced by General Motors each year, and the company gets more than 100,000 unique components from 5,500 supplier locations across the globe (O’Byrne & Young, 2017). The company sells its vehicles in more than 100 countries (O’Byrne & Young, 2017). It is sufficient to state that General Motors' global manufacturing organization runs like a well-oiled machine. However, like with any automobile manufacturer, there is a lot that may go wrong. Manufacturers such as General Motors are subjected to various interruptions, ranging from political upheavals to severe weather occurrences to worker strikes and supply shortages.

The earlier the SCRM team can communicate issue information to General Motors' worldwide crisis managers, the sooner the business can address such problems before consumers are adversely impacted (O’Byrne & Young, 2017). Rossi depended on a geographic information system (GIS) to map the relationships between GM's hundreds of tier 1, tier 2, and tier 3 suppliers to do this. The technology allows the team to concentrate on a particular component and track it from its source to its destination plant and vehicle programs in an emergency, such as a factory fire or a storm. To comprehend how a certain event would affect GM's supply chain, Rossi believes that knowing the company's supply network is critical to the company's success (Chiappinelli, 2019).

Knowing which cars might be affected by an event—which part numbers, particularly which plants—allows us to develop a more effective approach strategy. It took days or weeks to fully grasp the effect of a crisis on providers, components, projects, and cars before implementing the location intelligence system. Still, the procedure was very comparable to what it is today.

Paper For Above instruction

Risk management is a fundamental aspect of safeguarding organizational assets and ensuring business continuity in today's complex and interconnected environment. It involves identifying, assessing, and prioritizing potential risks, then implementing strategies to mitigate or transfer these risks to minimize adverse impacts. An effective risk management approach not only protects organizations from unforeseen losses but also enhances their capacity to capitalize on opportunities through informed decision-making (ISO, 2018).

Understanding the nature of risks, especially within large multinational corporations like General Motors (GM), is critical. GM operates in a dynamic environment characterized by supply chain complexities, geopolitical uncertainties, economic fluctuations, and technological vulnerabilities. The present discussion explores the methodologies used for risk assessment, the types of risks faced by GM, and specific strategies employed to mitigate those risks, emphasizing the role of technology, data analysis, and strategic planning.

Risk Assessment Methodologies

Risk assessment methodologies are pivotal in quantifying and understanding potential threats. These methodologies can be categorized into qualitative and quantitative approaches. Qualitative risk assessment relies on expert judgment, scenario analysis, and subjective evaluations to determine the likelihood and impact of risks, especially when precise data is unavailable (Lave, 2013). Quantitative assessment, on the other hand, employs numerical data and statistical models to estimate risks, allowing for more precise calculations of potential losses and probabilities.

For instance, GM utilizes quantitative techniques such as the estimation of annual loss expectancy (ALE). This approach calculates the expected monetary loss for a specific risk over a year, factoring in the likelihood of an event and its financial impact. With a vast and complex supply chain referencing more than 5,500 suppliers worldwide, the application of quantitative models enables GM to allocate resources efficiently and develop targeted risk mitigation strategies.

Types of Risks Faced by GM

GM faces a spectrum of risks that threaten its operational and strategic objectives. These include supply chain disruptions, regulatory compliance challenges, macroeconomic factors, and technological vulnerabilities. Supply chain risks are particularly significant given GM's reliance on global sourcing. Disruptions such as supplier bankruptcies, natural disasters, or geopolitical tensions can cause delays, increase costs, and affect product quality (Baum et al., 2017).

Economic risks, including exchange rate fluctuations and inflation, also pose substantial threats. As GM operates in multiple countries, currency volatility can impact profitability, especially when costs are incurred in one currency while revenues are realized in another (Lim, 2019). Labor unrest, such as strikes or workforce shortages, can further hamper production schedules, reduce output, and incur additional costs. Additionally, technological vulnerabilities, including cybersecurity threats, can compromise sensitive data and disrupt manufacturing processes.

Mitigation Strategies and Technological Innovations

To address these risks, GM adopts several mitigation strategies grounded in advanced technology and strategic planning. Geographic Information Systems (GIS) are extensively utilized to map and analyze supplier relationships, enabling real-time tracking of components across the supply chain. Rossi’s use of GIS allows GM to respond swiftly to disruptions, identifying affected vehicles and parts and coordinating contingency plans effectively (Chiappinelli, 2019). Such data-driven insights are critical in reducing response times and limiting financial losses.

Furthermore, predictive analytics and machine learning models improve risk forecasting. These tools analyze historical data to anticipate potential disruptions, optimize inventory levels, and enhance demand planning (Kumar et al., 2020). GM also invests in supplier diversification, dual sourcing, and establishing contingency inventory buffers to mitigate supply chain risks. Cybersecurity measures, including firewalls, encryption, and intrusion detection systems, are vital in defending against technological threats (Verizon, 2021).

Conclusion

In conclusion, risk management in a multinational corporation like GM requires a comprehensive approach integrating qualitative and quantitative assessment methodologies, technological innovations, and strategic planning. Recognizing the diverse nature of risks—from supply chain disruptions to economic fluctuations—enables GM to implement targeted mitigation strategies that safeguard its operations and enhance resilience. As risks continue to evolve, the continual refinement of risk assessment techniques and adoption of emerging technologies are paramount for maintaining competitive advantage and ensuring long-term sustainability.

References

• Baum, C. F., Caglayan, M., & Rashid, A. (2017). Capital structure adjustments: do macroeconomic and business risks matter? Empirical Economics, 53(4), 1615–1634.
• Chiappinelli, C. (2019). GM Uses Location Technology to Mitigate Its Supply Chain Risk. Esri. Retrieved from https://www.esri.com/about/newsroom/arcnews/gm-uses-location-technology-to-mitigate-supply-chain-risk/
• ISO. (2018). ISO 31000:2018 - Risk management — Guidelines. International Organization for Standardization.
• Lave, L. (2013). Risk Assessment and Management. Springer Publishing.
• Lim, W. Y. (2019). Liquidity of General Motor Company due to their Internal and External factor. Retrieved from https://doi.org/10.1016/j.frl.2018.10.013
• O’Byrne, S. F., & Young, S. D. (2017). The evolution of executive pay policy at General Motors, 1918–2008. Journal of Applied Corporate Finance, 29(1), 36–49.
• Verizon. (2021). 2021 Data Breach Investigations Report. Verizon.
• Williams, C. (2020). Identifying Future Risks - 7 Techniques Used by One of the World’s Largest Automakers. Carol Williams. Retrieved from https://www.forbes.com/sites/carolwilliams/2020/02/15/identifying-future-risks-7-techniques-used-by-one-of-the-worlds-largest-automakers/