Sunday, July 21, 2019
Risk Management For Huawei
Risk Management For Huawei HUAWEI is a well known company Providing Telecommunication business all over the world but risks cannot be ignored. The Purpose of this manual is to provide suggestion to handle the risks in the company functional areas The manual can be helpful in identifying the efficiency of the risk management system. Also can be beneficial in less attention risk areas. It will use the standards, policy and strategy of Huawei to identify the tools of the risk management system. The risk management should be parallel activity and must be well documented.For easy understanding the risk management system is divided in three Stages. Stage 1 Development of Strategy and vision for the risk management system with clear goals. This is beneficial for the awareness of the company employees. The engagement of the employees will increase the success of risk management. Risk aware culture will improve and work better of Risk management. This stage included the planning, roles and responsibilities, communication, resources and training of having level. Stage 2In stage2 the proposal for various areas are considered in risk management, which identify the responsibility of individual area and various kind of training is needed, a campaign should be create among the employes regarding risk management. Industry and market risk: Business: customer and market, product and innovation Operational risks: including Safety systems, Environmental risks, Human reliability, Organizational risk Financial risks: the risk associated to any form of finance (credit, market) Stage 3 In stage 3 identification of the process and the way of application in each individual area and the way to interwork build the process of risk management. Risk Identification: Manual in practical Statistics as input Risk Assessment:In the culture of the company the information about the risk management should be important part. Risk Response and Risk control. Proper Training of Risk analysis. To identify the need of training for the people whose responsibility is coordinating and implementing the risk management. The manual does not give direction for each area specifically, but will be the general guidance to need of implementation of risk management The responsible person in each area wil analyze and detailed knowledge That will make risk management successful. Competency Policy in Risk Analysis An organization may use a numerous methods and technique when risk mapping is implement . For risk analysis, there are a wide range of techniques used: HAZOP/HAZAN/FMEA/FTA Studies Statistical analysis of past incidents Consequence modeling Risk level Comprehensive Quantitative Risk Assessments Monte Carlo simulations Determination of individual/societal risks Determination of environmental risks In the light of the above manual personnel in the organization will have required experience for the described techniques. The policy will include evaluating the competence strength and weakness of the skills. It will also identify and shape the risks which apply to different people working in various departments.The realization of sophisticated methods used by experts. Creation of risk mitigation along with control plan with the option of implimintation. The input should be provided for the development of organization risk management system. Authorization of Risk Traning. The Managers working with other departments should be responsible for traning.Approval should be made by top management and ensure of the planning. .Relation to the market with competence considerations. Operational risks The risk factors may be caused due to deliveries and financial situation on the supplies side.one of the factor is long term dependency to supplier. Safety Regulations should be implemented. Production risk Risk Analysis Requirements Supplier risk Information Risk. Financial Risk. The Hauwei has made efforts to control Risks in its acatvities.Due to the expansion of the company internationally, new partners are entered and IT dependency increases new risks are created. Huawei has been affected due to currency inflation in the market. To mitigate these kind of risk arises from foreign currency exchange Huawei use cash equivalents, financial receivables, debt of short and long term. Types of Financial Risk Change in Currency conversion rate Interest rates Assets lost Economical risk . Management ReviewTo see status of the project and resource allocation management review is done. The analysis results of audits, preventive and corrective actions is done by management rivew.Due to management review some decisions can be made like increase resources:Imrovement in risk management process,machines,manpower etc The information management system can be introduced and be the out put for management review. . Some methods we can use: SWOT This technique is used on finding strength, weaknesses, opportunity and threats and then analysis of risk on the basis of our finding. In Huawei we keep on conduct SWOT analysis which can help in identifying and managing of risk.. Breakdown: Risk in break down is of great importance and should be checked regularly and preventive measure should be taken to minimize. Product Liabilities: liability like people must be kept into deliberation. Accept Risk Some of the risk may be of low importance and just accept without removing.The significant business risk may be formal and must be decided by senior managers. Avoid Risk Avoidance risk is to change business practices and no more exposed to specific risk. Transfer Risk To share some of the risk with other is called transfer risk we can take Insurance policy as a example. Risk management organizational levels Each member of the organization has to play a role in management system control,as it is the process dependent on the people.The role of individual people in risk control varies in organization .The most top management should define the rules for risk management and control.every body in the organization should have responsibility of controlling the risk. COMPTENCE ANALYSIS: Competence analysis in an organization can be done by interviewing the individuals or the teams and asses what needs to be done to improve the situation in order to minimize the risk of failure. In order to understand competence analysis we have to describe the level of competence so that we could compare the risks involved in different areas of the organization.A target framework derived from business strategies, plans, objectives and targets.Analysis of strategic requirements, gathered from the obtained framework. Covering all aspects of changes required regarding to that framework. Strategic, critical,declining and core competencies. Level of competence is different in different areas of an organization, depending upon the roles and responsibilities of the employees. We can make a competency model by dividing the organization into teams depending on their ability, experience and skills with more focus in the risk management area. In this way we will be able to see the important competencies in different departments. We split the competence levels into the following three: Low Medium High COMPETENCE MAPPING: Competence mapping is the process from which we can asses and determine the strength of workforce of employees to avoid any kind of risks. The employees play an important role in the success and development of an organization.We can use the competence mapping to identify the knowledge of the employees in risk management and then fill the gaps with the training. Competence mapping is a chart that shows the specification level. The present competence level and required level is marked in the chart with the diversified lines. The gap between the lines points out the required developments that must be addressed in the competence development plan. When the competence levels are evaluated, the competence mapping can be drawn. COMPETENCE GAPS: It is essential to define the competence gaps of the employers; because the performance of the employers depends in large part of skills of the employers. It is also very important for many organizations to define which skills, that the employers must have, are necessary for that particular area of the organization.Analyzing the Competence gap help us to identify which competence in risk management is needed for each employee. We can identify these gaps by comparing the current situation of the workforce and our future needs. If we have a rating between Current Requirements and Future Requirements and it is larger than the Competency that we posses that means we have a competency gap. This helps them improve and provide an environment for the implementation of risk management system. PLANNING FOR IMPROVED COMPETENCE SHORT RANGE AND LONGRANGE Risk management can not be seen as one time project, it has to improved and followed up all time. It is needed a plan for the improvement of the competence in order to make it works. Also it is very important to have a plan for improving the competence in a short and long range. After the evaluation of the risk management knowledge of the employees, the plan for the competence training short range will be developed. Once the competence gaps are found out, here are the required basic steps that must befollowed in order to develop a plan to overcome those gaps and to improve the competencies. Finding out the key skills required by the organization Evaluate the personals: To evaluating the personals and examine their levels in each of the relevant competencies. Requesting a feedback from stakeholders, colleagues and managers. Ordering and prioritizing the gaps: When it comes to focusing on closing the gaps, risk management department should choose the best option or way to cope it. It could beanother training class or a session with subject matters, reading for self-improvement subjects etc. Controlling the progress: The final step for the overcoming the competence gaps and improving them process should be monitoring the process that the risk department or committee have taken to increase the personnels competence levels. Once the committee is convinced that the target level for the personals is reached, they can close and improve the gap and move to the next priority area. IMPLEMENTATION PLAN FOR THE COMPETENCE TRAINING IN RISK ANALYSIS SYSTEM Since the word competence is quite important for the job performance, the role of managers to do the planning and implementation of training process is very critical. So, they should be very careful before and during the training process, since their misunderstandings could lead up the unexpected risks.Creating a training material is important to be ensure that this training is delivered to the right personnel at the right time.It is undeniable that using competency training and competency assessment provide theorganization to reduce risk and to improve performance by developing competency frameworks. Below, there are rules that should be taken into account when creating or implementing a competence training system in a risk analysis system; It is important for employees to be able to actualize their performance what they have learned during the training process and to be encouraged to apply their thoughts and opinions into the real case. This will allow them to be clear and be more precise while they identify, evaluate and analyzing the risk. It is clear that competence training is used within the risk analysis system of an organization in order to increase efficiency of employees current job performance.Competence training system should be well integrated to risk analysis system so that the attendances are active participants and able to create solutions to reduce the risk of the organization during and after the training system.A risk analysis system can be well done by applying the competence training to risk committee.This can provide the employers a better understanding and gives some real ideas in the field of risk management. PLANS FOR SECURING THE COMPETENCE NEEDED There is a need of reviewing the strategy for securing the competence needed, A plan for spreading the information within the company has to be reviewed all the time through the internal trainings, job rotation, documenting all the work done from consultants working in the different areas and spreading the culture of sharing knowledge among the employees. The risk manager has to be working very close to the managers of each area to identify the key persons and not allowing that a gap occurs when the person leaves the company, jeopardizing the projects and products quality Securing the competencies for an organization can be guided by an integration approach that is measured by the organizations strategy. As an instance, for an organization, in order to secure the necessary competencies, some actions can be taken such as developing and involving new skills and competence in the right place and right time.Enriching the value of expertise of the organization by clearly identifying the strategicareas.Additional training for the development by ordering and prioritizing the training programs.After the competence are determined, identifying a competence development plan byutilizing from career planning, experts opinion, guidance for recruitment etc. EVALUATION OF TRAINING RESULTS The evaluation of the trainings demonstrates that if this training has a positive or negative or no impact on the risk area.After defining the risk areas and objectives in these risk areas, these objectives can be evaluated by using a post-training evaluation form. About the content, methods, materials and delivery of the training, the participants opinions can be asked and they can asked to ratetheir satisfactions about these titles. After gathering these risk evaluation forms andparticipants opinions, the training workshops about risk areas can be revised and performed again. In order to evaluate the impact of the training on defined risk areas, an impact monitoring exercise can be performed. This can involve sampling from random trainersevaluations about these training. These evaluations can be a questionnaire which was fulfilled by participants about the trainings. AUDIT OF THE COMPETENCE SYSTEM To audit the competence of the system, the standards, guidelines and procedures should be identified. Standards determine compulsory requirements for auditing and reporting. They can be auditors skills, knowledge or experience, etc. Also the auditors should use professional judgments in their application. The aim of guidelines is to explain how to obey the auditing standards. Apart from these standards, guidelines and procedures, an auditor would be going in search of addressing these issues to audit an organizations compliance with the competence.The organization should evaluate the impressiveness of activities taken to meet competence needs and to make certain the needed competence has been gathered.The organization can use many kinds of techniques and tools like role-play,observation, reviews of trainings and employment records, interviews, etc. for theevaluation method of effectiveness of activities.The organization should determine what competencies are needed by team performing work which affects quality.The auditor should determine the approach to define these competencies for organization.To control the quality characteristics of products or processes, the competent personnel should be assigned.The auditor may survey job descriptions, testing or official examination activities,records of management reviews, definitions of responsibilities and authorities, audit records, customer complains, process validation records, etc. to verify the competenceof personnel for the work. IMPROVEMENTS AND CORRECTIVE ACTIONS Improvement opportunities during an audit can be documented to make certain corrections.Also problems can be related with the specific compliance areas and business processes so that high risk areas can be identified easily.Corrective actions are steps which are taken to address existing non compliance and make improvements. These actions take care of actual problems which have been occurred. They define the cause of these problems and solve them by removing causes. These corrective actions can be defined as problem solving processes. Problem costs can be determined so that resources can be set aside to areas where the business would utilize them with best benefit. PREVENTIVE ACTIONS The organization should define the actions to remove the causes of potential non conformities in order to prevent their occurrence. These actions should be defined properly due to the effectiveness of potential problems. The process of preventive actions can be defined as :Define potential problems and their causes.Evaluate the requirement for preventive actions for these problems.Define and execute the action needed.Record the results of preventive action and review it.