Risk Analysis In operating in other country, there are several concerns that have to be managed in order to assure that

operational activity will be able to functionate well. These concerns are divided into several categories of operational risk, which is the risk that will affect operational activity. In order to minimize risk, the company has run a risk assessment to identify pontential risks that could harm operational activity and managed them under an organized manner. BCBS in 2002 has established seven potential loss event risk defined as follows: o o o o o o o Internal Fraud External Fraud Employment Practices & Workplace Safety Clients, Products & Business Practices Damage to Physical Assets Business Disruption & System Failures Execution, Delivery & Process Management

The potential loss event risk could be triggered by several factor which is: Staff: o The goal in staff management in a corporation is to ensure that there are sufficient people to undertake the task required, in this process, there will be a hiring, training, retaining, and even dismissing staff. This sector could be very risky in China because of different culture and if the people hired does not have the right capability to undertake his role and responsibility. Dismissing staff would also be very difficult because there will be resistance to it, and operating in China means this section have to be taken into details. In managing the risk, proper training will provide capability and skill needed when hiring new staff, furthermore, senior management has to establish control of allocation of resources with regard of strategic direction of a company so the staffing process will support the operational activity run by the company. Technology: o Information and technology could be a tool for a company to easily manage its operational activity, however, under bad management it could also dampen effectivity by disrupting business activity and potentially causing system failure. Furthermore, information and technology risk also increases daily because of malicious program that is spread around the world. With this information in mind, information and technology should be managed strictly, updated regularly to support operational activity, and there should be a

role to ensure that this part of the system is running smoothly as a supportive department. The fact that the company is operating in China does not add up risk for this department, as the sector is running independently on computerized system. Fraud: o In a business entity fraud could happen internally and externally. Risk related to fraud is loss of asset and leakage of information. In China, this type of risk is higher than any other country, as biggest piracy is sourced from there. Leakage of information could end up in a fake product under the companys brand. In light of this condition, a good management and working system, which includes employees role, interaction, and action have to be seriously given the attention so these two risk could be reduced to a minimal amount. External dependencies: o External dependencies will always exist for a company that relies on other. It includes infrastructure providers, suppliers, communication, logistics, electricity, ane etc. Potential risk that could disrupt the operational activity is any of those dependencies. Minimizing risk on this section means to select partner with most reliable service and minimal downtime, furthermore, having a backup will also provide safety net if any of the potential possible disruption occur. Process/procedures: o Risk in this part is linked to working system in the company. Working system decide the requirement needed for an action to be taken, it is the basic common interaction inside the company. To minimize the risk of incorrect action being taken, management has to carefully design the procedures with regards to employee culture and education in China, so misunderstanding could be minimized and procedures could be done perfectly. Outsourcing: o Outsourcing could have benefits and drawbacks in reducing risk of the company, it is only under some circumstances that outsourcing will reduce risk. Outsourcing should be done to only responsibilities that is not the core competency of the company, this way, the company can keep their core competencies and not afraid of fraud/piracy that could happen if core competency is being outsourced. Language/translation: o In operating in other country such as China, language is the biggest source of potential risk. It also relates to interaction of everything at the workforce. Fail to deal with this may led to

misunderstanding within the workforce which could end up in incorrect action being taken. Minimizing this risk means to use english as well as local language in every procedures and working manual for workers and to minimize mistranslation in doing business. Security & Policy: o Security & policy risk minimizing includes protecting companys assets and personell as well as protecting the business activity. Minimizing security risk could be done by employing security forces and is more easy than minimizing policy risk because it is a systemic risk and could not be influenced by the company, the only way to reduce it is to comply with the policy.

Assessing the risk above could be done by the company by observing risk drivers and indicators within the business activity. The common indicator to be observed is as follow: Drivers: o Transaction Volume o Staff Turnover o Market Volatility o Training hours vs. plan o Product complexity Indicators: o Transaction errors o Aged confirmations o Reconciliations o Audit points outstanding o Settlement fails o Operational loss