COURSE: ENTERPRISE RISK MANAGEMENT

PROJECT: STORA ENSO

Instructions for the submission:

● Please maintain the following: Font - Times New Roman, Font Size - 12, Line Spacing
- 1.5

Question 1. Plotting of risks in the heat map (in the template excel file)

Please attach a screenshot of the "Likelihood - impact table" sheet of the

template

RISKS LIKELIHOOD IMPACT

Risk 1 Data hacking 2 2
Risk 2 Use of old technology 4 4
Risk 3 Declining sales 4 5
Risk 4 New regulations 4 3
Consumer preferring biodegradable
Risk 5
plastic packaging 3 1

Risk 3
5

Risk 2
4
IMPACT

Risk 4
3

Risk 1
2

Risk 5
1
1 2 3 4 5
LIKELIHOOD
Question 2. Calculation of risk scores

Please attach a screenshot of the "Risk register" sheet of the template

RISKS LIKELIHOOD IMPACT VELOCITY RISK SCORE

Risk 1 Data hacking 2 2 High 4

Risk 2 Use of old technology 4 4 Low 16
Risk 3 Declining sales 4 5 Medium 20
Risk 4 New regulations 4 3 High 12
Risk 5 Consumer preferring 3 1 Low 3

Question 3. Prioritization of the risks and justification for the order

PRIORITY RISK JUSTIFICATION

LEVEL

P1 Declining It has a very high likelihood and the highest

Sales impact of more than 4 million dollars. It will
seriously affect the organization as decline
in sales lead to decline in profits.

P2 Use of old High likelihood and high impact. This leads

technology to wastage of resources which in turn lead
to loss.

P3 New High likelihood and medium impact. It

regulation might lead to reduction in production
s capacities.

P4 Data Low likelihood and low impact. Leads to

hacking loss of data security.

P5 Consumer Medium likelihood and lowest impact. It

s might impact the current product lines.
preferring
biodegrad
able
plastic
packaging

Question 4. Four aggravating factors for the forest produce industry creating an impact on
their revenue generation
 Please attach a screenshot of the "Risk register" sheet of the template

RISKS AGGRAVATING
LIKELIHOOD IMPACT VELOCITY RISK SCORE MITIGATING STRATEGIES
FACTOR

1. Use of old
software
2. Lack of cyber
security
knowledge
1. Use of latest softwares
among
2. Cyber security traning workshops for the employees
employees
Risk 1 3. Information system access should be given to
3. Access of
authorized personnel only.
information
4. Advanced firewall should be used.
system to
unauthorized
personnel
4. Ineffective
firewall
Data hacking 2 2 High 4

1. Development
of new
technology
2. Obsoletion of 1. Use of latest technology
existing 2. Scrap obsolete equipments
Risk 2 technology 3. Proper maintenance of existing equipments
3. Depreciation 4. Allocation of proper budget for technological upgrade
of existing
equipments
4. Expensive
Use of old technology 4 4 Low 16 new technology

1. Shutting
down of stores 1. Adopt online selling practices
2. Lockdown 2. Try to get permissions to move goods
Risk 3 3. Social 3. Train employees to follow social distancing norms
distancing 4. Allow short term credit to clients
4. Economic
Declining sales 4 5 Medium 20 recession

1. Government
regulations
2. Employee
Union demands 1. The company should be prepared to move the night
Risk 4 3. Improper shift operations to the day shift so that production
working capacity is not hampered.
conditions
4. New
New regulations 4 3 High 12 corporate rule

1. Competitor
offerings
2. Climate
change Gradually shift production towards products preferred by
Risk 5
3. Market end consumers
Consumer preferring sentiments
biodegradable plastic 4. Environment
packaging 3 1 Low 3 awareness

Question 5. Four mitigation strategies to reduce the risk posed by the aggravating factors
 Please attach a screenshot of the "Risk register" sheet of the template
RISKS AGGRAVATING
LIKELIHOOD IMPACT VELOCITY RISK SCORE MITIGATING STRATEGIES
FACTOR

1. Use of old
software
2. Lack of cyber
security
knowledge
1. Use of latest softwares
among
2. Cyber security traning workshops for the employees
employees
Risk 1 3. Information system access should be given to
3. Access of
authorized personnel only.
information
4. Advanced firewall should be used.
system to
unauthorized
personnel
4. Ineffective
firewall
Data hacking 2 2 High 4

1. Development
of new
technology
2. Obsoletion of 1. Use of latest technology
existing 2. Scrap obsolete equipments
Risk 2 technology 3. Proper maintenance of existing equipments
3. Depreciation 4. Allocation of proper budget for technological upgrade
of existing
equipments
4. Expensive
Use of old technology 4 4 Low 16 new technology

1. Shutting
down of stores 1. Adopt online selling practices
2. Lockdown 2. Try to get permissions to move goods
Risk 3 3. Social 3. Train employees to follow social distancing norms
distancing 4. Allow short term credit to clients
4. Economic
Declining sales 4 5 Medium 20 recession

1. Government
regulations
2. Employee
Union demands 1. The company should be prepared to move the night
Risk 4 3. Improper shift operations to the day shift so that production
working capacity is not hampered.
conditions
4. New
New regulations 4 3 High 12 corporate rule

1. Competitor
offerings
2. Climate
change Gradually shift production towards products preferred by
Risk 5
3. Market end consumers
Consumer preferring sentiments
biodegradable plastic 4. Environment
packaging 3 1 Low 3 awareness

Question 6. Risks that should be accepted with their justification

The risks which should be accepted are:

• Risk 1- Data hacking: The likelihood of this risk is low, and the
impact is below $3 million. The core business of Stora Enso is not
data related; thus, data hacking will not affect its core business
significantly.
• Risk 5- Consumer preferring biodegradable plastic packaging:
The likelihood of this risk is medium, but the impact is the lowest.
It is well below the threshold of $3 million. The end consumers
 preference will not affect business with organizational clients
much and thus Stora Enso can keep dealing with them.
• Risk 4- New regulations: The likelihood of this risk is high, and
the impact is medium. The impact is within the threshold of $3
million. The company can adjust its production facilities in such
a way that even without night shift, production is not affected
much.