Question $1\mathrm{.}1$

Introduction

The recent Microsoft global outage exposed vulnerabilities in centralised tech systems, causing disruptions in sectors like finance and airlines. In contrast, decentralised systems, such as Bitcoin, continued to function smoothly. This discussion will examine the importance of risk protocols in managing such risks, outlining risk categories, exploring the concept of risk protocols, and providing examples to emphasize the need for strong risk management.

Understanding Risk Categories

Effective risk management requires a clear understanding of the types of risks faced by an organisation. The risks can be categorised into several key areas:

$$ Operational Risks: These arise from internal processes, people, and systems. The Microsoft outage serves as a prime example, where a software update led to widespread service disruptions. Operational risks can result from human error, system failures, or inadequate processes, emphasizing the need for stringent operational protocols $($Andersen$,2022).$

$$ Reputational Risks: These arise from negative public perception, which can result from operational failures. Microsoft faced significant reputational damage due to the outage, as customers and businesses questioned its reliability. Reputational risks can lead to decreased customer trust, loss of business, and long$-$term financial implications $($Chris$,2018).$

$$ Technical Risks: These involve the failure of technology to perform as expected. Centralised systems, like those of Microsoft, are particularly vulnerable to technical risks, including software bugs, hardware failures, and cyberattacks. The reliance on a single software update, as seen with CrowdStrike, can lead to catastrophic failures across millions of devices.

$$ Market Risks: These relate to fluctuations in the financial markets that could affect an organisation$$s profitability. Bitcoin's price surged over $4\%$ during the Microsoft outage, reflecting how market dynamics can change rapidly in response to systemic failures. Investors often seek alternative assets during periods of uncertainty, highlighting the interconnection of market behaviour and technological reliability.

$$ Compliance Risks: Organisations must adhere to regulations, and failure to do so can lead to legal repercussions. The disruption caused by the outage may disrupt compliance processes, exposing companies to fines and sanctions. For instance, financial institutions must ensure that transactions are processed according to regulatory standards, which may be compromised during technological failures.

Understanding these risk categories allows organisations to draft their risk protocols to address specific exposure effectively.

Risk Management Protocols:

Risk management protocols are a series of risk procedures and guidelines, these include procedures and protocols for undertaking the assessment of risks to strategy, projects and operations $($Hopkin$,2018).$ Generally, these protocols will be reviewed annually, and these protocols will also prescribe the degree to which records need to be kept. Risk protocols are structured frameworks designed to identify, assess, and manage risks systematically. These protocols typically involve several key components:

a$.$ Risk Identification

This initial step involves recognising potential risks that could impact the organisation. Effective risk identification requires a thorough analysis of both internal and external environments. Tools such as risk matrices, SWOT $($Strengths$,$ Weaknesses, Opportunities, Threats$)$ analysis, and brainstorming sessions are employed to uncover hidden vulnerabilities. Engaging diverse teams can enhance this process, as it brings multiple perspectives and expertise to identify risks that may be overlooked $($David$,2018).$

b$.$ Risk Assessment

Once risks are identified, they must be evaluated based on their likelihood of occurrence and potential impact. This involves qualitative and quantitative methods. Qualitative assessments use descriptive categories $($high$,$ medium, low$)$ based on expert judgment, while quantitative assessments might involve statistical models to predict the financial impact of risks. Organisations can focus their resources on the most significant threats by prioritising risks.

c$.$ Risk Mitigation

The process involves developing strategies to minimise the impact of identified risks. Mitigation strategies can be preventive $($reducing the likelihood of a risk occurring$)$ or reactive $($reducing the impact if a risk does occur$).$ For example, implementing redundancy in critical systems can help reduce the impact of technical failures. Additionally, training employees on risk awareness and response protocols can empower them to act swiftly when issues arise $($Gargliardi$,2020).$

d$.$ Monitoring and Review

Continuous tracking of risks and the effectiveness of mitigation strategies is essential. This ensures that protocols remain relevant and effective over time. Regular revi