Advanced Diploma
in Purchasing and Supply
Risk Management and Supply Chain
Vulnerability
LEVEL 5
L5-02/Nov08
DATE: Tuesday, 18 November 2008
TIME: 9.30 am to 12.30 pm
DURATION: 3 hours
Instructions for Candidates:
This examination is in TWO sections.
Section A
Has TWO compulsory questions, worth 25 marks each.
Section B
Has FOUR questions; answer TWO. Each question is worth 25 marks.
1. Do not open this question paper until instructed by the invigilator.
2. All answers must be written in the answer booklet provided.
3. All rough work and notes should also be written in the
answer booklet.
QP - 01
169484_L5-02_Nov08.indd 1
9/10/08 12:18:17
SECTION A
You are strongly advised to read carefully and analyse the information in the case study
before attempting to answer questions 1 and 2.
SAFETY NET FOR MISER
Background
The United Kingdom was put on its highest ever state of alert in 2007 following two
attempted terrorist attacks in central London and a third at Glasgow Airport.
Miser Holdings Inc (Miser) owns a multi-purpose tower block building in the financial
sector in London. This building is leased out by multiple international companies from
various industry sectors. Two weeks ago an aggressive environmental lobby group
stormed its way into the tower block, seriously disrupting the business activities of the
companies which lease office space in the building, for two days. The incident attracted
significant media coverage, which not only had a negative impact on the reputation of
some of the companies, but also raised serious questions about Miser’s office security.
The Catalyst for Change
Although the incident is now over, the companies which were affected are not confident
that security arrangements at the tower block are effective, and are also concerned at
the apparent lack of any contingency planning.
Legal action is being considered by some leaseholders. They claim that had the recent
event been a terrorist incident then the probability of the threat succeeding and causing
catastrophic loss of life and damage to property would have been high. As things stand,
the impact appears to have been restricted to several days’ business disruption and
embarrassment to all concerned.
Engagement of Saftey Net
Following the complaints and the threat of legal action if immediate action was not
taken, Miser swiftly responded by commissioning a review of facilities by Safety Net
Limited, a specialist security consultancy. Safety Net’s initial observations identified the
following problems:
Miser Holding’s Existing Security Arrangements:
• No formal written security procedures.
• No CCTV, alarm system or direct link to the police/emergency services, and
inadequate locks.
• No screening of visitor bags on entering the building.
• Inadequate number of security staff (both at reception and regularly monitoring the
building, car park and approach road, etc).
• Security staff were Miser’s own employees, and when their credentials were checked
they were found to have little or no training in security.
• No awareness of the requirement for security providers to be accredited to the
Security Industry Authority (SIA). The authority lays down a strict Approved
Contractor Scheme (ACS), which is a licensing requirement for manned security
services. It is illegal to provide contracted security services without this license.
• No screening of security staff had been carried out.
L5-02/Nov08/SNM/NMcL
169484_L5-02_Nov08.indd 2
10/10/08 09:04:41
For all Firms Occupying the Building (Including Miser’s Security People):
• There were no risk assessment processes for continuously monitoring the building
and individual leased premises within the complex. Most companies in the building
admitted that they had no disaster recovery or business continuity plans in place to
deal with prolonged disruption of this nature.
Safety Net’s Recommendations
Safety Net’s main recommendations arising out of its initial review were:
• To select a security provider which is ACS accredited and to look beyond the cost
benefit when selecting.
• To put in place a service level agreement (SLA) with the appointed security provider,
with appropriate measurable key performance indicators (KPIs).
• To develop a cross functional team within the building to develop a ‘security risk
profile and procedures’ which can be regularly reviewed and updated. In this regard,
Saftey Net suggests the use of a ‘security impact assessment’ tool, as shown in Fig 1.
It recommends that this is incorporated into a new set of security risk assessment
procedures for Miser, as a means of helping combat complacency on security
measures. Those who use it would assess risk by classifying potential security
breaches and the vulnerability of the office facility, by determining their likelihood,
by evaluating their consequences, etc.
Catastrophic
MEDIUM / HIGH
HIGH
Security risk reduction
needed
Unacceptable Security risk –
Measures not acceptable –
re-assess
LOW
LOW / MEDIUM
Tolerable risk – acceptable
No immediate action
Security risk mitigation /
reduction needed
Consequences of
Security breach
Highly
probable
Negligible
Probability of Security Breach
Figure 1: Security Impact Assessment Tool
Miser’s Future Plans
Miser’s plans are to implement Safety Net’s recommendations, and to use them to help
formulate a new security policy, and to select an external security contractor.
The information in this case study is purely fictitious and has been
prepared for assessment purposes only.
Any resemblance to any organisation or person is purely coincidental.
Please turn over
L5-02/Nov08/SNM/NMcL
169484_L5-02_Nov08.indd 3
9/10/08 12:18:17
QUESTIONS
Answer all questions from Section A.
Questions 1 and 2 relate to the case study and should be answered in the context of
the information provided.
Q1 As Safety Net’s lead consultant on the Miser assignment:
(a) With reference to Fig 1, formulate a plan of action for Miser to deal with
security issues in the tower block.
(15 marks)
(b) Develop suitable criteria that could be used by Miser to select a new external
security provider, to replace its existing security arrangement and minimise
future vulnerability and risks.
(10 marks)
Q2 Discuss the appropriate disaster recovery considerations for Miser and its
leaseholders should the office block become unusable. (25 marks)
SECTION B
Answer TWO questions from section B.
You are strongly advised to read carefully all the questions in section B before selecting
TWO questions to answer.
Q3 (a) Outline how stakeholders might be segmented in terms of their interest and
influence. (12 marks)
(b) Explain why it is necessary to engage stakeholders in managing risk in a
private sector organisation.
(13 marks)
Q4 (a) Discuss the types of insurance an organisation might expect a crucial supplier
to have in place. (13 marks)
(b) Explain why certain insurances might not be appropriate for all suppliers.
(12 marks)
Q5 (a) Use an example to explain the term ‘risk averse’.
(5 marks)
(b) Discuss FIVE significant supply chain related risks for an organisation with
which you are familiar.
(20 marks)
Q6 Discuss how adherence to a corporate social responsibility (CSR) policy can assist
large organisations in managing risk in their supply chains. (25 marks)
END OF QUESTION PAPER
L5-02/Nov08/SNM/NMcL
169484_L5-02_Nov08.indd 4
9/10/08 12:18:17