CHAPTER 6

Functional Domain

Purpose

This chapter describes each of the main business functional areas of major risk and security for the following business functional area:

• Sales and marketing (S&M) functional area
• Customer relationship management (CRM) functional area
• Financial management functional area
• Human resource functional area
• Manufacturing functional area
• Operations management functional area
• Supply chain management (SCM) functional area
• R&D functional area
• Artificial intelligence (AI) and automation functional area

S&M within the functional area

1. Top risks in the area:

   S&M is an important business functional area for any business. S&M is the revenue generating functional area. Identifying risk in this area takes higher priority before it hits the revenue and sales. See the following reference:

   https://simplicable.com/new/marketing-risk

2. Security in the area:

Chief marketing officer’s top security threats

https://cisoinsights.com/top-3-cyber-security-risks-every-chief-marketing-officer-care/

S&M Functional Area

S&M get involved with the operations and activities that promote and sell products and services. The strategy is to sell and distribute products or services. S&M includes research and development of pricing, research, development, distribution, customer service, sales, and communications. Typically, the sales department has an obligation to advise the marketing department with possible customers and focuses.

The marketing department makes the decisions and the sales workforce uses the ideas to sell the products and services. An example could be software products. The sales workforce uses the ideas to sell the software packages. Both the marketing and sales jobs contribute information, ideas, and research to aid with marketing strategies and brainstorm approaches for various products and services that will lead to special promotions, sponsored events, and other ideas.

The coordination between the marketing and sales departments can lead to risk and security issues. At all cost, organizations want to avoid those problems to increase sales and promotions.

CRM Functional Area

CRM is a tool used for contact and sales management. CRM enhances sales and promotes environmental relationships. CRM aids in coining strategic relationships and interactions with customers and potential customers. CRM promotes connection with customers, streamlines processes, and eventually improves an organization’s profitability.

Important features of CRM:

Contact management: CRM helps the organization better connect with customers.

Mobility: CRM can access customer data and other important information on the customers.

Analytics: CRM helps refine important actionable items that are defined by the organization.

Customization: The CRM system is customizable to suit the organization in unique situations. A flexible CRM allows synchronization of operating systems that provide full control over the kind of data being used and updates and reevaluates the processes when required.

Simplicity: CRM is simple to use. Employees using the system should embrace it to make it worthwhile. The CRM is easy to understand, intuitive to use, and straightforward in its reports.

The aforementioned features are necessary in order to avoid risk and security issues.

Other CRM risks are as follows:

1. Inappropriate CRM project assumptions that may cause confusion among stakeholders.
2. The project planning was ineffective and left out important parts of the requirements, leading to significant issues.
3. The data conversion is delayed due to problems with data conversion and incorrect data.
4. Incorrect processes are created in inappropriate business processes. Incorrect data added from another location creates confusion or unmatched datasets.
5. Failure to address challenges or risks in the system.
6. Lack of executive support that creates problems in the CRM project environment.
7. The organization perceived the CRM as a surplus application.
8. Inappropriate care of the CRM requirements by the workforce.
9. Users do not use the CRM system appropriately.
10. The risk is not being attended to appropriately.

All identified risks must be mitigated appropriately to keep the environment safe.

Financial Management Functional Area

The financial management areas consist of strategy, marketing, finance, human resources, technology and equipment, and operations.

The primary areas of business finance consist of the following:

• Corporate finance: This area covers the decisions an organization makes about financing.
• Investments: The corporation may decide to invest in assets. These assets may be short-term securities to long-term securities, such as stocks and bonds.
• Financial markets and institutions: The financial markets may include stock and bond markets, the primary and markets, and the money and capital between markets. Financial markets may include the stock market. Financial markets are used to transfer funds saver funds to fund users. Typically, savers are household and users tend to be businesses and the government.

The three areas tend to overlap and tend to cover distinct aspects of finance.

There are risks in financial management, such as an entity making an investment decision that exposes financial risks. The different types of risks in finance are credit risk (i.e., if an organization takes a loan and not able to pay back), liquidity risk, and equity risk (the third type of financial risk).

Financial risks must be assessed completely to determine loss on an asset, loan, or investment. The rate of return needs to be determined and effort must be made for a particular investment to succeed.

Human Resource Functional Area

Human resources manage valuable resources for positions with other organizations. The human resources recruiter recruits new hires, maintains benefits and payroll, mediates conflict, and engages in training and development of new hires. Here are other functions of human resources:

• Employee and labor relations.
• Strategic management.
• Workforce planning and employment that includes recruitment and selection of opportunities.
• Human resource development of new hire employee training and development.
• Ensure that employees are managed well to cut labor costs.
• Protect employee rights and ensure that employees operate within the scope of the employer requirements and regulations.
• Total rewards for employee compensation and benefits.
• Policy formulation for the recruitment organization as well as the client organization.
• Ensure that risk management is done well.

Human resources has two types of risks: production decrease and reduction of human resource. These risks must be mitigated by means of risk management. Typical mitigations are increasing productivity (i.e., strategic planning that minimizes the probability of financial losses) based on excellent leadership (i.e., trust, motivation, planning, delegation of authority, and the development of policies and procedures to document best practices), training (i.e., a systematic approach, patience, and an honest evaluation), communication, evaluation skills, motivation (i.e., motivate the employee), evaluation, and conflict resolution.

Manufacturing Functional Area

The following are some of the risks in the manufacturing functional area:

• Emerging markets can be unpredictable.
• The supply chain has the tendency to be delayed or disrupted for various reasons.
• Third-party vendors caused by a stakeholder who the manufacturing organization is doing business with.
• Information technology is a technology problem and can occur for various reasons.
• Staff management and succession planning can be a problem if not done well.
• Risk can set in and create disruption if the workforce in the manufacturing environment is not proactive.

Here are additional risks in the manufacturing functional area:

• Data collection must be done well on the following items: information regarding inventory, supply, deliveries, quality, production, customer support, processing, and day-to-day management.
• Unexpected catastrophic equipment failures may cause dramatic delays.
• Data collected may be inaccurate.
• Possibility of slow onboarding and knowledge loss due to new employees becoming familiar with the work environment and functionalities.
• Working with machines and new processes can be overwhelming sometimes.

All the risks and security issues can be mitigated appropriately.

Operations Management Functional Area

Operations management ensures the timely outcome of raw material into finished products. It is safe to say that operations management is important when it comes to project management. In an organization, the business function is responsible for planning, organization, coordinating, and controlling the resources required to produce the organization’s services and products. High priorities ensure timely delivery of products and services.

Operations management involves similar management for organizational sectors irrespective of the type or nature. The main idea is to properly cater to the resources such as labor, raw material, money, and other resources. Organizations will use available resources in the best possible way to achieve end goals and improve overall productivity. The organization tries to provide products to align with customer requirements. This strategy helps to market and sell the end products rapidly, resulting in enormous profits for the organization. Operations management manages sectors such as design, operations, and maintenance of the system used to produce goods.

The operations management process cannot be underestimated and in-depth knowledge is required. A mishandled environment leads to risk and security issues that impact the organization’s growth and success.

The risks of operations management include loss based on personnel, procedures, systems, and external events. Personnel-based risks include personnel who are not trained well and good employees leaving the organization. Operational risk and loss stems from preplanned detrimental activity, such as employees committing criminal offenses that could potentially harm the organization.

Other risks and security issues are:

• Computer hacking.
• Risks coming from disastrous events such as hurricanes.
• Internal and external fraud.
• The workforce not adhering to internal policies.
• IT disruption from disabling cyberattacks, routine causes of human error, or failure of aging hardware.
• Data compromise such as cybertheft, unauthorized access, accidental disclosure, and employee negligence.
• Regulatory risk resulting from the evolving nature of regulatory attitudes to supervision.
• Theft and fraud are part and parcel of a risk manager’s job.
• Outsourcing remains one of the top operational risks for practitioners this year.
• The incorrect selling of financial products has been a constant concern for operations risk managers over the past decade.
• The financial industry’s struggle to attract, train, and retain the best and brightest in competition from other sectors such as technology.
• Organizational change is pointed out as a huge risk concern.
• Unauthorized trading resulting from rogue algorithms is noted as a risk.
• Model risks reflect the growing regulatory burdens placed on banks’ modeling and validation teams that show the potential cost of errors that occur in the banking sector.

All risks and security issues must be well managed and mitigated accurately.

SCM

SCM includes the activities required to plan, control, and execute a product’s flow, from obtaining raw materials and production through distribution to the final customer (Samson 2010). SCM controls product quality, inventory levels, timing, and expenses. Other examples are farming, refining, design, manufacturing, packaging, and transportation.

Retail organizations often get involved in SCM because product quality is controlled all the way to the end customer. See Figure 6.1.

Figure 6.1 SCM

SCM has risks and needs that must be managed appropriately. The following are some basic types of supply chain risks:

• Financial risks.
• Any unforeseen event that disturbs the normal flow of goods and materials in a supply chain.
• Scope of schedule risks.
• Legal risks.
• Environmental risks.
• Sociopolitical (combining social and political factors) risks.
• Project organization risks.
• Human behavior risks.

The risks in the supply chain must be managed using supply chain risk management (SCRM). The SCRM uses strategic steps to identify, assess, and mitigate the risks embedded in the supply chain process. It is necessary to manage all tiers of supply and risk objects (suppliers, locations, and ports). See Figure 6.2.

Figure 6.2 Supply chain risk management

R&D

R&D is the process where an organization searches for new knowledge to create new products, services, or systems (Hill et al. 2019). The goal is to make money for the organization. Pharmaceutical and technology organizations carry out R&D; however, other types of organizations also use R&D. Usually, R&D is basic or applied in order to acquire new knowledge.

Here are some of the risks associated with R&D:

• There is no guarantee that the organization will make money from the R&D.
• The return on investment could be disappointing.
• The organization may not obtain the desired result.
• The risk of physical harm.

R&D should be well planned and include a detailed risk management plan. The plan should contain contingency in terms of time, scheduling, and funds.

AI and Automation Functional Area

The goal of AI is to make a computer mimic human behavior and intelligence. Automation is a hardware or software capable of doing some things automatically. Automation may be based on AI.

Some fear that in the future, AI, ML, and automation will replace 7 percent of jobs in the United States alone. AI and automation are forecasted to eliminate most routine tasks, freeing IT to think more strategically.

Here are some of the risks of AI and automation:

• Any career with repetitive tasks is a candidate for automation.
• With bots in front lines, it will be increasingly difficult to justify spending money on IT support.

Mitigation or preparation for the game changing:

• Do not resist automation; embrace it.
• Bots can answer common question and point users to frequently asked questions.
• Work on developing skills that will be in high demand in the future.
• Learn to bridge the gap between business and tech-speak; try to look at reality.
• Be valuable to a wide variety of people (mostly customers).
• Take advantage of leadership training opportunities to help your team.
• Be a team player and work with teams by collaborating, negotiating, and brainstorming to meet demands.