Risk Identification Techniques in Retail Industry: A case study of Tesco Plc

In every business or industry risks are an inherent part and managing and identifying the risk is a crucial function of every business. Risk implies the potential earnings or outcomes obtained from expectations. In other words, risk refers to the level of risk that a shareholder is willing to take from an investment made by him. The retail sector is unique and assists the economy in employment generation and economic development. This sector is also affected by the number of risks and managing and assessing risks in the retail business has been considered an essential management process. Every retail firm that wants to thrive and exist for a long time needs to implement adequate risk management. Any risk management approach must start with identifying the risks that could have an impact on the company.

"Events that could arise that would undermine the targeted incentive delivery," says Hopkin. A risk is simply defined as "an unanticipated occurrence with unforeseen effects." Risk can result in positive or bad outcomes, as well as uncertainty.Numerous definitions have been given by various authors, which are put together in the following table:

Before explaining the risk identification, it is necessary to explain and define the risk management as risk identification is the first stage of the risk management process.

It is the act of planning, coordinating, guiding, and controlling a company's human and material resources. Enterprise risk management, according to Veyrat (2016), assists managers in effectively dealing with connected uncertainties, threats, and opportunities to optimize the ability to produce value. Bower, 2009 stated that risk management is the total of all preemptive management-directed efforts inside a plan that are designed to combine a program's components' tolerable risk of failure. Copper et al., 2005 explained that risk management is a process that entails applying management rules, processes, and procedures to the activities of setting the context, recognizing, evaluating, analyzing, treating, measuring, and systematically communicating risks. "Risk management is a combination of operations carried out within an organization to produce the best possible outcome while reducing the ambiguity or instability of that outcome." (Hopkin, 2017, p.46).

Hopkin described the principles of risk management (Hopkin, 2017, p. 57).

· Alignment: Coordination of ERM efforts with other operations is critical.

· Proportionate: Risk management activities should be commensurate with the corporation's risk level.

· Embedded: Risk management operations needed to be integrated into the business.

· Comprehensive: To be entirely successful, the strategy has to be systematic.

· Dynamic: Risk-related activities must be adaptable and responsive to changing conditions and uncertainty.

· To analysis the risks associated with retail industry.

· To study the tools and techniques of Risk Identification.

· To study the relationship between risk identification and risk management.

· To study the tools and techniques of Risk Identification used by TESCO PLC as a retailer.

The present study is a literature review that examines available studies based on risk identification and its techniques in the retail business. Structured databases are used as the most effective technique to begin a literature search for the current overview, specifically Science Direct, Google Scholar, and Emerald. The analysis used keywords: risk identification, risk management, retail industry, Tesco plc. This study was conducted by looking for similar key terms in scholarly articles and relevant studies. The prsent study is a qualitative reserach and qualitative data source are used to achieve the objectives.

In this present study, secondary data is used by having different reserach questions. Thus, secondary data set in isolation method is used. Reserach questions are:

· What types of risks are associated with retail industry?

· What are the various risk identification techniques?

· What is the relationship between risk identification and risk management?

· What types of techniques are used by TESCO as a retailer?

To achieve the answers of these research questions, secondary data set isolation is most suitable method and these questions are different from the previous studies.

There is a risk of supplier uncertainty.Chopra, et al., 2004, explained that the inability of suppliers to adapt to changes in demand results in a loss of market share. The failure or insolvency of a stakeholder raises the supplier's uncertainty in meeting demand. Supplier risk is one of the risks which are faced by the retail industry. According to Husng et al., 2013long-standing tensions exist among suppliers and retailers in the retailing business. Although the retailer has authority over the display position of commodities in the retail process, the supplier influences the retail supply chain initiative. Risk issues will emerge when suppliers, such as force majeure, influence the retail company's main supply chain. Aside from the retail product purchase process, the supplier selection model is also critical. In their research, the authors further explained the inventory risk, which is closely related to the firm sales activity, since it is necessary to keep appropriate inventory to fulfill sales orders. Surplus inventory will occupy retail company finance, preventing the funds' chain from moving quickly; stock is insufficient, preventing retailers from completing their sales plans; and inventory is insufficient, preventing retailers from completing their sales plans. Furthermore, inventory security is a crucial aspect of inventory management; fire, robbery, breakage, or impregnation of such issues would enhance the retail company's leading supply chain inventory risk.Natural disasters and weather events can impact both physical shops and e-commerce businesses that keep merchandise in warehouses. Natural catastrophes not only cause physical damage to structures but also cause power outages, which lead to product losses in grocery stores and other retail outlets that sell perishable goods(www.insureon.com, 2021). Data breaches and digital theft are other risks faced by the retail industry. Cyber-attacks by hackers and professional groups pose a threat to customer and company data security.The rate of E-commerce theft and crimes are increasing day by day due to more customers now buying online. As perthe 2017 research conducted by credit agency Experian, internet retail crimes increased by 30% as compared to the previous year(Tatham, 2018). While the media has recently concentrated on cyber assaults against IT corporations, retailers remain a top target for hackers. As per Forbes, retail is among the top industries for targeted firms in almost each cyber security study produced in the last few years(Pitman, 2019).According to Manju and Mentzer, 2008, an organization's security and safety risks can be lethal. Security risk refers to unforeseen occurrences that endanger human resources, operational integrity, and information systems, resulting in incidents like freight theft, data theft, vandalism, criminality, and sabotage. Employee behavior poses a threat to an organization. Frequent worker turnover harms the organization's finances and reputation. Employee disagreements, resistance to change, and misappropriation of a company's assets are all frequent behaviors seen in most sectors, and these behaviors can operate as a barrier for an organization(V.G. Venkatesh, 2015). The next category of risk is Emerging disruptive technologiesglobal problems have rendered some digital disruptors – from buy online, pick up in-store to cashless payment solutions – into must-have investments for consumer and retail enterprises. Although CEOs may believe that the greatest technological risk is declining to innovate, a focus on the "disruptive" risks neglects other IT workhorses. A systematic, comprehensive approach to technology risk management systems can help to strike a compromise between the requirement for speed and the need to minimize business and technical risks(kpmg.us, 2020).

This is known as starting phase of risk management. Risk identification creates a base for the next two stages of risk analysis and risk control and assists the organization to make strategies for controlling risks. The technique of defining, measuring, and calculating probable relative unfavorable hazards is known as risk assessment. Quantitative or qualitative risk analysis is usually done using one or both tools (Koon, 2018). It requires generating a comprehensive list of risks and opportunities based on events that could aid, obstruct, degrade, expedite, or delay the achievement of your objectives (www.acctuaries.com, 2021). Regardless matter how big or small an organization is, it faces a variety of risks that might jeopardize its goals. As a result, these dangers must be detected using the right tools and approaches. The risk identification strategies used should have a significant effect on the organization's entire risk management strategy.

To measure all potential risks in the retail business various techniques are used. There are lots of techniques of risk identification in the literature that are discussedas follows:

4.2.1 Brainstorming- The term "brainstorming" is frequently applied to any sort of group discussion. Hopkin states that he gathers and discusses ideas during meetings to handle occurrences that may have an impact on priorities, fundamental processes, or key factors. According to Hopkin's (2017, p. 124) vision, brainstorming allows for the sharing of ideas concerning the company's significant risks during meetings. It is possible to achieve a shared impression of each risk as well as awareness of it. Khalafallah, 2020 mentioned that there are a variety of widely used brainstorming structures. Because it involves an open conversation with project teams and other project team members, this technique looks to be a well-organized risk detection technique. As a result, it provides an opportunity to examine the existence of dangers as well as their possible consequences. If it is not regulated, it is susceptible to being affected by stronger entities.As per Tharanga, 2020, when it comes to risk identification, the purpose of brainstorming is to come up with a comprehensive list of potential threats. To gather a complete list of risks, it is necessary to engage with the proper stakeholders for the profession.

4.2.2 Risk Register- It is a continual process and during the product or project life cycle it is updated at regular intervals. Mostly used in historical records for possible projects, and eventually becomes part of the total papers(GreyCampus). By providing information from documentation reviews, these risk registers assist the organization in recognizing risk. The risks that were discovered during the identification procedure are listed in the risk register. The risk register's details aid the organization in gaining a better knowledge of its hazards. The "risk register" is the principal result of a risk identification activity, and it is the document in which the hazards are listed. A risk register contains all the risks across the company or project in a systematic way. There is no set format for a risk register, and companies have a lot of leeway in how they maintain their documentation (web.actuaries.ie).

4.2.3 Delphi Technique-Tharanga, 2020 stated that this is the most widely used technique under risk identification. He future stated that the Delphi method is an iterative procedure. The goal is to get as many different ideas from the group of specialists as possible. Morano et al., 2006 considered the Delphi method as a strategy to obtain an opinion from anexpert team about future occurrences. It is supportedby a panel of expertswho have structured knowledge, experience, and creativity, with the assumption that a well-organized collective judgment is preferable to a personal view. Instead of an actual group gathering, this consensus-building method employs typed replies. It is a strategy that necessitates the systematic collection and critical comparison of decisions from anonymous participants physically isolated about a specific subject, using a set of carefully prepared questionnaires interspersed with overview information and feedback gathered from prior responses, using a set of pre-scripted questionnaires(CAR. Morano, 2006).

4.2.4 Flowchart – Hopkins, 2017 explained a flow chart as a review of the institution's processes and methods to identify key success elements. It is a graphical tool that depicts the steps in a process. This tool is used to gain an improved and better understanding of the hazards or the interrelationships between the parts(CAR. Morano, 2006). This is also known as a process flow diagram. Tharanga, 2020, stated that flowcharts aid in risk identification by allowing for a better understanding of the hazards and their interrelationships. A flowchart is a graphic representation of a series of stages in which a decision must be made to proceed to the next level. Every stage is depicted as a diagram shape, with lines or directed arrows connecting them all. Anyone can grasp the flowchart and the steps of the procedure from start to finish with this representation.

4.2.5 SWOT Analysis – it is a strategic planning tool to measure the strength, weaknesses, opportunities, and threats of the business. Shang et al, 2014 considered the SWOT a well-established tool for research and widely used in for effective planning. The internal and external factors are predicted by this tool.By examining opportunities in the external environment, the SWOT analysis has the benefit of taking into consideration the risk's upside. One of the advantages of conducting a SWOT analysis is that it can be used to make key decisions. However, because there is no standardized risk classification system in place, not all threats will probably be identified (Hopkin, 2017).

4.2.6 Cause-and-effect diagram – this is also known as Fishbone diagrams. According to Morano et al., 2006, the effect is listed on the right side of the diagram, while the causes are listed on the left. Each impact has a category, and the primary causes must be classified according to these categories.The most significant benefit of this technique is that it provides a clear visual representation of risk, which is defined as rather of maintaining a risk register table with a thousand words of text; an Ishikawa RBS can use pictures to quickly emphasize the critical risk regions (J.Rubin, 2010).

4.2.7 Questionnaires and Checklists- These strategies can be quick and simple, but they can't be comprehensive. Historical data and knowledge from previous similar endeavors, and also secondary sources, can be used to develop the checklist (E.Gajewska, 2011). Checklists are risk lists that are frequently built from personal experience. Structured questionnaires and checklists are employed in this technique to collect data that can aid in the identification of dangers (Hopkin, 2017, p. 123). According to Tharanga 2020, it is a strategy for carefully reviewing various processes using a pre-prepared list to visualize the accuracy and completeness. Analyzing the checklist will allow the company to identify the hazards in the predicted plan and project.

4.2.8 Inspections and audits - The process includes physical inspections of premises and operations, and also audits of compliance with prescribed systems and processes (Hopkin, 2017, p. 123).

4.2.9 Root cause identification- Fox 2018 stated that this analysis is carried out after an incident has occurred; therefore it is a reactive rather than proactive effort. The cause and effect diagrams aid in the discovery of all relevant facts as well as the identification of appropriate solutions. Morano et al., 2006 divided the risks into four phases: the gathering of data, causal factor, identification of root cause and execution.

4.2.10 Electronic Brainstorming - The goal of electronic brainstorming is to produce ideas through the internet using computers, so that participants may quickly access the ideas generated and develop new ones. This technique is an improved version of the traditional brainstorming technique. It allows for simultaneous communication betweenteam members, who can publish comments and add new ideas at the same time, resulting in a large number of thoughts. One more feature is record automation which permits the storing of all generated comments and thoughts(CAR. Morano, 2006). Electronic brainstorming is a more technologically advanced version of traditional brainstorming, with participants' anonymity assured.

4.2.11Expert judgment - Expert judgment is also one of the most useful instruments in risk assessment procedures. It is frequently cited as one of the most effective project management tools and strategies. Expert judgment is a time-saving strategy that indicates potential risks that may arise during the project's lifetime. It aids in the improvement of estimate quality and provides reliable projections(Satish, 2015). It is like a structured or unstructured interview with a group of specialists and expertteam members (CAR. Morano, 2006). According to Khalafallah 2002, this method uses specialists' previous experiences to detect potential risks. The problem with this method is that it tends to dismiss any risk that has previously been overlooked, relying solely on information.

Hopkins 2017, stated that the risk assessment component of the risk management process is made up of risk recognition and risk scoring. Risk assessment entails identifying and rating potential threats to an organization, project, or strategy. A report by 3ccs-Seo, 2019 revealed that in the long term, taking a proactive approach to risk identification, evaluation, and administration can save a significant amount of time, cost, labor, and other critical resources. According to Winch 2003, risk management is focused not only on anticipating and solving problems but also on being ready for uncertain future challenges. Dealing with potential threats isn't only a method to avoid losing money; it's also a way to turn challenges into opportunities that can lead to increased profits, ecological benefits, and other benefits. The prime aim of risk management is to compile a list of various losses and risks and this can be only possible with risk identification (RI). Renault et al., 2016 stated that to conduct RI, the RM plan, as well as the organizational environment, must be recognized. These provide the context in which the risks will be assessed. As part of the organization's risk culture, the RM strategy may also designate certain RI practices that are either preferred or prohibited. Firstly, companies should develop a toolkit that enables the company to manage the risks and in the second phase, companies can apply specific techniques to assess and classify the potential risks. Thus, risk identification implies not only identifying potential risks but also assisting in implementing appropriate techniques (S.Gates, 2012).

This section discusses the research's most important results. The findings are addressed using secondary data gathered from the relevant literature in this field. The retail business is exposed to several dangers. The retail business faces a variety of risks, including supplier uncertainties, changes in customer taste and preferences, data security and threats, inventory risks, and so on. The corporation faces a significant task in identifying these risks. Companies can use a variety of risk identification strategies to detect hazards. The risks are discovered using approaches such as brainstorming, expert judgement, Delphi method, root-cause analysis, and so on. The current study looked into the various risk identification methods and approaches employed by Tesco retail. To identify risks, Tesco plc uses brainstorming, a risk register, and a top-down and bottom-up strategy. The conclusions of this research may be applied to Tesco's retail business, which is situated in and operated predominantly in this area. Tesco's selections could include both typical and unusual strategies for spotting dangers.

This is qualitative research; there is more scope for the researchers to conduct quantitative research to find out the implementation of risk identification techniques in the retail industry.

This study was restricted by some factors, including:

• The most significant problem was locating relevant literature for this investigation.

• Collecting suitable data for the study was demanding and time-consuming.

• For the sake of analyzing the dissertation's aims, only secondary data is collected.

Most of the studies in the literature focused on risk identification and management in the construction industry. This paper investigated the literature regarding the risk identification techniques for the retail industry and the types of risks faced by the retail industry. According to the objectives of this paper, the concept of risk, risk management and identification, and techniques of risk identification were elaborated according to the literature. Accordingly, this study concludes that risk identification is a very crucial stage of risk management and it should be considered the most crucial activity of risk management and an organization as a whole. So, it should be tackled systematically.

Tesco Plc's proof demonstrates how a single corporation has established its unique system and a comprehensive risk management strategy. Tesco uses a variety of risk-identification methodologies, including Group Register, Brainstorming, and top-down and bottom-up approaches.

· We hereby declare that this research work titles “ Risk Identification Techniques in Retail Industry: A case study of Tesco Plc” is original work of Mrs. Aradhana Sharma, Dr. Ruchika Jain and. Dr. Neena Seth Pajni. This paper has not been submitted earlier in anywhere for publication.