Question

Question 3: Risk Management [50 marks]

Risk management was identified in the NamCode as being an important activity during governance.

a) Outline how you would develop a risk management program in IT [25 marks]

b) Critically evaluate the strengths and weakness of the various risk analysis methods in IT. [25 marks]

Answer 1

3)a)Developing an effective Risk Management Plan can help keep small issues from developing into emergencies.Risk management is the procedure that an organization follows to protect itself, its staff, clients, and volunteers. This is an ongoing process.

STEPS IN THE RISK MANAGEMENT PROCESS

1)Establish your context

Identify, assess, and document potential risks. This involves mapping the following: social scope of risk management (what are your stakeholders facing); the identify and objectives of stakeholders (do you want to ensure minimal financial impact, programmatic impact, etc.)

2)Identify risks

What are your risks and how likely are they to occur? Some will cause major disruption while others will be a minor irritation. You must make an educated assessment of both the likelihood and potential severity of each risk to prioritise your planning efforts.

3)Minimise or eliminate risks

Once risks have been identified you need to either eliminate or minimise those risks. You should provide specific strategies for minimising risk for each of the six subgroups.

4)Potential risk treatments- how will you manage the risk?

Once the risks have been identified, it is important to outline the courses of action to address these. Possible scenario/solutions:

1. Avoidance (elimination): Includes not performing an risky activities, i.e changing the travel routes, avoiding areas deemed unsafe, etc.

2. Reduction (mitigation): Involves methods that reduce the severity of the loss e.g. equipping staff with health and safety kits, keeping emergency numbers, fire equipment, backing up files, etc.

3. Retention: Involves accepting the loss when it occurs.

4. Transfer: Means causing another party to accept the risk. This can be typically done through insurance, outsourcing services, etc.

5)Prepare a risk management plan

A risk management plan can help minimise the impact of cash flow issues, damage to brand and other risks. It will also help create a culture of sensible risk awareness and management in your business. Our Crisis planning for business template below includes a risk management plan.

3b)Strength

1)Risks are sorted by their financial impact, assets by their financial value

2)The results can be expressed in a specific management terminology

3)The evaluation and the results are based on objective methods

4)Security level is better determined based on the three elements: availability, integrity and confidentiality

5)A cost-analysis can be implemented for choosing the best suited measures

6)Management performance can be closely watched

7)Data accuracy improves as the organization gains experience

Weaness

1)The methods of calculation are complex

2)Without an automatic tool the process can be really difficult to implement

3)There are no standards and universally accepted information for implementing this method

4)The values of risk impacts are based on subjective opinions of people involved

5)The process handles a long time

6)The results are presented only in monetary values and are hard to understand by persons without experience

***********************************************************************************************************************************

In case of any doubt do ask in the comment section.Hope you like it