Risk Management
Risk management is the process that allows IT managers to balance the operational and economic costs of protective measures and achieve gains in mission capability by protecting the IT systems and data that support their organizations´ missions.
The head of an organizational unit must ensure that the organization has the capabilities needed to accomplish its mission. These mission owners must determine the security capabilities that their IT systems must have to provide the desired level of mission support in the face of threats.
A well-structured risk management methodology can help management identify appropriate controls for providing the mission-essential security capabilities.
Identity
When a new project is taken up, irrespective of the location, one of the most important steps undertaken is identifying the risks associated with the project. The risk involved could be for a multiple of reasons including, but not restricted, to the following:
- Lack of Resources
- Short elapse and tight project schedules.
- Communication between the offshore and onsite team
- Change of key staff during project
- Language / Cultural
Risks are identified typically identified using one or more of the following methodology:
- Checklists and Questionnaire
- Assumption analysis
- Previous project experiences
Quantify
In this step the risks identified in the previous step are analysed and quantified. During analysis and quantification, the following are determined for every risk.
-
Probability
Probability The probability of the risk occuring is estimated by categorizing it qualitatively as very low, medium, high and very high.
-
Impact
The impact of the risk to the project is estimated by categorizing the risk as negligible, marginal, critical and catastrophic. The impact is estimated based on how it affects the cost, performance, schedule and support of the project.
-
Overall risk
The overall risk to the project is determined by combining probability and impact estimates of the risk.
Organize and solve
In this step the risks quantified in the previuos steps are prioritised so that they can be tracked and controlled efficiently. It is very much possible that a risk has been identified because of various `unknown´; elements. One or more of the following mechanisms resolve some of these unknown elements.
- Pilot
- Simulations
- Benchmarks
Plan and decide
This step basically involves developing actions to address indivual risks, prioritising risk actions and creating an integrated risk management plan. This steps addresses the following issues,
- Specify why a risk is important
- What information is required to track the status of the risk?
- A detailed plan of how the risk will be prevented and or mitigated
At Mainward this process results in typically generating, for each risk, one or more of the following
- An action plan to avoid, or minimize the likelihood of, the occurrence of the event
- An action plan to minimize the impact of the event
- An action plan to manage the situation following the triggering of the event
Monitor Action and Control
At Mainward, every risk identified is tracked on a regular basis and is reprioritised based on the current circumstances of the project. The risk is mentioned through out the projects´s lifecycle.
In case a risk is triggered, the concerned team members are notified and the action to minimize the impact of the risk goes into effect. Monitoring also includes tracking these actions. This activity checks for the apropriateness of the and if found inappropriate corrective and controlling measures are taken.
Understand analyze and communicate
The key aspect of Mainward´s risk management approach is to share the risks with the management of Mainward, team members and the clients thereby providing a transparent view on the issues affecting the project.
Project Management will focus on the early identification of the potential issues/risk factors and their resolution. Risk factors will be tracked continuously and timely action will be taken to contain the risk.