Risk Management and Development
Barrese (2006) the assessment, identification and prioritization of risks along with economical application and coordination of resources reduce control and monitor the possibility and or impact of unforeseen events or to capitalize on realization of opportunities. Goals, definition and method vary basing on whether the method of risk management is in the context of management of projects, industrial process, engineering, financial portfolios, security, actuarial assessment or public health and safety.
Challenges to risk management strategies
If ricks are inaccurately prioritized and assessed, time can be used to for purpose especially when dealing with loses of risks that may not happen. Utilizing much time in managing unlikely risks and its assessment can deflect resources that could be capitalized on.
Unforeseen events do happen but if the risk is improbable to happen, it may be better to retain it and deal with the outcome- that is if the loses has occurred. Qualitative assessment of risk is not impartial and has no consistency. The main justification for a formal risk assessment process is the bureaucratic and legal nature. Putting the most important risk management process in a higher position can keep companies from starting a project or getting it accomplished. This is possible if other projects are temporary put on hold until the process of risk management is regarded to be complete.
Development and Trend
The factors involving development and trend include
Planning the number of processes left.
Identification of the risk in the chosen area.
Information security through mitigation of risk using the organizational, technological and human resource available.
Developing an analysis of risk involving in the process.
Defining the technological framework for the an agenda and the activity of identification
Mapping out the scope of social risk management, principle upon which risk will be constraints, the objectives and identity of stakeholders.
Planning
Choose the suitable controls to measure risks. It requires to be accepted by the suitable level of management. Risk management plan should suggest effective and applicable security regulation for managing the risks. An efficient risk management plan should involve a schedule for implementation control and the person responsible for those actions.
Identification
Billions of people connect with each other everyday thus making identity to take a new focus and considering the increase in the particular cases of identity fraud and theft, without instituting the best practices, policies and practice, trust can be uncertain. Risk are the events that when set off can cause problems. It can start with the cause of problem or the problem itself and this include
Source analysis
Problem analysis
Source analysis is when risk sources may be either external or internal to the system which is the aim of risk management while problem analysis are risks that are identified as undesirable threat. When either of the two is known, investigation can be done on the events that a source or problem was triggered.
Information Security
There should be a reformed focus on the tool of privacy management with the ability to mask information specifically in a non production environment. This can strengthen the need for solving ciphers and subsequent request to make complexity simple. Information on statistics is not obtainable on the gone occurrence. Assessing the severity of the results is sometimes complicated for incorporeal assets. Asset worth estimation is another issue that requires to be addressed. The best academic view and reliable statistic are the basic source of information. Such information should be provided for the management of the company that the basic risk is not complex to understand and that the risk management resolution may be prioritized.
Technology
Technology is a complex resource field that is dynamic. In order for an organization to stay competitive in the business environment, it has to use modern technology to meet its targets, speed up operations and produce standard outputs. Though technology has positive impact to the organizational productivity, it can also be used for fraud and illegal dealing. Unfortunately besides its merits, it is expensive change with technology, repair and maintain the machines. It requires a lot of money to buy technological ideas, system and procedures. Spending a lot of time managing and assessing, unlike risks can deflect the direction of resources that could be capitalized.
Significance
Appropriate countermeasures or controls are significant in measuring each risk. The appropriate level of management need to approve the risk mitigation, for instance the risk involving the reputation of an organization has to have top management approval as the information technology department would have the authority to decide on the risks of computer virus.
The management plan for risk should suggest effective and applicable security regulations for managing the risks. For instance an observed high computer viruses risk should be mitigated by implementing and acquiring antivirus software. A good plan for risk management should include a schedule for responsible persons and control implementation for those actions.
Risk mitigation often means selecting security control which should be recorded in applicability statement that identifies which controls from the standard and particular control objectives, have been used and why.
Implications
Neil (1986) says that, an organization needs to understand all the mitigation methods for the effect of the risks. Insurance policies have to be purchased for the risks that have been decided to be handed over to an insurer, refrain from all risks that can be evaded without sacrificing the entitys targets, minimize others and continue to have the rest.
Initial management plan for risk will never be perfect. Experience, practice and actual loss outcome will necessitate transition in the plan and give information to allow different decision to be made in dealing with the risk at hand. The results of risk analysis and management plan should be up to date periodically in order to assess whether the previous chosen security controls are still effective and applicable to assess the possible level of risk in the business environment. Risk management is the system of controlling, measuring and monitoring risk that organization encounter. Its effect can be on products and services, financial and human resources and external effect on the market, society and environment. Risk management is all about the following activities
Initiating a plan on how risks will be dealt with.
Live projects of risk database should be maintained.
Delegating authority to risk officer with the responsibility of anticipating potential risks.
Anonymous channel for reporting risk should be created.
Mitigation plans for risk that are selected to be mitigated are supposed to be prepared. These plans describe how specific risk is supposed to be dealt with.
Management of risk is a performance of systematically choosing cost effective ways for reducing the impact of the realization of threat to a firm. All risks can be mitigated or avoided fully simply because of practical and financial limitations. Thus all firms have to acknowledge some level of residual risks. Once risks have been found and assessed, the methods used to manage them include
Reduction which is the practice of mitigation.
Avoidance which is the practice of elimination.
Retention which is all about accepting and budgeting.
Sharing which deals with insuring and outsourcing.
Categories:
0 comments:
Post a Comment