Risks arising from intentional destruction or malevolent modification of:
IT Risk Management The process in which potential risks to a business are identified , analyzed and mitigated , along with the process of balancing the cost of protecting the company against a risk vs. the cost of exposure to that risk. Risk Management
Dependence on electronic information and IT systems is essential to support critical business processes. Successful businesses need to better manage the complex technology that is pervasive throughout their organizations in order to respond quickly and safely to business needs. . .
. . . In addition, the regulatory environment is mandating stricter control over information. This, in turn, is driven by increasing disclosures of information system disasters and increasing electronic fraud. The management of IT-related risks is now being understood as a key part of enterprise governance.
Utilizes the approach of assuming that over time very small, almost unnoticeable differences can start a chain reaction that will eventually generate big changes
Projects planned with cutting edge technology should focus on near-term big returns on the investment
Focus less on ROI (return on investment) and more on what business impact the project will have
Risk vs. Technology Maturity Impact of Technology Maturity Risk Early Adopter Mid Adopter Late Adopter hands-on implementation experience little exper / high risk more exper / mid risk much exper / low risk vendor survival for project after shake-out high risk mid risk low risk sudden changes in direction of technology high risk mid risk low risk integrating technology with existing portfolio high risk mid risk low risk Benefits Period for Start of Payoff Short term Mid term Long term Size of Returns per period Biggest Bigger Big
Risk Management at Project Level Steps Taken by Prudent Managers
List the risks that could occur and when they could occur
Determine what detection method can alert IS that risk occurred
Establish detection method
Estimate each risk’s probability of occurring
Formulate plans that can mitigate each risk
Establish teams that will monitor and mitigate the risk
Group Problem Describe two types of risks giving an example of each that an IS manager should consider when evaluating the options on replacing a legacy system that will no longer correctly process transactions when a new law goes into effect in six months.
Procurement - Process RFP Process Objective : Identify best solution to meet stated business need while minimizing cost and risk 1. Pre-RFP 2. RFP 3. Proposal Submissions 4. Proposal Evaluations 5. Vendor Selection 6. Procurement Method 7. ROI Analysis 8. Negotiate Contract
Sometimes requires "proof" statements, such as "This feature was implemented 12 months ago and is currently installed at 10 sites. Names and addresses are provided in the reference section."