M_o_R is a framework for managing risks. It involves identifying risks, assessing them, planning risk responses, and implementing those responses. The document discusses mapping M_o_R processes to various ITIL processes, including service strategy, service portfolio management, service transition, and service design. It provides examples of risks associated with specific ITIL processes and how M_o_R could be applied, such as identifying and assessing risks during service evaluation in service transition. The challenges of measuring risk and structuring risk management across an organization are also outlined.

1. Management of Risk
(M_o_R)

2. What is M_o_R®?
M_o_R® is a route map
for risk management.

3. What is ITIL?
 Information Technology
Infrastructure Library (ITIL) , is a set of
practices for IT Service
Management (ITSM) that focuses
on aligning IT services with the
needs of business.

4. What is Risk Management?
Risk management is the systematic application of principles, approaches and processes to the tasks
of identifying and assessing risks and then planning and implementing risk responses

5. What is a risk?
 “an uncertain event which, should it occur, will have an effect on the objectives
achievement of objectives”
Could be:
Good
OPPORTUNITY
Bad
THREAT “Expect the best, plan for the
worst, and prepare to be
surprised”
Dwight Eisenhower

6. Risk is a combination of:
 Probability of a perceived threat or opportunity occurring, and magnitude of its
impact on objectives
ADDITIONAL DEFINITIONS:
 Risk Appetite
 Risk Tolerance

7. An opportunity or not?
Would you do it once?
Would you do it again?

8. Programme
Project
Operational
Strategic
Long term
(continuous, ad-hoc)
Medium term
(all programs)
Short term
(all projects)
Business as usual
(continuous, ongoing, everyday)
Top-downApproach
When and where risk management should be applied?
Decisions
required for
implementing
actions
Decisions
transforming
strategy into
action
Decisions
on Business
Strategy

9. What does M_o_R offer?
M_o_R® Principles - derived from corporate governance principles in the recognition
that risk management is a subset of any organization's internal controls.
M_o_R® processes that describe the inputs, outputs and activities involved in ensuring
that risk are identified, assessed and controlled.
M_o_R® Approach needs to be agreed and defined using:
Embedding and Reviewing

10. M_o_R Framework

11. Risks in ITIL

12. Implementing Risk Management in ITIL
Process Critical Analysis
Problem Management There is a proactive and reactive management,
with the goal of reducing the impact of service
outages.
There is no specification how the actions
that need to be done (e. g. disaster covered
plan) are predicted and implemented.
Change Management Good change management techniques and
approach help reducing risks, minimize the
potential negative impact of change, and
reduce the risk of an undesirable outcome.
What techniques and approaches should be
implemented?
Service Delivery Services must be maintained, so it is important to
have a careful design.
Besides the careful design, how to
maintain service delivery must be
specified as well as plans to recover
from threats.
Availability Management Focuses on reliability and on how to put in place
alternative options to ensure the service
continues.
IT service Continuity Assesses risk to ensure overall continuity for the
business.
There is no specification on how to implement
risk management across all modules.

13. M_o_R Principles
 Aligns with objectives
 Fits the context
 Engages stakeholders
 Provides clear guidance
 Informs decision-making
 Facilitates continual improvement
 Creates a supportive culture
 Achieves measurable value.

14. M_o_R Approach
 Central to the approach is the creation of a set of documentation comprising:
 Risk management policy
 Risk management process guide
 Risk management strategies for each organization activity
 Three Categories of documentation
 Records
 Plans
 Reports

15. M_o_R Processes
Identify
Assess
Plan
Implement

16. M_o_R Process Broken Down
IDENTIFY and ASSESS
Identify
- Context
- Risks
Assess
- Estimate
- Evaluate
PLAN and IMPLEMENT
Plan Responses
Implement

17. Embedding Risk Management
Starts with the principles
Changing the culture for risk Management
Measuring the Value
Overcoming the common Barriers to Success

18. Mapping M_o_R
to
ITIL Process

19. M_o_R on Service
Strategy

20. M_o_R on Service Strategy
M_o_R
on
Service
Design

22. M_o_R in
Service Portfolio
Management
Sub-Process

23. - Embedding the principles;
- Changing the culture for risk
management;
- Measuring the value;
- Overcoming the common barriers
to success;
- Identifying and establishing
opportunities for change.
Aligning of M_o_R
Embedding &
Reviewing with ITIL
Continual Service
Improvement

24. Design By
Austin
Songer

25. Service Strategy -
Example

26. Service Strategy - Service Portfolio
Management
 Service Portfolio Management is all about managing the service portfolio.
M_o_R SPM Sub-Processes
- Identify, Assess and Plan on Defining and Analyzing new or changed Services;
- Assess and Plan on Approve new or changed Services;
- Implement on Service Portfolio Review.
Critical Success Factors are:
- Create planned and unplanned services that fit customer necessities;
- Determine the capability of services and adjust it according to the number of customers;
- Keep the Service Portfolio up-to-date.

27. Service Portfolio Management (Cont.)
POTENTIAL RISK KEY RISK FACTOR STRATEGIC RESPONSE
Creation of a service that is not aligned with
the organization‘s strategy or
organization/customer.
Decrease/Increase of customers satisfaction.
Decrease /Increase of customers.
Analyze the impacts on existing services and
the creation of new services in the
organization and determine the assets
required to offer the service.
Not keeping the Service Portfolio up-to-date. Number of services registered in the services
portfolio.
Frequency of activity on the Service Portfolio.
After approved the service must be formally
identified in the Service portfolio and
communicated to organization.
Creation of a Service Portfolio Review
Report, a document containing the results
and findings from a Service Portfolio Review.

28. Service Transition -
Example

29. Service Transition
The objective of ITIL Service Transition is to build and
deploy IT services. Service Transition also makes sure that
changes to services and Service Management processes
are carried out in a coordinated way while controlling the
risks of failure and disruption.

30. Associated Risks
 Change in accountabilities;
 Alienation of some key support;
 Additional unplanned costs;
 Resistance to change;
 Excessive costs to the business;
 Knowledge sharing;
 Lack of maturity and integration of systems;
 Poor integration between the processes;
 Loss of productive hours.

31. Service Transition - Evaluation
M_o_R, the following sub-steps are mapped in Evaluation
- Identify and Plan on Change Evaluation prior to Planning;
- Assess on Change Evaluation prior to Build;
- Assess and Implement on Change Evaluation prior to Deployment;
- Assess and implement on Change Evaluation after Deployment.

32. Service Transition - Service Asset and Configuration
Management
- Identify on Configuration Identification;
- Assess and Plan on Configuration Control;
- Implement on Configuration Verification and Audit.

33. The Challenges of Risk Management
 To Measure Risk Properly
 To Structure a good Risk Management transversally to the entire
organization
 To sensitize the organization to the importance of having a well-
structure and documented risk management process.

34. Recommendations
ITIL should develop a “Risk Management” process
There would be two new processes created
Risk Management – Scope Identification
Risk Management
SERVICE STRATEGY SERVICE DESIGN
Risk Management – Scope
Identification
Risk Management

35. References
 Management of Risk M_o_R . (2009). London: The Stationary Office.
 ITIL Service Strategy . (2011). London: The Stationary Office.
 ITIL Service Design . (2011). London: The Stationary Office.
 ITIL Service Operations . (2011). London: The Stationary Office.
 ITIL Service Transitions . (2011). London: The Stationary Office.
 ITIL Continual Service Improvement . (2011). London: The Stationary Office.