Computer Aid, Inc, profile picture
Uploaded byComputer Aid, Inc
PPTX, PDF1,930 views

IT Risk Management

This document discusses risk management in information technology. It begins with introductions and an agenda. It then covers IT management basics like strategy, operations, and project management. It defines IT risks as the possibility that IT will not be able to deliver required capabilities. It discusses identifying, analyzing, planning for, tracking, controlling, and communicating risks. It provides an example of managing application support risks and a case study on a project to improve service excellence at an organization.

Embed presentation

Downloaded 110 times
CIO’s Guide to Risk Management
Agenda • Introductions • IT Management Basics • IT Risk Management • Managing Application Support Risks • Application Management Case Study • Managing Project Risks
Introductions Agenda Computer Aid, Inc • 30 Years in IT Consulting Services Business • Privately Held Entrepreneurial Organization • 3,000 Associates Worldwide • $300 Plus Million in Revenue in 2011 • Offices in 34 U.S. Metropolitan Areas • Global offices in Toronto, London, Sydney, and Kuwait, Singapore • Off-shore delivery: Philippines, China, Argentina, Ethiopia, and India • Headquarters: Allentown, Pa.
CAI Managed Services • Application Support Outsourcing – Assume full responsibility for support – Fixed Price – Service Level Commitments – Continuous Improvement Commitments • Application Development – Fixed Price Proposals – On-Time, On-Budget, High Quality, Warranty • Help Desk Outsourcing – Service Level Commitments – Fixed Price
CAI Clients Manufacturing Government Retail Financials Transportation / Logistics Services Education Insurance Utilities
Agenda • Introductions • IT Management Basics • IT Risk Management • Managing Application Support Risks • Application Management Case Study • Managing Project Risks
IT Management Basics
What is the mission of IT? Deliver the Information Processing Capability required by the business at a cost that represents value
IT Services • Implement, operate, and support – Infrastructure (servers, mainframes, networks) – System software and Tools • Operating Systems • Data Query and Reporting • E-mail and Internet Access • Application design, development, and support tools • Design, build/purchase, install, operate and support application software to support the business • Store, protect and provide secure access to business information • Provide consulting services to the business
Dimensions of IT Management • Strategy and Business Alignment – Strategic Planning: Management Vision, Philosophy, and Objectives – Business Planning: Identify Business Needs – Portfolio Management: Initiate and prioritize projects – Budgeting: Authorize with budgets and funding • IT Services – Technology Architecture: Languages, DBMS, Network – Infrastructure Operation: Operations Processes – Application Development: SDLC, Project Management, Standards – User Support and Services: Help Desk, SLA’s • Administration and Control – Human Resource Management: HR Policies, Training – Supplier Management: Purchasing
Dimensions of Project Management • Cost • Integration • Schedule • Communication • Scope • Human Resources • Quality • Procurement • Risk • Methodology
Dimensions of Operations & Support Management • Reliability • Availability • Capability • Timely • Responsive/Performance • Flexibility/Adaptability
IT Risk Management
What is an IT Risk? The possibility that IT will not be able to deliver the required capability
SEI Service CMMI • Identify the “Commitment to Deliver” • Establish the “Ability to Deliver” • Deliver Note: Risk identification and mitigation are ongoing activities … requirements change which results in new commitments.
Risk Management Impact on Project Success
Risk Management (NASA) • Identify - scenarios for failure • Analyse - likelihood and consequence of failure • Plan - actions required to track and control risks • Track - program performance against plan • Control - risk issues and verify effectiveness • Communicate and Document
Identify & Analyse Risks • Strategic – Does the business strategic plan address information processing capabilities? – Is there a reasonable budget? – Does the Information Processing strategy directly link to business goals and objectives?
Identify & Analyse Risks • Service Management Processes – Do the services management processes adequately address the following areas? • Change and Quality Management • Incident and Problem Management • Availability and Capacity Management • Service Level Commitments – What type of commitments does IT make (by area)? – Are they reasonable? – What scenarios would prevent IT from meeting the commitments? – Can IT respond to changing requirements?
Identify & Analyse Risks • Application Architecture – Is the technology obsolete? – Does the application provide flexibility to respond to changing business requirements? – Is the application reliable and available when needed? – Does it handle spikes in processing volumes? • Hardware and System Software – What scenarios would impact this area? – What is the required capacity, availability, and security? – Do we have visibility of availability, reliability, and performance? – Can faulty components be replaced? – Can we identify trends?
Identify & Analyse Risks • Application Operations and Support – Do the applications provide the required capabilities? – How often to they need to be enhanced? – How often do they need to be fixed? – What knowledge is required to operate and support? – Are they reliable, flexible, easy to use? – Is the technology obsolete? – Can they be easily updated to support changing requirements? – What do they cost and what value is provided?
Risk Planning • Define success or the “commitment to deliver” (SLA’s, dates, estimates, scope) • Analyse the “ability to deliver” including processes, tools, infrastructure, applications, staff, and knowledge • Identify gaps or scenarios where the ability to deliver will not be able to meet the commitment • Identify prevention or response actions
Track Progress • Is the available capacity for processing and services aligned with the demand to meet business needs without wasting resources? • Are SLA’s being met? • Are processes being followed? • What is the level of quality and the reason for defects? • Is the staff size and their knowledge level adequate to meet the service demand?
Control • Is there a formal risk management process? • Are all risks logged? • Who owns the responsibility for ownership for mitigation or prevention been assigned? • Are problems analyzed to determine the risks that have not been addressed? • Is there a problem management process for permanently fixing problems and eliminating risk?
Communicate • Is there a formal risk management plan? • Are known risks communicated to the staff so they can be aware of the risks? • Does the business participate in the prioritization and mitigation of risks? • Are the causes and impacts of problems communicated?
Scenario: Managing Application Maintenance Risks
Application Risk Areas • Do the applications provide the required capabilities? • How often to they need to be enhanced? • How often do they need to be fixed? • What knowledge is required to operate and support? • Are they reliable, flexible, easy to use? • Is the technology obsolete? • Can they be easily updated to support changing requirements? • What do they cost and what value is provided?
Plan and Manage • Inventory applications and their capabilities, availability requirements, and redundancies. • Implement application management processes to track costs, changes, quality, and value to business. • Identify missing or deficient capabilities and how often they need to be enhanced. Initiate enhancements to provide user-controlled configuration. • Eliminate recurring problems by implementing fixes. • Document required knowledge and facilitate orientation or cross-training of staff. • Identify solutions for replacing obsolete technologies. • Develop a retirement strategy.
Management Capability Visibility • What services are needed? • What services are provided? • When are they provided? • How often? • Why are they provided? • How much do they cost?
Management Capability Control • Were the services authorized? • Did they deliver the correct result? • Were standard processes followed? • Were the services delivered on-time and on- budget? • Did the customer receive value?
Management Capability Optimization • Reduce Risks and Costs • Improve Quality • Improve Processes • Improve Customer Satisfaction • Increase Value to the Business
Case Study: Highmark Service Excellence Project
Service Excellence Project Objective: Improve IT’s ability to meet or exceed commitments to the business Year 1 Goal: Increase value to the business by increasing time spent on enhancements from 4% to 18% Achievements • Time spent on enhancements increased to 22.5% in 9 months and 36% after 18 months • Enhancement backlog was eliminated • Application Problems and Support costs were reduced • Business management received increased visibility and control of their requested services, required hours, and cost • Increased Customer Satisfaction
Risk Assessment Results • Service requests were not logged • Service Level Goals are not formally defined • Most of the available resource hours are spent resolving incidents resulting in a large backlog of projects • Customer satisfaction was not measured but it was assessed as poor based on informal feedback • Most of the support management processes were informal and team specific • Knowledge was undocumented resulting in a dependence on “hero experts for each application • “Reactive” management because of limited visibility and control
Solution Framework Optimise •Improve Processes •Reduce/Prevent Problems •Increase Value Control •Implement Processes •Commitments/SLA’s •Enforce Processes •Authorize Services Visibility •Services •Resources •Performance •Metrics
Resulting Business Value • Increased quality, reduced rework and application problems, and reduced support costs • Improved process maturity • Implemented metrics to support ongoing improvement initiatives • Increased staff effectiveness and productivity • Reduced risk • Improved performance against commitments which improved customer satisfaction
Case Study Pa. Department of Transportation Application Management and Outsourcing
PennDOT Introduction  Provides Transportation Management for the Commonwealth of Pennsylvania  Created in 1970 to streamline transportation management  Annual budget of over $6 bn of state and federal funds  Total 121,000 miles of state and local highways  Total 55,000 state and local bridges  Manage 40,000 miles of highway and 25,000 bridges  12,000 employees  11.3 Million vehicle registrations  8.7 Million driving licenses  Safety and Emissions control inspection programmes
Commonwealth Directive “Do more with less”  Commonwealth Budget 2011-12  Balance budget with no tax increases  Refocus investment in core functions of government  Reduce general fund budget by 4% ($1.17 billion)  State spending overall reset to near 2008-09 levels  State agencies are directed to focus on delivery and reduce administrative overhead
Success 76,500 Function Points added 0.2% defect rate
Scenario: Managing Project Risks
Risk Analysis: Why Projects Fail? Standish Chaos Report • Incomplete Requirements 13.1% • Lack of User Involvement 12.4% • Lack of Resources 10.6% • Unrealistic Expectations 9.9% • Lack of Executive Support 9.3% • Changing Requirements 8.7% • Lack of Planning 8.1% • Didn't Need It Any Longer 7.5% • Lack of IT Management 6.2% • Technology Illiteracy 4.3% • Other 9.9%
The solution begins with accountability • Who is responsible for managing project risk? • Who is responsible for project success? • Who is to blame for project failures? • Does the IT project team have unrealistic expectations of the business? • Does the business have unrealistic expectations of the IT project team?
Mitigating Project Risks • Cleary defining Requirements minimizes changes and re-work • Establish an achievable Scope based on available resources, budgets, and expected completion date • Plan the project to avoid Resource downtime and minimize schedule disruptions • Identify Issues early to prevent problems and avoid the resulting re-work
Will you be successful? Effective Risk Management answers this question • Required Information – Timely and accurate project performance data – Opinions/feedback from all participants – Status of all open issues • Risk Analysis – Is the project on-time and on-budget for completed tasks? – Is the project on-time and on-budget for active tasks? – Has anything changed (scope, resource availability, customer satisfaction, levels of overtime)? – What is the reason and impact of the change? – What is the impact of open issues?
Information Requirements • Stakeholder and Team Communications – Requirements – Status – Issues/Concerns • Project Performance data – Actual effort/cost vs. estimates – Total Changes and the impact of changes – Total Re-Work by reason (requirements changes vs. errors) – Lost time due to schedule disruptions
Solutions • Improve communications with all project participants without disrupting progress • Ensure compliance with processes • Collect and analyze project performance metrics to identify trends and new risks • Efficient staff orientation to the project and the management processes to enable agile staffing • Establish accountability
How does CAI succeed? • Repeatable Processes are used to manage requirements, scope, schedules, risk, issues, changes, quality, and resources • Tracer Service Management Tool provides visibility (metrics) and status into all assigned activities across projects and support • Automated Project Office Answers the question “Will we succeed?” – Early identification of risks by conducting project health assessments to analyze project performance metrics and surveys of participants and stakeholders – Validates compliance with processes
Automated Project Office Visibility of Issues
Automated Project Office Visibility of Issues
How can CAI help you? • Fixed price Application Development services • Application Support Outsourcing to allow your staff to work on projects • Project Management and Transformation consulting to improve effectiveness • Automated Project Office tool to enable a rapid project office implementation • ITMPI – IT Metrics and Productivity Institute provides access to resources and knowledge from world- renowned experts in various fields
Thank You.

More Related Content

PDF
Vulnerability Management Whitepaper PowerPoint Presentation Slides
bySlideTeam
 
PDF
Information technology risks
bysalman butt
 
PPTX
Mastering Information Technology Risk Management
byGoutama Bachtiar
 
PPTX
Information Security Risk Management and Compliance.pptx
byAbraraw Zerfu
 
PPTX
CISA Training - Chapter 3 - 2016
byHafiz Sheikh Adnan Ahmed
 
PPT
Understanding IT Governance and Risk Management
byjiricejka
 
PDF
IT Risk Management
byTudor Damian
 
PDF
Guide to Risk Management Framework (RMF)
byMetroStar
 
Vulnerability Management Whitepaper PowerPoint Presentation Slides
bySlideTeam
 
Information technology risks
bysalman butt
 
Mastering Information Technology Risk Management
byGoutama Bachtiar
 
Information Security Risk Management and Compliance.pptx
byAbraraw Zerfu
 
CISA Training - Chapter 3 - 2016
byHafiz Sheikh Adnan Ahmed
 
Understanding IT Governance and Risk Management
byjiricejka
 
IT Risk Management
byTudor Damian
 
Guide to Risk Management Framework (RMF)
byMetroStar
 

What's hot

PDF
Information Security Risk Management
byErsoy AKSOY
 
PPT
Risk identification
bymurukkada
 
PPTX
Information security management system
byArani Srinivasan
 
PPTX
Risk management
bymamta bhaurya
 
PPTX
Security risk management
byPrachi Gulihar
 
PPTX
Fraud detection analysis
bySAI MANIKANTA MANASANI
 
PPT
Risk Identification.ppt
byAvicenna6
 
PDF
IT Risk Management - the right posture
byParag Deodhar
 
PDF
Risk Management module PowerPoint Presentation Slides
bySlideTeam
 
PPT
Information security management
byUMaine
 
PPTX
Risk management
byMichael Alonzo
 
PDF
Risk Management Process And Procedures PowerPoint Presentation Slides
bySlideTeam
 
PDF
Risk Management Process
byno suhaila
 
PDF
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
byShawn Tuma
 
PPTX
Risk management
byAglaia Connect
 
PDF
ERM-Enterprise Risk Management
byJorge Vaz Girão , CISA, PMP, PMDPro I, ERMCP
 
PPSX
Security policies
byNishant Pahad
 
PPTX
Information Security Management System in the Banking Sector
bySamvel Gevorgyan
 
PDF
1. Security and Risk Management
bySam Bowne
 
PPTX
Banks and cybersecurity v2
bySemir Ibrahimovic
 
Information Security Risk Management
byErsoy AKSOY
 
Risk identification
bymurukkada
 
Information security management system
byArani Srinivasan
 
Risk management
bymamta bhaurya
 
Security risk management
byPrachi Gulihar
 
Fraud detection analysis
bySAI MANIKANTA MANASANI
 
Risk Identification.ppt
byAvicenna6
 
IT Risk Management - the right posture
byParag Deodhar
 
Risk Management module PowerPoint Presentation Slides
bySlideTeam
 
Information security management
byUMaine
 
Risk management
byMichael Alonzo
 
Risk Management Process And Procedures PowerPoint Presentation Slides
bySlideTeam
 
Risk Management Process
byno suhaila
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
byShawn Tuma
 
Risk management
byAglaia Connect
 
ERM-Enterprise Risk Management
byJorge Vaz Girão , CISA, PMP, PMDPro I, ERMCP
 
Security policies
byNishant Pahad
 
Information Security Management System in the Banking Sector
bySamvel Gevorgyan
 
1. Security and Risk Management
bySam Bowne
 
Banks and cybersecurity v2
bySemir Ibrahimovic
 

Viewers also liked

PPTX
Gps ppt
bydanicuchi123
 
PDF
Emperor Digital Portfolio
byNadaZbirek
 
DOC
Mahmoud turkey
byMahmoud Turki
 
PDF
LIT0070 - Brigade Corporate Brochure
byEmily Hardy
 
PDF
Unidad 12 13 y 14
byCarlos
 
PPTX
articulo de economia
byalejandra alvarez cruz
 
PPS
Día 13 - Vida Cristiana
byJuan Ignacio B.
 
DOC
JPOBRIEN_CV[1][1]
byJohn Paul O' Brien
 
PPTX
Tecnología, tendencias y oportunidades de negocio
byCelestino Güemes Seoane
 
PDF
Feature Sheet - channelPay
byAnna Walczak
 
PDF
Kars pegasus ucuz uçak bileti telefon
byhasan ahmet
 
PDF
Actas terpel otros
byjohnjalopez
 
DOCX
Examen 2 lopez castellanos estefania
byarmendia539
 
PDF
Arrival Card
byambcw
 
DOCX
Exemple cv 2
byCarlos Nadal Perelló
 
PDF
Fitoplancton y Zooplancton en Humedal Cordoba
byTeodoro Chivata
 
PPTX
Educación y gestión ambiental 6-2-12
byProCiencia
 
PPTX
Paco Martínez Soria
byjal94
 
PDF
Huawei Modular UPS Systems UPS5000E Sereis
byRobin Koffler MBA CDCEP
 
PPTX
Tráfico de personas
byfernanda hernandez
 
Gps ppt
bydanicuchi123
 
Emperor Digital Portfolio
byNadaZbirek
 
Mahmoud turkey
byMahmoud Turki
 
LIT0070 - Brigade Corporate Brochure
byEmily Hardy
 
Unidad 12 13 y 14
byCarlos
 
articulo de economia
byalejandra alvarez cruz
 
Día 13 - Vida Cristiana
byJuan Ignacio B.
 
JPOBRIEN_CV[1][1]
byJohn Paul O' Brien
 
Tecnología, tendencias y oportunidades de negocio
byCelestino Güemes Seoane
 
Feature Sheet - channelPay
byAnna Walczak
 
Kars pegasus ucuz uçak bileti telefon
byhasan ahmet
 
Actas terpel otros
byjohnjalopez
 
Examen 2 lopez castellanos estefania
byarmendia539
 
Arrival Card
byambcw
 
Exemple cv 2
byCarlos Nadal Perelló
 
Fitoplancton y Zooplancton en Humedal Cordoba
byTeodoro Chivata
 
Educación y gestión ambiental 6-2-12
byProCiencia
 
Paco Martínez Soria
byjal94
 
Huawei Modular UPS Systems UPS5000E Sereis
byRobin Koffler MBA CDCEP
 
Tráfico de personas
byfernanda hernandez
 

Similar to IT Risk Management

PPT
PMI Event
byComputer Aid, Inc
 
PDF
SilverStorm "Credibility and Collaboration to achieve excellence in IT Govern...
bySilverStormSolutions
 
PDF
A Value Centric Approach to Governance Risk & Compliance
byInnoTech
 
PPTX
Indranil Guha - It transformation challenges & choices...
byGlobal Business Events
 
PPTX
Info sec 2011 julen c mohanty
byJulen Mohanty
 
PPTX
Info sec 2011 julen c mohanty
byJulen Mohanty
 
PPTX
D6_IT_risk enterprise information technology resource manag
byPhaneendraSai3
 
PDF
IT Optimization & Risk Management
byJeromie Jackson
 
PPTX
High level service v2 slideshare
byphil1i
 
PPTX
Frameworks For Predictability
bytlknecht
 
PPTX
Information Security Cost Effective Managed Services
byJorge Sebastiao
 
PDF
The evolving role of IT managers and CIOs
byIBM Rational software
 
PDF
Innovation connections quick guide managing ict risk for business pdf
byAbdulbasit Almauly
 
DOCX
Michael Bowers Resume
bymichaelsbowers
 
PDF
Managing Risk in IT
byNTEN
 
PPT
Establishing a framework for it governance by dave cunningham 2007
byDavid Cunningham
 
PDF
Culture structure strategy_for_a_grc_program
byRamsés Gallego
 
PDF
Current Challenges Of It Service Management In Hungary 2009
byPéter Fehér
 
PDF
Understanding co bit 4.1
byn|u - The Open Security Community
 
PDF
South Florida HDI Event, Managing Service Delivery
byEddie Vidal
 
PMI Event
byComputer Aid, Inc
 
SilverStorm "Credibility and Collaboration to achieve excellence in IT Govern...
bySilverStormSolutions
 
A Value Centric Approach to Governance Risk & Compliance
byInnoTech
 
Indranil Guha - It transformation challenges & choices...
byGlobal Business Events
 
Info sec 2011 julen c mohanty
byJulen Mohanty
 
Info sec 2011 julen c mohanty
byJulen Mohanty
 
D6_IT_risk enterprise information technology resource manag
byPhaneendraSai3
 
IT Optimization & Risk Management
byJeromie Jackson
 
High level service v2 slideshare
byphil1i
 
Frameworks For Predictability
bytlknecht
 
Information Security Cost Effective Managed Services
byJorge Sebastiao
 
The evolving role of IT managers and CIOs
byIBM Rational software
 
Innovation connections quick guide managing ict risk for business pdf
byAbdulbasit Almauly
 
Michael Bowers Resume
bymichaelsbowers
 
Managing Risk in IT
byNTEN
 
Establishing a framework for it governance by dave cunningham 2007
byDavid Cunningham
 
Culture structure strategy_for_a_grc_program
byRamsés Gallego
 
Current Challenges Of It Service Management In Hungary 2009
byPéter Fehér
 
Understanding co bit 4.1
byn|u - The Open Security Community
 
South Florida HDI Event, Managing Service Delivery
byEddie Vidal
 

More from Computer Aid, Inc

PPTX
A Few Interesting Observations From 2014 PMI Pulse
byComputer Aid, Inc
 
PDF
Management by Walking Around
byComputer Aid, Inc
 
PPTX
Automation of Information (Cyber) Security
byComputer Aid, Inc
 
PPT
Knowledge Management - By Joe Hessmiller
byComputer Aid, Inc
 
PPTX
Why Do CIO's Get Fired? By Joe Hessmiller
byComputer Aid, Inc
 
PPTX
Leadership is Simple, Followership is a Challenge - Lehigh University Guest L...
byComputer Aid, Inc
 
PPTX
Driving Innovative IT Metrics (Project Management Institute Presentation)
byComputer Aid, Inc
 
PDF
APO State Government Business Brief
byComputer Aid, Inc
 
PDF
White paper-management-by-walking-around
byComputer Aid, Inc
 
PPTX
Leadership, Presented at Lehigh University
byComputer Aid, Inc
 
PPTX
APO ITBuzz Overview
byComputer Aid, Inc
 
PPTX
Introduction to CAI
byComputer Aid, Inc
 
PPTX
Managing in the 21st Century
byComputer Aid, Inc
 
PDF
State of Georgia
byComputer Aid, Inc
 
PPTX
Managing in the 21st Century
byComputer Aid, Inc
 
PPTX
APO IT Buzz Overview and Screenshots
byComputer Aid, Inc
 
PDF
AmeriHealth Case Study
byComputer Aid, Inc
 
PPT
APO Presentation
byComputer Aid, Inc
 
PDF
Interview with Risk Management Practitioner: Robert Charette
byComputer Aid, Inc
 
PPTX
APO 2.0
byComputer Aid, Inc
 
A Few Interesting Observations From 2014 PMI Pulse
byComputer Aid, Inc
 
Management by Walking Around
byComputer Aid, Inc
 
Automation of Information (Cyber) Security
byComputer Aid, Inc
 
Knowledge Management - By Joe Hessmiller
byComputer Aid, Inc
 
Why Do CIO's Get Fired? By Joe Hessmiller
byComputer Aid, Inc
 
Leadership is Simple, Followership is a Challenge - Lehigh University Guest L...
byComputer Aid, Inc
 
Driving Innovative IT Metrics (Project Management Institute Presentation)
byComputer Aid, Inc
 
APO State Government Business Brief
byComputer Aid, Inc
 
White paper-management-by-walking-around
byComputer Aid, Inc
 
Leadership, Presented at Lehigh University
byComputer Aid, Inc
 
APO ITBuzz Overview
byComputer Aid, Inc
 
Introduction to CAI
byComputer Aid, Inc
 
Managing in the 21st Century
byComputer Aid, Inc
 
State of Georgia
byComputer Aid, Inc
 
Managing in the 21st Century
byComputer Aid, Inc
 
APO IT Buzz Overview and Screenshots
byComputer Aid, Inc
 
AmeriHealth Case Study
byComputer Aid, Inc
 
APO Presentation
byComputer Aid, Inc
 
Interview with Risk Management Practitioner: Robert Charette
byComputer Aid, Inc
 
APO 2.0
byComputer Aid, Inc
 

Recently uploaded

PDF
Institute for Public Relations 2025 Year in Review
byMariumAbdulhussein
 
PDF
Step-by-Step Guide to Buying LinkedIn Accounts in 2026.pdf
byasikurrhmanxyzit
 
PDF
Juniper Research's Top 10 Trends for Fintech in 2026
byChris Skinner
 
PDF
Equinox Gold - Corporate Presentation.pdf
byEquinox Gold Corp.
 
PDF
Buy Verified PayPal Accounts Search Intent Analysis for 2025–26.pdf
byUsaservicepoint
 
PDF
Mobile and Online Banking_ Open an Account Today.pdf
bykmn4gloa39pwajpujj
 
DOCX
How to Buy Verified Wise Accounts .docx
byGoogle Business Site Google & Gmail / Buy Old Gmail Accounts
 
PDF
Top 5 Places to Buy Aged LinkedIn Accounts and Should ....pdf
byd4633pnxrkfjibzcniru
 
PDF
The safety revolution - Origins of workplace health and safety
byBarry Naismith
 
PDF
how to Buy linkedin Accounts in 2026 .pdf
bywc0fr9qf43i5qo5kn3
 
PDF
Top 10 Websites to Buy Facebook Accounts Tone.pdf
byidc1w3adizw383go
 
PDF
How to Buy Instagram accounts for professional brand ....pdf
bykeb2bq5cegc6m2xa32ay
 
PDF
Step-by-Step Guide to Purchasing USA Facebook ....pdf
byyl62ghphl9tyxn3q8lv5
 
PDF
How to Buy Twitter Accounts in 2026 (1).pdf
bywc0fr9qf43i5qo5kn3
 
PDF
How to Buy Snapchat Account A Step-by-Step Guide..pdf
byidc1w3adizw383go
 
PDF
The Easiest Way to Buy Snapchat Accounts (1).pdf
byidc1w3adizw383go
 
PDF
How to Buy USA Facebook Accounts in 2026 .pdf
bywc0fr9qf43i5qo5kn3
 
PPTX
DeFi Passive Income: From definitions to practical examples
byAli Mohammad Saghiri
 
PDF
How to Buy a USA Facebook Accounts Safely.pdf
byyl62ghphl9tyxn3q8lv5
 
PDF
When Paychecks Stop: Are We Financially Ready
byAurumCapital
 
Institute for Public Relations 2025 Year in Review
byMariumAbdulhussein
 
Step-by-Step Guide to Buying LinkedIn Accounts in 2026.pdf
byasikurrhmanxyzit
 
Juniper Research's Top 10 Trends for Fintech in 2026
byChris Skinner
 
Equinox Gold - Corporate Presentation.pdf
byEquinox Gold Corp.
 
Buy Verified PayPal Accounts Search Intent Analysis for 2025–26.pdf
byUsaservicepoint
 
Mobile and Online Banking_ Open an Account Today.pdf
bykmn4gloa39pwajpujj
 
How to Buy Verified Wise Accounts .docx
byGoogle Business Site Google & Gmail / Buy Old Gmail Accounts
 
Top 5 Places to Buy Aged LinkedIn Accounts and Should ....pdf
byd4633pnxrkfjibzcniru
 
The safety revolution - Origins of workplace health and safety
byBarry Naismith
 
how to Buy linkedin Accounts in 2026 .pdf
bywc0fr9qf43i5qo5kn3
 
Top 10 Websites to Buy Facebook Accounts Tone.pdf
byidc1w3adizw383go
 
How to Buy Instagram accounts for professional brand ....pdf
bykeb2bq5cegc6m2xa32ay
 
Step-by-Step Guide to Purchasing USA Facebook ....pdf
byyl62ghphl9tyxn3q8lv5
 
How to Buy Twitter Accounts in 2026 (1).pdf
bywc0fr9qf43i5qo5kn3
 
How to Buy Snapchat Account A Step-by-Step Guide..pdf
byidc1w3adizw383go
 
The Easiest Way to Buy Snapchat Accounts (1).pdf
byidc1w3adizw383go
 
How to Buy USA Facebook Accounts in 2026 .pdf
bywc0fr9qf43i5qo5kn3
 
DeFi Passive Income: From definitions to practical examples
byAli Mohammad Saghiri
 
How to Buy a USA Facebook Accounts Safely.pdf
byyl62ghphl9tyxn3q8lv5
 
When Paychecks Stop: Are We Financially Ready
byAurumCapital
 

IT Risk Management

  • 1.
    CIO’s Guide toRisk Management
  • 2.
    Agenda • Introductions • IT Management Basics • IT Risk Management • Managing Application Support Risks • Application Management Case Study • Managing Project Risks
  • 3.
    Introductions Agenda Computer Aid, Inc • 30 Years in IT Consulting Services Business • Privately Held Entrepreneurial Organization • 3,000 Associates Worldwide • $300 Plus Million in Revenue in 2011 • Offices in 34 U.S. Metropolitan Areas • Global offices in Toronto, London, Sydney, and Kuwait, Singapore • Off-shore delivery: Philippines, China, Argentina, Ethiopia, and India • Headquarters: Allentown, Pa.
  • 4.
    CAI Managed Services •Application Support Outsourcing – Assume full responsibility for support – Fixed Price – Service Level Commitments – Continuous Improvement Commitments • Application Development – Fixed Price Proposals – On-Time, On-Budget, High Quality, Warranty • Help Desk Outsourcing – Service Level Commitments – Fixed Price
  • 5.
    CAI Clients Manufacturing Government Retail Financials Transportation / Logistics Services Education Insurance Utilities
  • 6.
    Agenda • Introductions • IT Management Basics • IT Risk Management • Managing Application Support Risks • Application Management Case Study • Managing Project Risks
  • 7.
  • 8.
    What is themission of IT? Deliver the Information Processing Capability required by the business at a cost that represents value
  • 9.
    IT Services • Implement,operate, and support – Infrastructure (servers, mainframes, networks) – System software and Tools • Operating Systems • Data Query and Reporting • E-mail and Internet Access • Application design, development, and support tools • Design, build/purchase, install, operate and support application software to support the business • Store, protect and provide secure access to business information • Provide consulting services to the business
  • 10.
    Dimensions of ITManagement • Strategy and Business Alignment – Strategic Planning: Management Vision, Philosophy, and Objectives – Business Planning: Identify Business Needs – Portfolio Management: Initiate and prioritize projects – Budgeting: Authorize with budgets and funding • IT Services – Technology Architecture: Languages, DBMS, Network – Infrastructure Operation: Operations Processes – Application Development: SDLC, Project Management, Standards – User Support and Services: Help Desk, SLA’s • Administration and Control – Human Resource Management: HR Policies, Training – Supplier Management: Purchasing
  • 11.
    Dimensions of Project Management • Cost • Integration • Schedule • Communication • Scope • Human Resources • Quality • Procurement • Risk • Methodology
  • 12.
    Dimensions of Operations& Support Management • Reliability • Availability • Capability • Timely • Responsive/Performance • Flexibility/Adaptability
  • 13.
  • 14.
    What is anIT Risk? The possibility that IT will not be able to deliver the required capability
  • 15.
    SEI Service CMMI •Identify the “Commitment to Deliver” • Establish the “Ability to Deliver” • Deliver Note: Risk identification and mitigation are ongoing activities … requirements change which results in new commitments.
  • 16.
    Risk Management Impacton Project Success
  • 17.
    Risk Management (NASA) • Identify - scenarios for failure • Analyse - likelihood and consequence of failure • Plan - actions required to track and control risks • Track - program performance against plan • Control - risk issues and verify effectiveness • Communicate and Document
  • 18.
    Identify & AnalyseRisks • Strategic – Does the business strategic plan address information processing capabilities? – Is there a reasonable budget? – Does the Information Processing strategy directly link to business goals and objectives?
  • 19.
    Identify & AnalyseRisks • Service Management Processes – Do the services management processes adequately address the following areas? • Change and Quality Management • Incident and Problem Management • Availability and Capacity Management • Service Level Commitments – What type of commitments does IT make (by area)? – Are they reasonable? – What scenarios would prevent IT from meeting the commitments? – Can IT respond to changing requirements?
  • 20.
    Identify & AnalyseRisks • Application Architecture – Is the technology obsolete? – Does the application provide flexibility to respond to changing business requirements? – Is the application reliable and available when needed? – Does it handle spikes in processing volumes? • Hardware and System Software – What scenarios would impact this area? – What is the required capacity, availability, and security? – Do we have visibility of availability, reliability, and performance? – Can faulty components be replaced? – Can we identify trends?
  • 21.
    Identify & AnalyseRisks • Application Operations and Support – Do the applications provide the required capabilities? – How often to they need to be enhanced? – How often do they need to be fixed? – What knowledge is required to operate and support? – Are they reliable, flexible, easy to use? – Is the technology obsolete? – Can they be easily updated to support changing requirements? – What do they cost and what value is provided?
  • 22.
    Risk Planning • Definesuccess or the “commitment to deliver” (SLA’s, dates, estimates, scope) • Analyse the “ability to deliver” including processes, tools, infrastructure, applications, staff, and knowledge • Identify gaps or scenarios where the ability to deliver will not be able to meet the commitment • Identify prevention or response actions
  • 23.
    Track Progress • Isthe available capacity for processing and services aligned with the demand to meet business needs without wasting resources? • Are SLA’s being met? • Are processes being followed? • What is the level of quality and the reason for defects? • Is the staff size and their knowledge level adequate to meet the service demand?
  • 24.
    Control • Is therea formal risk management process? • Are all risks logged? • Who owns the responsibility for ownership for mitigation or prevention been assigned? • Are problems analyzed to determine the risks that have not been addressed? • Is there a problem management process for permanently fixing problems and eliminating risk?
  • 25.
    Communicate • Is therea formal risk management plan? • Are known risks communicated to the staff so they can be aware of the risks? • Does the business participate in the prioritization and mitigation of risks? • Are the causes and impacts of problems communicated?
  • 26.
    Scenario: Managing Application Maintenance Risks
  • 27.
    Application Risk Areas •Do the applications provide the required capabilities? • How often to they need to be enhanced? • How often do they need to be fixed? • What knowledge is required to operate and support? • Are they reliable, flexible, easy to use? • Is the technology obsolete? • Can they be easily updated to support changing requirements? • What do they cost and what value is provided?
  • 28.
    Plan and Manage •Inventory applications and their capabilities, availability requirements, and redundancies. • Implement application management processes to track costs, changes, quality, and value to business. • Identify missing or deficient capabilities and how often they need to be enhanced. Initiate enhancements to provide user-controlled configuration. • Eliminate recurring problems by implementing fixes. • Document required knowledge and facilitate orientation or cross-training of staff. • Identify solutions for replacing obsolete technologies. • Develop a retirement strategy.
  • 29.
    Management Capability Visibility • What services are needed? • What services are provided? • When are they provided? • How often? • Why are they provided? • How much do they cost?
  • 30.
    Management Capability Control • Werethe services authorized? • Did they deliver the correct result? • Were standard processes followed? • Were the services delivered on-time and on- budget? • Did the customer receive value?
  • 31.
    Management Capability Optimization • Reduce Risks and Costs • Improve Quality • Improve Processes • Improve Customer Satisfaction • Increase Value to the Business
  • 32.
  • 33.
    Service Excellence Project Objective: Improve IT’s ability to meet or exceed commitments to the business Year 1 Goal: Increase value to the business by increasing time spent on enhancements from 4% to 18% Achievements • Time spent on enhancements increased to 22.5% in 9 months and 36% after 18 months • Enhancement backlog was eliminated • Application Problems and Support costs were reduced • Business management received increased visibility and control of their requested services, required hours, and cost • Increased Customer Satisfaction
  • 34.
    Risk Assessment Results • Service requests were not logged • Service Level Goals are not formally defined • Most of the available resource hours are spent resolving incidents resulting in a large backlog of projects • Customer satisfaction was not measured but it was assessed as poor based on informal feedback • Most of the support management processes were informal and team specific • Knowledge was undocumented resulting in a dependence on “hero experts for each application • “Reactive” management because of limited visibility and control
  • 35.
    Solution Framework Optimise •Improve Processes •Reduce/Prevent Problems •Increase Value Control •Implement Processes •Commitments/SLA’s •Enforce Processes •Authorize Services Visibility •Services •Resources •Performance •Metrics
  • 36.
    Resulting Business Value • Increased quality, reduced rework and application problems, and reduced support costs • Improved process maturity • Implemented metrics to support ongoing improvement initiatives • Increased staff effectiveness and productivity • Reduced risk • Improved performance against commitments which improved customer satisfaction
  • 37.
    Case Study Pa. Departmentof Transportation Application Management and Outsourcing
  • 38.
    PennDOT Introduction  ProvidesTransportation Management for the Commonwealth of Pennsylvania  Created in 1970 to streamline transportation management  Annual budget of over $6 bn of state and federal funds  Total 121,000 miles of state and local highways  Total 55,000 state and local bridges  Manage 40,000 miles of highway and 25,000 bridges  12,000 employees  11.3 Million vehicle registrations  8.7 Million driving licenses  Safety and Emissions control inspection programmes
  • 39.
    Commonwealth Directive “Do more with less”  Commonwealth Budget 2011-12  Balance budget with no tax increases  Refocus investment in core functions of government  Reduce general fund budget by 4% ($1.17 billion)  State spending overall reset to near 2008-09 levels  State agencies are directed to focus on delivery and reduce administrative overhead
  • 40.
    Success 76,500 Function Points added 0.2% defect rate
  • 41.
  • 42.
    Risk Analysis: WhyProjects Fail? Standish Chaos Report • Incomplete Requirements 13.1% • Lack of User Involvement 12.4% • Lack of Resources 10.6% • Unrealistic Expectations 9.9% • Lack of Executive Support 9.3% • Changing Requirements 8.7% • Lack of Planning 8.1% • Didn't Need It Any Longer 7.5% • Lack of IT Management 6.2% • Technology Illiteracy 4.3% • Other 9.9%
  • 43.
    The solution beginswith accountability • Who is responsible for managing project risk? • Who is responsible for project success? • Who is to blame for project failures? • Does the IT project team have unrealistic expectations of the business? • Does the business have unrealistic expectations of the IT project team?
  • 44.
    Mitigating Project Risks •Cleary defining Requirements minimizes changes and re-work • Establish an achievable Scope based on available resources, budgets, and expected completion date • Plan the project to avoid Resource downtime and minimize schedule disruptions • Identify Issues early to prevent problems and avoid the resulting re-work
  • 45.
    Will you besuccessful? Effective Risk Management answers this question • Required Information – Timely and accurate project performance data – Opinions/feedback from all participants – Status of all open issues • Risk Analysis – Is the project on-time and on-budget for completed tasks? – Is the project on-time and on-budget for active tasks? – Has anything changed (scope, resource availability, customer satisfaction, levels of overtime)? – What is the reason and impact of the change? – What is the impact of open issues?
  • 46.
    Information Requirements • Stakeholderand Team Communications – Requirements – Status – Issues/Concerns • Project Performance data – Actual effort/cost vs. estimates – Total Changes and the impact of changes – Total Re-Work by reason (requirements changes vs. errors) – Lost time due to schedule disruptions
  • 47.
    Solutions • Improve communicationswith all project participants without disrupting progress • Ensure compliance with processes • Collect and analyze project performance metrics to identify trends and new risks • Efficient staff orientation to the project and the management processes to enable agile staffing • Establish accountability
  • 48.
    How does CAIsucceed? • Repeatable Processes are used to manage requirements, scope, schedules, risk, issues, changes, quality, and resources • Tracer Service Management Tool provides visibility (metrics) and status into all assigned activities across projects and support • Automated Project Office Answers the question “Will we succeed?” – Early identification of risks by conducting project health assessments to analyze project performance metrics and surveys of participants and stakeholders – Validates compliance with processes
  • 49.
    Automated Project Office Visibility of Issues
  • 50.
    Automated Project Office Visibility of Issues
  • 51.
    How can CAIhelp you? • Fixed price Application Development services • Application Support Outsourcing to allow your staff to work on projects • Project Management and Transformation consulting to improve effectiveness • Automated Project Office tool to enable a rapid project office implementation • ITMPI – IT Metrics and Productivity Institute provides access to resources and knowledge from world- renowned experts in various fields
  • 52.

Editor's Notes

  • #10 In order to provide the required processing capability, IT provides the following services:Implement, operate and support hardware (servers, networks, printers) Implement support and utilize variety of general purpose tools such as E-mail, Query software, and tools for developing and supporting applications.Design, build/purchase, install, operate, and support applicationsStore and protect informationIT also provides a wide variety of consulting and planning services to the business
  • #11 IT management consists of three major categories and 10 dimensions. It is important to note that IT is a young profession and standard management frameworks are still evolving. In order to ensure success, each of the management frameworks must address these common areas.
  • #12 Delivery of IT services consists of scheduled activities and on-demand services. Scheduled activities are typically managed as projects and success requires management of the following areas:
  • #13 Delivery of IT services consists of scheduled activities and on-demand services. Scheduled activities are typically managed as projects and success requires management of the following areas:
  • #16 SEI defines provides a process maturity framework and they have defined a Capability Maturity model for services. This framework says that service organizations must first “Identify their commitment to deliver” and then “establish the ability to deliver”Commitments can be tactical (short-term) or strategic and business requirements may require new commitments. As a result, Risk identification and mitigation are ongoing activities.Keep in mind: Business expectations may be unreasonable and they may be impossible to meet. The mission of IT is to manage expectations and meet their commitments.
  • #17 According to this study by Interlink consulting, Risk Management has the biggest impact on project success.
  • #18 Let us discuss some risk management theory. NASA specializes in managing risk. Their missions are some of the riskiest endeavors ever attempted by man. NASA identifies the following activities for identifying and managing risk:Identify failure scenarios. Analyse the likelihood that the scenario will occur. There is a possibility that you will leave your house and be struck by a meteor but the likelihood of such an event is so remote that you would not take any precautions. On the other hand, if it is cloudy and humid, it is likely there will be rain so you should mitigate the risk by taking an umbrella.Planning includes defining the activities required to track risks and control their impact through mitigation or recovery actions.If you choose not to mitigate the risk, it is important to track the frequency and impact if problems when they occur. Effective Risk Management also includes communication and awareness
  • #19 The next step is to Analyse the risks. If we agree that a risk is the possibility of not meeting commitments then we should analyse the scenarios that may cause us to meet commitments.Identify the types of commitments, how they align with expectations, determine if they are reasonable, and how to ensure they are met. We must also recognize that requirements will change which will require new commitments.Finally, management processes should be analysed to determine if they are adequate.
  • #20 The next step is to Analyse the risks. If we agree that a risk is the possibility of not meeting commitments then we should analyse the scenarios that may cause us to meet commitments.Identify the types of commitments, how they align with expectations, determine if they are reasonable, and how to ensure they are met. We must also recognize that requirements will change which will require new commitments.Finally, management processes should be analysed to determine if they are adequate.
  • #21 The next step is to Analyse the risks. If we agree that a risk is the possibility of not meeting commitments then we should analyse the scenarios that may cause us to meet commitments.Identify the types of commitments, how they align with expectations, determine if they are reasonable, and how to ensure they are met. We must also recognize that requirements will change which will require new commitments.Finally, management processes should be analysed to determine if they are adequate.
  • #22 Application management is one of the highest risk areas for IT. Applications provide the direct link to the business. They are difficult/expensive to develop or purchase and they also require extensive support. Application inventories should be assessed based on the following criteria:
  • #23 In order to identify risk scenarios, we need to define success based on commitments. Then we need to address issues with our ability to deliver on these commitments,
  • #24 Tracking progress is a proactive step. If we do not track progress then we cannot identify trends and anticipate and prevent problems. Examples of progress tracking include:
  • #25 Control cannot be achieved without a formal risk management process that includes logging risks and issues and assigning ownership for mitigation or resolution. This includes an analysis of problems to identify new risks. This requires incident tracking and problem management capabilities.
  • #26 If the Risk Management Team does not communicate risks and implement processes to mitigate risks, then they will have to react to the resulting problems without the ability to prevent them. A formal Risk Management Plan provides an excellent mechanism for communicating risks. This also makes it easier for the business to participate in the prioritization and mitigation of risks and the identification of problems.
  • #28 The following questions should be answered for each application, gaps should be identified, and a plan should be prepared to address the gaps.
  • #29 A plan should be created to address the following areas. Each of these activities should be repeated on a periodic basis. Changes to business requirements or technology may introduce new risks or problems.
  • #36 The transformation involved three phases:We ran queries to collect metrics to identify the types of support services, frequency, priority, and cost. Processes were implemented to enhance the ability to manage the support services, establish commitments, authorise work, and enforce processes.Finally, we trained the team to look for new risks or opportunities for improvement. This included implementing permanent solutions to recurring problems to reduce support costs.