Risk Workshop and Risk Register Plan Component - Essay Example

Risk Management Plan Component This paper relates to the Flayton electronics regarding the major data breach it suffered and the respective causes. The risk register contains risks faced before, during and after the data theft. I did a threat register to spot the main classes of these threats or further analysis. This will enable easy Identification of these risks listed as categories of these risks for further analysis. Furthermore, this register contains the sources of all these flaws listed as categories. From the analysis, I listed the risks involved in terms of priority to point out the main risks faced by the company. These risks had to relate to the commercial, technical and management sections of the Risk management plan. Project management deploys scientific skills to analyze, identify and access risk factors and opportunities that accompany a specific project. Furthermore, it enables the formulation of a specific response plan to these anticipate risks according to their magnitudes. All these work is facilitated by a project manager and a team of specialists that work under him to analyze and realize these potential threats to the company. He should be in charge of the realization of these risks and devising an effective response plan to avoid, mitigate, transfer or accept the risk. The team is identified under full qualifications to ensure the company does work out. Being a project Manager requires full leadership skills and quick response skills. One should also be a team builder since the close participation of the team is equally essential to the team. What does a Risk register entail? The risk management plan contains all the possible risks associated with the big Data theft. This is identifying all the possible threats to the security system, their causes and possible solutions of the risks. The Flayton electronics major security bridge was caused by these factors. 1. Technical Risks Scope of definition Requirements definition Estimates, assumptions and constants The process Test and acceptance Safety and security Reliability and maintainability Design Accessibility and security Complexity and availability for malice 2. Commercial Risks Joint ventures and partnerships Client and consumer relations Tendering and supplies Terms and conditions of the contract 3. Management risks Organization of the stakeholders Operation management Human resource Quality management Communication and publicity Further classification of the risks is done in to sections, which are further broken down into categories. These categories are clearly outlined in four main categories of Technical, Management, external and commercial. (Hilson & Simon, 2007, p.51) To prioritize these risks, a number of processes are undertaken. Qualitative and quantitative methods of analysis are deployed in this process. Factors like probability and the effects of the risks are of high priority in the process These scales are formed by considering all variables involved, whether high, low or medium. Considering a risk with a high score, it is noticeable that the impact of the risk in question could be vital to the project. Medium risks would be considered crucial too and the low Risks would be considered containable for the project. Alternatively, a high risks posts much threat to the project, a medium Risk could occur occasionally and a low risk would not be likely to affect the project. These scales provide standard measures for the stakeholders (Heldman, 2005). In the above mention analysis, numeric values play a vital role in the estimation of the impacts of the risks felt. This analysis is normally applied for big projects where Risks could cause serious problems. There is System software specifically designed for the above task though smaller projects can be handled manually. The values can be estimated and specific points. In the above mention analysis, numeric values play a vital role in the estimation of the impacts of the risks felt. This analysis is normally applied for big projects where Risks could cause serious problems. There is System software specifically designed for the above task though smaller projects can be handled manually. The values can be analyzed depending on level of the threat to be analyzed. Flayton electronics had the following problems or risks. ID CATEGORY RISK IMPACT DESCRIPTION PROBABILITY RISK VALUE 1 Technical Scope definition Vague scoop allows scoop throughout the project Caused by the technical errors made 89 80 management Project management Project management vaguely established Management problems encountered 78 80 Commercial Contractual terms and the tendering conditions The Memorandum of Understanding signed is not clear and specific Problems involving the system of commerce in the project 80 80 Each of the Risks tabled above are critical to the well being of the project. According to Gray & Larson (2008), “Defining the Project Scope sets the stage for developing a project plan. Project scope is a definition of the end result or missions of the project- a product or service for your client/ customer” (p.92) a well-defined scoop ensures the success of a project since it is the main motive of the project. If a project misses a scoop then it is as well a dead project. The scoop outlines all the aspects of the project. Other factors critical to the success of a project include such as risk analysis are equally crucial to the success of a project. If these factors are not brought out prior to the project then the stake holders are clearly handling a visionless project that will crumble the moment Risks start knocking. Furthermore, agreeing on proper terms helps in making a logic approach to the project. Vague terms and conditions can only lead to further complications. The parties involved are bound to be at loggerheads if all these issues aren’t addressed properly. In the Data breach at Flayton electronics, factors related to ambiguous project scope risk were the rush to enter an agreement without involving independent technical assistance, not conducting the financial analysis of the project. The signing of the contract was hasty, they didn’t consider all the biddings .these factors were rushed hence the time given was inadequate to compile a project scoop and to conduct a proper risk analysis. Management risks were caused by the little effort shown in the project management process. Vital point like planning, control and validation were not given the right audience they wanted. The poor construction of the second phase was another management fail. The budgeting was unreal thus, the financial matters were a big blow to the project. (Custom Book, 2011). The contractual risks were the partisan MoU that favored Enron, specific details about the project cost as required by the legislation were missing. Information is a valuable asset and essential to the business (Avison & Fitzgerald 1995). Flayton Electronics is committed to protecting the information throughout its Lifecycle in line with its value, sensitivity, the risks to which it is exposed and in a manner consistent with legal, regulatory and contractual arrangements. Flayton Electronics operates under a Key Risk framework supported by Risk and Control frameworks and Company Policies. The purpose of this plan is to detail the minimum level of controls to which business must adhere to ensure that the Flayton Electronics information is adequately protected. There are some information risk controls that are designed through other policies and plans. These controls apply to all information, whether in electronic, paper, portable devices or in other forms, to ensure the Flayton Electronics information related risk is managed appropriately. Scope This plan applies to: (a) Flayton Electronics and all its subsidiaries (including any consolidated entity acquired via a debt-for-equity swap or created through a joint venture); and (b) All employees of any entity within paragraph (a) above; for the purposes of this document, "employees" includes employees, agency workers, consultants and contractors, irrespective of their location, function, grade or standing. It does not apply to: (a) Any entity in which the Flayton Electronics has any interest and which is a non-consolidated entity, or to any employee of any such entity; or (b) Any entity which has been consolidated for IFRS accounting purposes*, provided Flayton Electronics has neither legal nor operational control. * such entities are likely to be property owning vehicles with a related Flayton Electronics loan which is in default and where Flayton Electronics has current and unilateral enforcement rights but does not have legal ownership/control. The principles stated in the Company IRM Policy are elaborated in this Company IRM Plan document. Where the policy document states ‘what’ principles must be followed, this plan indicates ‘how’ the controls must be implemented. All Flayton Electronics businesses are required to implement this Plan, but may extend (add) requirements if appropriate Information Classification is the process of identifying and classifying information assets to ensure that they are handled, distributed, stored and disposed of in accordance with their criticality and sensitivity. A failure to classify and handle information assets correctly could lead to potential data leakage events and ultimately regulatory fines, reputational and financial damage (Wood-Harper and Avison, 1990). It is clear that risk management is a vital part of project planning and a little ignorance on the topic could cost the stakeholders involved. It is therefore important to pay attention to all the aspects analyzed in the risks register. When all these risks are treated with much caution future project fails and ensures the development of important projects that will minimize risks and any complications that cost the Government and the stake holders involved. In conclusion, a Risk Register is constructed and used to identify risk categories of a project so that they can be prioritized for response plans. The natures of the risks determine the impact and significance to the project’s success, but to get a clear picture of the risk itself, the factors causing the risk must be identified. References Custom Book, (2011). BUS 519: Project risk management: Casepack 2011. New York: John Wiley & Sons. Gray, C.F. & Larson, E.W. (2008). Project management: The managerial process. Boston, MA: McGraw-Hill Companies, Inc. Heldman, K. (2005). Project manager’s spotlight on risk management. San Francisco, CA: Jossey-Bass. Hillson D. & Simon, P. (2007). Practical project risk management: The ATOM methodology. Vienna, VA: Management Concepts, Inc. Read More