Information Risk Management - Essay Example

Risk Risk has always been a part of everybody's life. People have faced risk in any one form or the other. Risks are generally ified into environmental risks, financial risks, industrial risks and health risks. People have always tried to safeguard themselves from these risks. Human beings make use of various methods to protect themselves from these risks. Due to the improvement and advancement in the technology the risk has taken various forms. These technical advancements have improved the way people look at risks. The existing society is considered to be the one with plenty of risks. In the day to day life a person has to overcome various risks. He must be capable enough to handle them in an efficient manner. There are certain risks that are common to all the people in this world. The world has faced many risks out of which many have taken a toll on human lives. Global connectivity has contributed to the risk factors and people are more prone to such risks. Communication plays a major role in today's world and it has also contributed to the increasing risks. The modern society is more prone to risk due to the invention of various products. During the 17th and 18th centuries people were highly affected by the wars that arose between various countries. It had a serious influence on the people's lives and they had to struggle even to make their day to day living. The influence of risk does not end with these technical and communicational levels. Instead it opens its wings in the natural calamities also. Natural disasters like earthquakes, storms, floods also pose serious risks to human lives. These natural disasters have increased when compared to the past. This is due to the biological changes and the increased levels of pollution and hazardous chemicals. Global warming is also one among the reasons for such risks. All these lead to deaths which make the existing situation worse. Apart from these risks financial risks have also been a part of this world. Most of the organizations go through a tough phase during financial crisis and this is a serious problem to the organizations. Though risks can be avoided people struggle a lot overcome these issues. According to Ale risk is related to decision making and both go hand in hand. The decisions and the activities decide the way an organization or human life handles the risks. (Ale, 2009). Researches and surveys specify that people should be ready to face any risks. Uncertainty is a part of risk and people find it hard to overcome the risks when it arrives at a situation when they do not expect such incidents. Estimating the risk is not an easy task and it involves various similar issues. Risk management is a part of the recovery process and the management depends on the nature of risk. Organizations have to strive hard to overcome such risks that may be financial or physical. (Fragniere, 2007).The assets of the company are the first one to get affected and the organization must make sure they cope up and work hard to get back to the normal situation. Information Management Information management is the process of collecting and processing the information. Information systems simplify the manual processing by automating the operations and procedures. The information system includes the essential features that an organization requires. It is designed as a complete system that can manage the operations in the organization. (Zorkoczy, 1982).Automation is the greatest advantage of information systems. The required operations are specified and they are automated using the information system. This assures that the result is accurate. The system includes a database which stores the records and files. The database is efficient in maintaining the data security and integrity. The data can be retrieved as and when needed. Implementing an information system requires the competition of certain predefined tasks.(Turban, et al., 2006). The information management is done by a series of steps that ranges from collection of information till the effective storage of the information. In most of the organizations the information is collected from a particular authentic source after which it is processed and distributed to the concerned organization. (Clark, 2005).Information is an integral part of any organization and it is used in the design of the product, manufacturing and the marketing of a particular product. The processing, storage and retrieval of the information depends on the type of information and the specification. These steps are implemented in orderly manner so as to achieve the final information. The initial data is processed using the processing techniques and the automation activities are initialized. The information management process requires proper planning and co-ordination of the way in which the information is handled. To achieve this, the corresponding information technology must be implemented and this will make sure that the information is stored and maintained in a proper manner. Information management requires proper understanding of the information and the information flows. The nature of information and its flow in the organization are the integral part of information management. The flow of information must be analyzed after which the corresponding method is implemented to maintain the information. (Picot, 2008). Data analysis is the second important part of information management. The data is analyzed for its consistency and authenticity after which it is stored in the database. The database depends on the organization and its functional activities. Information management also includes management, storage and recovery of the information. The access to particular information is restricted and the access rights are provided only to the authorized users. For this purpose the organizations maintain a unique security format in which the access is restricted. This ensures the security of the information and it also enables the organization to maintain the confidential information. Recovery of information is an important part of information management. Importance of Information System The organization depends on the system that manages the data and the information pertaining to the departments in the organization. Hence the system must be able to manage the information in an easier and effective manner. The information system must include the essential features that will help the organization. The information system is a collection of components that work together to process and analyze the data and assist the organization in controlling the operations. Information systems also help in decision making. Certain information systems even help in report generation and co-ordination of the in- built processes. (Checkland & Holwell,1998). Thus information system is an integral part of an organization. The ophthalmic centre includes the latest techniques and equipments to perform surgeries. Thus the system must have the facility to include the details about equipments and their usage. The new system should not disturb the existing operations and it must update the details. The importance of information system is not limited to certain areas. Risk Management Risk management is a process of predicting and identifying the risks in the organization. The risk management process involves the identification and measurement of the risk by implementing the various risk management strategies. The risks are generally minimized by estimating the unforeseen incidents. A risk is a loss that may occur in an organization at unexpected situations. The threats and risks are generally measured before evaluating them. The risk is considered to be the force that degrades the overall information system. (Frenkel, 2005). A risk may prove costlier and hence the organization must implement the risk management strategies to safeguard the information system from such risks. Effective risk management is the goal of every organization since even a small threat can lead to a bigger loss. A risk management system must have the efficiency to qualify and also to quantify the various risks and must inculcate the basic principles that will reduce the probability of risks. Monitoring is one of the important parts of a risk management system. The information management system must be monitored regularly and this will considerably reduce the risks. The monitoring must be accompanied with periodical reviews that would enable the organization to arrive at a decision during difficult times. A risk management system includes checkpoints that enable easy prediction of risks. These checkpoints will provide the information regarding the changes in the information system. This in turn acts as a barrier to the threats and protects the system. The pattern of a risk management system differs from one organization to another. The system includes various activities that manage the risks that are faced by the organization. In a risk management system the process is preplanned and it is structured according to the needs of the organization. Then the process is combined with the other processes and then the risk process is implemented. Risk management system is made up of various activities namely planning, assessment, handling, monitoring and documentation. These activities are carried out in an orderly fashion so as to obtain the intended results. Risk management is an essential in every organization since it mitigates the risks and resolves them as soon it is identified by the system. It also helps in reducing the probability of risks by continuous monitoring of the system. Risk management system assures that the existing system is free of threats and risks. Once a risk is identified the system acts immediately to protect the information and ensures a hassle free risk removal process. As the system is reviewed on a regular basis, the chance of risks is certainly reduced. (Crouhy &Galai, 2006). The aim of a risk management system is to protect the system from risks and to improve the organization's business and quality of the products. Risk Management Issues Risk is an unavoidable part of any business. Risk management system protects the information system from risks and manages them in an efficient manner. The way in which the risk management system is structured decides the fate of an information system. The system must be designed based on the requirements of the organization. The system must be efficient enough to handle any type of risks and should also be capable to resolve the issue within a short period of time. (Hubbard, 2009).The pitfalls of the risk management system must be identified and the modification must be done to safeguard the information system. Any risk management system must identify and manage the risks efficiently and effectively. There are various issues related to risk management. The employees of an organization must be aware that a risk might cost their information and it may also lead to great losses. The organization must make sure that all the employees equipped to handle a situation where a risk arises. Though each and every organization maintains a separate risk management team, the employees across the organization must also be capable to handle the unforeseen circumstances. This would help the developers to resolve the issue in a much efficient way. The risk management system and the process of implementation is a herculean task. Due to this it consumes more time to implement a risk management system as and when needed. This emphasizes the fact that no risk can be mitigated in a jiffy. In spite of the technical advancements it is difficult for a risk manager to identify a risk single handedly. Instead it is a process that involves various activities that must be performed in order to develop a complete risk management system. Risk Management involves processes which require the organization to make decisions. Hence to manage these situations a decision making system becomes mandatory. Risk management and decision making models go hand in hand since each and every step of risk management involves decision making. Risk management can be improved with the help of decision making models. These decision making models make the process of risk management much easier. The process of risk management is a tedious process and it requires the assistance of decision making models. These decision making models ensure that risk management process is performed effectively. Importance of Decision Making Models Decision is an important part of any organization and it must be made with utmost care. The company must realize the seriousness of the decision and must act accordingly. The data and information required to make a decision must be gathered and analyzed. This will help the organization to make a better decision. A decision must be taken after analyzing its pros and cons. Hence a decision has to be taken keeping in mind all its consequences and effects. In general a decision is made depending on the situation and the issue. The decision made cannot be favorable for everyone in all circumstances. It may lead to improvement or adverse effects on the situation. The information from the concerned department is the important part of decision making process. Decision making models becomes mandatory when arriving at a decision. Hence an organization must make use of any of the decision making models to make sure that the decisions are proper. (Groucutt &Griseri, 2004). Since decision making is a crucial process in an organization, the decision making model must provide the organization with several alternatives from which a suitable one can be selected. Decision Making Models Decision making is a process that requires more analysis and research. Decision making cannot be made in a simple way. Instead it has to be made with the help of decision making models. These decision making models must be implemented in each and every organization whenever a decision has to be made. The models support decision making and makes the process easier. This can be achieved only if appropriate decision making model is selected. The model should be selected based on the organization and the situation in which the decision has to be made. (Johnson, 2008).Decision making models not only assist in decision making but helps in the growth of the organization. There are several decision making models that a company can select and implement. Rational Model Rational model is one among the popular decision making models. This model is widely used and almost all the organizations use this model to make decisions. This model analyses the advantages and disadvantages of any decision and gives a solution to the existing problems. By implementing this model the prevailing problematic situation can be improved. This model selects the decision that will help in the development of the organization. The reliable and logical option will be selected from the other options. Since rational model selects the most reliable decision, it is preferred by the management. The only disadvantage of this model is it consumes more time when compared to other decision making models. (Lu, 2007).The required information must be gathered well in advance and requires more preparation. Rational model constitutes of a structured sequence that contains four steps. The problem is identified in the first step and the factors responsible for the problem are analyzed. The solution for the corresponding problem is stated and the model suggests the alternative methods to deal with the existing problem. Then the relevant solution is selected based on the result from the previous steps. Once all the three steps are implemented, the final step of implementing the selected solution is made. This will resolve the problem and will help in the improvement of the organization. Seven Step Model The seven step decision making model consists of seven steps that point out the best decision and guides the organization. The information must be provided in order to select the best decision. Then depending on the information the decision alternatives are designed and analyzed. Once the information regarding the decision is provided it is analyzed and a research study is conducted to know more about the information. Then the relevant information is segregated from the unwanted information. (Johnson, 2008). This is done to make sure that only valid information is considered in decision making process. (Daft, 2009).After separation of the valid information the process of decision making is carried out. In each of the steps the information is filtered and the relevant data is presented to the management. Intuitive Decision Model Intuitive decision making model is preferred only by certain organizations. Since it does not include any strategy, the model is given less importance. A strategy is necessary for any model to incorporate the necessary changes. Intuitive decision making model is completely different when compared to the other decision making models. The information pertaining to the decision is made available and the model keeps track of the information. Though the information is provided to the model, it does not provide any effective solution. As the solutions are not well received within the organization, the model is not popular among the organizations. (Osborn, 2006).The decision made with the help of intuitive model does not yield any benefit to the organization. Decision Matrix Analysis SWOT Analysis Tool SWOT tool analyzes the requirements of the clinic. This tool contains two factors based on which the analysis is performed. Internal factors. External Factors. The internal factors describe the existing working of the clinic and the advantages and disadvantages of the prevailing procedures and operations. This is done using the four components of SWOT analysis tool Strengths The clinic has a good reputation and the doctors are professionally trained. The outpatient surgical centre has gained more popularity due to its pre-operative and post-operative care. (Post & Anderson, 2006). The clinic uses the latest equipments and the surgeries are performed using advanced techniques. Laser surgery and eye correction is performed in the surgical centre. Due to the good reputation and great patient care has led to the increasing number of patients. Weakness The clinic does not use any specific system to maintain the purchase and supply of equipments and medicines. Stand alone systems are used to maintain the accounts and billing. The clinic does not maintain a general list of patients and the patients are not intimated regarding their appointments Opportunities The opportunity is one of the external factors. The external factors are the things that happen outside the clinic and these factors contribute to the development of the clinic. The system must inform the patients regarding their next check up. The patients need a system like this to assist them. Threats The existing system poses a threat of information loss. The system does not have a provision to review and compare the past record of the patients. The SWOT analysis tool guides the organization to develop an information system that can be built based on the strengths of the company. It allows eliminating the weakness identified in the analysis and it emphasizes on using the opportunities. (Groucutt & Giriseri, 2004). The threats identified by the SWOT have to be reduced. Pareto Analysis Pareto analysis is one among the decision making models that enable the organization to make decisions in a much effective way. This model is based on the statistical technique which selects a particular task that is specified by the organization. This decision making technique uses the Pareto 80/20 rule. This rule states that if 20% of the process is done, it will automatically generate 80% of the intended benefit. The initial part of the decision is selected from the entire set of tasks. These tasks are selected based on the importance and their type of work. The remaining parts of the task are considered as the secondary tasks. Most of the organizations adopt this model since it simplifies the process of decision making. The organization and its information system must be analyzed before implementing the Pareto analysis tool. The changes in the existing information system and the risk management system must be listed out. This would enable the developer to find out the various problems that exists in the organization. If there is more than one facet of a single problem, they must be grouped together since this will ease the process of scoring. (Lu, 2007).Then the scoring method must be selected based on the existing problem. Once the scoring method is selected, the one with the highest score must be plotted. This will ensure that the organization experiences the benefit immediately. The aim of the decision must be known well in advance in order to derive the appropriate decision. Once this is accomplished the lower scores can be plotted. The Pareto analysis is the simplest technique and it identifies the major problems that need to be resolved within a shorter period of time. The final score specifies the severity of the problem so that the organization can act accordingly. Though this seems to be a simpler approach to the problems, it will take more time when compared to the other types of decision making models. Decision Tree Decision tree is one of the methods that propose multiple solutions to a single problem. It provides a complete structure that enables the employees to explore among the options. They can investigate the available options to make a decision. This also provides them with various options and the advantages and disadvantages of these options. The organization can select the required option depending on the strategies and opportunities. Each square in the decision tree represents the decision and the circle represents a solution. The decision tree is drawn with the decision that the organization wants to make. From a single box lines must be drawn to each possible solution. Then a description about the solution must be written. If this solution leads to sub solutions or decisions, that line must be extended. (Osborn, 2006).This process must be continued until a wide variety of options are derived. Once the decision tree is plotted, the values of the decision nodes are calculated. The cost of each and every option that lies in the decision line is stored. Then this cost is subtracted from the value that has been calculated. The same method is continued for all the decision nodes until the most beneficial decision node is calculated. The node with the largest benefit is termed as the decision node and the note in that node is made as the decision. Decision tree technique makes sure that the best decision is selected. When compared to the other decision techniques this provides more options from which the organization can select its desired decision. Another advantage of decision tree is that it provides solution to the existing problems without increasing the decision making costs. This reduces the company's expense of implementing a new decision. These are the various decision making models that assist the organization in the decision making process. These models minimize the probability of risks and makes sure that the final decision is more advantageous. Though all these models yield best results, rational model is the widely since it not only assists in decision making, but it also helps in the development of the organization as well. The process of rational model is simpler and it offers more options for further modification. This is certainly an added advantage to the organization. Reference Ale, B., (2009). Risk: An Introduction: The Concepts of Risk, Danger and Chance. Oxon: Routledge Publications. Fragniere, E., (2007). Risk Management: Safeguarding Company Assets. US.A: Thomson Learning. Clark, J., (2005). Information Management: The Compliance Guide to the Jcaho Standards. U.S.A: Hcpro Inc. Picot, A., (2008). Information, Organization and Management. Germany: Springer Verlag. Zorkoczy, P., 1982. Information Technology: An Introduction. U.K: Knowledge Industry Publications. Turban, E. et al., 2006. Information Technology for Management. U.S.A: Wiley Inc. Post, G. & Anderson, D.,2006. Management Information Systems (4th Edition). U.S.A: McGraw Hill Publications. Frenkel, M., (2005). Risk Management: Challenge and Opportunity. New York: Springer Berlin Heidelberg. Crouhy, M & Galai, D., (2006). The Essentials of Risk Management. U.S.A: Tata McGraw-Hill. Hubbard, D., (2009). The Failure of Risk Management. New Jersey: John Wiley & Sons. Johnson, G., (2008). Exploring Corporate Strategy: Text and Cases. U.S.A: Pearson Education. Daft, R., (2009). Understanding Management. U.S.A: South Western Cengage Learning. Osborn, S.,(2006). Organizational Behavior. U.S.A: Wiley Inc. Lu, J.,(2007). Multi-Objective Group Decision Making: Methods, Software and Applications. U.S.A: Imperial College Press. Groucutt, J. & Griseri, P.,(2004). Mastering e-Business. New York: Palgrave Publications. Read More