IT Risk Management Techniques

Introduction

In life, only two things are true about failure. One, it is common and second, nobody likes them. Failure is something that cannot be completely avoided but it is not absolute as well. Past failures become better lessons on which such failures doesn’t occur in the future. Modifications and changes made due to failures signal positive changes in the entity and scopes for improvement. The only irony in this case is that each failure comes at a certain cost.

In case of IT projects, costs due to failures occurs due to missing the said deadlines, overrunning of project budget costs or not meeting the client specified scope and objectives. The major risk aspect signals for any IT project is due to 1) failure to provide the returns for the investments made & 2) lack of accountability due to the project failure (ownership).

A small improvement in the failure rate drastically increase the progress of the project and results in lesser costs. Due to these above mentioned aspects certain IT Risk Management Techniques are followed for all IT firms to mitigate the risks and increase the net income of the firm as a whole.

IT Risk Management Techniques

1. Risk Mitigation Planning

Its an ongoing effort that doesn’t stop with a quality assessment or after setting up of contingency plan. It includes front end planning of how risks will be mitigated and then hoe they will be managed. Therefore, for any project execution plan, the risk mitigation strategies and specific action plans should be incorporated in advance.

These plans include:

• Identification and quantification of root causes at the beginning of the risk management process
• Evaluation of the risk interactions and their common causes
• Preparation, assessment & prioritization of alternate mitigation strategies, methods and tools for all identified major risks
• Selection of resources for the selected mitigation alternatives
• Communication of planning results to all participants of the project for implementation

2. Risk Response & Mitigation Tools

Certain risks once identified can be easily eliminated but some are very difficult to mitigate and cause a huge impact in the project as such. Therefore, the risk mitigation process should be a continuous process which should be carried out all the stages by both management & project directors.

• Response to level of Uncertainty: Failure by the project directors to recognize and anticipate the changes based on both the external and internal factors can result in unfortunate results for project with great potential. Always a flexible decision-making process is followed for adaptability to changes. For projects with very low level of uncertainty, the optimal policy is to increase the present value of the project by its early completion. Eg. Fixed price projects with schedule performance incentives. While for a project with high risk probability, a full speed ahead approach won’t be possible. Therefore, they would focus on performance-based incentives, rather than on fixed price projects.
• Dealing with High-Impact, Low Probability Risks: High-Impact, Low Probability Risks must be mitigated to reduce its impacts or the likelihood of it happening. The process of risk mitigate and management comes at a cost which is to be incorporated into the project budget and are to be tracked so that none of the critical activities are affected. Incorporation of any specific mitigation strategy doesn’t specify whether it is effective and depends on the project activities.
• Risk Transfer & Contracting: Risk transfer by contracting of certain segments to external parties are done in cases where the external party is fully capable to manage the risk. The parties are made fully aware of the project risk, accountability of the risk and the rewards associated with the risk before a contract is signed between both the contracting parties.
• Risk Buffering: Risk Buffering or Risk Hedging is the process of assigning some reserve or buffer to absorb the repercussions of risk without affecting the project. Common examples include overestimation of project quantities, manhours, overhead costs. These overestimates can result in overstating the project costs and are controlled only when other contracting parties are involved.
• Risk Avoidance: It is a process of elimination or avoidance of certain classes of risk by a change in project parameters. It tends to reconfigure a project such that a certain risk factors are eliminated. But great care should be taken such no additional risks gets incorporated due to this reconfiguration. Risk Avoidance is an underutilized strategy as compared to risk transfer since the project owners first think about how the risk can be transferred to come external entity before they think in lines of risk avoidance.
• Risk Control: This strategy involves assumption of a risk occurring in the near future and then taking steps to reduce, mitigate and eliminate its impact. Risk control can be result in higher costs due to acceleration or deceleration of a project due to both internal and external factors such as competition.
• Organizational Flexibility: High levels of risk occur in many number of projects and the ease with which the management takes a decision is a huge factor for any project. Based on this, an organization may:
  • Deffer on its decisions until additional information is obtained
  • Re-structure the project to minimize the impact of the top management decisions
  • Staging of project so that its progress is reviewed at certain decision points
  • Changing the scope of the project at certain decision points
  • Analysing of various strategic decisions to simulations before they are taken.

References:

1. http://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/Firmware-Security-Risks-and-Mitigation.aspx
2. https://www2.deloitte.com/global/en/pages/risk/solutions/enterprise-risk-management.html
3. https://pdfs.semanticscholar.org/65f9/51df1e7293a3a7708489ff6018581cc09dec.pdf
4. https://www.nap.edu/read/11183/chapter/7#45

Did you like this example?

674

35