Reply To: OCU ISSO Week 1 Lesson 01 Discussion
We will soon need to understand the value of implementing solid steps to IT Risk Management.
I feel that IT risk management is the application of risk management methods to information technology to manage the risks inherent in that space (Bridges, 2019). I have learned this week that in order to do that means assessing the business risks associated with the use, ownership, operation and adoption of IT in an organization (Bridges, 2019). If we can work together and discuss the following steps in order to manage risk with confidence, or not (Bridges, 2019).
1. Identify the Risk
We can’t prepare for risk without first figuring out, to the best of our abilities, where and when it might arise (Bridges, 2019). Therefore, both manager and team must be alert to uncovering and recognizing any risks, then detailing them by explaining how they might impact the project and outcomes (Bridges, 2019). One method is using an IT risk assessment template (Bridges, 2019).
2. Analyze the Risk
Once we’ve identified risk, we then must analyze it and discern if it’s big, small or minimal in its impact (Bridges, 2019). Also, what would be the impact of each of the risks? Study the risk and how it might influence the project in various ways. We’ll add these findings to our risk assessment (Bridges, 2019).
3. Evaluate and Rank the Risk
Once we evaluate the impact of risks and prioritize them, we can begin to develop strategies to control them (Bridges, 2019). This is done by understanding what the risk can do to the project, which is determining the likelihood of it occurring and the magnitude of its impact (Bridges, 2019). This is a massive piece of assessment evaluation. Then we can say that the risk must be addressed or can be ignored without faulting the overall project (Bridges, 2019). Again, these rankings would be added to our risk assessment.
4. Respond to the Risk
After all this, if the risk becomes an actual issue, then we’re no longer in the theoretical realm (Bridges, 2019). It’s time for action. This is what’s called risk response planning in which we can take our high-priority risks and decide how to treat them or modify them, so they place as a lower priority (Bridges, 2019). Risk mitigation strategies apply here, as well as preventive and contingency plans. Add these approaches to our risk assessment (Bridges, 2019).
5. Monitor & Review the Risk
Once we act, we must track and review the progress of mitigating the risk. Use our risk assessment to track and monitor how our teams are dealing with the risk to make sure that nothing has been left out or forgotten (Bridges, 2019).
Bridges, J. (2019) https://www.projectmanager.com/training/it-risk-management-strategies