Docstoc

Risk Management Template

Document Sample
Risk Management Template Powered By Docstoc
					STRATEGIC PLANNING

& ARCHITECTURE

Risk Management Template
Electronic Government Directorate (Strategic Planning & Architecture)

Version: Draft July 2005

Risk Management Template

1

STRATEGIC PLANNING

& ARCHITECTURE

Table of Contents
Document History................................................................................................................ 3 1.Introduction.......................................................................................................................4 1.1.Purpose ......................................................................................................................5 1.2.Disclaimer.................................................................................................................. 5 1.3.Location and Currency of Document......................................................................... 5 2.Objective........................................................................................................................... 5 3.Notations........................................................................................................................... 6 3.1Example...................................................................................................................... 6 4.Development Approach.................................................................................................... 7 5. Verification & Validation.............................................................................................. 7 6.References.........................................................................................................................7

Risk Management Template

2

STRATEGIC PLANNING

& ARCHITECTURE

Document History Name Mahesh Ahuja

Date 31/07/05

Comments

Version 1.0

Risk Management Template

3

STRATEGIC PLANNING

& ARCHITECTURE

1. Introduction
A risk is a future event which may adversely affect the project. The risk is defined as: “The potential that a given threat will exploit vulnerabilities of an asset or group of assets to cause loss or damage to the assets.” The impact or relative severity of the risk is proportional to the business value of the loss / damage and to the estimated frequency of the threat. In this context, risk has the following elements:  Threats to, and vulnerabilities of, processes and/or assets (including both physical and information assets)  Impact on assets based on threats and vulnerabilities  Probabilities of threats (combination of the likelihood and frequency of occurrence) Business Risks are those threats that may impact the assets, or processes, or objectives of a specific business or organization. The nature of these threats may be financial, regulatory or operational and may arise as a result of the interaction of the business with its environment or as a result of the strategies, systems, processes, procedures, and information used by the business. Risk Management is the process of identifying vulnerabilities and threats to an organization’s information resources in achieving business objectives and deciding what countermeasures, if any, to take in reducing the level of countermeasures and deciding which, if any, to take in reducing risk to an acceptable level, based on the value of the information resource to the organization The process of risk management begins with identifying business objectives, information assets and the underlying systems or information resources that generate/store, use or manipulate the assets (hardware, software, databases, networks, facilities, people etc.) critical to achieving these objectives.

Risk Management Template

4

STRATEGIC PLANNING

& ARCHITECTURE

1.1.Purpose
This document provides help in preparing the risk catalog for the business or an organization or specific project in focus. The catalog will help in deriving Risk Management Process.

1.2.Disclaimer
EGD accepts no liability for the content of this document, or for the consequences of any actions taken on the basis of the information provided, unless that information is subsequently confirmed in writing.

1.3.Location and Currency of Document
This document is part of EGD framework and is retrieved through www.pakistan.gov.pk portal. The document may be updated as and when required. It is the responsibility of user to download the current version.

2. Objective
The prime objective is to identify and manage the risks before they will exploit vulnerabilities of an asset or group of assets to cause loss or damage to the business.

Risk Management Template

5

STRATEGIC PLANNING

& ARCHITECTURE

3. Notations
Content
Risk identification Risk Probability Risk Impact Status Risk description Risk Consequences Risk Mitigation

Description
<<High Level Description of Risk>> <<Likelihood of occurrence. It may be High, Medium or Low”>> << Based on threats and vulnerabilities. It may be High, Medium or Low>> <<Description in Detail>> <<How it impacts the business. What losses can happen if Risk is not managed properly >> <<How the Risk can be taken the edge off>>

3.1

Example
Description
IT-literacy in Federal Government High High Open Currently, few persons at the Federal Government are IT literate. The usage of deployed systems and basic infrastructure and the adoption of new e-enabled processes will be very low. Basic computer training be made mandatory for all Federal Government employees of Grade BPS-5 and above. Additionally, Ministry and role specific training should be imparted to ensure maximum usage and benefit realization from E-Government programs.

Content
Risk identification Risk Probability Risk Impact Status Risk description Risk Consequences Risk Mitigation

Risk Management Template

6

STRATEGIC PLANNING

& ARCHITECTURE

4. Development Approach
√ Identify all the Risks √ Determine the probability and frequency of occurrence √ Determine the consequences of risk i.e. what damages it can create to business value √ Analyze how the risks can be mitigated.

5.

Verification & Validation
√ The consequences of risks should be clearly mentioned and understood by all stakeholders. √ This risk mitigation strategy should also be clear and understood by all stakeholders.

6. References
6.1 2003 CISA Review Manual

Risk Management Template

7


				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:139
posted:2/2/2008
language:English
pages:7