Risk+Management+Template

					STRATEGIC PLANNING   & ARCHITECTURE




                 Risk Management Template

                      Electronic Government Directorate
                      (Strategic Planning & Architecture)




                                      Version: Draft


                                        July 2005




Risk Management Template                                    1
STRATEGIC PLANNING          & ARCHITECTURE


Table of Contents
Document History................................................................................................................ 3
1.Introduction.......................................................................................................................4
   1.1.Purpose ......................................................................................................................5
   1.2.Disclaimer.................................................................................................................. 5
   1.3.Location and Currency of Document......................................................................... 5
2.Objective........................................................................................................................... 5
3.Notations........................................................................................................................... 6
   3.1Example...................................................................................................................... 6
4.Development Approach.................................................................................................... 7
5. Verification & Validation.............................................................................................. 7
6.References.........................................................................................................................7




Risk Management Template                                                                                                              2
STRATEGIC PLANNING   & ARCHITECTURE




Document History
Name                    Date          Comments   Version
Mahesh Ahuja            31/07/05                 1.0




Risk Management Template                           3
STRATEGIC PLANNING   & ARCHITECTURE



1. Introduction

A risk is a future event which may adversely affect the project. The risk is defined as:
 “The potential that a given threat will exploit vulnerabilities of an asset or group of
assets to cause loss or damage to the assets.”
The impact or relative severity of the risk is proportional to the business value of the
loss / damage and to the estimated frequency of the threat.
In this context, risk has the following elements:
    Threats to, and vulnerabilities of, processes and/or assets (including both physical
       and information assets)
    Impact on assets based on threats and vulnerabilities
    Probabilities of threats (combination of the likelihood and frequency of
       occurrence)


Business Risks are those threats that may impact the assets, or processes, or objectives of
a specific business or organization. The nature of these threats may be financial,
regulatory or operational and may arise as a result of the interaction of the business with
its environment or as a result of the strategies, systems, processes, procedures, and
information used by the business.


Risk Management is the process of identifying vulnerabilities and threats to an
organization’s information resources in achieving business objectives and deciding what
countermeasures, if any, to take in reducing the level of countermeasures and deciding
which, if any, to take in reducing risk to an acceptable level, based on the value of the
information resource to the organization


The process of risk management begins with identifying business objectives, information
assets and the underlying systems or information resources that generate/store, use or
manipulate the assets (hardware, software, databases, networks, facilities, people etc.)
critical to achieving these objectives.




Risk Management Template                                                                   4
STRATEGIC PLANNING   & ARCHITECTURE


   1.1.Purpose

This document provides help in preparing the risk catalog for the business or an
organization or specific project in focus. The catalog will help in deriving Risk
Management Process.

   1.2.Disclaimer
EGD accepts no liability for the content of this document, or for the consequences of any
actions taken on the basis of the information provided, unless that information is
subsequently confirmed in writing.

   1.3.Location and Currency of Document

This document is part of EGD framework and is retrieved through www.pakistan.gov.pk
portal. The document may be updated as and when required. It is the responsibility of user
to download the current version.


2. Objective
The prime objective is to identify and manage the risks before they will exploit
vulnerabilities of an asset or group of assets to cause loss or damage to the business.




Risk Management Template                                                                  5
STRATEGIC PLANNING   & ARCHITECTURE




3. Notations
  Content                    Description
  Risk identification        <<High Level Description of Risk>>
  Risk Probability           <<Likelihood of occurrence. It may be High, Medium or Low”>>
  Risk Impact                << Based on threats and vulnerabilities. It may be High, Medium or Low>>
  Status
  Risk description           <<Description in Detail>>
  Risk Consequences          <<How it impacts the business. What losses can happen if Risk is not
                             managed properly >>
  Risk Mitigation            <<How the Risk can be taken the edge off>>




3.1    Example


  Content                    Description
  Risk identification        IT-literacy in Federal Government
  Risk Probability           High
  Risk Impact                High
  Status                     Open
  Risk description           Currently, few persons at the Federal Government are IT literate.
  Risk Consequences          The usage of deployed systems and basic infrastructure and the adoption of
                             new e-enabled processes will be very low.
  Risk Mitigation            Basic computer training be made mandatory for all Federal Government
                             employees of Grade BPS-5 and above. Additionally, Ministry and role specific
                             training should be imparted to ensure maximum usage and benefit realization
                             from E-Government programs.




Risk Management Template                                                                      6
STRATEGIC PLANNING   & ARCHITECTURE




4. Development Approach

      √ Identify all the Risks
      √ Determine the probability and frequency of occurrence
      √ Determine the consequences of risk i.e. what damages it can create to business
         value
      √ Analyze how the risks can be mitigated.


5.      Verification & Validation

      √ The consequences of risks should be clearly mentioned and understood by all
         stakeholders.
      √ This risk mitigation strategy should also be clear and understood by all
         stakeholders.


6. References
6.1      2003 CISA Review Manual




Risk Management Template                                                            7

				
DOCUMENT INFO
Shared By:
Categories:
Tags: professional
Stats:
views:207
posted:4/7/2008
language:English
pages:7
About Work at home. Equivalent 2 years of College. Retail employment history, and some medical assisting.Resort employment history,four grown children.two divorced, one remarried, one granddaughter.Divorced, remarried, widowed,stag.