Risk Management In Risk Management

1592 Words7 Pages
In this paper, I’ll outline what a risk is how risks can be managed and risk assessment with clear emphasis on identification and evaluation, risk reporting, risk mitigation and risk monitoring. This guide provides a foundation for the development of an effective risk management program containing both the definitions and the practical guidance for assessing and mitigating risks identified within the IT systems.

A risk is the potential harm that may arise from some current process or from some future event. It may also be defined as a negative impact of the exercise of a vulnerability, considering both the probability and the impact of occurrence.
Risk is present in every aspect of our lives and many different disciplines focus
…show more content…
The disadvantage is that, depending on the numerical ranges used to express the measurement, the meaning of the quantitative impact analysis may be unclear, requiring the result to be interpreted in a qualitative manner.

The communication of risk and risk management outcomes for the purpose of comparing the results with the policy and the early identification of potential problems.
Benefits of Risk Reporting
• Improve decision making
• Reduce the probability and severity of losses resulting from the risk management weaknesses.
• Ensure opportunities for the growth are taken up
• Reduce procrastination as decision makers can be more confident if more information is available.
• Risk reporting reduces information overload.
• Aids strategic and operational planning and strategy setting.

Risk mitigation, the second process of risk management, involves prioritizing, evaluating, and implementing the appropriate risk-reducing controls recommended from the risk assessment process. Mitigation involves fixing the flaw or providing some type of compensatory control to reduce the likelihood or impact associated with the flaw. A common mitigation for a technical security flaw is to install a patch provided by the
…show more content…
• Avoidance- Adjust program requirements or constraints to eliminate or reduce risk. This adjust could be accommodated by a change in funding, schedule or technical requirements.
• Control- Implement actions to minimize the impact or likelihood of the risk.
• Transfer- Reassign organizational accountability, responsibility and authority to another stakeholder willing to accept the risk.
• Watch/monitor- Monitor the environment for changes that affect the nature and the impact of the risk.


Risk monitoring and control keeps track of the identified risks, residual risks, and new risks. It also monitors the execution of planned strategies for the identified risks and evaluates their effectiveness. Risk monitoring and control continues for the life of the project. The list of project risks changes as the project matures, new risks develop, or anticipated risks disappear. Risk ratings and prioritizations can also change during the project lifecycle. Monitoring risks should be a standard part of program reviews. At the same time, risks should be managed continuously rather than just before a program
Open Document