The Best Practice Network Guidelines | The Best Practice Network

• Best Practice » Risk Management » Fundamentals of Risk Management » 5 Steps to Risk Management » 5 Steps to Risk Management

IT risk management has become and emerging problem because the traditional risk management best practices are not being able to do much. Improvements in currents risk management best practices will be more yielding for stake holders. It will increase their value by improvements in five steps. These are:

1. Developing awareness about the nature of the risks involved in IT.
2. Quantitative analysis of the impact the business as a result of loss of access and data.
3. Knowledge about the range of tools available for managing IT risks.
4. Manage the cost of IT risk management to match the business value.
5. Establish a systematic and corporate approach to manage the security risk involved with IT.
   1. 1. Developing awareness about the nature of the risks involved in IT

The most common risk involved with information technology is potential loss of information. Therefore, there is need for essential best practices for risk management strategies to create awareness in employees. Recovery of lost data can be a major challenge. There are 6 categories of risk involved here:

1. I.            Risk of access by unauthorized personnel by breeching security. This is where computer crimes, cyber terrorism and internal breaches occur.
2. II.            Risk of failure to access the data if there is a system failure. This means risk of availability. The likely causes of system failure could be human error, configuration changes or lack of redundancy in the setup. There can be other causes as well.
3. III.            Inability to recover data after it has encountered a failure is a major risk. Sometimes, due to hardware, software failure, external threats and natural disasters, data is hard to recover.  So there is risk of recovery.
4. IV.            Risk of performance when information is not provided when it is needed due to certain parameters. It could be because of heterogeneity in the IT landscape, distributed architecture and peak demand.
5. V.            Risk of scalability: There is a risk that managing major new applications and business costs effectively will be a problem. This is often associated with provisioning bottlenecks in the business, slow business growth and restricted business setup.
6. VI.            Lack of Compliance: There is the risk of violation of regulatory requirements. There must be compliance with government regulations, corporate governance and internal policies.
   1. 2. Quantitative analysis of the impact the business as a result of loss of access and data

Decision makers need to assess and qualitatively plot values on graphs to assign remediation priorities. The data lost and inability to access information must be evaluated qualitatively to help in implementing risk management strategies.

1. 3. Knowledge about the range of tools available for managing IT risks

There are some specifically designed tools which are recommended for use in ensuring best practices in managing IT risks. Managers and key personnel must have knowledge about these tools.

1. 4. Manage the cost of IT risk management to match the business value

Investing in processes, technology and reformation is a requirement to achieve mitigation of risks. IT budgets can be a problem to manage which adds to the problem of IT risk management. There are best practices which ensure that organizations maintain effective and efficient IT risk management investments. By providing IT as a service management, implementing service level agreements, utilizing and reducing cost, and implementing automated IT operations to reduce costs.

1. 5. Establish a systematic and corporate approach to manage the security risk involved with IT.

Companies must develop a risk heat map which shows potential impact of the six IT risks mentioned above. Then as a best practice organizations must have a plan of approach in a systematic manner to ensure IT risk management.

In order to implement these five steps to risk management, there are steps risk assessment best practices which must be considered.

Further reading: Corporate Governance | Audit | Performance Improvement