Risk Management Services
The application of Risk Management principles to projects is fundamental to the
successful attainment of the organization's Corporate Quality Mandate. It is in keeping with good project management principles, and usually supports the organization's overall risk management strategy, assists in the achievement of project objectives, and conforms with industry standards.
It is a matter of due diligence
that risks identified within the project be addressed and appropriately managed.
Within any IS/IT project, three distinct streams of Risk Management exist, and need to be addressed.
Each stream has a specific purpose, scope, and chosen methodology. These streams consist of:
- Project Management Risk Stream,
- Business Process Risk Stream, and
- System / Application Risk Stream.
risk associated with delivery, successful implementation and sustained functioning of the project is a function of risks associated with all three streams.
Project Management Risk Stream
Project Risk Management is a project management activity whose purpose is to
ensure timely, successful completion and implementation of project deliverables
while meeting the organization's Corporate needs.
The goal of project risk management is to mitigate, to the extent possible, any
influences with the potential of adversely affecting the project’s ability to deliver.
Typically, the scope of risk management within the context of project management
is defined, as the project’s
ability to “deliver” on time, within budget and with the appropriate level of quality.
Business Process Risk Stream
Business Process Risk Management is a due diligence activity, and for some industries. a regulatory activity, whose purpose is to ensure employee/customer safety.
In practical terms, the goal of applying risk management to new / revised
Business Processes is to ensure that processes neither introduce any new
employee/customer safety hazards, nor exasperate any existing employee/customer safety
Management of business process safety risk is accomplished by managing hazards
that could subsequently result in harm (either actual or potential) to the employees/customers
health and safety. Within the regulated industries (such as pharmaceuticals, medical devices, etc), such hazards include those that affect product
SQIPP or product ability to meet regulatory compliance.
System/Application Risk Stream
System/Application Risk Management is a Software Development Life Cycle (SDLC) activity whose purpose is to secure the target systems that
stores, processes, or transmits corporate information. This stream is concerned with the
infrastructure (both hardware and software) components of the project deliverable, an infrastructure that supports the system
and their associated Operating Procedures and ultimately, the organization’s mission.
The goal of system/application risk management is to mitigate, to the extent possible, any
hazards that could cause harm to the system, the data and/or its processing environment.
Management of system risk is an iterative process that can be performed during each
phase of the SDLC. It is accomplished by managing hazards that subsequently result
in harm to the system. Within the context of system risk management, these
hazards consist of threats to system integrity, availability and confidentiality as
- System Integrity: ensuring that information is protected from improper
- System Availability: ensuring that the system is available to its end
users so that business continuity is maintained and the organization’s
mission is unaffected
- System Confidentiality: ensuring protection of information from