Risk Management

small logo

Risk Management Services

The application of Risk Management principles to projects is fundamental to the successful attainment of the organization's Corporate Quality Mandate. It is in keeping with good project management principles, and usually supports the organization's overall risk management strategy, assists in the achievement of project objectives, and conforms with industry standards.

It is a matter of due diligence that risks identified within the project be addressed and appropriately managed. Within any IS/IT project, three distinct streams of Risk Management exist, and need to be addressed. Each stream has a specific purpose, scope, and chosen methodology. These streams consist of:

  1. Project Management Risk Stream,
  2. Business Process Risk Stream, and
  3. System / Application Risk Stream.

The overall risk associated with delivery, successful implementation and sustained functioning of the project is a function of risks associated with all three streams.

Project Management Risk Stream

Project Risk Management is a project management activity whose purpose is to ensure timely, successful completion and implementation of project deliverables while meeting the organization's Corporate needs.

The goal of project risk management is to mitigate, to the extent possible, any influences with the potential of adversely affecting the project’s ability to deliver.

Typically, the scope of risk management within the context of project management is defined, as the project’s ability to “deliver” on time, within budget and with the appropriate level of quality.

Business Process Risk Stream

Business Process Risk Management is a due diligence activity, and for some industries. a regulatory activity, whose purpose is to ensure employee/customer safety.

In practical terms, the goal of applying risk management to new / revised Business Processes is to ensure that processes neither introduce any new employee/customer safety hazards, nor exasperate any existing employee/customer safety hazards.

Management of business process safety risk is accomplished by managing hazards that could subsequently result in harm (either actual or potential) to the employees/customers health and safety. Within the regulated industries (such as pharmaceuticals, medical devices, etc), such hazards include those that affect product SQIPP or product ability to meet regulatory compliance.

System/Application Risk Stream

System/Application Risk Management is a Software Development Life Cycle (SDLC) activity whose purpose is to secure the target systems that stores, processes, or transmits corporate information. This stream is concerned with the infrastructure (both hardware and software) components of the project deliverable, an infrastructure that supports the system and their associated Operating Procedures and ultimately, the organization’s mission.

The goal of system/application risk management is to mitigate, to the extent possible, any hazards that could cause harm to the system, the data and/or its processing environment.

Management of system risk is an iterative process that can be performed during each phase of the SDLC. It is accomplished by managing hazards that subsequently result in harm to the system. Within the context of system risk management, these hazards consist of threats to system integrity, availability and confidentiality as outlined below.

  • System Integrity: ensuring that information is protected from improper modification
  • System Availability: ensuring that the system is available to its end users so that business continuity is maintained and the organization’s mission is unaffected
  • System Confidentiality: ensuring protection of information from unauthorized accesses/disclosure.

About Us | Privacy Policy | Contact Us | ©2004 SORDtek Systems Consultants Ltd.