5.2 Flashcards
Risk Management
the process involving identification, analysis, treatment, monitoring and reporting of risks
Risk identification
roactive process recognizing potential risks
● Goal
○ Create a comprehensive list based on events hindering objectives
Risk Analysis
● Evaluate likelihood and potential impact
● Qualitative or quantitative methods
● Outcome
○ Prioritized list for guiding risk treatmen
Risk Treatment
● Develop strategies
○ Avoidance
○ Reduction
○ Sharing
○ Acceptance
Strategy choice based on potential impact and risk tolerance
Risk Monitoring
● Ongoing process tracking identified risks
● Monitor residual risks, identify new risks, and review risk management
effectiveness
● Ensures dynamic responsiveness to organizational change
Risk Reporting
● Communicate risk information and effectiveness of risk management to
stakeholders
● Various forms
○ Dashboards
○ Heat Maps
○ Detailed Reports
● Crucial for accountability and informed decision-ma
When are ad-hoc risk assessments used
when needed often for specific things like launching a new product
one time risk assessment
used for a new it system for example not repeated
Techniques for risk identification
brainstorming, checklists, interviews and scenario analysis
BIA
business impact analysus
■ Evaluates effects of disruptions on business functions
■ Identifies and prioritizes critical functions
■ Assesses impact of risks on functions
■ Determines required recovery time for function
RTO
recovery time objective
max acceptable time before there is a severe impact
RPO
recovery point objective
max acceptable data loss measured in time
MTTR
average time to repair a failed component or system
MTBF
a high MTBF means system doesnt fail often
mean time between failures
Risk register
■ Records identified risks, descriptions, impacts, likelihoods, and mitigation actions
■ Key tool in risk management
■ May resemble a heat map risk matrix
■ Facilitates communication and risk tracking
■ Key component of project and business operations
its a document
includes risk description, impact, likelihood,outcome, level and threshold