risk management

Posted on 2012-03-18
Last Modified: 2012-04-03
i was wondering if i could get a definition following a simple explanation of risk management approaches?

Thanks in advance
Question by:MK15
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 37735085

Author Comment

ID: 37735098
I have read the article, but i need a list of different types of approaches.  i understand the concept but just need to understand the approaches in more detail, thus i would appreciate it if someone could help me by providing a list of risk management approaches within software development.

Many thanks

Assisted Solution

ltsweb earned 125 total points
ID: 37735103
Sure, I will try, why not:

Risk Management is the attempt to mitigate the affects of an event or series of events through identification, analysis, preperation prior to the event combined with proper execution of the planed course of action during and after the event.

Repurposing from multiple sources:

 1.identify, characterize, and assess threats
 2.assess the vulnerability of critical assets to specific threats
 3.determine the risk (i.e. the expected consequences of specific types of attacks on specific assets)
 4.identify ways to reduce those risks
 5.prioritize risk reduction measures based on a strategy

Read:  for a really nice overview.

My personal view is that the best approach to Risk Management is to consider Risk Avoidance.  Always design systems and process with the assumption that they will fail and provide alternatives for when they do.  Take the cost of those alternatives and measure them against the financial loss (or human loss) when those events occur.  

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.


Expert Comment

ID: 37735130

Author Comment

ID: 37735406

further, this is an academic project, i am required to research 2 individual risk management approaches.  I understand, and have read the above articles but can't seem to get my head around the approaches - are they techniques? the article above describes risk as a whole, it has sub-sections within the risk management process, but what are the different processes tackling risk? is it like systems development methodologies, which are dependant on the system being create?

question to answer describe 2 rigorous approaches to Risk Management in the context of systems development project management, and critically evaluate these.

many thanks
LVL 44

Assisted Solution

Darr247 earned 125 total points
ID: 37735963
Here's an applied example, which might help you grasp it better.

If an assembly line breaks down, the company loses $175/minute (they're still paying the 27 production workers $12/hour, 1 skilled trade, 1 engineer and a supervisor $20/hour, plus there's not 50 $200 do-hickies per hour coming off the end... minus less power used while the line isn't running).

Say, without the engineer it takes on average 5 minutes longer to fix a breakdown, but the line only averages two 5 minute breakdowns per week.

Risk Managment in this context might involve weighing the chances of having downtime against replacing the engineer with another one while they go on vacation for a week. The 'new' engineer, not being extremely familiar with the equipment (and quirks) of the line, might only shave 1 minute off diagnosing and fixing a breakdown... do you want to pay the $800/week salary to have the replacement engineer available when possibly they might save you only $350?

As you can see, it might take a LOT of data collection, mining and analysis to make an informed decision on managing that particular risk. :-)
LVL 28

Assisted Solution

jhyiesla earned 125 total points
ID: 37737083
You also need to take into account, any regulatory agencies that you answer to. That many times will drive your risk management, perhaps even more so than money.

So let's say you work for a medical facility. Then you are most likely under HIPAA. So there is a whole raft of regulations that have to be met and they define risks that go beyond lost time and money should some failure happen. Under certain circumstances reporting of HIPAA violations may have to be made public, which results in untold potential costs, not only in raw dollars, but in embarrassment and potential loss of business. So in that case you need to assess what your potential risk losses are.  Do you access the Internet?  Do you use the Internet to send patient data from one place to another?  Who should be able to do that?  How do you control it?

The bottom line is that each industry is different. There are many commonalities between industries, but also many unique sides to risk that are defined by other factors.
LVL 25

Accepted Solution

madunix earned 125 total points
ID: 37749347
In our case, to reduce risk exposure through  appropriate risk mitigation processes, e.g. financial organizations need to put a stronger focus on  information quality management. Poor information quality in risk information repositories increases the uncertainties about the information used for risk calculation, possibly resulting in inaccurate risk  capital  calculation. In addition, poor information quality in transactional systems increases
operational losses.

The difficult part of risk management is not only the broad universe  of risks inherent in business processes and their related technologies but risks in managing a critical
part of the business. In our case, we have defined the following risks:

Credit Risk - the risk that a Central Depository (CD) is taking when linking to another CD. The credit risk that a CD is taking when linking to a peer group CD, i.e. the risks a domestic CD is taking in either providing a service for a foreign CD or using a foreign CD as a local service provider (host CD). The risks arising from using these links to make cross-border settlements or to hold securities in a non-domestic CD have not been assessed as part of this risk.

Operational Risk - The risk that deficiencies in information systems or internal controls, human errors or management failures will result in losses. The risk of loss due to breakdowns or weaknesses in internal controls and procedures. Internal factors to be considered in the assessment include ensuring the CD has formalized procedures established for its main services. The CD should have identified control objectives and related key controls to ensure operation and proper control of established procedures. Systems and procedures should be tested periodically. There should be external audit
processes in place to provide third-party audit evidence of the adequacy of the controls.

Asset Servicing Risk - The risk that a participant may incur a loss arising from missed or inaccurate information provided by the depository, or from incorrectly executed instructions, in respect of corporate actions and proxy voting. This risk arises when a
participant places reliance on the information a depository provides or when the participant instructs the depository to carry out an economic transaction on its behalf. If the depository fails either to provide the information or to carry out the instruction correctly then the participant may suffer a loss for which the depository may not
accept liability. The depository may provide these services on a commercial basis, without statutory immunity, or it may provide the service as part of its statutory role, possibly with some level of protection from liability. This risk is likely to become much higher
when international securities are included in the service.

Financial Risk - The ability of the CD to operate as a financially viable company. This risk concerns the financial strength of the depository and if its financial resources are sufficient to meet the on-going operation of the organisation. This risk also includes where
the CD may act as central counterparty, or otherwise acts in a Principal capacity.

Counterparty Risk - The risk that a counter-party (i.e., a participant) will not settle its obligations for full value at any time. This is simply the total default of a direct participant of the CD. This is the event when a participant is unable to meet its financial liability
to other participants. This risk only goes as far as direct participants of the CD and excludes clients of direct participants that default on liabilities to such participants, even if such a default should systemically cause the direct participant to subsequently default.

Liquidity Risk - The risk that insufficient securities and or funds are available to meet commitments; the obligation will be covered some time later. This is where for certain technical reasons (e.g., stock out on loan, stock in course of registration, turn round of recently deposited stock is not possible) one or both parties to the trade has
a shortfall in the amount of funds (credit line) or unencumbered stock available to meet settlement obligations when due. These shortfalls may lead to settlement ‘fails’ but do not normally lead to a default.

Asset Commitment Risk - The period of time from when control of securities or cash is given up until receipt of counter value. This risk concerns the time period during which a participant’s assets, either cash or stock, are frozen within the CD and payment system
pending final settlement of the underlying transaction(s). Following settlement, the risk period is extended until the transfer of funds and stock becomes irrevocable. It excludes any periods when assets, cash or stock, are committed to a market participant including
brokers, banks and custodians, not caused by CD processing.

Author Comment

ID: 37800234
thanks for all the support guys.. really appreciated

Featured Post

Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Stuck in voice control mode on your Amazon Firestick?  Here is how to turn it off!!!
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Video by: Tony
This video teaches viewers how to export a project from Adobe Premiere Pro and the various file types involved.
Using Adobe Premiere Pro, the viewer will learn how to set up a sequence with proper settings, importing pictures, rendering, and exporting the finished product.

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question