risk management

i was wondering if i could get a definition following a simple explanation of risk management approaches?

Thanks in advance
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MK15Author Commented:
I have read the article, but i need a list of different types of approaches.  i understand the concept but just need to understand the approaches in more detail, thus i would appreciate it if someone could help me by providing a list of risk management approaches within software development.

Many thanks
Sure, I will try, why not:

Risk Management is the attempt to mitigate the affects of an event or series of events through identification, analysis, preperation prior to the event combined with proper execution of the planed course of action during and after the event.

Repurposing from multiple sources:

 1.identify, characterize, and assess threats
 2.assess the vulnerability of critical assets to specific threats
 3.determine the risk (i.e. the expected consequences of specific types of attacks on specific assets)
 4.identify ways to reduce those risks
 5.prioritize risk reduction measures based on a strategy

Read: http://en.wikipedia.org/wiki/Risk_management#Method  for a really nice overview.

My personal view is that the best approach to Risk Management is to consider Risk Avoidance.  Always design systems and process with the assumption that they will fail and provide alternatives for when they do.  Take the cost of those alternatives and measure them against the financial loss (or human loss) when those events occur.  

SD-WAN: Making It Work for You

As bandwidth requirements and Internet costs grow, businesses naturally want to manage budgets by reducing reliance on their most expensive connection types. Learn more about how to make SD-WAN work for your business in our on-demand webinar!

Zerox HoopLinux AdminCommented:
MK15Author Commented:

further, this is an academic project, i am required to research 2 individual risk management approaches.  I understand, and have read the above articles but can't seem to get my head around the approaches - are they techniques? the article above describes risk as a whole, it has sub-sections within the risk management process, but what are the different processes tackling risk? is it like systems development methodologies, which are dependant on the system being create?

question to answer describe 2 rigorous approaches to Risk Management in the context of systems development project management, and critically evaluate these.

many thanks
Here's an applied example, which might help you grasp it better.

If an assembly line breaks down, the company loses $175/minute (they're still paying the 27 production workers $12/hour, 1 skilled trade, 1 engineer and a supervisor $20/hour, plus there's not 50 $200 do-hickies per hour coming off the end... minus less power used while the line isn't running).

Say, without the engineer it takes on average 5 minutes longer to fix a breakdown, but the line only averages two 5 minute breakdowns per week.

Risk Managment in this context might involve weighing the chances of having downtime against replacing the engineer with another one while they go on vacation for a week. The 'new' engineer, not being extremely familiar with the equipment (and quirks) of the line, might only shave 1 minute off diagnosing and fixing a breakdown... do you want to pay the $800/week salary to have the replacement engineer available when possibly they might save you only $350?

As you can see, it might take a LOT of data collection, mining and analysis to make an informed decision on managing that particular risk. :-)
You also need to take into account, any regulatory agencies that you answer to. That many times will drive your risk management, perhaps even more so than money.

So let's say you work for a medical facility. Then you are most likely under HIPAA. So there is a whole raft of regulations that have to be met and they define risks that go beyond lost time and money should some failure happen. Under certain circumstances reporting of HIPAA violations may have to be made public, which results in untold potential costs, not only in raw dollars, but in embarrassment and potential loss of business. So in that case you need to assess what your potential risk losses are.  Do you access the Internet?  Do you use the Internet to send patient data from one place to another?  Who should be able to do that?  How do you control it?

The bottom line is that each industry is different. There are many commonalities between industries, but also many unique sides to risk that are defined by other factors.
madunix (Fadi SODAH)Chief Information Security Officer Commented:
In our case, to reduce risk exposure through  appropriate risk mitigation processes, e.g. financial organizations need to put a stronger focus on  information quality management. Poor information quality in risk information repositories increases the uncertainties about the information used for risk calculation, possibly resulting in inaccurate risk  capital  calculation. In addition, poor information quality in transactional systems increases
operational losses.

The difficult part of risk management is not only the broad universe  of risks inherent in business processes and their related technologies but risks in managing a critical
part of the business. In our case, we have defined the following risks:

Credit Risk - the risk that a Central Depository (CD) is taking when linking to another CD. The credit risk that a CD is taking when linking to a peer group CD, i.e. the risks a domestic CD is taking in either providing a service for a foreign CD or using a foreign CD as a local service provider (host CD). The risks arising from using these links to make cross-border settlements or to hold securities in a non-domestic CD have not been assessed as part of this risk.

Operational Risk - The risk that deficiencies in information systems or internal controls, human errors or management failures will result in losses. The risk of loss due to breakdowns or weaknesses in internal controls and procedures. Internal factors to be considered in the assessment include ensuring the CD has formalized procedures established for its main services. The CD should have identified control objectives and related key controls to ensure operation and proper control of established procedures. Systems and procedures should be tested periodically. There should be external audit
processes in place to provide third-party audit evidence of the adequacy of the controls.

Asset Servicing Risk - The risk that a participant may incur a loss arising from missed or inaccurate information provided by the depository, or from incorrectly executed instructions, in respect of corporate actions and proxy voting. This risk arises when a
participant places reliance on the information a depository provides or when the participant instructs the depository to carry out an economic transaction on its behalf. If the depository fails either to provide the information or to carry out the instruction correctly then the participant may suffer a loss for which the depository may not
accept liability. The depository may provide these services on a commercial basis, without statutory immunity, or it may provide the service as part of its statutory role, possibly with some level of protection from liability. This risk is likely to become much higher
when international securities are included in the service.

Financial Risk - The ability of the CD to operate as a financially viable company. This risk concerns the financial strength of the depository and if its financial resources are sufficient to meet the on-going operation of the organisation. This risk also includes where
the CD may act as central counterparty, or otherwise acts in a Principal capacity.

Counterparty Risk - The risk that a counter-party (i.e., a participant) will not settle its obligations for full value at any time. This is simply the total default of a direct participant of the CD. This is the event when a participant is unable to meet its financial liability
to other participants. This risk only goes as far as direct participants of the CD and excludes clients of direct participants that default on liabilities to such participants, even if such a default should systemically cause the direct participant to subsequently default.

Liquidity Risk - The risk that insufficient securities and or funds are available to meet commitments; the obligation will be covered some time later. This is where for certain technical reasons (e.g., stock out on loan, stock in course of registration, turn round of recently deposited stock is not possible) one or both parties to the trade has
a shortfall in the amount of funds (credit line) or unencumbered stock available to meet settlement obligations when due. These shortfalls may lead to settlement ‘fails’ but do not normally lead to a default.

Asset Commitment Risk - The period of time from when control of securities or cash is given up until receipt of counter value. This risk concerns the time period during which a participant’s assets, either cash or stock, are frozen within the CD and payment system
pending final settlement of the underlying transaction(s). Following settlement, the risk period is extended until the transfer of funds and stock becomes irrevocable. It excludes any periods when assets, cash or stock, are committed to a market participant including
brokers, banks and custodians, not caused by CD processing.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MK15Author Commented:
thanks for all the support guys.. really appreciated
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.