Solved

risk management

Posted on 2012-03-18
9
477 Views
Last Modified: 2012-04-03
Hi,
i was wondering if i could get a definition following a simple explanation of risk management approaches?

Thanks in advance
0
Comment
Question by:MK15
9 Comments
 
LVL 6

Expert Comment

by:xeroxzerox
ID: 37735085
0
 

Author Comment

by:MK15
ID: 37735098
I have read the article, but i need a list of different types of approaches.  i understand the concept but just need to understand the approaches in more detail, thus i would appreciate it if someone could help me by providing a list of risk management approaches within software development.

Many thanks
0
 
LVL 4

Assisted Solution

by:ltsweb
ltsweb earned 125 total points
ID: 37735103
Sure, I will try, why not:

Risk Management is the attempt to mitigate the affects of an event or series of events through identification, analysis, preperation prior to the event combined with proper execution of the planed course of action during and after the event.

Repurposing from multiple sources:

 1.identify, characterize, and assess threats
 2.assess the vulnerability of critical assets to specific threats
 3.determine the risk (i.e. the expected consequences of specific types of attacks on specific assets)
 4.identify ways to reduce those risks
 5.prioritize risk reduction measures based on a strategy

Read: http://en.wikipedia.org/wiki/Risk_management#Method  for a really nice overview.

My personal view is that the best approach to Risk Management is to consider Risk Avoidance.  Always design systems and process with the assumption that they will fail and provide alternatives for when they do.  Take the cost of those alternatives and measure them against the financial loss (or human loss) when those events occur.  


Regards!
0
 
LVL 6

Expert Comment

by:xeroxzerox
ID: 37735130
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:MK15
ID: 37735406
hi,

further, this is an academic project, i am required to research 2 individual risk management approaches.  I understand, and have read the above articles but can't seem to get my head around the approaches - are they techniques? the article above describes risk as a whole, it has sub-sections within the risk management process, but what are the different processes tackling risk? is it like systems development methodologies, which are dependant on the system being create?

question to answer describe 2 rigorous approaches to Risk Management in the context of systems development project management, and critically evaluate these.

many thanks
0
 
LVL 44

Assisted Solution

by:Darr247
Darr247 earned 125 total points
ID: 37735963
Here's an applied example, which might help you grasp it better.

If an assembly line breaks down, the company loses $175/minute (they're still paying the 27 production workers $12/hour, 1 skilled trade, 1 engineer and a supervisor $20/hour, plus there's not 50 $200 do-hickies per hour coming off the end... minus less power used while the line isn't running).

Say, without the engineer it takes on average 5 minutes longer to fix a breakdown, but the line only averages two 5 minute breakdowns per week.

Risk Managment in this context might involve weighing the chances of having downtime against replacing the engineer with another one while they go on vacation for a week. The 'new' engineer, not being extremely familiar with the equipment (and quirks) of the line, might only shave 1 minute off diagnosing and fixing a breakdown... do you want to pay the $800/week salary to have the replacement engineer available when possibly they might save you only $350?

As you can see, it might take a LOT of data collection, mining and analysis to make an informed decision on managing that particular risk. :-)
0
 
LVL 28

Assisted Solution

by:jhyiesla
jhyiesla earned 125 total points
ID: 37737083
You also need to take into account, any regulatory agencies that you answer to. That many times will drive your risk management, perhaps even more so than money.

So let's say you work for a medical facility. Then you are most likely under HIPAA. So there is a whole raft of regulations that have to be met and they define risks that go beyond lost time and money should some failure happen. Under certain circumstances reporting of HIPAA violations may have to be made public, which results in untold potential costs, not only in raw dollars, but in embarrassment and potential loss of business. So in that case you need to assess what your potential risk losses are.  Do you access the Internet?  Do you use the Internet to send patient data from one place to another?  Who should be able to do that?  How do you control it?

The bottom line is that each industry is different. There are many commonalities between industries, but also many unique sides to risk that are defined by other factors.
0
 
LVL 25

Accepted Solution

by:
madunix earned 125 total points
ID: 37749347
In our case, to reduce risk exposure through  appropriate risk mitigation processes, e.g. financial organizations need to put a stronger focus on  information quality management. Poor information quality in risk information repositories increases the uncertainties about the information used for risk calculation, possibly resulting in inaccurate risk  capital  calculation. In addition, poor information quality in transactional systems increases
operational losses.

The difficult part of risk management is not only the broad universe  of risks inherent in business processes and their related technologies but risks in managing a critical
part of the business. In our case, we have defined the following risks:

Credit Risk - the risk that a Central Depository (CD) is taking when linking to another CD. The credit risk that a CD is taking when linking to a peer group CD, i.e. the risks a domestic CD is taking in either providing a service for a foreign CD or using a foreign CD as a local service provider (host CD). The risks arising from using these links to make cross-border settlements or to hold securities in a non-domestic CD have not been assessed as part of this risk.

Operational Risk - The risk that deficiencies in information systems or internal controls, human errors or management failures will result in losses. The risk of loss due to breakdowns or weaknesses in internal controls and procedures. Internal factors to be considered in the assessment include ensuring the CD has formalized procedures established for its main services. The CD should have identified control objectives and related key controls to ensure operation and proper control of established procedures. Systems and procedures should be tested periodically. There should be external audit
processes in place to provide third-party audit evidence of the adequacy of the controls.


Asset Servicing Risk - The risk that a participant may incur a loss arising from missed or inaccurate information provided by the depository, or from incorrectly executed instructions, in respect of corporate actions and proxy voting. This risk arises when a
participant places reliance on the information a depository provides or when the participant instructs the depository to carry out an economic transaction on its behalf. If the depository fails either to provide the information or to carry out the instruction correctly then the participant may suffer a loss for which the depository may not
accept liability. The depository may provide these services on a commercial basis, without statutory immunity, or it may provide the service as part of its statutory role, possibly with some level of protection from liability. This risk is likely to become much higher
when international securities are included in the service.


Financial Risk - The ability of the CD to operate as a financially viable company. This risk concerns the financial strength of the depository and if its financial resources are sufficient to meet the on-going operation of the organisation. This risk also includes where
the CD may act as central counterparty, or otherwise acts in a Principal capacity.


Counterparty Risk - The risk that a counter-party (i.e., a participant) will not settle its obligations for full value at any time. This is simply the total default of a direct participant of the CD. This is the event when a participant is unable to meet its financial liability
to other participants. This risk only goes as far as direct participants of the CD and excludes clients of direct participants that default on liabilities to such participants, even if such a default should systemically cause the direct participant to subsequently default.


Liquidity Risk - The risk that insufficient securities and or funds are available to meet commitments; the obligation will be covered some time later. This is where for certain technical reasons (e.g., stock out on loan, stock in course of registration, turn round of recently deposited stock is not possible) one or both parties to the trade has
a shortfall in the amount of funds (credit line) or unencumbered stock available to meet settlement obligations when due. These shortfalls may lead to settlement ‘fails’ but do not normally lead to a default.


Asset Commitment Risk - The period of time from when control of securities or cash is given up until receipt of counter value. This risk concerns the time period during which a participant’s assets, either cash or stock, are frozen within the CD and payment system
pending final settlement of the underlying transaction(s). Following settlement, the risk period is extended until the transfer of funds and stock becomes irrevocable. It excludes any periods when assets, cash or stock, are committed to a market participant including
brokers, banks and custodians, not caused by CD processing.
0
 

Author Comment

by:MK15
ID: 37800234
thanks for all the support guys.. really appreciated
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Today companies are subjected to more-and-more data, and it won't stop any time soon.  But there are obvious opportunities for reducing data, particularly data duplicated among companies.
Workplace bullying has increased with the use of email and social media. Retain evidence of this with email archiving to protect your employees.
This video shows how use content aware, what it’s used for, and when to use it over other tools.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now