IT RISK ANALYSIS

IT Risk Analysis

Table of Contents

Executive Summary3

1.Purpose5

2.Background6

3.1 Project Scope8

3.2 ON-CALL Risk Analysis Process9

4.Methodology16

4.1 Identification and Assessment of Risk Factors17

4.2 Quantification of Risk Factors Impacts20

4.3 Analysis of Cost Estimate and Schedule Contingency22

5.Key Assumptions24

6.Major Findings25

6.1 IT Risks To the Organization25

6.2 Evaluation of Risks29

7.Risk Analysis Results31

7.1 Risk Register33

7.2 Cost Risk Analysis - Cost Contingency Results35

7.3 Schedule Risk Analysis - Schedule Contingency Results39

7.4 Combined Cost and Schedule Contingency Results41

8. Counter Measures43

9.Mitigation Recommendations47

References52

List of Tables55

Table 1: Cost Confidence Level55

Table 2: Schedule Confidence Level55

Table 3: Combined Cost and Schedule Contingency Table55

Figure56

Figure1: Studied Cost Risk Analysis56

Figure 2: Cost Confidence Curve56

Figure 3: Schedule Confidence Curve56

IT Risk Analysis

Executive Summary

Risk can be classified as project risks, technical risks and business risks. Project risks identify potential budgetary, schedule, personnel, resource, stakeholder and requirements problems and their impact on a software project. In response to growing problems, the IT risk management has undergone many changes in recent years. However, more recently, the ability to define and communicate the context of IT risk has taken much more relevance. As identified by the International Organization for Standardization (ISO), risk management should create a value, be an fundamental part of organizational processes, be a part of decision making, explicitly address ambiguity, be organized and planned, The discipline of IT risk management is part not only in regulatory requirements, but also within the business. A professional IT risk management should be a specialist in technology and management systems, information security, and also have extensive knowledge of business enterprise in which it operates (Blokdijk,2008,27-34). Risk always exists, whether or not it is detected or recognized by an organization. Several areas involve risks that should be treated to provide significant benefits to an organization, like business risks, market risks, credit risks, operational risks, IT risks, engineering, etc.

Thus, RM strategies vary from generic approaches, project management, IT (including information security), safety engineering, etc. Highly specific areas, like aviation or banking, are more focused on analytical methods to assess and quantify risks, rather than processes and methodologies to manage the overall risk environment (Blokdijk,2008,27-34).

In On call corporation, the current challenge of professional IT risk management is based on defining a continuous program, objective, repeatable and measurable, in which the cost evaluation, asset valuation and performance metrics coexist seamlessly with the rest of corporate requirements. The creation of the program is run from a top-down, fully framed in the overall management of the risks and responding to the different requirements of different business units, manage and define getting checks flexible and adaptable to different types of risks and regulatory requirements that would force the organization to reinvent IT tasks, and controls and evidence of compliance (Slay,2006,45-64).

Risk identification is the process of identifying which events could potentially harm or enhance a particular project. It is important to identify potential risks as soon as possible, but also must continue with the identification of risks based on changes in the project environment. It includes several tools and techniques to identify risks. Administrators projects often start the process of identification of ...