Improving Risk Management Capabilities

Improving Risk Management Capabilities

Discussion 1

Improving Risk Management Capabilities

To understand risk and how to properly address risk, a risk management framework is required. The objective of a risk management framework (RMF) is to create a common understanding of risk, to ensure the right risks are being addressed at the right levels, and to involve the right people in making risk decisions (McKeen, & Smith, 2015). Those organizations that do not have an effective Risk Management strategy or, in extreme cases, do not have one at all; they risk suffering situations in which the impact of negative events or threats exceeds their response capabilities (Rivas, 2019). So the development of effective risk management is necessary to mitigate against risks. McKeen, & Smith suggested some actions to develop effective risk management capabilities.

Look Beyond Technical Risk

An effective risk management requires to look beyond the technical aspects of the risks. Rather than only focusing on technical threats, risk management should be able to foresee other category of risks too. Don’t ignore risks that are non-quantifiable (Moses, 2018). The presence of risk creates surprises throughout the project life cycle, affecting everything from technical feasibility to cost, market timing, financial performance, and strategic objectives (Loch, Solt, & Bailey, 2007).

Develop a Common Language of Risk

There should be a common communication medium to understand the risks properly. Everyone such as stockholders, IT, Audit, privacy, legal, business managers should speak the same language to clearly understand and communicate the associated the risks (McKeen, & Smith, 2015). The central purpose of a common risk language is to assist management with evaluating the completeness of its efforts to identify events and scenarios that merit consideration in a risk assessment (“Using a Risk Model as a Common Language”, 2014).

Simplify the Presentation

The risk management framework should be presented without complexity so that it’s easier for everyone to understand. Refining you process is a huge portion of simplifying risk management, but you can make managing risk even more simple and effective by ensuring that you’re using the right tools (Millier, 2018). The most effective approaches are simple: a narrative, a dashboard, a “stoplight” report, or another graphic style of report (McKeen, & Smith, 2015).

Right Size

Risk management should exclude the level of risks that are not related. Effective risk management practices not only allow the adaptation of controls, but makes sure that the decisions made are visible and the rationale is communicated (McKeen, & Smith, 2015).

Standardize the Technology Base

The standards have as purpose the formalization of the risk management process in order to improve their effectiveness (Ciocoiu & Dobrea, 2010). The risk management standards combines best practices and thus is a vital element for an effective risk management framework.

Rehearse

A emergency response team should be in place and should rehearse disaster recovery, business continuity, or other types of risk mitigation plans. Rehearsals are essential to reveal gaps in plans and unexpected risk factors (McKeen, & Smith, 2015).

Clarify Roles and Responsibilities

In an organization, roles and responsibilities related to risk management should be defined and properly documented. The distribution of roles and responsibilities should be done among different control functions of an organization.

Automate Where Appropriate

Automated controls should be implemented for risk management. Automated controls present a number of benefits including the reduced risk that controls will be circumvented, enhanced segregation of duties, and timeliness and availability of information. As with all IT benefits, there are potential IT-related risks. These include: reliance on inaccurate systems, unauthorized access to data, unauthorized changes to data, and possible loss of data (Obrien, 2015).

Educate and Communicate

Risk communication includes the exchange of information to improve the understanding of risk, affecting risk perception, and educating employees or teams to act appropriately in response to an identified risk. Organizations such as insurance companies could benefit from better understanding their risk portfolio of projects because of their risk-phobic nature (McKeen, & Smith, 2015).

Discussion 2:

Different stages for implementing information management

Since much data use crosses customary utilitarian limits, associations must take a venture point of view on IM for it to be convincing. A structure for executing IM includes a few phases that move from general standards to specific applications. For model, one organization created and implemented its protection approach first at that point perceived the requirement for a data security arrangement.

Stage One: Develop an IM Policy

A strategy plots the terms of reference for settling on choices about data. It gives the reason for corporate orders and for building up the procedures, gauges, what’s more, rules expected to oversee data resources well all through the venture (McKeen & Smith, 2015). Since data is a corporate resource, an IM arrangement should be built up at a very senior administration level and endorsed by the top managerial staff. “In a perfect world, the arrangement ought to likewise connection to existing IM procedures, for example, security orders,” expressed another.

Stage Two: Articulate the Operational Components

The operational parts depict what should be set up to put the corporate IM arrangement into training over the association (Gitman et al., 2015). Like this, each piece will have a few “components.” These could change as per what extraordinary associations consider significant. For instance, the procedure part at one organization has six components: (1) communicating with the outside condition, (2) key arranging, (3) data life cycle, (4) general arranging, (5) program mix, and (6) execution checking (for a portrayal of the components recognized by this firm. Together, the operational parts go about as a setting to portray current IM rehearses in the association and reference existing standard procedures in every zone (Hillson & Murray, 2017).”In a perfect world, we need a corporate data office that cuts crosswise over lines of business and corporate gatherings, much the same as IT,” said another administrator.

Stage Three: Establish Information Stewardship

Numerous jobs and duties related to IM should be clearly articulated. These are particularly essential to explain due to the limit spreading over the nature of data. Both political and pragmatic issues emerge when specific inquiries are posed: Who oversees the quality of our client information? Whose variant of name and address do we use? Who must approve the exactness of our budgetary data? All concurred that the job of data steward should be better characterized and joined into authoritative and HR models. New execution measurements likewise should be built up to screen progress against these objectives in manners that connection IMIM exercises to key business destinations.

Stage Four: Build Information Standards

Guidelines help guarantee that quality, exactness, and control objectives can be met. Whenever all portions of an association adhere to similar gauges, it is moderately simple to improve the procedures and innovation that utilization a snippet of data, said the center gathering. “We generally think little of the significance of mindfulness,” said a member (Schwalbe, 2015). “We should ensure that no task begins in the association that doesn’t utilize principles. The best way is to keep this issue constantly before our business officials.” The other bunch of individuals concurred. “Guidelines are the foundation of IM,” said one. “On the off chance that they are pursued, they will guarantee we don’t include further layers of unpredictability and new advances.”

Discussion 3:

Different stages for implementing information management in order to move from general principles to specific applications

Stage One: Develop an IM Policy

The IM policy helps to manage the information of an organization by developing guidelines, and processes. Hence in developing such a policy, involving the senior level managers is very much essential as it is a corporate related asset. If not, at a minimum, HR people, IT and audit teams must be involved. Recognizing all the partners and making sure the policy is reviewed by them is crucial. The policy should also support the strategy of the company. This also recognizes loopholes in practices if any, that should be solved. (McKeen and Smith 2015).

Stage Two: Articulate the Operational Components

The components related to the organization needs to be identified as they are specific to each organization and are needed to put the policy into practice (McKeen and Smith 2015). The components that are needed at an organization might be mission, threats, opportunities, timeframes, regular track process (Klinkert, 2014). All combined, these elements outline the present practices of IM policy and also identify the best practices that are in place currently (McKeen and Smith 2015).

Stage Three: Establish Information Stewardship

This information stewardship is present throughout the business and ensures the security of data, compliance with policy guidelines, quality management of data, Information Life-Cycle Management (ILM), risk mitigation like disaster recovery and business continuity (Marks, 2006). According to McKeen and Smith 2015, every organization should try to establish this stewardship for each key component of information. This way, it helps to correct the data, simplify the processes too. Stewardship is not easy because of its new approach to data management, but it is essential to maintain a clarity with the business on how the processes of business and information mesh together (Marks, 2006).

Stage Four: Build Information Standards

Standards are something that are very crucial to any organization as they ensure that quality, vision and goals are properly met. Setting these standards is not an easy job and implementing them is even harder. Although, there is no need to standardize everything in an organization, it is necessary to maintain standards on information that is used by more than one business unit as it is used widely. It should be always brought to the attention of executives to establish standards as they reduce complexities and new issues from rooting up (McKeen and Smith 2015).

Essay writing help – Improving Risk Management Capabilities Online Essay Writing Agency – Pro-Dissertation.

Write my Essay. Premium essay writing services is the ideal place for homework help or essay writing service. if you are looking for affordable, high quality & non-plagiarized papers, click on the button below to place your order. Provide us with the instructions and one of our writers will deliver a unique, no plagiarism, and professional paper.

Get help with your toughest assignments and get them solved by a Reliable Custom Papers Writing Company. Save time, money and get quality papers. Buying an excellent plagiarism-free paper is a piece of cake!

All our papers are written from scratch. We can cover any assignment/essay in your field of study.