The Issues Surrounding Project Risk Management, Research Paper Example

Introduction

This research paper posits to explore the issues surrounding project risk management for information systems project manager in organizations. Risk management is defined as an effort to identify as well as manage the threats that could have severe impact or potentially bring down an organization. Risk management in information systems  of an organization involves reviewing the operations of an organization information system, identifying of the potential threats to an organization and assessing the likelihood of those threat occurring, and lastly taking appropriate action to address threats which are the most likely to occur.

The basic principle behind information security is propping up the organization’s mission (Gorrod, 2004). Uncertainties surround most organizations causing negative impacts. The organizations need to be supported through the professionals in IT who empowers the managers in understanding the best approach of managing the uncertainties, which is a difficult task (Gorrod, 2004). This paper posits to analyse management issues in risk with particular focus to the information systems in organizations.

The implication of risk is a potential harm attributed to current process or future events in an organization. From the perspective of IT security, the management of risk entails a clear understanding as well as response to critical factors that may bring about failure of confidentiality, availability or confidentiality in the organization’s information system (Hopkin, 2010).

Risk management particularly in the context of information systems  of an organization in the modern world has taken equal if not more importance in the running of the operations of the organizations that finance in addition to resources management have enjoyed for a number of years. In the process of developing a good risk management program in the information systems of an organization, there is a need of making of a risk analysis. The analysis consists of assessing all the possible threats to an organization’s information systems (Hopkin, 2010).

Organizations along with individuals have huge chunks of confidential information.  Most of this information is collected and then stored in the computer systems of the organization and can be transmitted across several networks to other computers. However, if this information gets into the hands of inadvertent recipients, a breach of confidentiality is resultant. It is consequently indispensable that managers in any organizations develop ways of securing their top secret information without necessarily disquieting that unauthorized audiences have an access to sensitive information (Hopkin, 2010).

Management of information security is defined in light of International standard ISO/IEC 27001. The emphasis in the standard pertains to the business information along with associated security. The standard defines information security as the process of preserving confidentiality, integrity as well as availability of information. Accordingly, the standard spells out various ways of achieving this, the focus of which is to make information available to only those who are in need of it for legitimate reasons. This is a concept that managers in information systems of an organization are supposed to clearly comprehend in an effort to mitigate against potential risks to any project that is undertaken in the organization.

Importance of risk management

The fundamental reason behind the need for competence in the management of risk in a firm revolves around protection of the mission as well as the assets in that organization. Consequently, the management of risk should be taken as a management function and not a technical function. It is therefore critically important that any risk exposed to organization systems is managed. The starting point is a clear understanding of potential risk which will in turn facilitate for the protection of appropriate information system considering its value in as far as the organization is concerned (Cadle & Yeates, 2001).

Due to the limitation of resources that organizations are exposed to, it becomes impossible to reduce the level of risk to zero. Therefore, a clear understanding of potential risk is a crucial tool for the organizations to give priority to the scarce resources (Cadle & Yeates, 2001). Developing a good risk management program takes a process that should be effectively supervised professionally by competent and well informed professionals who understand the different dimensions of risk in the developing challenging world of doing business.

Managers should have relevant knowledge in risk assessment to facilitate for its mitigation. The assessment is achieved through accurate identification of potential threats together with the associated vulnerabilities followed by determination of the possibility along with the impact associated with each risk (Borodzicz, 2005). It is however unfortunate that the assessment of risk is surrounded by complexities as managers try to undertake the process.  The managers should therefore be exposed to diverse methodologies in place to take care of this issue.

There is a dire need for organizations to carry out habitual, comprehensive as well as focused assessments of what is likely to consist of potential risks to the information systems of an organization. This is referred to as risk management assessment. A focused risk management assessment should be undertaken at regular intervals. A risk management assessment for information systems of an organization should be undertaken by a team of members of an organization’s staff and this team should be comprised of representatives from each of the major functional areas of the organization. The risk management assessment in the information systems of an organization needs to be carefully planned, methodically carried out and well documented (Cadle & Yeates, 2001).

The use of quantitative risk assessment in an organization

Quantitative risk assessment makes use of the applicable methodologies which reputable financial institutions together with insurance companies apply. Through the assignment of values to some information, the processes of a business, the costs of recovery, the impact and consequently the risk becomes measurable with the use of direct as well as indirect costs (Cadle & Yeates, 2001).

Information systems project manager should appreciate the fact that, effective as well as successful management of risks forms the foundation of IT security that is also effective and also successful. All organizations are exposed to limited resources hand in hand with unlimited threats. This therefore calls for information systems project manager to consider taking reasonable decisions as pertains efficient resource allocation and the protection of the systems (Cadle & Yeates, 2001).

The practices of facilitate for the protection of information together with the processes of the business in the organizations (Cadle & Yeates, 2001). The maximum value of management of risk is ascertained only when it becomes consistent as well as repeatable and a clear focus on the risk reduction that is measurable. The establishment as well as effective utilization of the processes of management of risks of the highest possible quality results to effective program of information security in that organization, the activities of information security should also be based on appropriate processes inherent to that organization. It is important to realize the fact that, the human capital in any organization coupled with the proper management of the human capital is an aspect of risk management that is in most cases overlooked. All the key roles in organizations must have some resource to back up the performance of a particular role. This therefore implies that information systems project manager in an organization has a burden of responsibilities, which if not taken care off, may lead to the downfall in the organization.

Consequently, the management of projects of information systems requires that the managers are equipped not only with technical knowledge as well as skills, but also the potential ability of application of effective techniques as well as methods. They should also possess a strong basis of knowledge of practical dynamics in addition to the challenges that the projects are exposed to.

Limitations of research

Limitations are ever present in all research and these limitations actually tarnish the results of the research. Certain limitations are also associated with this research. One of the biggest limitations of this research was associated with certain chunks or sources of secondary research that were used in the course of this research. This is because of the fact that these sources may not be valid or they are not updated therefore the data that is attained from these sources might affect the entire results of the research. Therefore, the researcher should take utmost care about all these constraints and try to minimize it

References

Borodzicz, E., (2005). Risk, Crisis and Security Management. New York: Wiley.

Cadle. J & Yeates, D. (2001). Project management for information systems. Glasgow: Pearson Education.

Gorrod, M., (2004). Risk Management Systems : Technology Trends. Basingstoke: Palgrave Macmillan

Hopkin, P., (2010). “Fundamentals of Risk Management” Kogan-Page.