To continue discussion from previous post on risk management tied to IT decision making…
First the “why”. There are many reasons listed in the MOF Risk Management Discipline white paper for why risk management is important to an organization. One of the more important ones to me is that there is less time between failure of a service and impact to a business than ever before. The failures are generally more visible as IT supplies many business critical systems that directly interact with customers. As stated in my previous post, it would be impossible to remove risk completely, but sound risk management techniques can drive risk to an acceptable (and more predictable) level.
MOF defines the risk managment process in the following 6 steps:
So based on this need for risk management and the process that defines it, how do we begin to apply it? MOF recommends that “operations integrate risk management into decision-making in the same way it has already integrated such critical factors as time, money, and labor:
Fortunately, formalizing risk management practices is an achievable goal. Organizations can enhance the achievement of this goal by fostering a risk management culture.”
Also, built into the downloadable version of the Risk Management Discipline white paper, at the bottom of Appendix B, is a Contoso Master Risk List Worksheet object that is embedded into the document. Open this Excel spreadsheet and you will have a formatted sample risk worksheet that you can begin utilizing within your company.