ADVISORY ARTICLE
By Sachin Melwani
United Kingdom
Let’s face it, the world is a more complicated and scary place nowadays. The very real possibility of terrorist attack – both physical and virtual – has increased, and with it comes different kinds of ‘what if’ questions that should be asked: For example what if a virus invades our computer system and corrupts the data held? A critical consideration in the analysis of the risks and their possible controls is the duration of the impact and how long could the interruption last or, more appropriately, how long can the company afford it to last?
Often IT Managers lack a framework to analyse a comprehensive business continuity plan which actually can work when required and actually adds value. The following seven-step contingency process can be used by a company to develop and maintain a viable contingency planning program for their IT systems:
- Develop the contingency planning policy statement
- Conduct the business impact analysis (BIA)
- Identify preventive controls
- Develop recovery strategies
- Develop an IT contingency plan
- Plan testing, training, and exercises
- Plan maintenance.
Of course that all sound’s very straight-forward but it is difficult to know how to start. An IT Manager can hold a workshop and create long list of risks and tackle these in an incoherent manner. A risk management framework should be developed in advance of this risk identification. The following types of impact/categories of damage can be used to identify the effects of disruption and loss exposure:
- Financial
- Customers and suppliers
- Public relations/credibility/reputation
- Legal
- Regulatory requirements/considerations
- Operations
- Competitive position
- Personnel
The effects of these disruptions could be felt in terms of:
- Loss of assets: key personnel, physical assets, information assets and intangible assets.
- Disruption to the continuity of the service and operations
- Violation of law/regulations
- Public perception
To measure the extent of the effect the loss exposure could be determined quantitatively or qualitatively as per Table 1.
More…
To read entire article, click here
How to cite this article: Melwani, S. (2020). How I learned to stop worrying and love risk, PM World Journal, Vol. IX, Issue II, February. Available online at https://pmworldlibrary.net/wp-content/uploads/2020/01/pmwj90-Feb2020-Melwani-how-i-learned-to-stop-worrying-and-love-risk.pdf
About the Author
Sachin Melwani
United Kingdom
Sachin Melwani gets problems solved through his ‘disruptive creativity’. Leveraging his strong knowledge of ERP transformation from the Client, Prime Integrator and Tier Supplier perspectives, through DADA he now aims to bring genuine innovation to the traditional consultancy model by offering a unique “Consultancy as a Subscription” service.
He has over eighteen years’ experience in multiple industry sectors across Europe, Africa and the Middle East, involving both management of projects and implementing enterprise-wide project control systems, that deliver authoritative and informed governance information to C-level management on P3M3, Earned Value Management & Project Planning methodologies.
As an AXELOS Consulting Partner, DADA helps companies on project controls setup, NEC4 contract administration, ERP systems integration (Ares PRISM, Deltek Cobra, Oracle, SAP), critical projects delivering to automating SharePoint business workflows.
DADA provides on-demand resourcing & flexible monthly plans to provides a unique, low-cost delivery model which combines both extra staffing and software tools. The advantage over a traditional consultancy is that DADA provides an economical and responsive way to support any project by offering a “Consulting Service at Contractor prices” through flexible monthly subscription packages.
Sachin can be contacted at sachin.melwani@big-dada.co.uk
Learn more about DADA at https://www.big-dada.co.uk/
