American University of Armenia

CS350

Risk Management
 Risk Analysis

Risk analysis is the process of defining and analyzing the

dangers to individuals, businesses and government agencies
posed by potential natural and human-caused adverse
events.
In IT, a risk analysis report can be used to align technology-
related objectives with a company's business objectives. A
risk analysis report can be either quantitative or qualitative.
A useful construct is to divide risk analysis into two
components: (1) risk assessment (identifying, evaluating, and
measuring the probability and severity of risks) and (2) risk
management (deciding what to do about risks).
2
 Risk Analysis

Risk analysis can be broadly defined to include:

 risk assessment
 risk characterization
 risk communication
 risk management
 policy relating to risk
in the context of risks of concern to individuals, to public- and
private-sector organizations, and to society at a local,
regional, national, or global level.
3
 Risk Analysis

In quantitative risk analysis, an attempt is made to

numerically determine the probabilities of various adverse
events and the likely extent of the losses if a particular event
takes place.
Qualitative risk analysis, which is used more often, does
not involve numerical probabilities or predictions of loss.
Instead, the qualitative method involves defining the various
threats, determining the extent of vulnerabilities and devising
countermeasures should an attack occur.

4
 When to Use Risk Analysis

Risk analysis is useful in many situations:

 When you're planning projects, to help you anticipate and neutralize
possible problems.
 When you're deciding whether or not to move forward with a project.
 When you're improving safety and managing potential risks in the
workplace.
 When you're preparing for events such as equipment or technology
failure, theft, staff sickness, or natural disasters.
 When you're planning for changes in your environment, such as new
competitors coming into the market, or changes to government policy.

5
 Risk Analysis and Risk Management

 Risk Analysis is a process that helps you identify and manage potential
problems that could undermine key business initiatives or projects.
 To carry out a Risk Analysis, you must first identify the possible threats
that you face, and then estimate the likelihood that these threats will
materialize.
 Risk Analysis can be complex, as you'll need to draw on detailed
information such as project plans, financial data, security protocols,
marketing forecasts, and other relevant information. However, it's an
essential planning tool, and one that could save time, money, and
reputations.

Talk: https://youtu.be/ku0DvsnsLCA
6
 Risk Matrix

Negligible Marginal Critical Catastrophic

Certain

Likely

Possible

Unlikely

Rare

7
 Risk Matrix

Negligible Marginal Critical Catastrophic

Certain High High Extreme Extreme

Likely Moderate High High Extreme

Possible Low Moderate High Extreme

Unlikely
Low Low Moderate Extreme

Rare Low Low Moderate High

8
 How to Manage Risk

 Avoid the Risk

 Conduct a "What If?" Analysis.
 Share the Risk
 You could opt to share the risk – and the potential gain – with other
people, teams, organizations, or third parties.
 Accept the Risk
 For example, you might accept the risk of a project launching late if
the potential sales will still cover your costs.
 Conduct an Impact Analysis to see the full consequences of the risk.
 You can likely come up with a contingency plan
 Control the Risk
9
TEDx Talk

 https://youtu.be/zyet9fPS24k

10
 Working software is not a popular software yet

 Software is part of the corporate culture, an

administrative function
 Good software should make life easier, not
impose more burden
Raising awareness, educating users

11
 Capacity Building

Proper training is a key to operationalizing software

In-depth trainings for sophisticated systems (medical,
military)
Or, teaching parents to write SMS and use Skype
Standard Operating Procedures
Specifically applies to software systems having role-based
workflows
Some systems require long-term commitment

12
 Technical Support

Software usually needs to be looked after

Technical support may include changes and updates
Warranty is focused on bug-fixing
Open-source software comes with minimal initial investment,
but lacks time-sensitive technical support in real-time
operation
Professional software firms vs. crowdsourcing/open-source
software development

13
 Key Challenges: more political & institutional,
less technical

 Strong commitment and political “champions”

 A viable policy setting out clear mutual obligations and standard
operating procedures on software
 A functioning institutional framework with a strongly mandated unit in
charge of the corporate software system
 Clear roles and responsibilities among departments
 Effective coordination and dialogue mechanisms between users
 Software will only be effective if it is used effectively
 Data and analysis are useful only if linked to well functioning dialogue
& decision-making mechanisms

14
 Key Needs

Off-the-shelf, easily modifiable system

 Low maintenance costs
 Greater sustainability
Scalable solution
 To accommodate evolving needs
 From simple to sophisticated
Toward integrated approaches
 To integrate interrelated areas of public and private sector
management in a coherent and useful way

15
 Further reading

 https://www.mindtools.com/pages/article/newTMC_07.htm

16