IT Risk Management Framework
4.3 PO9 Assess and Manage IT risks
4.3.1 PO9.1 IT risk management framework
IT risk management framework is a necessary framework for every successful enterprise. So the City Medical Partners also need their own IT risk management framework. IT risk management framework can avoid the future risks and it also can gain the benefits. And the IT risk management framework need to fit with the risk management objectives of the enterprise - City Medical Partners. The example for risk classifications:
Strategic
Programme
Project
Operational
The new risks must be recorded. So if the same risk is happened again, then people can handle it efficiently and effectively.
4.3.2 PO9.2 Establishment of risk context
Establish of risk context in which the risk assessment framework is applied to ensure appropriate outcomes. Risk context can separate to two part: one is internal context of the risk assessment, another one is external context of the assessment. For City Medical Partners, there are some action needed to improve. Like the risk assessment can be taken from time to time follow the date where the risk assessment needed to be done.
4.3.3 PO9.3 Event identification
Events use the significant changes towards the goal and the operations of an organization. Identify events with a potential negative impact on the goals or operations of the City Medical Partners, it include business, legal, technology, human resources, and operational aspects, etc. According to the goals and objective of the City Medical Partners, the suggestion of the event identification can be implemented.
4.3.4 PO9.4 Risk management
The enterprise - City Medical Partners need to know about each type of the risk. And they also need to understand the characteristics of each type of risk. When the enterprise understand the risk, then they will have the solution to eliminate the risks. Some of the units perform the risk assessment which one think it is
4.3.1 PO9.1 IT risk management framework
IT risk management framework is a necessary framework for every successful enterprise. So the City Medical Partners also need their own IT risk management framework. IT risk management framework can avoid the future risks and it also can gain the benefits. And the IT risk management framework need to fit with the risk management objectives of the enterprise - City Medical Partners. The example for risk classifications:
Strategic
Programme
Project
Operational
The new risks must be recorded. So if the same risk is happened again, then people can handle it efficiently and effectively.
4.3.2 PO9.2 Establishment of risk context
Establish of risk context in which the risk assessment framework is applied to ensure appropriate outcomes. Risk context can separate to two part: one is internal context of the risk assessment, another one is external context of the assessment. For City Medical Partners, there are some action needed to improve. Like the risk assessment can be taken from time to time follow the date where the risk assessment needed to be done.
4.3.3 PO9.3 Event identification
Events use the significant changes towards the goal and the operations of an organization. Identify events with a potential negative impact on the goals or operations of the City Medical Partners, it include business, legal, technology, human resources, and operational aspects, etc. According to the goals and objective of the City Medical Partners, the suggestion of the event identification can be implemented.
4.3.4 PO9.4 Risk management
The enterprise - City Medical Partners need to know about each type of the risk. And they also need to understand the characteristics of each type of risk. When the enterprise understand the risk, then they will have the solution to eliminate the risks. Some of the units perform the risk assessment which one think it is