1
-------------------------------------------------
Understand how Risk Management works. Risk is the effect (positive or negative) of an event or series of events that take place in one or several locations. It is computed from the probability of the event becoming an issue and the impact it would have (See Risk = Probability X Impact). Various factors should be identified in order to analyze risk, including: * Event: What could happen? * Probability: How likely is it to happen? * Impact: How bad will it be if it happens? * Mitigation: How can you reduce the Probability (and by how much)? * Contingency: How can you reduce the Impact (and by how much)? * Reduction = Mitigation X Contingency * Exposure = Risk – Reduction
* After you identify the above, the result will be what’s called Exposure. This is the amount of risk you simply can’t avoid. Exposure may also be referred to as Threat, Liability or Severity, but they pretty much mean the same thing. It will be used to help determine if the planned activity should take place. * This is often a simple cost vs. benefits formula. You might use these elements to determine if the risk of implementing the change is higher or lower than the risk of not implementing the change. * Assumed Risk. If you decide to proceed (sometimes there is no choice, e.g. federally mandated changes) then your Exposure becomes what is known as Assumed Risk. In some environments, Assumed Risk is reduced to a dollar value which is then used to calculate the profitability of the end product. 2. -------------------------------------------------
2
-------------------------------------------------
Define your project. In this article, let's pretend you are responsible for a computer system that provides important (but not life-critical) information to some large population. The main computer on which