When identifying the risks, why should you do the following?

   Identify the context for risk management

               It is important to understand for an organization that they must develop a context for risk management because, without a proper context, they would never be able to manage risks effectively. It is vital to look at internal as well as external environment, in which any risk can happen. They will have to realize which factors are driving their business, and how things are being managed on an operational level. Moreover, they will have to keep an eye on legal matters as well, which defines the overall operations of their business. This is how they will be able to develop a great context for their risk management strategy (Snedaker, 2013)

·         Identify risks using tools, ensuring all reasonable steps have been taken to identify all risks

               Risks can happen at any stage in an organization and these risks can be associated with employees or equipment. For instance, an organization can identify certain risks by taking evaluation measures into account. They can evaluate a job role being performed by an employee, if an employee is dealing with sensitive information, then there is a risk that information may get leaked, so all measures should be taken to avoid such risks. On the other hand, if there are various types of equipment being used by employees, and then all the safety measures should be ensured during the evaluation process so that employees remain safe when they use those types of equipment and machinery (Melton, 2008)

·         Document identified risks in accordance with relevant policies, procedures, legislation and standards?

               It is vital for an organization that they document all kinds of risks, which can be possible in the work processes so that they can evaluate that which risks are in line with the policy, and which ones are going against the policy. Moreover, there can be risks, which may go against certain laws, so it is viable to do documentation of all risks, and those risks should be avoided which are against the law or overall organizational policy.

2. When analyzing and evaluating the risks, why should you do the following:

·         Analyze and document risks in consultation with relevant stakeholders

               An organization cannot document its possible risks without taking its stakeholders into consideration. For instance, if an organization is trying to measure workplace hazards, which can be there due to using certain dangerous machinery, and they don’t talk to employees, who are actually working at the ground, then proper risks cannot be identified without their consultation. The relevant employees and stakeholders should always be consulted for proper risk identification and management (Brown, 2008)

·         Undertake risk categorization and determine level of risk

               It is vital to understand that all risks do not come with the same length and intensity in their outcomes, so it is crucial to categorize each risk as per its risk level. Some risks can be more dangerous and serious as compared to others, whose impact is minimal. So, it is recommended that different categories should be developed by making a categorization chart, in which each risk is given a certain level. For instance, a risk categorization chart can have categories such as low-level risk, mid-level risk, high-level risk, likely, most likely, or unlikely risk, etc. (The State of Queensland, 2016)

·         Document analysis processes and outcomes?

               The clear documentation is needed to analyze overall processes and their outcomes in relation to risk management. A proper document should be maintained on how things will be done, and how it will be evaluated from time to time. For instance, a daily, weekly and monthly review can be considered to see if things are going well within the guidelines, and if any risk has been identified, it is mitigated accordingly. When proper documentation is maintained, and any legal issues occur, the organization can have documentary evidence in their hands to show.

Part B – Written Assessment

1. Details of the risk situation

               A financial organization is managing financial data of its variety of clients, and they use software to store all the information and records. In this software, all kinds of information of the client is stored such as their credit card numbers, names, contact details as well as various other sensitive data. The risk is that if any virus attacks the software, then all the data can be lost, or if any outside hacker attacks the data, he/she can get access to all the sensitive information of clients.

2. Who you needed to communicate with during the work undertaken, including relevant stakeholders, colleagues and management

               It is important to discuss the risks with all the stakeholders. First of all, feedback is taken from employees like what they think about to manage these risks. The top management will also be consulted to get go-ahead for any policy matters to deal with the risks. The organization will also consult with IT and security experts as well as other relevant companies to get a view from them for managing such kind of risks.

3. The research and analysis made and how you presented your findings

               It was important for the organization to do some considerable research so that critical findings can be made for the above-mentioned risks. For instance, I consulted with all the experts who are related to cyber-security and safety. I consulted with the experts to know about legal guidelines and matters to keep things safe & secure. I also analyzed the last 12 months' data and facts of the organization to see if any data loss incident had occurred in the last, what was the extent of the incident, and how it was dealt with accordingly. I also called for a group meeting, where the discussion was made for such risks, and viable remarks were taken from all the participants. The minutes of the meeting were recorded so that these findings can be considered while making future decisions.

4. List the all identified risks in work areas by using Risk Register Form

5. Did you need to refer areas of risk to others, due to the risk being under another work area

               It is important to mention here that risk was not reported to anyone else other than our own department manager as well as the IT department, who are responsible for the management and security of the information management systems of the organization. The top management consent was already taken to take any considerable measures so risks were not shared with anyone else because there was no need to do so.

6. What legislative and organizational policies/procedures that you needed to consider for your risk management

               It is vital to mention here that any legislative issue was not associated with these risks, which have been mentioned earlier; rather it was more relevant to the organizational policy and procedures. We have made a policy that we will protect the information and data of our clients at any length, and if we make any mistakes, we will be liable to them. In a previous incident, all the lost data was restored, and clients had to face no problem. In this risk management policy, we wrote that if any data will be lost, and clients will incur any financial loss, we will pay back those financial losses, if any issue happens. But at first place, we hired new security experts to install and implement new security and safety measures, and clients were also given proper guidelines that how they can access or retrieve data so that no one else can see or attack data from outside.

References of Risk Management

Brown, T. (2008). PROJECT MANAGEMENT: STAKEHOLDER RISK MANAGEMENT. Retrieved Novembeer 27, 2019, from https://www.projectsmart.co.uk/project-management-stakeholder-risk-management.php

Melton, T. (2008). Managing Project Delivery: Maintaining Control and Achieving Success. Butterworth-Heinemann.

Snedaker, S. (2013). Business Continuity and Disaster Recovery Planning for IT Professionals (2nd Edition ed.). Newnes.

The State of Queensland. (2016). Analyse and evaluate the impact of risks. Retrieved November 27, 2019, from https://www.business.qld.gov.au/running-business/protecting-business/risk-management/preparing-plan/analyse