Risk Management Template

STRATEGIC PLANNING

& ARCHITECTURE

Risk Management Template Electronic Government Directorate (Strategic Planning & Architecture)

Version: Draft July 2005

Risk Management Template

1

STRATEGIC PLANNING

& ARCHITECTURE

Table of Contents Document History................................................................................................................ 3 1.Introduction.......................................................................................................................4 1.1.Purpose ......................................................................................................................5 1.2.Disclaimer.................................................................................................................. 5 1.3.Location and Currency of Document......................................................................... 5 2.Objective........................................................................................................................... 5 3.Notations........................................................................................................................... 6 3.1Example...................................................................................................................... 6 4.Development Approach.................................................................................................... 7 5. Verification & Validation.............................................................................................. 7 6.References.........................................................................................................................7

Risk Management Template

2

STRATEGIC PLANNING

& ARCHITECTURE

Document History Name

Date

Mahesh Ahuja

31/07/05

Risk Management Template

Comments

Version 1.0

3

STRATEGIC PLANNING

& ARCHITECTURE

1. Introduction A risk is a future event which may adversely affect the project. The risk is defined as: “The potential that a given threat will exploit vulnerabilities of an asset or group of assets to cause loss or damage to the assets.” The impact or relative severity of the risk is proportional to the business value of the loss / damage and to the estimated frequency of the threat. In this context, risk has the following elements:  Threats to, and vulnerabilities of, processes and/or assets (including both physical and information assets)  Impact on assets based on threats and vulnerabilities  Probabilities of threats (combination of the likelihood and frequency of occurrence) Business Risks are those threats that may impact the assets, or processes, or objectives of a specific business or organization. The nature of these threats may be financial, regulatory or operational and may arise as a result of the interaction of the business with its environment or as a result of the strategies, systems, processes, procedures, and information used by the business. Risk Management is the process of identifying vulnerabilities and threats to an organization’s information resources in achieving business objectives and deciding what countermeasures, if any, to take in reducing the level of countermeasures and deciding which, if any, to take in reducing risk to an acceptable level, based on the value of the information resource to the organization The process of risk management begins with identifying business objectives, information assets and the underlying systems or information resources that generate/store, use or manipulate the assets (hardware, software, databases, networks, facilities, people etc.) critical to achieving these objectives.

Risk Management Template

4

STRATEGIC PLANNING

& ARCHITECTURE

1.1.Purpose This document provides help in preparing the risk catalog for the business or an organization or specific project in focus. The catalog will help in deriving Risk Management Process.

1.2.Disclaimer EGD accepts no liability for the content of this document, or for the consequences of any actions taken on the basis of the information provided, unless that information is subsequently confirmed in writing.

1.3.Location and Currency of Document This document is part of EGD framework and is retrieved through www.pakistan.gov.pk portal. The document may be updated as and when required. It is the responsibility of user to download the current version.

2. Objective The prime objective is to identify and manage the risks before they will exploit vulnerabilities of an asset or group of assets to cause loss or damage to the business.

Risk Management Template

5

STRATEGIC PLANNING

& ARCHITECTURE

3. Notations Content

Description

Risk identification Risk Probability Risk Impact Status Risk description Risk Consequences

<> <> << Based on threats and vulnerabilities. It may be High, Medium or Low>>

Risk Mitigation

3.1

<> <> <>

Example

Content

Description

Risk identification Risk Probability Risk Impact Status Risk description Risk Consequences

IT-literacy in Federal Government High High Open Currently, few persons at the Federal Government are IT literate. The usage of deployed systems and basic infrastructure and the adoption of new e-enabled processes will be very low. Basic computer training be made mandatory for all Federal Government employees of Grade BPS-5 and above. Additionally, Ministry and role specific training should be imparted to ensure maximum usage and benefit realization from E-Government programs.

Risk Mitigation

Risk Management Template

6

STRATEGIC PLANNING

& ARCHITECTURE

4. Development Approach √ Identify all the Risks √ Determine the probability and frequency of occurrence √ Determine the consequences of risk i.e. what damages it can create to business value √ Analyze how the risks can be mitigated.

5.

Verification & Validation √ The consequences of risks should be clearly mentioned and understood by all stakeholders. √ This risk mitigation strategy should also be clear and understood by all stakeholders.

6. References 6.1

2003 CISA Review Manual

Risk Management Template

7