Riskmanagement for Information Technology systems involves theapplication of principles of risk management in order to preventthreats associated with the field. One of the IT risk assessmentframeworks developed to help guide individuals through the process isthe Operationally Critical Threat, Asset and Vulnerability Evaluation(Crouhyet al., 2012).It comprises tools and techniques for risk based information securityassessment. There are numerous strengths and weaknesses associatedwith this approach

Oneof the strengths of this framework is that it is well documentedbecause it was developed by knowledgeable people. The other strengthis that it can be used to assess risk because it can be easilymodified. It means they can be customized to address risk inparticular work environment (Crouhyet al., 2012).Most people consider it as self-directed. This helps personnel in theorganization and IT experts to work together in order to solve thesecurity of the company. It also provides for collaboration betweenrisk assessment and the management process. The framework is withoutsome weaknesses. Experts say that one of the greatest weaknesses isthat they are complex as compared to other frameworks (Crouhyet al., 2012).Some spend days trying to comprehend its importance in theorganization. The other weakness is that it does not computeadjustments based on controls.


Riskmanagement is crucial in an organization because it helps controlcost, strategic planning, and better utilization of resources as wellas making well informed decisions. The information technology systemsin the organization should be reviewed and documented. It is alsoimportant to assess risk during the life cycle of the project inorder to make informed decision regarding the project (Crouhyet al., 2012).This helps the project manager to develop risk mitigation techniques,negotiate for fair agreements as well as improve the team work. Theother important element to consider is risk audits. This entailsdocumenting and examining the root cause of identified risks and theeffectiveness of the process. There should be an established formaton how they will be carried out and performed frequently (Crouhyet al., 2012).

Varianceand trend analysis helps the project manager to know how project isperforming and the degree of completion. He is also able to identifywhether the project is on the right track or there are deviationsthat need collection. Reserve analysis refers to a technique used inascertaining the project budget. The project management plan isreviewed to determine any risks associated with the project. Areserve is then established to mitigate these risks (Crouhyet al., 2012).A project status review refers to frequent meeting and discussionsthat analyze how the projects are progressing. It is a managementtool that most project managers adapt to coach team members anddiscuss the key issues affecting the progress (Crouhyet al., 2012).


Organizationsare increasingly becoming reliable on outside vendors to supply themwith the goods and services needed to run the company. It decides tooutsource in order to cut costs. As the project manager of a largehealthcare IT organization, there are numerous things I would do inorder to coordinate my role including risk management (Crouhyet al., 2012).One of the roles is monitoring contractual contracts. It helps securesale tenders form venders. Evaluating these agreements ensures thatthe venders comply with the terms and conditions. The other importantrole is managing relationships. An effective management of theserelationships between the company and external sources ensures thatthere is a continuous delivery of products and services that meetcustomer needs. Documentation is essential as the company`sprocurement details need proper record keeping. It facilitates easierreviewing of purchase records, stock, cost and deliveries amongothers. The other role is problem resolution. As the project manager,it is my duty to solve all the vendor problems. In certaincircumstances I can be forced to report issues such as delays indelivery to the management for necessary actions.


Organizationalknowledge risks

Itis important to establish organizational knowledge risks from pastprojects because it will help the project manager identify potentialrisks as well as estimating their likelihood and impact (Crouhyet al., 2012).Knowledge acquired in previous projects helps the manager inpreventing the occurrence of such risks and they develop contingencyplans to address these issues.

Projector process scope

Theprocess scope refers to the boundaries that explain the extent of theproject. They define the elements that fall within or outside theproject when planning. It is important for the project manager todetermine whether the activities are in scope or out of scope as theproject moves forward. This helps in assessing the risk areas (Crouhyet al., 2012).It is the duty of the project manager to anticipate and communicatethe likelihood and impact of these risks to the project forcollective actions.

Riskmanagement plan

Arisk management plan refers to a document prepared by the projectmanager in order to estimate the impacts of risks and the measures toaddress these issues. It helps prevent minor issues from developinghuge and uncontrollable. Project managers forecast the occurrence ofa certain risk and develop ways to mitigate the problems related tothese risks (Crouhyet al., 2012).


Itrefers to a document that records all the identified potential risksthat may interfere with the project. Risks including probability,category, cause, proposed and current status are recorded (Crouhy etal., 2012). It is a comprehensive document and all the items thathave a high or expected probability of occurring are identified.Project managers use the risk register as a management tool thathelps them manage risks to acceptable levels.


Ittakes a special set of skills to become a leader and manage people inan organization. As the CEO of a health care organization, there arecertain characteristics that project managers should posses in orderto prosper in this job. First, he should have a sense of theorganization. The organization is large and hence he should be ableto handle the projects in an organized manner. The other feature isthat he should be able to motivate employees. The project teammembers vary according to the size of project. The managers should beable to reward workers for their hard work and sometimes issue moreresponsibility to get better results.

Theproject manager should be able to communicate instructions anddecisions to the stakeholders of the company. He should be able toexplain issues from a business point of view depending on the projectin question. The other important characteristic is that the managershould be able to react to changes. Projects are by natureunpredictable because deadlines can be pushed forward or backward andpeople will come to you for answers. The last feature is that heshould be able to distinguish what to do and delegate. In cases oflimited time, he should let others perform their bit.


Crouhy,M., Galai, D., Mark, R., &amp Ebrary, Inc. (2012).&nbspRiskmanagement.New York: McGraw Hill.

Related Posts

© All Right Reserved