These presentations will look at how an organisation may identify and manage risk more generally as well as identifying some specific risks – such as those posed by the organisation’s premises and its location, its customers, its suppliers, its staff, its financial transactions, its information technology and its competitors – how they may emerge and provide some strategies to manage them.
In an increasingly electronic age, the risk posed by information technology (IT) increases significantly. Have you ever noticed how little work is done in the office when the “server is down” or the power is temporarily disconnected? All organisations rely on IT to a lesser or greater extent and the level of risk created by using IT increases as the organisation becomes more reliant on it. What are the risks here and how might we go about managing them?
Most organisations have become heavily reliant on IT and if it wasn’t available the organisation may simply not be able to operate. Just think of how much damage may be caused by the absence of the EFTPOS system during a high sales period. Given the propensity of buyers to use cards of various types when buying goods and/or services this could be disastrous for your organisation. There are many other risk areas associated with IT, including:
IT service delivery: do all the software applications, including those we can’t live without such as Word and Excel, work as intended? Do they all provide an accurate representation of the data?
IT solution delivery: do you integrate IT solutions into daily work processes so that the business runs more efficiently and effectively?
IT benefit realisation: do you not only understand the cost of implementing an IT solution but also the cost of not doing so? Some IT outlays seem not to make economic sense yet they are necessary simply to keep pace with the industry.
Some strategies for managing these risks include:
Make sure you have an uninterrupted power supply unit for when the power is temporarily disconnected. This will, at least, allow you to save all current work and close all open applications properly thus avoiding any incorrect closure glitches.
Make sure all servers, networks, desktops and laptops are protected against viruses and other forms of cyber disruption as well as power surges to assure the integrity of the IT system.
Back up data regularly, ideally on a daily basis unless you process significant amounts of data when a more frequent back up may be appropriate, and store back up media off site. That way you’ll be able to recover a difficult situation quickly.
Make sure IT support staff are either on site or available within an acceptable timeframe to limit the amount of down time due to an IT failure.
Ensure all employees are trained, and regularly updated, in the use of any application software they are required to use regularly as well as conducting general IT training sessions on a regular basis. This will minimise the possibility of human error in the use of IT equipment.
Limit the use of the internet, perhaps to a specially designated research area, to limit the impact of a possible cyber-attack.
These are just a guide to the sort of generic strategies you may consider. As with all things, there will be some very specific strategies that may be developed that are germane to your own business. At Park Advisory we understand that thinking of relevant strategies may be easier for someone not directly involved in the organisation and would be more than happy to assist you in devising an IT risk management plan that covers all sources of IT risk germane to your organisation. Please do email us at firstname.lastname@example.org for a free, no obligation initial consultation.