Embedding Sound Risk Management Practices into an Organization
Core principles for risk management adoption within an organization.
As contributor Kim Mays defines it in her Knowledge Network definition document, "risk management involves investigating, alleviating, and policing potential risks. To perform risk management, it is important to consider risks from all angles including disasters, attacks, failures, etc."
Those risks can come in many forms, including natural disasters, malicious hackers, equipment failures, and plain old lack of communication. How does an IT manager or other decision-maker consider all those angles in an organized fashion and keep stakeholders informed?
As a good conceptual starting point, Mays cites the U.S Environmental Protection Agency measures for effective risk assessment and management:
Use these templates to minimize risks both at the project and organizational level: