The Risk Management Framework for Citi Stores Website Development

Verified

Added on  2020/04/29

|29
|4866
|318
AI Summary
22RISK MANAGEMENT RISK MANAGEMENT Risk management-Citi stores website development project Name of the student Name of the university Author Note: Context of the Risk Management Plan 4 Task 1: Risk Management Framework 4 Task 2: Scope and Stakeholders 5 Communication Plan 5 Task 3: Strengths and Weakness 10 PEST Analysis 10 SWOT Analysis 11 Task 4: Risk Identification 12 Task 5: Risk Analysis 14 Risk Register 14 Risk Matrix 17 Task 6: Risk Treatment Options and Risk Implementation and Monitoring 17 Part B 23 Task 7: Risk Monitoring and Evaluation

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Running head: RISK MANAGEMENT
Risk management-Citi stores website development project
Name of the student
Name of the university
Author Note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
2
RISK MANAGEMENT
Table of Contents
Context of the Risk Management Plan............................................................................................4
Task 1: Risk Management Framework............................................................................................4
Task 2: Scope and Stakeholders......................................................................................................5
Communication Plan.......................................................................................................................5
Task 3: Strengths and Weakness...................................................................................................10
PEST Analysis...............................................................................................................................10
SWOT Analysis.............................................................................................................................11
Task 4: Risk Identification.............................................................................................................12
Task 5: Risk Analysis....................................................................................................................14
Risk Register..................................................................................................................................14
Risk Matrix....................................................................................................................................17
Task 6: Risk Treatment Options and Risk Implementation and Monitoring.................................17
Part B.............................................................................................................................................23
Task 7: Risk Monitoring and Evaluation.......................................................................................23
Task 8: Recording and Storage Policy...........................................................................................24
Preamble........................................................................................................................................24
Document Retention Policy...........................................................................................................24
Task 9: Risk Implementation and Monitoring Report...................................................................24
Document Page
3
RISK MANAGEMENT
References......................................................................................................................................28
Document Page
4
RISK MANAGEMENT
Context of the Risk Management Plan
The report is based on the risks involved in managing a website of the organization. The
researcher has selected Citistore, the largest departmental store of Hong-Kong. Websites play a
major role in the development of a company. A proper website helps the management to create a
brand value and increase the communications between the service users and the service
providers. The websites also provide a detailed awareness on the articles that are on sale and the
other types of services that are provided by the organization, share the knowledge and generate
support for the organization. The website is also integral to the operations of the organization.
The modern day websites of an organization are generally integrated with CRM software to
increase their efficiency and make them user friendly. Websites are also considered to be the
epicenter of organizational strategy as they serve as a welcome note for the audiences of the
organization. Citistore has a dedicated website that caters to all the demands of the customers
and also serves the purpose of the company for having a positive impact on the growth of the
organization. Websites generally faces a lot of problems. Experts believe that it is much more
difficult to maintain a website properly than to create one of them. Although the modern day
technologies have acted as a boon for developing the websites on modern lines with the
implementation of the latest technology, there are also some potential threats to the stability of
the websites as serious harm can be done to these websites.
Task 1: Risk Management Framework
There are different frameworks that can be followed to mitigate the risks involved in
maintaining a certain website of an organization. Some of them are;

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
5
RISK MANAGEMENT
1. The citistores website must be designed and formulated in such a way that it follows all
the relevant rules and procedures of the country where it operates. In Australia it is bound
to abide by the Australia Protective Security Policy Framework and the Australian
Information Security Manual which is formulated for ensuring the security of the IT
infrastructure of the different corporate as well as government institutions.
2. The AZ/NZS ISO: 2009 is a certain framework that determines the risk in the context of
the security of the stored information of the organization. Risk is said to be the effect of
uncertainty on the goals of the project. The following framework defines risk to be
considered in a serious manner to eliminate and reduce the risks.
Task 2: Scope and Stakeholders
The risk management process is based upon the development of the new website and its
proper maintenance and functioning. The following management will be based on the
Communication Plan
Group
Participants
Name of
stakeholder
and position
(internal or
external)
Role in risk
management
process
Issues or concerns
raised
Method of
communicatio
n
When and
how often
Managing
director
To
formulate
and
manage
risk
manageme
nt
framewor
Financial matters takes
in the requirements of
budgets, cash flow,
obligations for tax,
management related to
creditor and debtor,
along with general
account and
E-mails,
meetings,
memos
Weekly
Document Page
6
RISK MANAGEMENT
k on a
global
level
To ensure
implement
ation of
risk
administra
tion
structure
and
developm
ent and
ongoing
risk
estimation
of risks
remuneration
management
apprehensions.
Regarding equipments
it generally extends to
the usage of the
equipment in
conducting of the
business and inclusive
of the regular
continuance and
convention, theft
safety and upgrades.
For organizational
perspectives it relates
to the internal needs of
the business, extending
to the structural,
cultural along with
human resources
relevant to the
business.
Security factor takes in
the premises of the
business, people and
the assets. It also
extends the security
purpose of the
information of
company, intellectual
possessions along with
technology.
Legal and regulatory
observance takes into
account the factors of
regulations, legislation,
and practice codes
along with contractual
needs. It also extends
for conformity with
added ‘rules’ like the
Document Page
7
RISK MANAGEMENT
processes and policies
that might be set by the
contracts, social
environment or the
customers.
The factor of
reputation entails the
reputation threat of the
business for the
conducting of the
entity on whole, the
feasibility of the
services along with the
products or the
conducting of the
employees or certain
others connected with
business.
Project
manager
Ensure
implement
ation and
complianc
e with the
risk
manageme
nt policy
and
process
Operational factors
takes in the regular
planning along with
activities of operations
inclusive of people
and supporting the
obligatory within the
business resulting in
successful
improvement and
liberation of products
and services.
Contractual –
Obligations related to
meeting required
within a contract takes
in quality of product or
service, delivery,
warranties and
guarantees,
requirements related to
statutory and insurance
and non-performance.
E-mails Weekly

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
8
RISK MANAGEMENT
Service delivery – It is
generally been related
to the service delivery,
inclusive of the service
quality that is been
provided or in the
manner in which a
product is being
delivered. It takes in
interaction of
customers and service
that is generally after-
sales.
Risk manager To define
the risk
manageme
nt policy
and
implement
manageme
nt
strategies
and
policies
Commercial – It
includes the risks
connected with the
placement of the
market, growth of the
business, development
of product along with
commercial
achievement.
Also the commercial
feasibility of the
products and services
that is generally
enlarging through the
enterprises, retention
along with growth of
the base of customers
and return.
Project – It takes in
equipment
management, finances,
technology, resources
along with the people
who are involved
within the
management process
of projects. Pulling out
the operational
projects of internal
nature, development of
E-mails,
meetings
Weekly
Document Page
9
RISK MANAGEMENT
business and the
external projects like
those assumed for the
clients.
Safety – It takes into
account everyone who
is generally allied with
the business like the
individual, public
safety and workplace.
It also applies to the
cover of the products
or the services that is
being delivered by the
business process.
Junior
supervisor
To
participate
in the
review
and
update of
operationa
l risks
To ensure
that the
risks are
properly
identified,
managed
and
monitored
Workplace safety –
Every business possess
a duty of care that is
being underpinned by
the legislation elated
to State and Federal
agencies. This takes in
the sensible steps that
need to be taken for
protection of the
healthy and safety
measures of everyone
positioned at
workplace.
Occupational health
and safety is
incorporated with the
total strategy related to
risk management
ensuring risks and
exposures are always
recognized and
testified. Measures
should also be taken in
lessening the factor of
exposure to the risks
as much as possible.
Refer to Workplace
E-mails,
meetings
Daily
Document Page
10
RISK MANAGEMENT
safety for more
relevant information.
Management
trainee
Ensuring
that the
risks are
properly
and timely
recorded
to
facilitate
the risk
manageme
nt
reporting
Technology – This
takes into account the
process of
implementation,
protection and
management along
with upgradation with
the technology. It is
being extended in
identifying complex
infrastructure of IT
and loss of the
exacting
function/service for an
extensive epoch of
time. It further takes in
the requirement and
cost advantage
connected with the
technology as part of
the strategy of
business development.
E-mails Daily
Customer
service
representative
s
To ensure
that
proper
services
are
provided
to the
customers
in order to
reduce the
number of
customer
complaint
s
Client-customer
relationship – Probable
loss of the clients due
to the existing internal
and external factors.
E-mails Daily

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
11
RISK MANAGEMENT
Task 3: Strengths and Weakness
PEST Analysis
Political Economic
The regulations of web data security in
different countries
The policies of the company and the
country on web security
Increase in reputation leads to increase
in revenue
Proper Savings from displaying other
web contents like advertising
Social Technological
Different social media sites can be
helpful to interact with the service
users
Customers voice their concerns which
are addressed with the help of social
media
Latest technology to maintain the
website
Use of Cloud technology helps to bring
modern features and efficiency
SWOT Analysis
Strengths Weaknesses
Website must not be complex in nature
and should be easier to operate
Website must be attractive and
appealing to the service users
The failure to optimize the website for
use in phones at a age when smart
phones rules the world
Document Page
12
RISK MANAGEMENT
The long queue of confirmation
process
Opportunities Threats
The website must be simple
The language should be
understandable and must have a
translate option to a number of
different leading languages of the
world
Use of Social media in a large scale
Website hacks
Task 4: Risk Identification
Some of the most common problems that are;
1. Poor Designing- The poor designing of the websites is one of the main problems of the
industry. Unattractive websites reduces the brand value and the reputation of the
company. Designing the websites is believed to be a work of art and thus the simplicity
of the websites makes the page unattractive to the customers. The absence of graphic
designing in the websites creates a constraint for the industry. Therefore designing of the
websites must be done by an expert website designer to increase the brand awareness of
the company (Amin & Hussin, 2014).
Document Page
13
RISK MANAGEMENT
2. Exposure of E-Mail Address- There are many companies in the market that publish their
e mail addresses openly in the internet to communicatte4 easily with the service users.
However these pose an essential risk as because the emails are filled up with spam mails
or there are chances of the mails being hacked. The absence of latest encryption
technologies also does not help the organization as because there are a number of
different
3. Broken Links- The most common problems with the websites is the breakup of the links.
There are often times when the site stops working. This may happen due to various
reasons. But this may lead to a number of problems for the organization as ;
Google may impose a penalty for not keeping the website content updated
The users of the system will be frustrated and will come to the conclusion that the
people behind the maintenance of these websites fails to regularly keep a close tab
on the website.
4. No Mobile Version- If the website fails to have a specialized mobile version the company
is automatically bound to lose at least 20% to 30% of the users who may have surfed t he
website. In times when smart phone have become the lifeline of the younger generation
the organizations must make sure to create the mobile versions of the website for all
types of service users.
Some of the most common types of risks that exist are;
1. Huge budget increase
2. Lack of preparation before the start of the web development process
3. Decision making process gets stagnant due to the involvement of a large number of
stakeholders.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
14
RISK MANAGEMENT
4. Sudden Change in the whole system in the midst of the project.
Task 5: Risk Analysis
Risk Register
Category
ID
Risk
Description
Consequence
rating
Likelihood
rating
Existing controls
Mitigation actions
Cost
Risk level
Risk priority
Risk owner
Risk rating after treatment
Review date
Risk control reviewer
Document Page
15
RISK MANAGEMENT
Provi
de a
uniqu
e ID
no.
Describe the risk &
impact on org.
e.g.
serio
us
e.g.
likely
Any
existing
manage
ment /
treatmen
t control
already
in place
Specify
planned
strategies.
May be
preventati
ve or
contingen
cy
$
e.g
.
hig
h
e.g
.
1
e.g.
Name
of
person
&
positio
n
e.g
.
hig
h
to
low
Da
te
Nam
e
Document Page
16
RISK MANAGEMENT
1596
Poor designing of
the website:
Unattra
ctive
website
s
reduces
the
brand
value
and the
reputati
on of
the
compan
y.
Designi
ng the
website
s is
believed
to be a
work of
art and
thus the
simplici
ty of the
website
s makes
the page
unattrac
tive to
the
custome
rs. The
absence
of
graphic
designin
g in the
website
s creates
a
con
straint
for the
industry
Serio
us Likely Yes
designi
ng of
the
website
s must
be done
by an
expert
website
designe
r to
increas
e the
brand
awaren
ess of
the
compan
y
$10,
000
Hi
gh 1
IT
depart
ment
Hig
h-
low
NA 31/10
/17

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
17
RISK MANAGEMENT
2365
Exposure of e-mail
address:
Emails are filled up
with spam mails or
there are chances
of the mails being
hacked.
Absence of latest
encryption
technologies also
does not help the
organization.
Serio
us Likely Yes
Implement
ing latest
encryption
technologi
es for the
email
address
$25,
000
Hi
gh 1
IT
depart
ment
Hig
h-
low
NA 05/11
/17
7895
Broken link:
The site stops
working
Google may
impose a penalty
for not keeping the
website content
updated
The users of the
system will be
frustrated and will
come to the
conclusion that the
people behind the
maintenance of
these websites
fails to regularly
keep a close tab
on the website
Serio
us Likely Yes
Recomme
nding the
use of
Xenu link
Sleuth
and other
protective
links
$12,
000
Hi
gh 1
IT
depart
ment
Hig
h-
low
NA 06/11
/17
6571
No mobile version:
The company is
automatically
bound to lose at
least 20% to 30%
of the users
Medi
um Likely Yes
Launching
mobile
app by
considerin
g the
demand of
the
customers
$20,
00
Hi
gh 2
IT
depart
ment
Hig
h-
low
NA 10/11
/17
Document Page
18
RISK MANAGEMENT
Risk Matrix
Impact
Very Low Low Medium High Very High
Very
High
A slow decision
making process
as it involves a lot
of shareholders
Lack of Preparation
before starting the web
development process
The absence of
popular support by the
sponsors of the project
High Increasing the
overall budget of
the particular
project
The problems arising
when there is a formal
request for change in
the project when it is
almost completed
Medium
Low
Very
Low
Task 6: Risk Treatment Options and Risk Implementation and Monitoring
Project/Function/Activity: Risk treatment plan
1. Risk: Huge budget increase Risk ID #: 1
Document Page
19
RISK MANAGEMENT
Summary:
The managers and the people in charge of the project must
have a proper and transparent estimate of the project cost and
have an efficient monitoring plan to control the budget and
prevent it from increase
Action Plan
1. Proposed actions
Must use detailed information regarding the project
Control the budget tightly
Tight monitoring
2. Resource equipment
Project tool and related software used in such cases of monetary control
3. Responsibility (overall accountability for Actions)
Manager in charge of the project
4. Timing (specific milestones)
Review reports both weekly and monthly
Meetings
5. Repeating and monitoring required
Management software
Timeline

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
20
RISK MANAGEMENT
6. Monitoring record
Management software and tools
Compiled By: Date: Reviewed by: Date:
Project/Function/Activity: Risk treatment plan
Risk: Lack of preparation before the start of the web
development process
Risk ID #: 2
Summary:
Assembling all the different information and efficient planning
Action Plan
1. Proposed actions
Collection of all information
The use of different effective methods that will be helpful to tackle any organizational changes
Effective planning for the management of the project
2. Resource equipment
Document for the planning of the project
Development and testing of the website
Responsibility
Document Page
21
RISK MANAGEMENT
project manager
4. Timing (specific milestones)
Use of the required document
Engagement of the stakeholders
Planning the project
5. Repeating and monitoring required
Daily meetings to assess the improvement
Continuous assessment
Weekly progress reviews
6. Monitoring record
User requirement document
Management of the project plan
Compiled By: Date: Reviewed by: Date:
Project/Function/Activity: Risk treatment plan
Risk: Decision making process gets stagnant due to the
involvement of a large number of stakeholders.
Risk ID #: 3
Summary: Involve less number of stakeholder
Action Plan
Document Page
22
RISK MANAGEMENT
1. Proposed actions
Involve less number of stakeholder
Effective communications with stakeholders
Reporting clearly to the stakeholders
2. Resource equipment
Stakeholder management
3. Responsibility (overall accountability for Actions)
Project manager
4. Timing (specific milestones)
Weekly stakeholder meetings and preparing proper reports
5. Repeating and monitoring required
Stakeholder management document
6. Monitoring record
Stakeholder Document for communicating effectively and properly
Compiled By: Date: Reviewed by: Date:
Project/Function/Activity: Risk treatment plan

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
23
RISK MANAGEMENT
Risk: Sudden Change in the whole system in the
midst of the project
Risk ID #:4
Summary: Managing the project effectively from the
beginning of the project. It uses a project management
approach that is effective to change and allows
severalchanges
Action Plan
1. Proposed actions
Legalization of the documents
Involvement of the client throughout the project and make sure that it has been implemented by the
project team
Effective management of the project scope
2. Resource equipment
Documents required by the user
Management documents that defines the scope of the project
Project management plan documents
3. Responsibility (overall accountability for Actions)
Manager in charge of the project
4. Timing (specific milestones)
Weekly progress reviews
Displaying work breakdown structure where all developers and client can see them
5. Repeating and monitoring required
Document Page
24
RISK MANAGEMENT
Gantt chart
6. Monitoring record
User requirements document
Scope management document
Compiled By: Date: Reviewed by: Date:
Part B
Task 7: Risk Monitoring and Evaluation
Risk Monitoring Tool Monitoring Performance after risk
treatment
Increase in budget To control the cost in
an effective manner
Use of effective management tools and
management software
Lack of preparation before
the start of the web
development process
Keeping or allocating
long time to plan
Meetings must be
conducted to have a
clear idea
Greater awareness, better idea, proper
preparation, better anticipation reduces
the risk
Decision making process
gets stagnant due to the
involvement of a large
number of stakeholders.
Preparing a
Stakeholder
identification and
management plan
Key stakeholders identified and an
appropriate communications put in place
and used for communication; decisions
are now made faster leading to reduced
risk
Sudden Change in the
whole system in the midst
Proper and efficient Proper scope management strategy,
following proper methods to adopt to
Document Page
25
RISK MANAGEMENT
of the project management
Scope management
sudden changes
Task 8: Recording and Storage Policy
Preamble
Risk Management of large organizations like Citi stores have to be maintained in such a
way that it protects the internal information of the organization. The organization has installed
SCRUM Master which is designed to make necessary changes to the risk management
document. It helps the management of the following organization to get a printed receipt of the
company whenever required. It can be used for reviews, internal assessments and used to assess
the risks while a meeting takes place. The following is printed on a hard copy or a soft copy
whenever needed by the organization.
Document Retention Policy
The following project will be requiring a high quality and accurate records that will be
used to execute the project. The document can be archived and stored for a period of seven years
in the organization. These documents are archived to help the organization when the company
faces any legal problems from managing risks.
Task 9: Risk Implementation and Monitoring Report
The categories of risk would be helping the break-down of the procedure for the
prospective recognition of risk. It is significant in remembering the fact that identification of risk

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
26
RISK MANAGEMENT
would be restricted by the knowledge and viewpoint of those carrying out the analysis of risk.
The areas of problems along with the risks need to be best recognized by the usage of consistent
foundations. There exist several examples of risk in the business of risk. The categories of risk
need to be taken in one by one, offering a structured method in the identification of the risk. This
enables bigger focus on an exacting group, stimulating the thought process and augmenting the
opportunity in recognizing a wider assortment of risks.
Common categories of risk recognized by the management of citistore take in:
1. Financial: It takes in the cash flow, requirements of budgets, obligations of tax, general
accounting concerns of management and remuneration.
2. Equipment: It generally extends to the usage of the equipment in conducting the business
including the continuous use, depreciation, and theft and maintenance factor.
3. Organizational: It relates to the business’s internal needs and extending to the structural,
human resources and cultural aspects of the business.
4. Security: This takes into account the premises of the business, people and assets. It generally
extends to the security of the information related to the company, intellectual property along with
technology.
5. Legal and Regulatory compliance: Takes into account the factors of legislation, standards and
regulations along with the contractual requirements. It also extends to the added rules like the
procedures, policies that might be set up by the contracts, social environment and the customers.
Document Page
27
RISK MANAGEMENT
Given the complexity of risk management (and the rather long list above), the following four
categories have been provided to simplify the types of risk an organization and/or industry may
face.
Risk to Physical Assets – By looking around your work environment, you will see
physicality in terms of furniture and furnishings, equipment (such as computers and
photocopiers), personal property and even landscaping. Here the risk comes from a range
of sources including mishandling equipment due to a lack of training or poor
maintenance resulting in injury
Risk to Financial Assets – These are the assets with monetary value such as cash, equities
and contractual rights to receive funds into the future. Of course, burglary and theft are
high on the list here but also embezzlement should be considered.
Risk to Human Assets – This is the realm of Workplace Health & Safety (aka OH&S)
and significant emphasis is placed on risk minimization here, especially given the
potential for loss of life if risks are not managed appropriately. There is also the financial
burden in cases of litigation (suing) and time off work for employees (Williams, Siebers
& Xun, 2014).
Risk to non-physical Assets – Although this may appear to be a catch-all category, non-
physical assets covers the intangibles of a business and present a set of risks that have
become very relevant with the advancement of technology. Information stored in an
electronic environment or software developed for your business are valuable and to be
protected. Instances of cyber-hacking have become a common problem and have created
Document Page
28
RISK MANAGEMENT
great concern for some business (especially those who store personal details such as
credit card information).
Having a translucent knowledge of the segments of risk can help the organization in
planning of the risk and communication of the risk information. They offer a formation for
recognizing the risk factor and are often recognized at initial level through the exercise of
brainstorming. Adding to that is the understanding of the segments assisting the owners of the
business in selecting the best possible tools and techniques for the identification of risk and
evaluation. For instance, if a exacting category of risk is generally technical in nature, the
methodology of identification of risk would involve important research and compilation of the
existing information about the exposure of risk. A risk segment with more strategic focus, like
the commercial risk, might engross a structured workshop.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
29
RISK MANAGEMENT
References
Amin, M. R., & Hussin, H. (2014, November). E-commerce adoption in SME retail sector: A
conceptual model. In Information and Communication Technology for The Muslim World
(ICT4M), 2014 The 5th International Conference on (pp. 1-6). IEEE.
April, B. (2016). U.S. Patent No. 9,241,004. Washington, DC: U.S. Patent and Trademark
Office.
Bogorad, W., & Antonov, V. (2014). U.S. Patent No. 8,667,587. Washington, DC: U.S. Patent
and Trademark Office.
Chen, H., Beaudoin, C. E., & Hong, T. (2017). Securing online privacy: An empirical test on
Internet scam victimization, online privacy concerns, and privacy protection
behaviors. Computers in Human Behavior, 70, 291-302.
Chen, R., Gokhale, M., Phillips, E., Wang, L., Nijjer, R., Grover, S., ... & Tsai, J. (2014). U.S.
Patent Application No. 14/488,115.
Da Silveira, A. C. P., Nijjer, R., Mukherjee, R., & Grover, S. (2014). U.S. Patent Application No.
14/488,102.
Gao, X., Yang, Y., Fu, H., Lindqvist, J., & Wang, Y. (2014, November). Private browsing: An
inquiry on usability and privacy protection. In Proceedings of the 13th Workshop on
Privacy in the Electronic Society (pp. 97-106). ACM.
Gutteling, J. M. (2015). Risk communication. John Wiley & Sons, Inc..
Haimes, Y. Y. (2015). Risk modeling, assessment, and management. John Wiley & Sons.
1 out of 29
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]