IT Risk Management Report: Aztek Financial Company Analysis
VerifiedAdded on 2020/04/07
|25
|5090
|36
Report
AI Summary
This report provides an in-depth analysis of IT risk management within the context of Aztek Financial, an Australian financial services company. It examines the challenges faced by Aztek, particularly in implementing new technologies and mitigating cyber threats. The report explores the financial services sector's landscape, highlighting the increasing IT risks associated with data security and cyberattacks. It details the IT risk assessment process, including qualitative and quantitative analysis, and introduces the IT risk framework. The report emphasizes the importance of cloud computing and its impact on data security. It concludes with recommendations for mitigating risks, such as using firewalls and malware protection. The report highlights the need for robust IT governance and risk management strategies to ensure the company's stability and growth in the face of evolving threats. The report emphasizes the importance of IT risk management as a business enabler, focusing on both protecting against value destruction and enabling value generation. The report highlights the importance of identifying and managing potentially critical IT risk issues. It suggests that IT risk management is a business enabler, not an inhibitor.
Running head: IT RISK MANAGEMENT
IT Risk Management
Name of the Student
Name of the University
Author’s Note
IT Risk Management
Name of the Student
Name of the University
Author’s Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1
IT RISK MANAGEMENT
Executive Summary
This report focuses on the IT Risk management on the business organization in the market. The
Aztek Financial Company is implementing projects in the management that helps in maintaining
the security of the data and information. The current state of the financial service sector has been
depicted in the report. The challenges in the company has been shown in the report. The IT risk
framework has been described properly. The IT risk principles has been provided in the report.
The recommendations has been provided in the report for mitigating the issues in the company.
The use of the firewalls and malwares has been depicted in the report.
IT RISK MANAGEMENT
Executive Summary
This report focuses on the IT Risk management on the business organization in the market. The
Aztek Financial Company is implementing projects in the management that helps in maintaining
the security of the data and information. The current state of the financial service sector has been
depicted in the report. The challenges in the company has been shown in the report. The IT risk
framework has been described properly. The IT risk principles has been provided in the report.
The recommendations has been provided in the report for mitigating the issues in the company.
The use of the firewalls and malwares has been depicted in the report.
2
IT RISK MANAGEMENT
Table of Contents
Introduction......................................................................................................................................3
Financial Services Sector Overview................................................................................................3
Impact on current project.................................................................................................................6
Risk assessment...............................................................................................................................8
Risk IT Principles..........................................................................................................................11
Qualitative Risk analysis...........................................................................................................16
Quantitative Risk Analysis........................................................................................................16
Recommendations..........................................................................................................................17
Conclusion.....................................................................................................................................18
References......................................................................................................................................20
IT RISK MANAGEMENT
Table of Contents
Introduction......................................................................................................................................3
Financial Services Sector Overview................................................................................................3
Impact on current project.................................................................................................................6
Risk assessment...............................................................................................................................8
Risk IT Principles..........................................................................................................................11
Qualitative Risk analysis...........................................................................................................16
Quantitative Risk Analysis........................................................................................................16
Recommendations..........................................................................................................................17
Conclusion.....................................................................................................................................18
References......................................................................................................................................20
3
IT RISK MANAGEMENT
Introduction
The IT solutions have been prominent in the business organization in recent world. The
IT have able to provide solutions for many hurdles in the business organization. There are
various risk involved in use of IT solutions.
This report deals with case study of Aztek operating in Australian Financial Services
sector. The IT risk assessment project has been described in the report. The challenges faced by
the company in installing new applications and technologies has been described properly.
This report outlines overall risk assessment criteria in the IT sector. The risk assessment
based n risks and threats has been focused in the report. There are several recommendations
provided for mitigating threats and risks involved in the company.
Financial Services Sector Overview
The financial services sector has been growing at a constant rate in last two decades. The
Australian market has seen 3.5% increase in the sector (Rampini & Viswanathan, 2016).
Australian financial related administrations change has been eager in its endeavors to accomplish
an effective market through administrative nonpartisanship for various items. The risk involved
in the financial sector are occupying various leverages in the market. This have created various
issues for the company in the market. The use of the illegal opportunities in the market have
created challenges for the company in the market. The Aztek Company has established its center
in the Australia that have caused many opportunities of the company in the market. The number
of customers for the company has been increasing day-by-day. On the other hand, it is also
facing various issues regarding the business. The implementation of the online business have
IT RISK MANAGEMENT
Introduction
The IT solutions have been prominent in the business organization in recent world. The
IT have able to provide solutions for many hurdles in the business organization. There are
various risk involved in use of IT solutions.
This report deals with case study of Aztek operating in Australian Financial Services
sector. The IT risk assessment project has been described in the report. The challenges faced by
the company in installing new applications and technologies has been described properly.
This report outlines overall risk assessment criteria in the IT sector. The risk assessment
based n risks and threats has been focused in the report. There are several recommendations
provided for mitigating threats and risks involved in the company.
Financial Services Sector Overview
The financial services sector has been growing at a constant rate in last two decades. The
Australian market has seen 3.5% increase in the sector (Rampini & Viswanathan, 2016).
Australian financial related administrations change has been eager in its endeavors to accomplish
an effective market through administrative nonpartisanship for various items. The risk involved
in the financial sector are occupying various leverages in the market. This have created various
issues for the company in the market. The use of the illegal opportunities in the market have
created challenges for the company in the market. The Aztek Company has established its center
in the Australia that have caused many opportunities of the company in the market. The number
of customers for the company has been increasing day-by-day. On the other hand, it is also
facing various issues regarding the business. The implementation of the online business have
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4
IT RISK MANAGEMENT
created more problems in the company (Meyer & Reniers, 2016). The cyber-attacks have been
increasing on a daily basis. There is a huge data loss in the company. The financial sector of the
Numerous IT risk issues can happen as a result of outsider issues both IT outsiders,
business accomplices. For example, production network IT chance caused at a noteworthy
provider can have an extensive business affect. In this manner, great IT risk administration
requires critical conditions are known and surely knew. IT risk dependably exists, regardless of
whether it is distinguished or perceived by a company (McNeil, Frey & Embrechts, 2015). In this
specific circumstance, it is imperative to distinguish and oversee possibly critical IT chance
issues, instead of each risk issue, may not be cost effective.
The IT risk assessment framework have helped in integrating the management into IT
risk that helps in mitigating the risks in the company by the top level authorities. The decisions
making process of the company has been enhanced by the implementation of the ERN scheme in
the company. The management of the company have able to respond in the risk situation
(Glendon, Clarke & McKenna, 2016). The IT risk framework fills the gaps and loopholes
between the generic frameworks used in the company for mitigating the IT risks and threats in
the company.
The inefficiency to manage for execution or market risk is a solitary normal for monetary
administrations markets. This recognizes budgetary administrations items from the market for
merchandise and numerous different administrations where execution of the item is profoundly
regulated. To some degree this identifies with the idea of monetary items. Long haul bundled
speculation items have been depicted as murky, lacking straightforwardness and unequipped for
being comprehended or assessed by purchasers while counsel about them has been portrayed as
being difficult to evaluate (Chance & Brooks, 2015). It additionally identifies with the goals of
IT RISK MANAGEMENT
created more problems in the company (Meyer & Reniers, 2016). The cyber-attacks have been
increasing on a daily basis. There is a huge data loss in the company. The financial sector of the
Numerous IT risk issues can happen as a result of outsider issues both IT outsiders,
business accomplices. For example, production network IT chance caused at a noteworthy
provider can have an extensive business affect. In this manner, great IT risk administration
requires critical conditions are known and surely knew. IT risk dependably exists, regardless of
whether it is distinguished or perceived by a company (McNeil, Frey & Embrechts, 2015). In this
specific circumstance, it is imperative to distinguish and oversee possibly critical IT chance
issues, instead of each risk issue, may not be cost effective.
The IT risk assessment framework have helped in integrating the management into IT
risk that helps in mitigating the risks in the company by the top level authorities. The decisions
making process of the company has been enhanced by the implementation of the ERN scheme in
the company. The management of the company have able to respond in the risk situation
(Glendon, Clarke & McKenna, 2016). The IT risk framework fills the gaps and loopholes
between the generic frameworks used in the company for mitigating the IT risks and threats in
the company.
The inefficiency to manage for execution or market risk is a solitary normal for monetary
administrations markets. This recognizes budgetary administrations items from the market for
merchandise and numerous different administrations where execution of the item is profoundly
regulated. To some degree this identifies with the idea of monetary items. Long haul bundled
speculation items have been depicted as murky, lacking straightforwardness and unequipped for
being comprehended or assessed by purchasers while counsel about them has been portrayed as
being difficult to evaluate (Chance & Brooks, 2015). It additionally identifies with the goals of
5
IT RISK MANAGEMENT
market productivity. The Wallis Report drew a qualification between the risk allotment works
served by the then extensive arrangements of the Trade Practices Act 1974 (DeAngelo & Stulz,
2015).
The use of Cloud Computing in company has enhanced framework in mitigating the risks
and threats in company. The cloud computing has helped in maintaining security of data and
information of company in market. The cloud computing have enabled the online security of the
data and information. Every execution of IT chance contains a reliance investigation of how the
business procedure relies upon IT-related assets, for example, individuals, applications and
foundation (Hopkin, 2017). IT risk management is a business empowering agent, not an
inhibitor. IT-related business chance is seen from the two points: insurance against esteem
annihilation and empowering of significant worth age. It has received to some degree ordinary
intends to accomplish this in its prerequisites for broad divulgence concerning the supplier, the
item, the nature of the guidance and matters, for example, expenses and potential irreconcilable
situations; direct norms to accomplish reasonable conduct; and authorizing commitments for
budgetary specialist organizations that incorporate arrangement for question determination and
courses of action for remuneration if required. The administrative structure has been fairly
inventive in isolating prudential from advertise control.
Since the way of life of a social framework is about people considering each other
commonly responsible, there is a connection amongst power and risk, as various sentiments
about risk are reflected in challenges over power (Olson & Wu, 2015). Since the investigation of
risk includes both the likelihood of an occasion happening and the plausible significance of the
result of that occasion, a definitive appraisal of the risk will rely upon the esteem agreed to a
IT RISK MANAGEMENT
market productivity. The Wallis Report drew a qualification between the risk allotment works
served by the then extensive arrangements of the Trade Practices Act 1974 (DeAngelo & Stulz,
2015).
The use of Cloud Computing in company has enhanced framework in mitigating the risks
and threats in company. The cloud computing has helped in maintaining security of data and
information of company in market. The cloud computing have enabled the online security of the
data and information. Every execution of IT chance contains a reliance investigation of how the
business procedure relies upon IT-related assets, for example, individuals, applications and
foundation (Hopkin, 2017). IT risk management is a business empowering agent, not an
inhibitor. IT-related business chance is seen from the two points: insurance against esteem
annihilation and empowering of significant worth age. It has received to some degree ordinary
intends to accomplish this in its prerequisites for broad divulgence concerning the supplier, the
item, the nature of the guidance and matters, for example, expenses and potential irreconcilable
situations; direct norms to accomplish reasonable conduct; and authorizing commitments for
budgetary specialist organizations that incorporate arrangement for question determination and
courses of action for remuneration if required. The administrative structure has been fairly
inventive in isolating prudential from advertise control.
Since the way of life of a social framework is about people considering each other
commonly responsible, there is a connection amongst power and risk, as various sentiments
about risk are reflected in challenges over power (Olson & Wu, 2015). Since the investigation of
risk includes both the likelihood of an occasion happening and the plausible significance of the
result of that occasion, a definitive appraisal of the risk will rely upon the esteem agreed to a
6
IT RISK MANAGEMENT
plausible result. Since chance is unsuitable threat, what is adequate risk is a political inquiry. The
assessment of a likely result in figuring danger can be moral.
Australian investors are said to have an appetite for huge returns and are prepared to
build their levels of risk to fulfill it. The Financial Sector Advisory Council revealed that
superannuation has brought into stark help that the premiums of most by far of the populace are
lined up with advertise outcomes (Cohen, Krishnamoorthy & Wright, 2017). Yet there is a
disjunction between the announced ability to grasp the market and a comprehension of the
market and its dangers. The need to enhance the budgetary proficiency of Australians is broadly
recognized. The topic of instruction for the fiscally not as much as educated, now presented to
advertise chance when already less uncovered, goes through numerous contemporary national
ways to deal with regulation.
Australia has not been distant from everyone else in the more prominent presentation of
purchasers to the threats of market chance. In the UK from the late 1980s to the mid-1990s,
people were urged to move out of word related benefits into individual annuity conspires that
gave them less qualifications (Sweeting, 2017). This annuities misspelling embarrassment has
been translated as more than ridiculous offering, over-rich firms, political philosophy, item
many-sided quality or administrative numbness. It has been viewed as a significant
disappointment of the UK administrative structure at the time.
Impact on current project
The current project on which the Aztek Company is working is introducing new
appliances and technologies to implement the IT solutions in the company. The use of the Cloud
Computing helps in providing security of data and information of employees and customers in
IT RISK MANAGEMENT
plausible result. Since chance is unsuitable threat, what is adequate risk is a political inquiry. The
assessment of a likely result in figuring danger can be moral.
Australian investors are said to have an appetite for huge returns and are prepared to
build their levels of risk to fulfill it. The Financial Sector Advisory Council revealed that
superannuation has brought into stark help that the premiums of most by far of the populace are
lined up with advertise outcomes (Cohen, Krishnamoorthy & Wright, 2017). Yet there is a
disjunction between the announced ability to grasp the market and a comprehension of the
market and its dangers. The need to enhance the budgetary proficiency of Australians is broadly
recognized. The topic of instruction for the fiscally not as much as educated, now presented to
advertise chance when already less uncovered, goes through numerous contemporary national
ways to deal with regulation.
Australia has not been distant from everyone else in the more prominent presentation of
purchasers to the threats of market chance. In the UK from the late 1980s to the mid-1990s,
people were urged to move out of word related benefits into individual annuity conspires that
gave them less qualifications (Sweeting, 2017). This annuities misspelling embarrassment has
been translated as more than ridiculous offering, over-rich firms, political philosophy, item
many-sided quality or administrative numbness. It has been viewed as a significant
disappointment of the UK administrative structure at the time.
Impact on current project
The current project on which the Aztek Company is working is introducing new
appliances and technologies to implement the IT solutions in the company. The use of the Cloud
Computing helps in providing security of data and information of employees and customers in
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
IT RISK MANAGEMENT
market. The use of cloud computing have maintain a proper database of employees and
customers in market (Yen, 2017). It has also helped in enhancing the relationship with the
customers in the market. The brand image of the company has increased in the market with the
use of the cloud computing. The cyber-attacks on the project has been prominent in the arena.
The use of the internet facility during the project have caused data transmission over the internet.
The viruses and malwares over the internet have attacked the data packets over the internet
during transmission. Therefore, data loss has been prominent in the scenario. This has caused a
huge loss to the company in the market. The issues in the project has been magnified in order to
focus in the solutions of the challenges.
IT RISK MANAGEMENT
market. The use of cloud computing have maintain a proper database of employees and
customers in market (Yen, 2017). It has also helped in enhancing the relationship with the
customers in the market. The brand image of the company has increased in the market with the
use of the cloud computing. The cyber-attacks on the project has been prominent in the arena.
The use of the internet facility during the project have caused data transmission over the internet.
The viruses and malwares over the internet have attacked the data packets over the internet
during transmission. Therefore, data loss has been prominent in the scenario. This has caused a
huge loss to the company in the market. The issues in the project has been magnified in order to
focus in the solutions of the challenges.
8
IT RISK MANAGEMENT
Figure 1: Categories of Technology risk
(Source: Olson & Wu, 2017, pp. 129)
In Australian financial related administrations control there is little discourse of risk to
singular shoppers. This is astonishing given the express consumer insurance commitments of the
Australian Securities and Investments Commission (ASIC), one of the monetary administration
regulators. One of ASIC's reasonable destinations is to advance certain and educated support by
customers in the budgetary system (Olson & Wu, 2017). It is obliged by law to screen and
IT RISK MANAGEMENT
Figure 1: Categories of Technology risk
(Source: Olson & Wu, 2017, pp. 129)
In Australian financial related administrations control there is little discourse of risk to
singular shoppers. This is astonishing given the express consumer insurance commitments of the
Australian Securities and Investments Commission (ASIC), one of the monetary administration
regulators. One of ASIC's reasonable destinations is to advance certain and educated support by
customers in the budgetary system (Olson & Wu, 2017). It is obliged by law to screen and
9
IT RISK MANAGEMENT
advance market honesty and purchaser assurance in connection to the money related framework
and the installments system. ASIC's buyer security work takes after from particular commitments
in the Corporations Act and general forbiddances in the ASIC Act.
There is a discourse of risk, yet this structures some portion of the discussion about tenets
inside the installments framework and prudential control and is about the soundness and
wellbeing of the framework general. This is a discussion about fundamental risk and risk to an
undertaking operational risk, legitimate risk and prudential risk.
Risk assessment
The risks and threats involved in the company and the finance sector has been prolonged
in the market. The loss of the data and information about the customer and employees has been a
common factor prevailing in the sector. The data loss in company have caused huge loss to
financial condition of company in market. The use of wrong software in network of company
have caused cyber-attacks in company (Hopkin, 2017). The risk assessment have helped in
focusing in the risks and threats involved in the financial sector in company. The risk assessment
process has helped in identifying major risks involved in company and sector and preparing IT
framework to analyze these risks and threats. The main objective of the IT risk assessment
procedure is to minimize the risk and threats prevailing in the company. The consequences of the
risks and threats are managed by the IT risk assessment. The control measures in the procedure
are managed by the assessment process respectively. The maintenance of the safeguard measures
are measured for maintaining the security of data and information.
The Risk IT framework provides a framework for controlling and governing the business
driven IT based services in the company (Haywood et al., 2017). The IT risk framework has
IT RISK MANAGEMENT
advance market honesty and purchaser assurance in connection to the money related framework
and the installments system. ASIC's buyer security work takes after from particular commitments
in the Corporations Act and general forbiddances in the ASIC Act.
There is a discourse of risk, yet this structures some portion of the discussion about tenets
inside the installments framework and prudential control and is about the soundness and
wellbeing of the framework general. This is a discussion about fundamental risk and risk to an
undertaking operational risk, legitimate risk and prudential risk.
Risk assessment
The risks and threats involved in the company and the finance sector has been prolonged
in the market. The loss of the data and information about the customer and employees has been a
common factor prevailing in the sector. The data loss in company have caused huge loss to
financial condition of company in market. The use of wrong software in network of company
have caused cyber-attacks in company (Hopkin, 2017). The risk assessment have helped in
focusing in the risks and threats involved in the financial sector in company. The risk assessment
process has helped in identifying major risks involved in company and sector and preparing IT
framework to analyze these risks and threats. The main objective of the IT risk assessment
procedure is to minimize the risk and threats prevailing in the company. The consequences of the
risks and threats are managed by the IT risk assessment. The control measures in the procedure
are managed by the assessment process respectively. The maintenance of the safeguard measures
are measured for maintaining the security of data and information.
The Risk IT framework provides a framework for controlling and governing the business
driven IT based services in the company (Haywood et al., 2017). The IT risk framework has
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10
IT RISK MANAGEMENT
helped in implementing the IT governance and adopt specific proposals for the benefit of the
company in the market. The IT risk framework helps in maintaining both internal and external
consequences of the company in the market.
These procedures need to manage occasions interior or outside to the enterprise. Inside
occasions can incorporate operational IT occurrences, enterprise disappointments, full
methodology switches and mergers. Outside occasions can incorporate changes in economic
situations, new contenders, and new innovation getting to be noticeably accessible and new
directions influencing IT. These occasions all represent a risk as well as happenstance and need
to be evaluated and reactions created (Bruhn et al., 2017). The risk measurement, and to oversee
it, is the principle subject of Risk IT framework. At the point when opportunities for IT-
empowered business change are distinguished, Val IT system best depicts to advance and
augment arrival on speculation.
IT RISK MANAGEMENT
helped in implementing the IT governance and adopt specific proposals for the benefit of the
company in the market. The IT risk framework helps in maintaining both internal and external
consequences of the company in the market.
These procedures need to manage occasions interior or outside to the enterprise. Inside
occasions can incorporate operational IT occurrences, enterprise disappointments, full
methodology switches and mergers. Outside occasions can incorporate changes in economic
situations, new contenders, and new innovation getting to be noticeably accessible and new
directions influencing IT. These occasions all represent a risk as well as happenstance and need
to be evaluated and reactions created (Bruhn et al., 2017). The risk measurement, and to oversee
it, is the principle subject of Risk IT framework. At the point when opportunities for IT-
empowered business change are distinguished, Val IT system best depicts to advance and
augment arrival on speculation.
11
IT RISK MANAGEMENT
Figure 2: IT Risk Framework
(Source: Hsiao, 2017, pp. 883)
IT chance is business chance particularly, the business risk related with the utilization,
possession, operation, inclusion, impact and selection of IT inside organization. It comprises of
IT-related occasions that could possibly affect business. It can happen with both questionable
recurrence and magnitude, and it makes challenges in meeting vital objectives and destinations.
The IT framework have helps in enhancing business of company in market. The risk of company
has been minimized by the framework (Hsiao, 2017). The investment in the portfolio of the
company has been maintained in the market. However, it is important to identify the risks
involved in the business. The IT risk framework aimed at maintaining a risk management
IT RISK MANAGEMENT
Figure 2: IT Risk Framework
(Source: Hsiao, 2017, pp. 883)
IT chance is business chance particularly, the business risk related with the utilization,
possession, operation, inclusion, impact and selection of IT inside organization. It comprises of
IT-related occasions that could possibly affect business. It can happen with both questionable
recurrence and magnitude, and it makes challenges in meeting vital objectives and destinations.
The IT framework have helps in enhancing business of company in market. The risk of company
has been minimized by the framework (Hsiao, 2017). The investment in the portfolio of the
company has been maintained in the market. However, it is important to identify the risks
involved in the business. The IT risk framework aimed at maintaining a risk management
12
IT RISK MANAGEMENT
process in the company. IT risks is business chance particularly, the business chance related with
the utilization, possession, operation, association, impact and reception of IT inside an endeavor.
It comprises of IT occasions and conditions that could possibly affect the business (Lechner &
Gatzert, 2017). It can happen with both unverifiable recurrence and size, and it makes challenges
in meeting vital objectives and targets. IT risk can be sorted in various ways:
• IT advantage/esteem enablement risk. Associated with (missed) chances to utilize
innovation to enhance proficiency or adequacy of business forms, or as an empowering agent for
new business activities
• IT program and undertaking conveyance risk. Associated with its commitment to new or
enhanced business arrangements, for the most part in the shape of ventures and projects. This
connections to organization portfolio administration (Lin et al., 2017).
• IT operations and administration conveyance chance. Associated with all parts of its
execution frameworks and administrations, which can bring reducing of significant worth to the
organization.
Risk IT Principles
The IT risk framework resembles with various guiding principles that helps in maintaining
the security approaches in the company. The basic principles are accommodated with the ERM
principles. The basic principles are depicted below:
Always connecting with the business objectives
Aligning with management of IT-related business risk with overall ERM
Balancing costs and benefits of managing IT risk
Promoting open and fair communication of IT risk
IT RISK MANAGEMENT
process in the company. IT risks is business chance particularly, the business chance related with
the utilization, possession, operation, association, impact and reception of IT inside an endeavor.
It comprises of IT occasions and conditions that could possibly affect the business (Lechner &
Gatzert, 2017). It can happen with both unverifiable recurrence and size, and it makes challenges
in meeting vital objectives and targets. IT risk can be sorted in various ways:
• IT advantage/esteem enablement risk. Associated with (missed) chances to utilize
innovation to enhance proficiency or adequacy of business forms, or as an empowering agent for
new business activities
• IT program and undertaking conveyance risk. Associated with its commitment to new or
enhanced business arrangements, for the most part in the shape of ventures and projects. This
connections to organization portfolio administration (Lin et al., 2017).
• IT operations and administration conveyance chance. Associated with all parts of its
execution frameworks and administrations, which can bring reducing of significant worth to the
organization.
Risk IT Principles
The IT risk framework resembles with various guiding principles that helps in maintaining
the security approaches in the company. The basic principles are accommodated with the ERM
principles. The basic principles are depicted below:
Always connecting with the business objectives
Aligning with management of IT-related business risk with overall ERM
Balancing costs and benefits of managing IT risk
Promoting open and fair communication of IT risk
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
13
IT RISK MANAGEMENT
Establishing right tone from top while defining and enforcing personal accountability for
operating within acceptable and well-defined tolerance levels
Continuous process and part of daily activities
Figure 3: IT risks
(Source: Yilmaz & Flouris, 2017, pp. 157)
These principles helps in maintaining a proper relation with the business objectives in the
company. The use of the IT risk framework guides the importance of mitigating risk in the
company. IT risk is dealt with as a business chance, rather than a different kind of risk, what's
more, the approach is exhaustive and cross-useful. The attention is on business result. IT
underpins the accomplishment of business destinations, and IT dangers are communicated as the
effect they can have on accomplishment of business goals or technique (Yilmaz & Flouris,
2017). Every execution of IT chance contains a reliance investigation of how the business
procedure relies upon IT-related assets, for example, individuals, applications and foundation. IT
risk management is a business empowering agent, not an inhibitor. IT-related business chance is
seen from the two points: insurance against esteem annihilation and empowering of significant
worth age. A risk mindful culture is effectively advanced, beginning with the tone from the best.
This guarantees those included with operational risk administration are working on steady risk
IT RISK MANAGEMENT
Establishing right tone from top while defining and enforcing personal accountability for
operating within acceptable and well-defined tolerance levels
Continuous process and part of daily activities
Figure 3: IT risks
(Source: Yilmaz & Flouris, 2017, pp. 157)
These principles helps in maintaining a proper relation with the business objectives in the
company. The use of the IT risk framework guides the importance of mitigating risk in the
company. IT risk is dealt with as a business chance, rather than a different kind of risk, what's
more, the approach is exhaustive and cross-useful. The attention is on business result. IT
underpins the accomplishment of business destinations, and IT dangers are communicated as the
effect they can have on accomplishment of business goals or technique (Yilmaz & Flouris,
2017). Every execution of IT chance contains a reliance investigation of how the business
procedure relies upon IT-related assets, for example, individuals, applications and foundation. IT
risk management is a business empowering agent, not an inhibitor. IT-related business chance is
seen from the two points: insurance against esteem annihilation and empowering of significant
worth age. A risk mindful culture is effectively advanced, beginning with the tone from the best.
This guarantees those included with operational risk administration are working on steady risk
14
IT RISK MANAGEMENT
suppositions. Risk choices are made by approved people, with an attention on business
administration for IT organization choices, and IT financing, real IT condition changes, risk
appraisals, and checking and testing controls.
Figure 4: IT Risks Mangement
(Source: de Freitas Alves et al., 2017, pp. 507)
Risk appetite is the measure of risk a substance is set up to acknowledge when attempting
to accomplish its destinations. While considering the risk appetite levels for the endeavor, two
main considerations are critical:
• The endeavor's target ability to ingest misfortune, e.g., monetary misfortune, notoriety harm
• The (administration) culture or inclination towards risk taking mindful or forceful. What is the
measure of misfortune the undertaking needs to acknowledge to seek after an arrival? Risk
appetite can be characterized by and by as far as mixes of recurrence and extent of a risk. Risk
appetite can and will be diverse among undertakings—there is no total standard or standard of
IT RISK MANAGEMENT
suppositions. Risk choices are made by approved people, with an attention on business
administration for IT organization choices, and IT financing, real IT condition changes, risk
appraisals, and checking and testing controls.
Figure 4: IT Risks Mangement
(Source: de Freitas Alves et al., 2017, pp. 507)
Risk appetite is the measure of risk a substance is set up to acknowledge when attempting
to accomplish its destinations. While considering the risk appetite levels for the endeavor, two
main considerations are critical:
• The endeavor's target ability to ingest misfortune, e.g., monetary misfortune, notoriety harm
• The (administration) culture or inclination towards risk taking mindful or forceful. What is the
measure of misfortune the undertaking needs to acknowledge to seek after an arrival? Risk
appetite can be characterized by and by as far as mixes of recurrence and extent of a risk. Risk
appetite can and will be diverse among undertakings—there is no total standard or standard of
15
IT RISK MANAGEMENT
what constitutes adequate and unsuitable risk. Risk appetite can be characterized utilizing risk
maps.
Risk resilience is characterized at the undertaking level and is reflected in arrangements
set by the officials; at lower strategic levels of the venture, or in a few substances of the
endeavor, special cases can be endured as long as at the endeavor level the general presentation
does not surpass the set risk craving (de Freitas Alves et al., 2017). These procedures need to
manage occasions interior or outside to the enterprise. Inside occasions can incorporate
operational IT occurrences, enterprise disappointments, full (IT) methodology switches and
mergers. Any business activity incorporates a risk segment, so administration ought to have the
carefulness to seek after new chances of risk. Endeavors at which strategies are cast in stone
instead of 'lines in the sand' could do not have the deftness and advancement to misuse new
business openings. On the other hand, there are circumstances where approaches depend on
particular legitimate, administrative or industry necessities where it is suitable to have no risk
resistance for inability to go along.
IT RISK MANAGEMENT
what constitutes adequate and unsuitable risk. Risk appetite can be characterized utilizing risk
maps.
Risk resilience is characterized at the undertaking level and is reflected in arrangements
set by the officials; at lower strategic levels of the venture, or in a few substances of the
endeavor, special cases can be endured as long as at the endeavor level the general presentation
does not surpass the set risk craving (de Freitas Alves et al., 2017). These procedures need to
manage occasions interior or outside to the enterprise. Inside occasions can incorporate
operational IT occurrences, enterprise disappointments, full (IT) methodology switches and
mergers. Any business activity incorporates a risk segment, so administration ought to have the
carefulness to seek after new chances of risk. Endeavors at which strategies are cast in stone
instead of 'lines in the sand' could do not have the deftness and advancement to misuse new
business openings. On the other hand, there are circumstances where approaches depend on
particular legitimate, administrative or industry necessities where it is suitable to have no risk
resistance for inability to go along.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
16
IT RISK MANAGEMENT
Figure 5: IT Risk Principles
(Source: Levett et al., 2017, pp. 69)
• Risk resistance is characterized at the venture level by the board and obviously conveyed
to all partners. A procedure ought to be set up to audit and affirm any special cases to such
guidelines.
• Risk hunger and resilience change after some time; to be sure, new innovation, new
hierarchical structures, new economic situations, new business technique and numerous different
components require the undertaking to reassess its risk portfolio at standard interims, and
furthermore require the endeavor to reconfirm its risk hunger at general interims, activating
danger arrangement surveys (Levett et al., 2017).
There are two approaches for the risk management including qualitative and quantitative
approaches.
IT RISK MANAGEMENT
Figure 5: IT Risk Principles
(Source: Levett et al., 2017, pp. 69)
• Risk resistance is characterized at the venture level by the board and obviously conveyed
to all partners. A procedure ought to be set up to audit and affirm any special cases to such
guidelines.
• Risk hunger and resilience change after some time; to be sure, new innovation, new
hierarchical structures, new economic situations, new business technique and numerous different
components require the undertaking to reassess its risk portfolio at standard interims, and
furthermore require the endeavor to reconfirm its risk hunger at general interims, activating
danger arrangement surveys (Levett et al., 2017).
There are two approaches for the risk management including qualitative and quantitative
approaches.
17
IT RISK MANAGEMENT
Qualitative Risk analysis
A qualitative risk analysis organizes distinguished undertaking dangers utilizing a pre-
characterized rating scale. Risks will be scored in view of their likelihood of happening and
effect on organization destinations should they happen (Sohrabi, Riabov & Udrea, 2017).
Probability is usually positioned on a zero to one scale. The effect scale is hierarchically
characterized for instance, a one to five scale, with five being the most astounding effect on
venture destinations for example, spending plan, timetable, or quality. A qualitative risk
investigation will likewise incorporate the proper classification of the dangers, either source-
based or impact based.
Quantitative Risk Analysis
A quantitative risk analysis is a further execution of the most noteworthy need risks amid
a numerical or quantitative rating is appointed with a specific end goal to build up a probabilistic
examination of the venture (Gilman & Miller, 2017). A quantitative analysis evaluates the
conceivable results for the task and surveys the likelihood of accomplishing particular venture
destinations, gives a quantitative way to deal with settling on choices when there is vulnerability
and makes practical and achievable cost, timetable or degree targets.
IT RISK MANAGEMENT
Qualitative Risk analysis
A qualitative risk analysis organizes distinguished undertaking dangers utilizing a pre-
characterized rating scale. Risks will be scored in view of their likelihood of happening and
effect on organization destinations should they happen (Sohrabi, Riabov & Udrea, 2017).
Probability is usually positioned on a zero to one scale. The effect scale is hierarchically
characterized for instance, a one to five scale, with five being the most astounding effect on
venture destinations for example, spending plan, timetable, or quality. A qualitative risk
investigation will likewise incorporate the proper classification of the dangers, either source-
based or impact based.
Quantitative Risk Analysis
A quantitative risk analysis is a further execution of the most noteworthy need risks amid
a numerical or quantitative rating is appointed with a specific end goal to build up a probabilistic
examination of the venture (Gilman & Miller, 2017). A quantitative analysis evaluates the
conceivable results for the task and surveys the likelihood of accomplishing particular venture
destinations, gives a quantitative way to deal with settling on choices when there is vulnerability
and makes practical and achievable cost, timetable or degree targets.
18
IT RISK MANAGEMENT
Figure 6: IT Risk Management
(Source: Räsänen et al., 2017, pp. 29)
Therefore, it can be analyzed that the qualitative risk analysis work at risk level and
quantitative risk analysis work on project level. As commented by Hopkin, (2017), qualitative
risk analysis used to perform subjective evaluation of probability and impact. On the other hand,
Brindley, (2017) argued that quantitative risk analysis does probabilistic estimation of time and
cost. As suggested by qualitative risk analysis is quick and easy to perform. As argued by Cohen,
Krishnamoorthy & Wright, (2017), quantitative risk analysis is a time consuming process.
Recommendations
IT RISK MANAGEMENT
Figure 6: IT Risk Management
(Source: Räsänen et al., 2017, pp. 29)
Therefore, it can be analyzed that the qualitative risk analysis work at risk level and
quantitative risk analysis work on project level. As commented by Hopkin, (2017), qualitative
risk analysis used to perform subjective evaluation of probability and impact. On the other hand,
Brindley, (2017) argued that quantitative risk analysis does probabilistic estimation of time and
cost. As suggested by qualitative risk analysis is quick and easy to perform. As argued by Cohen,
Krishnamoorthy & Wright, (2017), quantitative risk analysis is a time consuming process.
Recommendations
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
19
IT RISK MANAGEMENT
The company has been able to manage the risks and threats involving in the company.
This have helped in maintaining security of data and information in company. The use of
updated firewalls and antiviruses helps in detecting viruses in the network or server of the
company. These antiviruses detect and destroy dangerous malwares and Trojans in the system or
server. The use of the Big Data also helps in providing a proper database of data and information
of company. The analysis of the data and information for security purpose can be done easily. It
also provides security to data stored in the Cloud services in company. The Cloud services helps
in backing up the data over internet. The backing up of data helps in recovering data and
information during a data breach in the company. The loss of the data can be minimized by
backing up data. The risk assessment plan helps in providing priority to the tasks to be secured
from cyber-attacks.
Conclusion
It can be concluded that use of IT solutions have helped in providing security of data and
information in the company. Various IT challenges has been discussed in the report. The Aztek
Company has been operating in the financial service sector of Australia facing some challenges
in the security of the data and information. Every execution of IT chance contains a reliance
investigation of how business procedure relies upon IT-related assets, for example, individuals,
applications and foundation. IT risk management is a business empowering agent, not an
inhibitor. IT-related business chance is seen from the two points: insurance against esteem
annihilation and empowering of significant worth age. This report has helped in risk assessment
of the company in the market. There are various frameworks discussed that helps in selecting the
risk assessment model for the company. The use of updated antivirus and firewall helps in
securing data and information from breaching. There are recommendations provided in the report
IT RISK MANAGEMENT
The company has been able to manage the risks and threats involving in the company.
This have helped in maintaining security of data and information in company. The use of
updated firewalls and antiviruses helps in detecting viruses in the network or server of the
company. These antiviruses detect and destroy dangerous malwares and Trojans in the system or
server. The use of the Big Data also helps in providing a proper database of data and information
of company. The analysis of the data and information for security purpose can be done easily. It
also provides security to data stored in the Cloud services in company. The Cloud services helps
in backing up the data over internet. The backing up of data helps in recovering data and
information during a data breach in the company. The loss of the data can be minimized by
backing up data. The risk assessment plan helps in providing priority to the tasks to be secured
from cyber-attacks.
Conclusion
It can be concluded that use of IT solutions have helped in providing security of data and
information in the company. Various IT challenges has been discussed in the report. The Aztek
Company has been operating in the financial service sector of Australia facing some challenges
in the security of the data and information. Every execution of IT chance contains a reliance
investigation of how business procedure relies upon IT-related assets, for example, individuals,
applications and foundation. IT risk management is a business empowering agent, not an
inhibitor. IT-related business chance is seen from the two points: insurance against esteem
annihilation and empowering of significant worth age. This report has helped in risk assessment
of the company in the market. There are various frameworks discussed that helps in selecting the
risk assessment model for the company. The use of updated antivirus and firewall helps in
securing data and information from breaching. There are recommendations provided in the report
20
IT RISK MANAGEMENT
that helps in maintaining the security of the data and information. Backing Up data has helped
company in maintaining the security of data and information.
IT RISK MANAGEMENT
that helps in maintaining the security of the data and information. Backing Up data has helped
company in maintaining the security of data and information.
21
IT RISK MANAGEMENT
References
Agca, R., Heslinga, S. C., Rollefstad, S., Heslinga, M., McInnes, I. B., Peters, M. J. L., ... &
Primdahl, J. (2017). EULAR recommendations for cardiovascular disease risk
management in patients with rheumatoid arthritis and other forms of inflammatory joint
disorders: 2015/2016 update. Annals of the rheumatic diseases, 76(1), 17-28.
Behzadi, G., O’Sullivan, M. J., Olsen, T. L., & Zhang, A. (2017). Agribusiness supply chain risk
management: A review of quantitative decision models. Omega.
Brindley, C. (Ed.). (2017). Supply chain risk. Taylor & Francis.
Bruhn, A., Whiting, B., Browne, B., Higgins, T., & Tan, C. I. (2017). Introducing Enterprise
Risk Management Into the University Classroom: A Case Study. Risk Management and
Insurance Review, 20(1), 99-131.
Chance, D. M., & Brooks, R. (2015). Introduction to derivatives and risk management. Cengage
Learning.
Cohen, J., Krishnamoorthy, G., & Wright, A. (2017). Enterprise risk management and the
financial reporting process: The experiences of audit committee members, CFOs, and
external auditors. Contemporary Accounting Research, 34(2), 1178-1209.
de Freitas Alves, G., Neto, W. L., Coli, M. C., de Souza Bermejo, P. H., Sant’Ana, T. D., &
Salgado, E. G. (2017, September). Perception of Enterprise Risk Management in
Brazilian Higher Education Institutions. In European, Mediterranean, and Middle
Eastern Conference on Information Systems (pp. 506-512). Springer, Cham.
IT RISK MANAGEMENT
References
Agca, R., Heslinga, S. C., Rollefstad, S., Heslinga, M., McInnes, I. B., Peters, M. J. L., ... &
Primdahl, J. (2017). EULAR recommendations for cardiovascular disease risk
management in patients with rheumatoid arthritis and other forms of inflammatory joint
disorders: 2015/2016 update. Annals of the rheumatic diseases, 76(1), 17-28.
Behzadi, G., O’Sullivan, M. J., Olsen, T. L., & Zhang, A. (2017). Agribusiness supply chain risk
management: A review of quantitative decision models. Omega.
Brindley, C. (Ed.). (2017). Supply chain risk. Taylor & Francis.
Bruhn, A., Whiting, B., Browne, B., Higgins, T., & Tan, C. I. (2017). Introducing Enterprise
Risk Management Into the University Classroom: A Case Study. Risk Management and
Insurance Review, 20(1), 99-131.
Chance, D. M., & Brooks, R. (2015). Introduction to derivatives and risk management. Cengage
Learning.
Cohen, J., Krishnamoorthy, G., & Wright, A. (2017). Enterprise risk management and the
financial reporting process: The experiences of audit committee members, CFOs, and
external auditors. Contemporary Accounting Research, 34(2), 1178-1209.
de Freitas Alves, G., Neto, W. L., Coli, M. C., de Souza Bermejo, P. H., Sant’Ana, T. D., &
Salgado, E. G. (2017, September). Perception of Enterprise Risk Management in
Brazilian Higher Education Institutions. In European, Mediterranean, and Middle
Eastern Conference on Information Systems (pp. 506-512). Springer, Cham.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
22
IT RISK MANAGEMENT
DeAngelo, H., & Stulz, R. M. (2015). Liquid-claim production, risk management, and bank
capital structure: Why high leverage is optimal for banks. Journal of Financial
Economics, 116(2), 219-236.
Gilman, A., & Miller, L. (2017). Enterprise Risk Management and Talent Management as
Vehicles for a Sustainable Museum. Systems Thinking in Museums: Theory and Practice,
71.
Glendon, A. I., Clarke, S., & McKenna, E. (2016). Human safety and risk management. Crc
Press.
Haywood, L. K., Forsyth, G. G., de Lange, W. J., & Trotter, D. H. (2017). Contextualising risk
within enterprise risk management through the application of systems
thinking. Environment Systems and Decisions, 37(2), 230-240.
Hopkin, P. (2017). Fundamentals of risk management: understanding, evaluating and
implementing effective risk management. Kogan Page Publishers.
Hsiao, C. M. (2017). Enterprise Risk Management with Foreign Exchange Exposures: Evidence
from Taiwan Tourism Industry. Asian Economic and Financial Review, 7(9), 882-906.
Lam, J. (2014). Enterprise risk management: from incentives to controls. John Wiley & Sons.
Lechner, P., & Gatzert, N. (2017). Determinants and value of enterprise risk management:
empirical evidence from Germany. The European Journal of Finance, 1-27.
Levett, J. M., Fasone, J. M., Smith, A. L., Labovitz, S. S., Labovitz, J., Mellott, S., & Dotan, D.
B. (2017). Enterprise Risk Management in Healthcare. In Surgical Patient Care (pp. 67-
86). Springer International Publishing.
IT RISK MANAGEMENT
DeAngelo, H., & Stulz, R. M. (2015). Liquid-claim production, risk management, and bank
capital structure: Why high leverage is optimal for banks. Journal of Financial
Economics, 116(2), 219-236.
Gilman, A., & Miller, L. (2017). Enterprise Risk Management and Talent Management as
Vehicles for a Sustainable Museum. Systems Thinking in Museums: Theory and Practice,
71.
Glendon, A. I., Clarke, S., & McKenna, E. (2016). Human safety and risk management. Crc
Press.
Haywood, L. K., Forsyth, G. G., de Lange, W. J., & Trotter, D. H. (2017). Contextualising risk
within enterprise risk management through the application of systems
thinking. Environment Systems and Decisions, 37(2), 230-240.
Hopkin, P. (2017). Fundamentals of risk management: understanding, evaluating and
implementing effective risk management. Kogan Page Publishers.
Hsiao, C. M. (2017). Enterprise Risk Management with Foreign Exchange Exposures: Evidence
from Taiwan Tourism Industry. Asian Economic and Financial Review, 7(9), 882-906.
Lam, J. (2014). Enterprise risk management: from incentives to controls. John Wiley & Sons.
Lechner, P., & Gatzert, N. (2017). Determinants and value of enterprise risk management:
empirical evidence from Germany. The European Journal of Finance, 1-27.
Levett, J. M., Fasone, J. M., Smith, A. L., Labovitz, S. S., Labovitz, J., Mellott, S., & Dotan, D.
B. (2017). Enterprise Risk Management in Healthcare. In Surgical Patient Care (pp. 67-
86). Springer International Publishing.
23
IT RISK MANAGEMENT
Lin, Y., MacMinn, R. D., Tian, R., & Yu, J. (2017). Pension risk management in the enterprise
risk management framework. Journal of Risk and Insurance, 84(S1), 345-365.
McNeil, A. J., Frey, R., & Embrechts, P. (2015). Quantitative risk management: Concepts,
techniques and tools. Princeton university press.
Meyer, T., & Reniers, G. (2016). Engineering risk management. Walter de Gruyter GmbH & Co
KG.
Olson, D. L., & Wu, D. D. (2015). Enterprise risk management(Vol. 3). World Scientific
Publishing Co Inc.
Olson, D. L., & Wu, D. D. (2017). Data Mining Models and Enterprise Risk Management.
In Enterprise Risk Management Models (pp. 119-132). Springer Berlin Heidelberg.
Rampini, A. A., & Viswanathan, S. (2016). Household risk management (No. w22293). National
Bureau of Economic Research.
Räsänen, A., Jurgilevich, A., Haanpää, S., Heikkinen, M., Groundstroem, F., & Juhola, S.
(2017). Climate Risk Management. (pp. 21-33).
Sohrabi, S., Riabov, A., & Udrea, O. (2017). Planning-based Scenario Generation for Enterprise
Risk Management. In Proceedings of the Scheduling and Planning Applications
woRKshop (SPARK).
Sweeting, P. (2017). Financial enterprise risk management. Cambridge University Press.
Yen, S. H. (2017). The Study on Internal Control to Enterprise Risk Management-An Empirical
Study on S Company.
IT RISK MANAGEMENT
Lin, Y., MacMinn, R. D., Tian, R., & Yu, J. (2017). Pension risk management in the enterprise
risk management framework. Journal of Risk and Insurance, 84(S1), 345-365.
McNeil, A. J., Frey, R., & Embrechts, P. (2015). Quantitative risk management: Concepts,
techniques and tools. Princeton university press.
Meyer, T., & Reniers, G. (2016). Engineering risk management. Walter de Gruyter GmbH & Co
KG.
Olson, D. L., & Wu, D. D. (2015). Enterprise risk management(Vol. 3). World Scientific
Publishing Co Inc.
Olson, D. L., & Wu, D. D. (2017). Data Mining Models and Enterprise Risk Management.
In Enterprise Risk Management Models (pp. 119-132). Springer Berlin Heidelberg.
Rampini, A. A., & Viswanathan, S. (2016). Household risk management (No. w22293). National
Bureau of Economic Research.
Räsänen, A., Jurgilevich, A., Haanpää, S., Heikkinen, M., Groundstroem, F., & Juhola, S.
(2017). Climate Risk Management. (pp. 21-33).
Sohrabi, S., Riabov, A., & Udrea, O. (2017). Planning-based Scenario Generation for Enterprise
Risk Management. In Proceedings of the Scheduling and Planning Applications
woRKshop (SPARK).
Sweeting, P. (2017). Financial enterprise risk management. Cambridge University Press.
Yen, S. H. (2017). The Study on Internal Control to Enterprise Risk Management-An Empirical
Study on S Company.
24
IT RISK MANAGEMENT
Yilmaz, A. K., & Flouris, T. (2017). Case Studies for Enterprise Risk Management from Leading
Holdings: TAV Airports Holding and BRISA Bridgestone Sabanci Tyre Manufacturing
and Trading Inc. In Corporate Risk Management for International Business (pp. 153-
163). Springer Singapore.
IT RISK MANAGEMENT
Yilmaz, A. K., & Flouris, T. (2017). Case Studies for Enterprise Risk Management from Leading
Holdings: TAV Airports Holding and BRISA Bridgestone Sabanci Tyre Manufacturing
and Trading Inc. In Corporate Risk Management for International Business (pp. 153-
163). Springer Singapore.
1 out of 25
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.