Citi Stores Website Project: Comprehensive Risk Management Report
VerifiedAdded on  2020/05/04
|39
|5640
|137
Report
AI Summary
This report outlines a comprehensive risk management plan for the Citi Stores website development project. It begins by establishing the context and importance of risk management, emphasizing the need for a robust framework to address uncertainties related to project objectives, security, and compliance with relevant legislation like the Australia Protective Security Policy Framework and the Australian Privacy Act of 1988. The report details the risk management framework, including risk identification, assessment, analysis, and treatment options, aligning with AS/NZS ISO 3100:2009 guidelines. It defines the project scope, stakeholders, and their management, and conducts a PEST and SWOT analysis to identify strengths, weaknesses, opportunities, and threats. The report also outlines the project's aims, objectives, and critical success factors. The risk assessment process includes identifying potential risks, evaluating their likelihood and impact, and developing mitigation strategies. The Delphi technique and brainstorming were used for risk identification. The report presents risk treatment options, including team roles and responsibilities, and a detailed risk management/action plan for each identified risk, ensuring effective project execution and stakeholder engagement.

Risk management: Citi Stores Website Development Project
Name
Date
Name
Date
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Context of the Risk Management Plan
The website has today become a must for any business; it is a point for direct contact with the customer where they can make
inquiries, make purchases, ask questions, and create their own content related to the organization through social media sites. There are
several risks to developing a website starting from the using the right approach to manage the entire project, the languages used to
develop the website, the kind of links created, the triple constraints or scope, time and cost, the possibility it may not serve its purpose,
and security risks. Given the fact that the website will be a transaction website processing payments and the pervasive nature of cyber
security threats, it is important that an effective risk management plan is developed (Molenaar, Anderson & Schexnayder, 2010).
Task 1: Risk Management Framework
a) The AS/NZS ISO 3100: 2009 defines what a risk is in the context of information security; risk is defined as the effect that
uncertainty has on project objectives. According to the standard, risk management must consider and continue using risk
treatment options to eliminate, reduce, remove or avoid the uncertainties in meeting project objectives. According to the
AS/NZS ISO 3100: 2009, there are 11 risk management principles that must be adhered to including creating and protecting
value, risks should be integral to organizational processes, forms part of decision making, addresses uncertainty explicitly, is
systematic , timely and structured, and based on best available information. Further, the standard states that risk management
measures must be tailored, consider cultural and human factors, be inclusive and transparent, be iterative, systematic, and
responsive to change, and enhance continuous organization improvement. The risk management framework to be developed in
the context of the Citi Stores website development will follow the 11 AS/NZS ISO 3100: 2009 guidelines and are aimed at
continuous improvement and adhering to relevant regulations and legislation on information security. The Citi Stores Risk
management plan first defines identifies risks to the project and the context identified. A risk assessment is then undertaken and
risks identified and then analyzed. The risks are then evaluated by developing risk matrix and treatments applied to the risks;
the outcomes monitored and risks re-assessed based on applied treatments. The process is undertaken by constant
The website has today become a must for any business; it is a point for direct contact with the customer where they can make
inquiries, make purchases, ask questions, and create their own content related to the organization through social media sites. There are
several risks to developing a website starting from the using the right approach to manage the entire project, the languages used to
develop the website, the kind of links created, the triple constraints or scope, time and cost, the possibility it may not serve its purpose,
and security risks. Given the fact that the website will be a transaction website processing payments and the pervasive nature of cyber
security threats, it is important that an effective risk management plan is developed (Molenaar, Anderson & Schexnayder, 2010).
Task 1: Risk Management Framework
a) The AS/NZS ISO 3100: 2009 defines what a risk is in the context of information security; risk is defined as the effect that
uncertainty has on project objectives. According to the standard, risk management must consider and continue using risk
treatment options to eliminate, reduce, remove or avoid the uncertainties in meeting project objectives. According to the
AS/NZS ISO 3100: 2009, there are 11 risk management principles that must be adhered to including creating and protecting
value, risks should be integral to organizational processes, forms part of decision making, addresses uncertainty explicitly, is
systematic , timely and structured, and based on best available information. Further, the standard states that risk management
measures must be tailored, consider cultural and human factors, be inclusive and transparent, be iterative, systematic, and
responsive to change, and enhance continuous organization improvement. The risk management framework to be developed in
the context of the Citi Stores website development will follow the 11 AS/NZS ISO 3100: 2009 guidelines and are aimed at
continuous improvement and adhering to relevant regulations and legislation on information security. The Citi Stores Risk
management plan first defines identifies risks to the project and the context identified. A risk assessment is then undertaken and
risks identified and then analyzed. The risks are then evaluated by developing risk matrix and treatments applied to the risks;
the outcomes monitored and risks re-assessed based on applied treatments. The process is undertaken by constant

communication and consultation with stakeholders and montoring and reviews undertaken; all in conformance with the
AS/NZS ISO 3100: 2009
b) The relevant legislation that the Citi Stores website construction must adhere to include the Australia Protective Security
Policy Framework (PSPF) and the Australia Information Security manual that is aimed at ensuring information security. The
company will capture, manage, and use private client information that must be managed according to the PSPF and the ISM.
Further, there must be compliance with the Australian Privacy Act of 1988 that regulates the handling of personal information
that the website will pick up. Under the PSPF mandatory requirements on Governance number 6, all organizations must
develop a risk management approach that covers all areas pf protective security; the Citi Stores project adheres to this
requirement. The ISM requires implementing security controls that form part of an elaborate process of risk management, that
this document does and a risk management team has been formed, with alloted responsibilities as per the privacy Protections
Act of 1998
Task 2: Scope and Stakeholders
a) The risk management process will be confined to the development of a new website for Citi Stores and how the website should
function and meet its design and functional objectives. The risks management process will particularly focus on customer data
and its security given that it will have an e-commerce function and how Citi Stores can keep both internal data, such as
transactions details and customer details safely. It will also focus on risks that will plague the project and stop the objectives
from being attained. The risk management plan will be undertaken by identifying and analyzing the risks, developing a risk
matrix for the identified and analyzed risks, and then giving risk treatment to the risks. This risk management plan will also
monitor the risks and evaluate the effectiveness of the treatments given to the risks. The scope of the risk assessment will also
extend to developing the documentation policy for the risk document and creating a report on the risk management process.
b) Stakeholder Management Plan (See Appendix A)
AS/NZS ISO 3100: 2009
b) The relevant legislation that the Citi Stores website construction must adhere to include the Australia Protective Security
Policy Framework (PSPF) and the Australia Information Security manual that is aimed at ensuring information security. The
company will capture, manage, and use private client information that must be managed according to the PSPF and the ISM.
Further, there must be compliance with the Australian Privacy Act of 1988 that regulates the handling of personal information
that the website will pick up. Under the PSPF mandatory requirements on Governance number 6, all organizations must
develop a risk management approach that covers all areas pf protective security; the Citi Stores project adheres to this
requirement. The ISM requires implementing security controls that form part of an elaborate process of risk management, that
this document does and a risk management team has been formed, with alloted responsibilities as per the privacy Protections
Act of 1998
Task 2: Scope and Stakeholders
a) The risk management process will be confined to the development of a new website for Citi Stores and how the website should
function and meet its design and functional objectives. The risks management process will particularly focus on customer data
and its security given that it will have an e-commerce function and how Citi Stores can keep both internal data, such as
transactions details and customer details safely. It will also focus on risks that will plague the project and stop the objectives
from being attained. The risk management plan will be undertaken by identifying and analyzing the risks, developing a risk
matrix for the identified and analyzed risks, and then giving risk treatment to the risks. This risk management plan will also
monitor the risks and evaluate the effectiveness of the treatments given to the risks. The scope of the risk assessment will also
extend to developing the documentation policy for the risk document and creating a report on the risk management process.
b) Stakeholder Management Plan (See Appendix A)
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.

Trusted by 1+ million students worldwide

Task 3: Strengths and Weaknesses
a) PEST
Political
Regulations relating to web data security
Rules and legislation on cyber security
Economic
Cost savings using a web portal to advertise
Increased revenues from more customers
obtained from web portal in addition to store
customers
Social
Increased appetite to use the internet/ web to
interact with products and manufacturers
Technological
Using cloud platforms to manage databases and
client information
Modern development languages
Availability and uptime for the website
a) PEST
Political
Regulations relating to web data security
Rules and legislation on cyber security
Economic
Cost savings using a web portal to advertise
Increased revenues from more customers
obtained from web portal in addition to store
customers
Social
Increased appetite to use the internet/ web to
interact with products and manufacturers
Technological
Using cloud platforms to manage databases and
client information
Modern development languages
Availability and uptime for the website
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

(Aik, 2013)
b) SWOT
Strengths
Nice and functional global bar for navigation
Website that is easy to navigate
Attractive and easy to use interface
Weaknesses
Poor optimization for mobile use
Long transaction completion and co9nfirmation
process
Difficulty for some people to read text (those
with vision challenges)
Use of a single language (English)
Opportunities
Fast loading website
Linked with social media
Point of customer services
Enhance functionality with an application (for
mobile)
Threats
Exclusive social media platforms engagement
Inimitable application function (Aik, 2013)
c) Aims and Objectives, critical Success factors
The aims and objectives of developing the Citi Stores website for marketing purposes to drive traffic, engage prospects and re-engage
existing customers; help close sales by supporting communications for the sales team; provide customer support, make website and
content updates easy, integrate with other IT systems while also meeting the performance, security, and scalability requirements as per
b) SWOT
Strengths
Nice and functional global bar for navigation
Website that is easy to navigate
Attractive and easy to use interface
Weaknesses
Poor optimization for mobile use
Long transaction completion and co9nfirmation
process
Difficulty for some people to read text (those
with vision challenges)
Use of a single language (English)
Opportunities
Fast loading website
Linked with social media
Point of customer services
Enhance functionality with an application (for
mobile)
Threats
Exclusive social media platforms engagement
Inimitable application function (Aik, 2013)
c) Aims and Objectives, critical Success factors
The aims and objectives of developing the Citi Stores website for marketing purposes to drive traffic, engage prospects and re-engage
existing customers; help close sales by supporting communications for the sales team; provide customer support, make website and
content updates easy, integrate with other IT systems while also meeting the performance, security, and scalability requirements as per

the existing regulations and desired performance. Others are to reduce operation costs through automating and streamlining
workflows, increase the Citi Stores bottom-line, and enable recruitment of the best staff. The key success factors include meeting the
marketing, sales, customer support, operations, IT, and webmaster goals and objectives, as well as having the project completed on
time and within budget, with no errors in performance. The acceptance of the project by client and having it perform optimally nand
securely even under heavy load (many requests) also comprise key success factors
d)
A PMO (project management office) was set to coordinate project activities, including stakeholder management. By engaging and
communicating with key stakeholders, including the project sponsor and executive sponsor, the PM was able to involve and secure the
support of these key stakeholders, to whom progress was communicated and reported as per the stakeholder management plan,
including risk management. The key stakeholders were made aware of risks to the project and how they would influence the project
from the very beginning during planning, hence securing their support.
Task 4
a) To ensure the project scope and deliverables were met, the stakeholders, using the stakeholder management plan, were
engaged in order to generate the project objectives and deliverables list. This was to ensure the project team was aware
of what was required and the constraints, as a first step in knowing what risks can affect the project. A risk
management plan was then made and communicated to the stakeholders, and a scope management plan used to get
approvals for changes in order to manage risks such as scope creep.
b) The risks were identified using a combination of the Delphi technique where experts were anonymously consulted
with a list of information required for the project risk management and their responses compiled. The results were sent
workflows, increase the Citi Stores bottom-line, and enable recruitment of the best staff. The key success factors include meeting the
marketing, sales, customer support, operations, IT, and webmaster goals and objectives, as well as having the project completed on
time and within budget, with no errors in performance. The acceptance of the project by client and having it perform optimally nand
securely even under heavy load (many requests) also comprise key success factors
d)
A PMO (project management office) was set to coordinate project activities, including stakeholder management. By engaging and
communicating with key stakeholders, including the project sponsor and executive sponsor, the PM was able to involve and secure the
support of these key stakeholders, to whom progress was communicated and reported as per the stakeholder management plan,
including risk management. The key stakeholders were made aware of risks to the project and how they would influence the project
from the very beginning during planning, hence securing their support.
Task 4
a) To ensure the project scope and deliverables were met, the stakeholders, using the stakeholder management plan, were
engaged in order to generate the project objectives and deliverables list. This was to ensure the project team was aware
of what was required and the constraints, as a first step in knowing what risks can affect the project. A risk
management plan was then made and communicated to the stakeholders, and a scope management plan used to get
approvals for changes in order to manage risks such as scope creep.
b) The risks were identified using a combination of the Delphi technique where experts were anonymously consulted
with a list of information required for the project risk management and their responses compiled. The results were sent
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.

Trusted by 1+ million students worldwide

back to the experts for review until consensus was arrived on risks and how to manage them. During internal response
compilation, the brainstorming technique was used by the project team to isolate and define risks; this resulted in only
relevant risks with a significant impact being considered and managed, after consensus with the anonymous experts
The Delphi tool as used is shown in the image below;
compilation, the brainstorming technique was used by the project team to isolate and define risks; this resulted in only
relevant risks with a significant impact being considered and managed, after consensus with the anonymous experts
The Delphi tool as used is shown in the image below;
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

c) Risk Identification
Risk One: Being unprepared before starting the web development process
Risk Two: Lack of support by the project sponsor
Risk Three: Slow decision making process due to too many people/ stakeholders
Risk Four: Big requests for change at a late stage when the project is being done
Five: Overshooting budget
Task 5: Risk Analysis
a. Risk Evaluation (Criteria)
ID Risk Consequences Mitigation Ratin
g of
Cons
eque
nce
Likelih
ood
Risk
level
Monitoring Risk Owner
1 Being unprepared
before starting the
Delays, extensive
scope changes,
Gather all possible
and required
VH H VH Initial project Project
Risk One: Being unprepared before starting the web development process
Risk Two: Lack of support by the project sponsor
Risk Three: Slow decision making process due to too many people/ stakeholders
Risk Four: Big requests for change at a late stage when the project is being done
Five: Overshooting budget
Task 5: Risk Analysis
a. Risk Evaluation (Criteria)
ID Risk Consequences Mitigation Ratin
g of
Cons
eque
nce
Likelih
ood
Risk
level
Monitoring Risk Owner
1 Being unprepared
before starting the
Delays, extensive
scope changes,
Gather all possible
and required
VH H VH Initial project Project

web development
process
failure to meet
objectives,
Overshooting
constraints
information upfront
Adopt a suitable
project management
method such as
agile
meeting
Sufficient time for
planning
manager
2 Lack of support by
the project sponsor
Delays and possible
abandonment of
project
Failure to meet
objectives
Rejection of
completed project
Effective
stakeholder
management and
engagement plan
Sponsor
involvement
Effective
communication and
progress reporting
VH M H Communication and
reports to project
sponsor
Project
manager
3 Slow decision
making process
due to too many
people/
Delays in project
Failure to meet
project objectives
Stakeholder
management plan
Stakeholder
communication
H H H Stakeholder
identification and
management plan
Business
sponsor
Project
manager
process
failure to meet
objectives,
Overshooting
constraints
information upfront
Adopt a suitable
project management
method such as
agile
meeting
Sufficient time for
planning
manager
2 Lack of support by
the project sponsor
Delays and possible
abandonment of
project
Failure to meet
objectives
Rejection of
completed project
Effective
stakeholder
management and
engagement plan
Sponsor
involvement
Effective
communication and
progress reporting
VH M H Communication and
reports to project
sponsor
Project
manager
3 Slow decision
making process
due to too many
people/
Delays in project
Failure to meet
project objectives
Stakeholder
management plan
Stakeholder
communication
H H H Stakeholder
identification and
management plan
Business
sponsor
Project
manager
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.

Trusted by 1+ million students worldwide

stakeholders Reduce number of
people involved in
project decision
making when
project commences
Developers
4 Big requests for
change at a late
stage when the
project is being
done
Failure to meet
deadlines
Budget overshoot
Reduced morale of
project team
Scope and change
management
Effective project
planning
using suitable
project management
methods such as
agile (XP or
SCRUM) that are
flexible to changes
Undertaking
incremental
development and
constant testing and
VH VH VH Quality
management plan
Scope management
document
Project
manager and
scrum master
people involved in
project decision
making when
project commences
Developers
4 Big requests for
change at a late
stage when the
project is being
done
Failure to meet
deadlines
Budget overshoot
Reduced morale of
project team
Scope and change
management
Effective project
planning
using suitable
project management
methods such as
agile (XP or
SCRUM) that are
flexible to changes
Undertaking
incremental
development and
constant testing and
VH VH VH Quality
management plan
Scope management
document
Project
manager and
scrum master
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

improvement
5 Overshooting
budget
Delays
failure to accept
finished project
Project abandonment
Effective project
management
planning with
resource allocation
Monitoring and
controlling budget
VH VH VH Cost control
Project monitoring
Project
manager
Financial
controller/
Project
accountant
b) Risk Likelihood Matrix
5 Overshooting
budget
Delays
failure to accept
finished project
Project abandonment
Effective project
management
planning with
resource allocation
Monitoring and
controlling budget
VH VH VH Cost control
Project monitoring
Project
manager
Financial
controller/
Project
accountant
b) Risk Likelihood Matrix

Impact
Very
Low Low Medium High Very High
Likelihood
Very High
Slow decision
making process
due to too many
people/
stakeholders
Being unprepared before
starting the web
development process
Lack of support by the
project sponsor
High
Overshooting the
project budget
Big requests for change at
a late stage when the
project is being done
Medium
Low
Very Low
c) Consequence matrix (See Appendix C)
Very
Low Low Medium High Very High
Likelihood
Very High
Slow decision
making process
due to too many
people/
stakeholders
Being unprepared before
starting the web
development process
Lack of support by the
project sponsor
High
Overshooting the
project budget
Big requests for change at
a late stage when the
project is being done
Medium
Low
Very Low
c) Consequence matrix (See Appendix C)
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.

Trusted by 1+ million students worldwide
1 out of 39
Related Documents

Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.