Skip to content

GAVS – Global IT Consulting

Menu
  • Platforms & Products
    • Platforms & Products

      GAVS’ products will help change how you organize your IT Operations, bring meaningful and actionable insights to speed up network fixes, provide real data as quantifiable justification to adopt strategies that foster business improvements.

      • ZIF
      • Products
        • zDesk – Remote, Secure Desktop-as-a-Service (VDI+)
        • zIrrus
        • GTOps
        • TruOps
        • Close
    • Products & Platforms
      • Reimagining your Digital Infrastructure with Zero Incident FrameworkTM

        Read more
    Close
  • Services & Technologies
    • Services & Technologies

      GAVS is a global IT services provider with focus on AI-led Managed Services and Digital Transformation. GAVS’ AIOps platform, Zero Incident Framework ™ (ZIF), enables proactive detection and remediation of incidents and increases uptime, helping organizations drive towards a Zero Incident Enterprise™ . GAVS has transformed IT Enterprise delivery through ZIF’s Discover, Monitor, Analyze, Predict, and Remediate modules, to optimize business services continuity.

      • Digital Services
        • Auto Discovery and Dependency Mapping
        • Cloud Enablement
          • Cloud Advisory and Transformation
          • Close
        • Automation
        • Blockchain
        • Close
      • Cyber Security Services
        • Assessment & Advisory
        • Identity & Access Management (IAM)
        • Managed Detection & Response (MDR)
        • Managed Security Services (MSS)
        • Security Automation
        • Risk & Compliance
        • Close
      • Data Privacy Services
      • Consulting & Implementation Services
        • Cloud Advisory and Transformation
        • Data Center Assessment
        • Data Center-as-a-Service (DCaaS)
        • Infrastructure re-engineering
        • Data Center Consolidation & Migration
        • Close
      • Application Services
      • Enterprise Support Services
        • Managed Infrastructure Support
        • Remote Infrastructure Monitoring
        • End User Monitoring
        • Close
      • Microsoft Services
    • Services &Technologies
      • Reinforcement Learning- The Art of Teaching Machines

        Read more
    Close
  • Industries
    • Industries

      GAVS Technologies focuses on serving various industry verticals in their digital transformation through infrastructure solutions, adopting innovation and technologies in different domains. We offer services and solutions aligned with technology trends to enable enterprises to take advantage of futuristic technologies like DevOps, Smart Machines, Cloud, IoT, Predictive Analytics, Managed Infrastructure Services, and Security services.

      • Industries Overview
      • Healthcare
      • Banking & Financial Services
      • Manufacturing
      • Media & Publishing
    Close
  • Inside GAVS
    • Inside GAVS

      GAVS is a global IT services provider with focus on AI-led Managed Services and Digital Transformation. GAVS’ AIOps platform, Zero Incident Framework™ (ZIF), enables proactive detection and remediation of incidents and increases uptime, helping organizations drive towards a Zero Incident Enterprise™ . GAVS has transformed IT Enterprise delivery through ZIF’s Discover, Monitor, Analyze, Predict, and Remediate modules, to optimize business services continuity.

      • About Us
      • Client Speak
      • Alliances & Partnerships
      • Leadership Team
      • Social Responsibility
      • Events
      • Locations
      • Contact Us
      • Press Releases
      • Media Mentions
      • Awards and Recognitions
      • In Memoriam
      • Covid Care
    Close
  • Insights
    • Insights

      We bring you discerning insights on technology trends, innovation and organization culture, thru our collection of articles, blogs and more. Insights reflects our passion in driving advancements as we move forward creating new paradigms in business and work culture. You would find our thoughts on a variety of topics ranging from evolving technologies and ways it affects businesses and lives, transformational leadership, high impact teams, diversity, inclusion and much more.

      • Blogs
      • Articles
      • White Papers
      • Brochures
      • Videos
      • Case Studies
      • enGAge Magazine
    • insights
      • Seven Tips for Leading IT Modernization and Digital Transformation

        Read more

    Close
  • Work With Us
    • Work with us

      What it means to be a GAVSian?

      If you rate high on our SWAT test (Smart, Hardworking, Articulate, Technologically curious), GAVS’ hiring profile, we promise you excitement, inspiration and the freedom to succeed in our flat organization. Being a GAVSian, you would represent our cutting edge in technological advancement while we help you hone yourself into the person you aspire to be. That’s the level of personal interest we invest in you.

      • Career with GAVS
      • Company Culture
      • Diversity @ GAVS
      • Building a respectful workplace
    Close
Back to blogs

Risk Management – How Not To Do It

Oct 05, 2021
  • cybersecurity and risk management services healthcare
  • healthcare cybersecurity risk management technology
  • Risk Management
SHARE

In this blog post

  • Risk Management - How Not To Do It
  • Generic Risk Descriptions
  • Looking beyond ‘Negative’ Risks
  • Lack of Risk Analysis and Prioritization
  • Passive Risk Management
  • Lack of Accountability and Responsibility

Risk Management - How Not To Do It

Risk management has been in most cases an overlooked activity and its potential has never been fully realized. As a member of Quality Assurance team, it is not out of the ordinary to identify risks in business related to projects/services in an engagement carried out as a tick-box exercise. We have seen risk registers and assessments carried out, but the concerning fact was the risk description and details.

For instance, one risk description just simply said “There may not be sufficient resources to complete the project”, another risk statement read “The project might not deliver the correct quality products”. It does not concretely convey the degree of risk and the uncertainty associated with the business.

There are umpteen articles on how to do risk management as a practice, but they fail to mention the ways NOT do in the risk management process. Here is a list of not to do actives that might de-rail the risk management benefits and outcomes.

Generic Risk Descriptions

A common mistake that everyone makes in describing a risk is keeping it very generic and vague. The principle of “keeping it short” may not work here. There is a famous saying by Charles Kettering of General Motors, “a problem well stated is half solved”. When a risk is well defined and detailed with necessary information (only), it becomes easy to manage.

The primary objective of a good risk statement should be to enable its reviewers understand the degree of uncertainty and its impact on the quality of deliverables, services, products or people.

Take the example of a poorly written risk statement “There may not be sufficient resources to complete the project.” It’s a generic statement and does not really explain the consequences of not having enough resources to complete the project. Surprisingly this type of statement is far too common in risks registers.

If this statement has to be detailed to bring in the real impact the risk may have on the project, it should be written like this – “There may not be sufficient java developers for the project xyz , to complete the development of the website interface, between October and November 2021.” This statement makes it clear on how the risk will impact the deliverable.

Looking beyond ‘Negative’ Risks

As defined by Oxford dictionary, risk is “A situation involving exposure to danger”, or “The possibility that something unpleasant or unwelcome will happen.” The dictionary definition is so engrained in our minds, that we fail to look at risks beyond its negative connotations.

Risks may not always be negative, throwing in uncertain events and putting projects at stake. For good reasons when we drop the Oxford definition, risks can also be indicators for opportunity for an organization, which falls under the category of positive risks. Failure to act on opportunities can become a risk.

Using risk management approaches to also identify opportunities can often lead to the creation of value for organizations. For instance, a new product or service is “too successful.” It generates drastically more demand than expected and overwhelms the resources. This excess demand compromises the ability to fulfil and meet the demand/requirement in a timely manner. This eventually disappoints and frustrates the customer, weakens, or destroys brand reputation, increases your cost of doing business and reduces or potentially eliminates profitability.

This risk has a positive impact when analyzed methodologically and can bring in opportunity for the organization to elevate or augment the business.

Lack of Risk Analysis and Prioritization

An elaborate description of a risk gives us only a broad idea of what could happen and we get carried away with the misconception that a risk detailed will be mitigated and eliminated. Without an appropriate analysis and prioritization of the risks, we may be overwhelmed with the number of possible risks and fail to derive at the right risk mitigation/elimination steps.

Assigning priorities to risks is crucial and that is where the RPN (Risk Priority Number) plays a key role. Stakeholders from all parties must be involved in contributing to the Risk Matrix early and regularly, which can be accomplished by following the three simple steps of analysing, prioritizing, and controlling. Risk management should never be carried out as an isolated exercise, but as a collaborative one.

Risk prioritization is important because it also makes it easy for the leadership group to make decisions about where to invest resources to increase the certainty around each risk (whether threat or opportunity).

Passive Risk Management

Risks are commonly associated with some actions, but it can also occur from inaction. In most cases, risks may be identified but they are largely ignored in the planning and execution process until some undesired events occur, at which time solutions are sought.

In order to become active managers of risk there are some important steps to take once a threat or opportunity has been identified, described, analyzed, and prioritized. Analysis and prioritization are key in preventing a risk from becoming a passive one.

The key step is to consider what options are available to us so that we can respond appropriately. There are a range of responses which can be used to alter the cause of the risk, perhaps avoid the event, or possibly reduce the effect.

Lack of Accountability and Responsibility

After the risk has been recorded successfully, we must think of who is going to act on our recorded risk. When a risk is not assigned an owner for action, it is very much a potential candidate of passive risk. Risk accountability and responsibility has an essential role to play in the strengthening of risk management practice. This is a vital information which is ignored in many risk registers.

These are some important roles we can identify to associate with each risk at a project level or engagement level-

  • Risk Author – the person who identified the risk, as they will be a key source of information
  • Risk Owner – the person responsible for managing the risk, ensuring that its status is monitored
  • Risk Actioner – the person who is going to implement one or more responses to a risk.

Risk management and risk registers are used in many projects, but it should not become a mere bureaucratic piece of artefact. Project managers need to ensure that they are managing risks and not simply contributing to a bloated risk register that has detailed risk data and that no one is bothering to manage. Again, the point is not to be a mere chronicler of risks for the project post-mortem, but to take actions and keep the eyes and ears open for opportunities to mitigate risks.

It is time that we take fresh look on our organizational practices, change our attitude of looking at risk as “something that might go wrong” and advance towards adopting better approaches to this extremely vital area of project management.

Reference

Risk management – how NOT to do it | AXELOS

Author

Rama Vani Periasamy

Rama is a part of the Quality Assurance group, passionate about ITSM. She loves reading and traveling.
To break the monotony of life and to share her interest on books and travel, she blogs and curates at www. kindleandkompass.com

Karpagam Ramasamy

Karpagam is a part of the Quality Assurance team at GAVS. She is interested in learning new methods and technologies. Her passions include playing fencing and sketching. She enjoys music and traveling. She believes that “If you are not willing to learn no one can help you”.



Imposter Syndrome at Workplace
You Deserve This! – Dealing with Imposter Syndrome at Workplace
Read More
Sustaining Competitive Advantage
Sustaining Competitive Advantage
Read More
Citizen Developers
Citizen Developers
Read More
GAVS – Global IT Consulting

Copyright © 2022, GAVS Technologies.

  • Privacy Policy
  • Cookie Policy
  • Terms of use
  • Contact Us
  • Platforms & Products
    • Platforms & Products
    • Products
      • Zero Incident Framework ™
      • Products
      • zDesk – Remote, Secure Desktop-as-a-Service (VDI+)
      • GTOps
      • TruOps
      • zIrrus
  • Services & Technologies
    • Services & Technologies
    • Digital Services
      • Digital Services
      • Auto Discovery and Dependency Mapping
      • Cloud Enablement
        • Cloud Advisory and Transformation
      • Automation
      • Blockchain
    • Data Privacy Services
    • Cyber Security Services
      • Cyber Security Services
      • Risk and Compliance
      • Security Automation
      • Managed Security Services (MSS)
      • Managed Detection and Response (MDR)
      • Identity and Access Management
      • Assessment and Advisory
    • Consulting & Implementation Services
      • Consulting & Implementation Services
      • Cloud Assessment & Advisory
      • Data Center Assessment
      • Data Center-as-a-Service (DCaaS)
      • Infrastructure re-engineering
      • Data Center Consolidation & Migration
    • Application Services
    • Enterprise Support Services
      • Enterprise Support Services
      • Managed Infrastructure Support
      • Remote Infrastructure Monitoring
      • End User Monitoring
    • Microsoft Services
  • Industries
    • Industries Overview
    • Healthcare
    • Banking & Financial Services
    • Manufacturing
    • Media & Publishing
  • Inside GAVS
    • Inside GAVS
    • About Us
    • Industries
    • Client Speak
    • Alliances & Partnerships
    • Leadership Team
    • Social Responsibility
    • Events
    • Find us
    • Reaching us
    • Press Releases
    • Media Mentions
    • Awards and recognitions
    • In Memoriam
    • Covid Care
  • Insights
    • Insights
    • Articles
    • Blogs
    • White Papers
    • Case Studies
    • Brochures
    • Videos
    • enGAge Magazine
  • Work with us
    • Work with us
    • Career with GAVS
    • Company Culture
    • Diversity @ GAVS
    • Building a respectful workplace

Schedule a Demo