Chapter Summary

Chapter Summary

Chapter Summary
(See related pages)

Risk Management Is an Essential Skill

Risk management is a key management process that must be used at every level, whether managing a project, a program, or an enterprise.

Risk management is also a strategic tool to more effectively manage increasingly sophisticated, diverse, and geographically expansive business opportunities.

Managing risk is key to keeping a business competitive and must be done by managers at all levels.

Business Risks

Common business risks include management of treasury, revenue, contracts, fraud, environment, regulatory issues, business continuity, and technology.

Technology is a business risk that is so important it must be specifically managed.

Technology risks include security, privacy, information technology operations, business systems control and effectiveness, information systems testing, and management of business continuity, reliability and performance, information technology assets, project risk, and change.

Two Risk Management Models

A general model for managing risk includes asset identification, threat assessment, impact definition and quantification, control design and evaluation, and residual risk management.

The SEI model for managing risk includes these steps: identify, analyze, plan,

track, and control.

Qualitative and Quantitative Risk Assessment

Both qualitative and quantitative risk assessment approaches must be used to effectively manage risk, and a number of approaches were presented in this chapter.

Qualitative risk assessment relies on expert judgment and experience by comparing the impact of a threat with the probability of it occurring.

Qualitative risk assessment can be a simple binary assessment weighing high or low impact against high or low probability. Additional levels can be used to increase the comprehensiveness of the analysis. The well-known red-yellow-green stoplight mechanism is qualitative in nature and is easily understood.

Quantitative risk assessment applies historical information and trends to assess risk. Models are often used to provide information to decision-makers.

A common quantitative approach calculates the annualized loss expectancy from the single loss expectancy and the annualized rate of occurrence.

It is important to understand that it is impossible to conduct a purely quantitative risk assessment, but it is possible to conduct a purely qualitative risk assessment.

Risk Assessment Tools

There are a number of tools which can be used to add credibility and rigor to the risk assessment process.

Risk assessment tools help identify relationships, causes, and effects. They assist in prioritizing decisions and facilitate effective management of the risk management process.

Instructor Edition

Student Edition

Instructor Log In

Notes

Instructor Log In

Log In
You must be a registered user to view the premium content in this website. If you already have a username and password, enter it below. If your textbook came with a card and this is your first visit to this site, you can use your registration code to register.
Username:
Password:
	Forgot your password?

Instructor Log In

Site Preferences	(Log out)

		Send mail as:

TA email:
Other email:

"Floating" navigation?
Drawer speed:

Notes		(What is this?)

Add a note
1.	(optional) Enter a note here:
2.	(optional) Select some text on the page (or do this before you open the "Notes" drawer).
3.	Highlighter Color:
4.

Search
Search for:
Search in:

Home > Chapter 20 > Chapter Summary

	Course-wide Content
		Glossary Textbook Updates

	Quizzes
		Multiple Choice Quiz
	More Resources
		Chapter Outline Chapter Summary

	Instructor Resources
		Projects Updates for Instructors NWCET Info

	Course-wide Content
		Glossary Textbook Updates

	Instructor Resources
		Instructors' Manual PowerPoint Presentation Answer Key NWCET Activity Image Library

	Quizzes
		Multiple Choice Quiz
	More Resources
		Chapter Outline Chapter Summary