TABLE OF CONTENTS
Risk Management Plan 3
Company Overview 3
Consultation and Communication 3
2. Establish, Identify and Analyse Risks 5
2a. Establish the Context and Identify Risks 6
2b. Risk Identification 8
2c. Risk Analysis, Evaluation and Prioritisation 11
3. Develop a Risk Register Plan 11
Risk Matrix 16
Risk Management Plan
Boorela systems is an international webhosting, training, and domain registration company. It is the largest ICANN-approved webhosting company as it manages more than sixty-one million domain names. It was founded in the mid-1990s by Bob Parsons. It grew to be the largest web-hosting company through continuous acquisition of smaller web hosting companies. It employs approximately 4000 people and has more than thirteen million companies. It has a data centre measuring 65,000 square foot that is connected to a DWDM Ethernet backbone optical fibre offering a speed of 20 Gigabits per second. It is headquartered in Scottsdale in the State of Arizona in the United States.
1. Consultation and Communication
Using the table, list key stakeholders for the organisation (and their job roles or titles), they may be responsible for management decisions, organisational structures and are impacted by risk or responsible for risk in the organisation. Also include stakeholders that are external to the organisation that you believe should be listed. (Add additional rows to the table if needed.)
An option may be to present your stakeholders in the following table. (Add additional rows to the table if needed.) [Then delete the suggested italics text so that only the table remains.]
Stakeholder Role Stakeholder’s agenda for Risks
e.g. Describe the stakeholder group e.g. Describe the role that this group has with the organisation e.g. what influences this stakeholder – a Finance Director’s agenda is to increase profit margin
Chief Executive Officer Expanding the customer base and expanding revenue.
President & COO Managing the company’s global operations, marketing, and channels.
Veronica Vaurela Chief Marketing Officer and Chief Customer Officer Overseeing strategic end-to-end customer relationships and corporate marketing.
Chief People Officer Hiring and retaining the greatest talent pool.
Executive Vice President of Global Platform Development Development of systems and product platforms.
Chad Vaurela Chief Financial Officer Maintaining the profit margin, financial analysis, tax compliance, investor relations, and internal audit.
Lewis Mills General Counsel Corporate litigation, corporate governance, intellectual property, and mergers & acquisitions.
Robin Kommer Senior Vice President Hosting Overseeing hosting platforms for businesses.
Explain the consultation and methods of communication that you will undertake as part of the planning process (100-200 words).
Communication and consultation are core aspects of the risk management process. Communication must at all-time feature open discussions with all relevant stakeholders so as to develop a common understanding of the problems at hand and how they can be resolved. Risk management is only enhanced when individuals and parties understand all the perspectives based on timely consultation. Stakeholders form biases about risks based on differences in concerns, concepts, assumptions, needs, and values. Stakeholder views have a fundamental impact on the decisions made. It is therefore important to reach out to each stakeholder in each department or sector to identify, record, and address their perceptions of risk in the preparatory stage. Upon meeting the stakeholders, the consultant then generates qualitative criteria by creating tools and methods that are meant to reach balanced estimations of the risk assessments by various stakeholders. External consultants should be brought in on a regular basis for exchange of experience and knowledge. Effective communication and consultation strategies will ensure that the both the risks and risk management process progress effectively without subjective estimations.
2. Establish, Identify and Analyse Risks
Review organisational processes, procedures and requirements. Analyse and assess the risks for your organisation. Apply the current risk management standards and processes to outline risk management for your organisation.
Boorela systems essentially deals with off-site hosting of customers website and email; storing files, images, and music as well as managing customer data. As the largest web-hosting services provider a risk for Boorela systems is a risk for millions of small businesses that depend on services for hosting of web services, domain names, and the business itself. Boorela systems has put in place various processes, procedures, and requirements to safeguard against security breaches and loss of data. The company always verified email addresses during the domain name validation process. The process is expanded to include telephone verification and fraud screening. Certified domain names are issued upon completion of the verification process. The certified domain name is screened for several fraud indicators. If probable fraud is identified, the domain is subjected to fraud review resulting in suspension of the verification process. The certified Domain name request is rejected if it is suspected that there is sufficient evidence that fraud has occurred.
The underlying reasoning behind risk management is that every corporation exists to provide the maximum value for its stakeholders. All corporate entities face uncertainty. It is upon the management to evaluate how uncertainty can be used as an opportunity to enhance value rather than as a risk that erodes value. The current risk management standards and process require alignment of risk strategy and appetite; enhancement of risk response decisions, reduction of operational losses and surprises; identification and management of cross-enterprise and multiple risks; improved deployment of capital, and seizing opportunities.
The management is required to consider the prevalence of risk when evaluating strategic alternatives so that they can develop risk management mechanisms by setting realistic objectives. Enhancement of risk response decisions is done by selecting a viable response such as risk acceptance, risk sharing, risk reduction, and risk avoidance. Identification of potential events that are likely to affect the organisation results in reduction of surprises and associated losses or costs. Consideration of the full range of impacts that are likely to result from identified risks enhances the capability of the management to identify hidden opportunities. Collection of robust risk information empowers management to deploy and allocate capital effectively preserving the integrity of the corporation as a going concern.
In 2012, Boorela system’s servers went offline creating a ripple effect for millions of small business who used its DN records, name servers, and webhosting services. An internal error was to blame for the outage but nevertheless servers claimed responsibility. The company reported that its router data tables had been corrupted by a series of internal network events. Small business lost access to their data and websites as well as potential and real revenue and sales. Outages cause insecurities and breach of data in the public cloud leaving small businesses exposed to various vulnerabilities. At the time of the attack Boorela systems did not have an immediate and reliable back-up strategy in place after several hours of outage. This created concerns about security redundancy, and business continuity plans as customers were offline for almost a full day.
2a. Establish the Context and Identify Risks
Start with completing a PESTEL analysis to understand the MACRO environment. This assists to uncover different risks that can affect the organisation (Remember this assessment must not be limited to WHS risks). For more information: http://www.mindtools.com/pages/article/newTMC_09.htm
e.g. Discuss how a change in government may affect specific factors
● Political instability in developing markets.
● Strict regulation in the European market and other markets.
● Internet crack-downs in developing countries.
● Pressure from online privacy rights groups.
● Change of online policy direction after the November elections.
e.g. IT issues
● Free web-hosting services
● Intensive competition from start-ups.
● Proliferation of smart phones technology.
● Preference of online presence over brick and mortar presence.
● Expansion of technology infrastructure across the job.
● Affordability of the cost of data.
Economic Environmental factors
e.g. Drop in Australian Dollar outline what this will affect
● Inflation rates
● Unpredictable value of the dollar
● Possible economic slowdown
● High interest rates
● Mergers and acquisitions
● Expanding domestic and global middle class
● High purchasing power e.g. weather what impact does this have
● Climate change debate
● Working indoors during harsh weather.
Social issues Legislation
e.g. trends, culture, customer needs
● Work-life balance resulting in alternative working patterns such as telecommuting, work-sharing, and working from home.
● Instant communication
● Demographic changes
● Tech-savvy generation
● Media perception
● Changes in consumer attitudes.
● Expanding population densities in big cities.
Growth of online social services e.g. dating, gaming, and food delivery.
e.g. laws affecting the organisation
● Data Privacy concerns
● Litigation concerns due to data outages
● Cloud security concerns
● High competition rates.
● Competitors offering basic free services and premium charged services.
● Access to new technologies
● Lack of product differentiation.
● Presence of miscellaneous substitute products.
2b. Risk Identification
Discuss here what methods you will use to identify risks. Complete a SWOT analysis for your organisation to help you to identify internal and external risk factors. (150 – 200 words)
Boorela systems’s risks will be evaluated using multiple methods. The primary methods will be evaluation of implementation challenges, external and internal dependencies, current strategic plan, stakeholder expectations, performance challenges, key performance parameters, technical maturity, schedule, cost estimates, and program scope review. The secondary methods of evaluation will entail an evaluation of system security, system safety, test event expectations, and cost deviations, ability to handle threats, supply-chain vulnerabilities, supportability, and interoperability. The risk identification will be an interactive process. As the identification continues, more information will be gained about the corporation’s strengths and weaknesses. The risk statement will be adjusted continuously to reflect the position based on the most immediate review. Operational risks will be prioritized since they affect the operations and capabilities of the end users. Risk prioritisation will be based on the gravity to the end users (Boorela systems’s customers who host their websites on the corporation’s servicers). The available alternatives, balances, and options will be recommended for end users to cushion them from heavy losses of customers and revenues.
e.g. Brand reputation, reliable staff
● Impressive revenue and profitability
● Provision of monetary assistance by finders.
● Robust sales and distribution networks
● Barriers to market entry
● Established business units
● Brand recognition
● Firm entrenchment in the domestic market
● Reduced labour costs
● High industry growth rate
● Largest company in the sector
e.g. Bureaucratic style of management
● Expensive cost structure
● Low investment in research and development
● Complex tax structure
● Lack of a diverse management team
● Exposure to outages and hacking
● Lack of product diversification
e.g. New product launch, expansion
● New services and products
● New acquisitions
● Diversification of products
● Global expansion
● Virtual offices
● Increasing costs
● Rising cost of raw materials
● Technological problems
● Lowe profitability of the sector
● Growing stiff competition
● Increasing interest rates
● Cash flow inadequacies.
Discuss the risks that you have identified through your PESTEL analysis, SWOT analysis and the other methods you have used (200 words).
The SWOT and PESTEL analysis have revealed various risks that are inherent in Boorela systems’s organisational structure. The key risk is data breaches due to hacking or internal control failures. The risk is likely to result in massive losses for consumers, security fears, violation of private data, loss of brand recognition, and eventual loss of revenue for both the business and its customers. The risk could also lead to enactment of strict legislation, litigation suits, and pressure from privacy and security rights groups. The second risks include internet-closure in developing countries such as Asia die to political differences. There is also the risk of political instability in some countries of operation. The company is also likely to experience stiff competition from free web-hosting services which are venturing into offering premium instead of basic web-hosting services. Economic instability and high inflation rates are likely to impact negatively on the company’s profitability. The company is also exposed to acquisitions by big players in the Tech Industry such as Facebook who may opt to either buy Boorela systems or push it out of the market. The presence of miscellaneous substitute products offers Boorela systems little room for product differentiation and diversification. A punitive taxation regime poses a risk to the company’s profit margins. There is lack of management diversity since most of the managers are male and whites. This may make it difficult for the company to access some market segments both in the domestic market and in international markets.
2c. Risk Analysis, Evaluation and Prioritisation
Analyse and evaluate ten risks, outline the likelihood of each risk to occur, and prioritise the risks. Include a risk matrix template from your notes. (Please attach the risk matrix template in your appendix).
The order of the risk includes data/system breaches; loss of revenue; loss of brand recognition; litigation; punitive tax regime; political interference in developing markets; lack of management diversity; stiff competition by free web-hosting service providers; acquisition by dominant players in the tech industry, and lack of product diversification exacerbated by presence of miscellaneous product substitutes,
3. Develop a Risk Register Plan
a. Outline the ten risks and levels of control in the risk register template Part A. You can create your own risk reference code unique to each risk e.g. a marketing risk may be given the risk reference code of MARK001.
c. Determine and select the most appropriate actions for treating the ten risks, develop an action plan in template Part B to be implemented to treat the risks, if the risks were to occur. Discuss and evaluate the action plan and ongoing monitoring and communication of the risk management process.
Here you will include how you will resolve the risks according to the risk management hierarchy of control. Ensure you include strategies to monitor your risk treatments and a timetable for scheduling risk management activities.
Risk Register Part A. Risk register: (Name of organisation)
Function (activity e.g. department): Compiled by: Date:
Date of risk review: Reviewed by: Date:
Risk Reference (unique identifier code)
What is the risk?
What can happen?
How can it happen?
What can happen?
(Consequences/level of impact)
Current control strategies
I (Inadequate) Current risk level analysis
Risk priority (refer to risk matrix and attach matrix in appendix) Acceptability of Risk
A (Acceptable) or
Yes or No
Likelihood Consequences Level
GOD 1 Data/System Breach
GOD 2 Loss of Revenue
GOD 3 Loss of Brand Recognition
GOD 5 Punitive Tax Regime
GOD 6 Political Interference
GOD 7 Lack of Management Diversity
GOD 8 Competition by free web-hosting services
GOD 9 Acquisition
GOD 10 Lack of product diversification
Risk Register Part B. Risk register: (Name of organisation)
Risk Reference (unique identifier code) Potential treatment options
Person responsible for monitoring the risk Cost to implement risk treatment Time frame to implement treatment Monitors to measure the effectiveness of the risk treatments Treatment of Risk Complete
Yes or No
GOD 1 Hacker-immune systems
GOD 2 Sustainable cash and equity reserves
GOD 3 Public relations campaigns
GOD 4 Strong legal representation
GOD 5 Lobbying for tax friendly legislation
GOD 6 Franchising with local webhosting service providers
Increase diversity at management levels
GOD 8 Offer free trial versions
GOD 9 Retain sector leadership
GOD 10 innovation
List the full URLs of the websites or documents you have used in your research.
Use Harvard style referencing e.g.
Queensland Government: Business and industry portal, Preparing a risk management plan and business impact analysis, viewed 3/2/15, https://www.business.qld.gov.au/business/running/risk-management/risk-management-plan-business-impact-analysis
Cisco, 2009. White Paper, The Risk Management Framework: Building a Secure and Regulatory Compliant Trading Architecture, viewed 17/9/16, http://www.cisco.com/c/dam/en_us/solutions/industries/docs/finance/risk_mgmt_C11-521656_wp.pdf
Gibson, D., 2014. Managing risk in information systems. Jones & Bartlett Publishers, viewed 17/9/16, http://s3.amazonaws.com/academia.edu.documents/46071261/Darril_Gibson-Managing_Risk_in_Information_Systems__-Jones___Bartlett_Learning__2011.pdf?AWSAccessKeyId=AKIAJ56TQJRTWSMTNPEA&Expires=1474086703&Signature=5zz6koUqXeMFE0JeYE2zG14fW3I%3D&response-content-disposition=inline%3B%20filename%3DDarril_Gibson_Managing_Risk_in_Informati.pdf
Malhotra, Y., 2014. A Risk Management Framework for Penetration Testing of Global Banking & Finance Networks VoIP Protocols. Available at SSRN 2555098, viewed 17/9/16, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2555098
Our Service Charter
Excellent Quality / 100% Plagiarism-FreeWe employ a number of measures to ensure top quality essays. The papers go through a system of quality control prior to delivery. We run plagiarism checks on each paper to ensure that they will be 100% plagiarism-free. So, only clean copies hit customers’ emails. We also never resell the papers completed by our writers. So, once it is checked using a plagiarism checker, the paper will be unique. Speaking of the academic writing standards, we will stick to the assignment brief given by the customer and assign the perfect writer. By saying “the perfect writer” we mean the one having an academic degree in the customer’s study field and positive feedback from other customers.
Free RevisionsWe keep the quality bar of all papers high. But in case you need some extra brilliance to the paper, here’s what to do. First of all, you can choose a top writer. It means that we will assign an expert with a degree in your subject. And secondly, you can rely on our editing services. Our editors will revise your papers, checking whether or not they comply with high standards of academic writing. In addition, editing entails adjusting content if it’s off the topic, adding more sources, refining the language style, and making sure the referencing style is followed.
Confidentiality / 100% No DisclosureWe make sure that clients’ personal data remains confidential and is not exploited for any purposes beyond those related to our services. We only ask you to provide us with the information that is required to produce the paper according to your writing needs. Please note that the payment info is protected as well. Feel free to refer to the support team for more information about our payment methods. The fact that you used our service is kept secret due to the advanced security standards. So, you can be sure that no one will find out that you got a paper from our writing service.
Money Back GuaranteeIf the writer doesn’t address all the questions on your assignment brief or the delivered paper appears to be off the topic, you can ask for a refund. Or, if it is applicable, you can opt in for free revision within 14-30 days, depending on your paper’s length. The revision or refund request should be sent within 14 days after delivery. The customer gets 100% money-back in case they haven't downloaded the paper. All approved refunds will be returned to the customer’s credit card or Bonus Balance in a form of store credit. Take a note that we will send an extra compensation if the customers goes with a store credit.
24/7 Customer SupportWe have a support team working 24/7 ready to give your issue concerning the order their immediate attention. If you have any questions about the ordering process, communication with the writer, payment options, feel free to join live chat. Be sure to get a fast response. They can also give you the exact price quote, taking into account the timing, desired academic level of the paper, and the number of pages.