Page 91 - DCAP307_PLANNING_AND_MANAGING_IT_INFRASTRUCTURE
P. 91

Unit 5: Corporate Governance and IT




          Self Assessment                                                                      Notes

          Fill in the blanks:
          3.  ......................................... determines how the IT function manages demand, delivers value,
              and protects against risk.

          4.  ......................................... governance reduces long-term support costs and enables IT to be
              responsive to business need.
          5.  The IT governance structure is supported by administrative and communications personnel
              who report to the .........................................

          5.3 Mitigating IT-related Risks

          In an uncertain and constantly changing environment, having an effective risk mitigation plan
          and strategy is essential for the growth of any business.
          Risk mitigation is basically a process to bring the level of risk to one that is acceptable and can
          be dealt with by an organisation. Once the risks are identified, it is imperative to prioritise them
          and develop a risk mitigation plan.

          Organisations can cost-effectively mitigate risks to the confidentiality, integrity, and availability
          of the IT systems and assets that support critical business processes. They can do so by cutting
          down on operational costs, converting capital expenditure to predictable operational expenditure,
          getting more from existing infrastructure as well as improving productivity and reducing staffing
          pressure.
          Risks can also be mitigated either in-house or by outsourcing. If huge investments are required
          for mitigating risks, they can be outsourced to a third party who has the requisite domain
          knowledge in the ‘risk area’ and could help reduce the cost by leveraging its infrastructure and
          experience.

          Industry experts believe that organisations do a cost-benefit analysis while selecting controls to
          mitigate the risk arising from threats that exploit weaknesses within a system. The cost-benefit
          analysis suggests the use of a strategy to either accept the risk or transfer it.
          Besides, to effectively mitigate risks, companies also need to focus on educating their employees.
          It is critical that every employee understands the importance of confidentiality, integrity, and
          availability of IT systems and assets.


                 Example: Risk mitigation include taking positions in financial derivatives that hedge
          some or all of the risk; buying life insurance coverage; embracing healthier eating habits.

          5.3.1 Developing an Effective Strategy

          An effective risk mitigation strategy involves identifying the nature of risks associated with
          each activity and prioritising them; assessing and evaluating the practicability and effectiveness
          of the risk mitigating solutions, which is further scrutinised through a SWOT analysis; and
          finally, selecting and implementing the most cost-effective solution, which is then deployed by
          assigning specific tasks to the team which has the expertise and skill sets to conduct them.

          The risk mitigation plan will broadly have the strategy in terms of implementation, tracking
          and reporting of the controls selected to mitigate risk. The strategy might be to accept the risk or
          to transfer it. In some cases the risk is so insignificant that it can be avoided but that is equivalent
          to accepting the risk at that particular level.”




                                           LOVELY PROFESSIONAL UNIVERSITY                                   85
   86   87   88   89   90   91   92   93   94   95   96