Page 92 - DCAP307_PLANNING_AND_MANAGING_IT_INFRASTRUCTURE
P. 92
Planning and Managing IT Infrastructure
Notes While building a complete strategy to mitigate risks associated with a major disaster, or more
common risks in the areas of business operations or data availability, organisations need to take
a comprehensive and methodical approach in risk mitigation to ensure business continuity.
Such an approach needs to evaluate and address the priorities and capabilities of the business
along three dimensions of risk mitigation. Primarily, understanding the reach and range of the
risks in an organisation and its impact within and outside the company is vital. Secondly,
perceiving the resilience level of the environment to mitigate risks by identifying the vulnerable
areas in the organisation and the capabilities that it possesses to predict, prevent and recover
from risks is crucial.
Finally, there has to be an appropriate strategy to recognise and respond to organisational risks
while improving the resilience level of the current environment and achieving the desired state
of buoyancy in the company.
“Developing an effective risk mitigation strategy is a multi-pronged approach which involves
listing out the risks that the organisation is affected by, sieving out those risks which businesses
would want to accept and run its operations with while devising a strategy to mitigate those
risks that are unacceptable. Lastly, finding out which risks can be mitigated cost-effectively and
which can be outsourced for effective operations is vital,” added Chandrasekhar
Balasubramanian, Country Manager – Infrastructure Risk Management Services, IBM India/
South Asia.
Moreover, a comprehensive and methodical approach to risk mitigation empowers organisations
to make informed decisions. The systematic approach would provide a thorough insight into
the various anticipated risks and their possible business impact. Organisations will then be able
to better evaluate the pros and cons of adopting any particular solution to manage business
continuity.
Companies need to critically look at the outcome of structured Risk Analysis and Review
(RA&R) and build a risk mitigation strategy followed by a risk mitigation plan. A risk mitigation
strategy includes elements such as risk avoidance, risk transfer, risk limitation, etc. One has to
recognise that a risk mitigation plan may be a combination of different elements of risk treatment.
Notes Despite deploying several strategies and risk treatment measures, there is always
a threat of disaster and that’s the key point to note.
5.3.2 Need for a Structured Governance Framework
In risk mitigation strategy, the role of both IT governance and corporate governance are important.
IT needs support from corporate to implement a risk mitigation strategy and both need to be
incorporated at the same time.
The structured governance framework had significant advantages in risk mitigation. It enables
organisations to control planning, development, improvement, and management of incident
responses thorough risk assessment. Therefore, a structured governance framework helps in
achieving compliance by means of structured auditing and assessment of the risk mitigation
processes.
Once an organisation understands the reach and range of the risks to its enterprise, it needs to
evaluate its current ability to mitigate those risks. Due to the inherent complexity of most
organisations, such an analysis should break down the different aspects of the organisation into
multiple layers that can each be viewed separately to see how they can be used to mitigate
certain risks.
86 LOVELY PROFESSIONAL UNIVERSITY
