The road to IT project success is rife with potholes, road blocks, and the occasional run-in with an angry pack of wolves. Navigating the holes and sidestepping the snapping maws requires a good risk management model. In a PDF provided by Lawrence Technological University, Samer AlHawari, Fadi Thabtah, Louay Karadsheh, and Wa’el Musa Hadi piece together a framework that they believe will help to minimize and mitigate risk on that winding road.
Their model is careful to define basic terms in the introduction so as to get everyone on the same page as to what is being discussed. It then proceeds into an overview of the myriad literature written on the subject of risk management over time, so as to show that the model being used here is the clear and direct result of good ideas produced in the past.
The key elements of the risk management framework itself are the need for risk management, goal definition review, identity risk, risk scrutiny, risk analysis, risk verification, planning for risk, planning experiment, risk implementation, risk control, risk monitoring, and risk education. The various ways these elements connect are helpfully represented in an included flow chart so as not to leave the reader adrift in a sea of similar-sounding concepts, but in a nutshell, it all begins with the pressing need for risk management:
The organization must explicitly define the importance of risk management to their stakeholders to contribute in identifying all risks associated with business objectives. Identifying all relevant stakeholders is essential for the success of the risk mitigation process. These risks may be obstacles for the organization in achieving the stated business objectives. When an organization plans a new business strategy, it must identify all risks associated with it in order to mitigate the obstacles and to facilitate the implementation of the new strategy in terms of the goals. Risk management is needed in day-to-day business operations and project management implementation. Understanding the need of the risk management is vital for success of organization existence in dynamic world.
Likewise, all data collected from the end of one cycle of the risk management model then becomes part of the available knowledge in educating the next cycle of the model. The framework begins and
ends with risk education, always improving, always adapting. Those looking for a comprehensive and thorough model by which to handle their IT risk management would do well to study the model provided here. You will inevitably still trip over a pebble in the road now and then, but you can rest easy knowing that the wolves will never catch your scent.