Project & Change Risk Management

Project & change Risk management

A web based tool for Compliance/Information security team to engage projects and changes to the infrastructure

www.riesgoriskmanagement.comBy

Ben [email protected]

www.riesgoriskmanagement.com

http://www.riesgoriskmanagement.com/

mailto:[email protected]

Introduction

Start cycle

Engage project team

Complete survey

Initial risk assessment

Risk management

Approval

Project manager - can create a project and manage the progress of his/her project through its milestones and can oversee how all its risks are identified and managed.

Fraud, Risk or Security (compliance) -can interface with the project team and have new projects, changes or business unit ideas assessed for risks and provide resolution.


This solution is a web based, effective and collaborative solution to project risk management, it allows for an effective business process that allows both the project management team and the risk management team to address project issues as it progresses through its lifecycle.

Process overview

Project

Change

Suppliers

Ris

k as

sess

men

t

Ris

k m

itig

atio

n

Information security/compliance

Fraud

Security policies

PCI DSS

Data security

Business units ISO27001

FSA

Enga

gem

ent

Pro

ject

re

gist

er

Ris

k re

gist

er

Risk assuranceForum

Risk Acceptance

form

Risk review

Capturing project/change risk management lifecycle


Information security project engagement solution overview

Project management

office

Project registration

Project Manager allocation

Project documentation

Project manager

Business analyst

Information security or compliance

Information security survey

Risk assessment

Pro

ject

re

gist

er

Risk mitigation R

isk

regi

ster

Risk assurance

forum

Ris

k ac

cep

tan

ce

form

Ris

k re

view

A simple web based tool that capture changes to your organisation’s framework providing a consolidated platform to manage potential risks to your estate.www.riesgoriskmanagement.com

The key participants

Programme management

Project approval

Change approval

Supplier or business unit

approval

Project funding control

Project management

Project management

Project team

Project milestone

Information security or compliance

FRS survey

FRS project allocation

Project Milestone

Gate approval

Risk Management

Light touch option (Fast

track)

Business impact

assessment

BIA stakeholders

Risk identification

Risk Assurance forum

Senior management

Risk Register

Risk acceptance

form

Risk review

The web based tool ensures that the key participants are engaged and the business processes ensures a consistent approach to all projects/changes.


SPMB Programme

office

Project initiation

Project cost code

allocation

Handover to project

management

Project office

Project allocation to

PM

Upload project details

Complete FRS survey

Sys admin

System administration

SPMB(Programme office) users

FRS Fraud/Risk/Security

Users

RAF (Risk Assurance

Forum)Users

FRS manager

FRS resource allocation

Project risk management

Assign projects to

risk consultant

FRS consultant

Accept assigned projects

Assess project and

carry out risk

assessment

Raise project risk in the

risk register

RAFRisk Assurance

forum

Review project risk

register

Risk acceptance

form approval

Periodic review of the risk register

Assess project risk

survey results

Update project

resources

Find risk mitigations

The business process

The tool ensures that the business process engages the right units at the right time and ensures that there are no redundant or neglected elements within the operation.






Risk assessment

Risk mitigation R

isk

regi

ster

The lifecycle

The next sets of slides will take you through the lifecycle of the tool demonstrating how each stage is designed to address the objective of risk management and enforcement of compliance.


System Admin: Account setup

Each account is set up via email and the user will be expected to change their default password upon first login


Project list overview


The list shows the number of projects and the activities throughout their lifecycle.

Project registration (1)





Risk assessment

Risk mitigation R

isk

regi

ster

For each project, the Programme team can provide as much details as possible about the project.


Project registration (2)





Risk assessment

Risk mitigation R

isk

regi

ster

The programme team will be able to see the list of project and the approval dates, this provide them with the ability to have corporate governance for the projects.


Project registration (3): project status





Risk assessment

Risk mitigation R

isk

regi

ster

The aim of the project status is to allow the users to capture what stage the project is throughout its lifecycle, green indicated passed and red indicates current position. www.riesgoriskmanagement.com

General project information

Project sponsors and dates

Project milestones

Project registration (4): project status





Risk assessment

Risk mitigation R

isk

regi

ster


Project manager allocation (1): Assigning a project manager





Risk assessment

Risk mitigation R

isk

regi

ster

A project manager is allocated to the project and this triggers an alert to the Project manager, creating his account, if new and moving the project to his queue to acknowledge.


Project manager allocation (2): project acknowledgement





Risk assessment

Risk mitigation R

isk

regi

ster


Project manager allocation (3): project list & dashboard





Risk assessment

Risk mitigation R

isk

regi

ster

Project list displays the number of projects the project manager has been allocated, he can also henceforth add his own projects.

For each project there is a dashboard that displays the details of the project as it progresses.


Project manager allocation (4): Project team





Risk assessment

Risk mitigation R

isk

regi

ster

The project manager is able to add the project team on to the project, these can include the Business analyst, Architect, Test team, developers e.t.c. The aim is to ensure all participants are working from a central repository and all information can be communicated centrally.







Risk assessment

Risk mitigation R

isk

regi

ster

All team members will be able to provide their relevant information about the project.

If the project has a Teamroom where documentations are stored the URL can be added in order to other participants to view.

If there are other sites that are related these can be added as central sites as well.

If required, documentation may be attached locally. Types of documentations include: PID, BRS, HLD, LLD, test plan and others.www.riesgoriskmanagement.com

Information security survey(1): overview





Risk assessment

Risk mitigation R

isk

regi

ster

Each project will complete an information security survey, this survey will provide an initial assessment of the project and automatically score the project.

The PM can delegate this task to any member of the project team or can complete it himself or herself.

If the Project is scored as low then there is no further engagement required, however if medium or high a business impact assessment will be carried out.www.riesgoriskmanagement.com

Information security survey(2): Fraud, risk or security survey





Risk assessment

Risk mitigation R

isk

regi

ster

A series of questions designed to capture the business impact that the project may have. The questions can be customised to fit your particular environment.

Once completed, the submit button triggers the automatic assessment.


Information security survey(2): survey result





Risk assessment

Risk mitigation R

isk

regi

ster

The result shows how the project has been scored and the result against each section.

Projects can score:-High -Medium -LowThe projects scored medium or high are more likely to have security risks and require an in-depth assessments.


Information security survey(3): project survey result





Risk assessment

Risk mitigation R

isk

regi

ster

Each project, will have its survey resulted listed against and will be visible to all the participants in the project.

Projects that score medium or high will automatically be placed onto the Fraud, Risk or security (compliance) radar for a business impact assessment.


Risk assessment (1): Project allocation to Consultant





Risk assessment

Risk mitigation R

isk

regi

ster

Fraud, Risk or Security(compliance) team will receive all Medium and High risks. The team manager can assign the project to a Consultant and the project will be listed on the Consultant’s queue.


Risk assessment (2): Invitation of state stakeholders





Risk assessment

Risk mitigation R

isk

regi

ster

If the Consultant requires to invite other stakeholders or specialists (i.e. Penetration Testers, Legal, PCI DSS QSA, Firewall operations, e.t.c.) or can carry out the operation.


Risk assessment (2): Business Impact Assessment





Risk assessment

Risk mitigation R

isk

regi

ster

Consultant can create the Business impact assessment for the project by uploading the completed the risk assessment document and also get add the assessment of other stakeholders.


Risk assessment (3): Business Impact Assessment





Risk assessment

Risk mitigation R

isk

regi

ster

Consultant can upload BIA risk assessment document or add the URL where the BIA is held and set the BIA status. Once completed the project now reflects that the business impact assessment has been carried out or is in progress. www.riesgoriskmanagement.com

Risk mitigations(1): project risk registrations





Risk assessment

Risk mitigation R

isk

regi

ster

New risks for the project can be registered against the project. The risk will include the business impact, likelihood of occurrence, residual risks and risk owner.

The risks are stored in the risk register for the Risk assurance forum (Senior managers) to accept, reject, transfer or mitigate.

Ris

k re

gist

er


Risk mitigations(2): Risk Register





Risk assessment

Risk mitigation R

isk

regi

ster

The risk register contains the risk register for all the projects and the Risk Assurance Forum can assess each risk and decide on a resolution of the risks.


Risk mitigations(3): Risk Register





Risk assessment

Risk mitigation R

isk

regi

ster

Once the Risks are resolved the project can be moved forward for approval and progressed through the project milestones.


Contact details

• Ben Oguntala

• [email protected]

• +44 7812 029 867

• www.riesgoriskmanagement.com


mailto:[email protected]

http://www.riesgoriskmanagement.com/

Project & Change Risk Management

Documents

Transcript of Project & Change Risk Management