Risk Assessment

Risk assessment is a vital component in BC (Business Continuity) planning. Through risk assessment, your company may determine what vulnerabilities your assets possess. Not only that, you’ll also be able to quantify the loss of value of each asset against a specific threat. That way, you can rank them so that assets that are most likely to cripple your business when say a specific disaster strikes can be given top priority.

However, a poorly implemented risk assessment may also cost you unnecessary expenditures. Many risk assessors are too enthusiastic in pointing out risks that, at the end of the assessment, they tend to over-appraise even those having practically zero probability of ever occurring.

We can assure you of a realistic assessment of your assets’ risks and propose cost-effective countermeasures. These are the things we can do:

  • Identify your unsafe practices and propose the best alternatives.
  • Perform qualitative risk assessment if you want fast results and lesser interruptions on your operations.
  • Perform quantitative risk assessment if you want the most accurate depiction of your risks and the corresponding justifiable costs of each.
  • Conduct frequency and consequence analysis to identify unforeseen harmful events and determine their effects to various components of your organisation and its surroundings.

We can also assist you with the following:

Check our similar posts

IT Risk and Control Solutions Specialists – Why you need them more than ever

Over the years, the capabilities of IT systems have certainly grown by leaps and bounds. But so have the risks that accompany them. Countless threats to IT systems now exist that are capable of seriously disrupting business operations. That’s why companies have to conduct assessments aimed at making sure their systems are still capable of functioning effectively, efficiently, and securely all the time.

If you think you’ve been lucky enough to be spared from these threats, then maybe it’s because you haven’t conducted a risk assessment on your IT system recently. All too often, we hear of CIOs who believed their IT system was in tip-top condition, only to be later caught off-guard by a critical system breakdown that would eventually cripple their business for days or weeks.

More information assets to look after

If, before, you only had to worry about regular office applications, workstations, a LAN and a server, today’s varied and more sophisticated information assets are more challenging to maintain.

In addition to network operating systems, database management systems, content management systems, email systems, virtualization platforms, document management systems, business intelligence applications, and accounting software, a typical enterprise may also have to look after firewalls, intrusion detection systems, storage and backup systems, and data loss prevention systems, to mention a few.

These understandably require the services of experts spanning a wide range of skill sets.

Rising threats to corporate identity and privacy

Individuals are no longer just the ones being preyed upon by identity thieves. Businesses can now be subject to corporate identity theft as well. You could wake up one day finding your business already accused of carrying out illegal activities, a big chunk of your money gone, and your directors? seats already occupied by complete strangers.

To make things worse, corporate threats aren’t just coming from the outside.

Threats to corporate privacy, for instance, can come from within the organisation itself. Sensitive information like trade secrets and financial data are often leaked out (purposely or inadvertently) by employees. This is largely caused by the ever growing number of options for communications and transferring data (e.g. emails, instant messaging, blogs, social networking sites, ftp, P2P, etc.).

Greater challenges in designing, developing, and implementing policies and programs

Laws and regulations like SOX and Solvency II, which have direct impacts on IT, are on the rise. That is why corporate policies and programs now require sweeping changes. You now have to be more deliberate in integrating IT when establishing governance, internal controls, change management, incident management, and performance management.

A solid understanding on widely accepted frameworks and good practices like COBIT, COSO, and CMMI will help you considerably in such undertakings. Using these frameworks as guidelines will not only help you keep your policies and programs attuned to the times, they will also keep you in compliance with regulations.

Increasing demand for disaster recovery and business continuity capabilities

Every time you have a down time, you increase the probability of losing your customers to competitors. The longer the down time, the greater that probability becomes. Therefore, when a major disruption strikes, you should be able to recover at the soonest. If possible, you should be able to deliver products and services as usual.

This of course requires spending to increase your disaster recovery (DR) and business continuity (BC) capabilities. Are you ready for it? Migrating your IT infrastructure from traditional systems to the latest technologies that are better equipped for BC/DR requires careful planning and implementation to ensure an optimal return on investment.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Benefits Realisation Frameworks – A Useful Handle

One of the greatest challenges of project management is maintaining top-down support in the face of fluctuating priorities. If you elect to take on the role yourself and are peppered by other priorities, it can be a challenge to exactly remember why you are changing things and what your goals are. Sometimes you may not even notice you have reached your goal.

The Benefits Realisation Chart-room

The Benefits Realisation Model is a framework on which to hang key elements of any project. These traditionally include the following, although yours may not necessarily be the same:

  • Definition of the project goal
  • Quantification of intended benefits
  • Project plan versus actual progress
  • How you know you reached your goal
  • Quantification of actual benefits

Another way of describing Benefits Realisation Frameworks is they answer four fundamental questions that every project manager should know by heart:

  • What am I going to do?
  • How am I going to do it?
  • When will I know it’s done?
  • What exactly did I achieve?

The Benefits Realisation Promise

An astounding number of projects fail to reach completion, or miss their targets. It’s not for nothing that the expression ?after the project failed the non-participants were awarded medals? is often used in project rooms. We’re not saying that it is a panacea for success. However it can alert you to warnings that your project is beginning to falter in terms of delivering the over-arching benefits that justify the effort.

When Projects Wander Off-Target

Pinning blame on participants is pointless when project goals are flawed. For example, the goals may be entirely savings-focused and not follow through on what to do with the windfall. At other times realisation targets may be in place, but nobody appointed to recycle the benefits back into the organisation. This is why a Benefits Realisation Framework needs to look beyond the project manager?s role.

Realisation Management in Practice

If the project framework does not look beyond the project manager?s role, then it is over when it reaches its own targets ? and can even run the risk of being an event that feeds entirely off itself. In order to avoid a project being a means to its own end, this first phase must culminate with handover to a benefits realisation custodian.

An example of this might be a project to centralise facilities that is justified in terms of labour savings. The project manager?s job is to build the structure. Someone else needs to rationalise the organisation.

In conclusion, the Benefits Realisation Framework is a useful way of ensuring a project does not only achieve its internal goals, but also remains a focus of management attention because of its extended, tangible benefits.

Top 10 Disadvantages of Spreadsheets

Fraudulent manipulations in company Excel files have already resulted in Billion-Dollar losses. The main underlying reason behind this spreadsheet vulnerability is the inherent lack of controls, which makes it so easy to alter either formulas, values, or dependencies without being detected.


Disadvantages of Spreadsheets - Kindle

Disadvantages of Spreadsheets

Comprehensive information and data your organisation needs, to circumvent the threats posed by spreadsheets.


Buy Now

1. Vulnerable to Fraud

Of all the spreadsheet disadvantages listed here, this is perhaps the most damaging. Fraudulent manipulations in company Excel files have already resulted in Billion-Dollar losses. The main underlying reason behind this spreadsheet vulnerability is the inherent lack of controls, which makes it so easy to alter either formulas, values, or dependencies without being detected.

2. Susceptible to trivial human errors

While fraud will always be a threat to spreadsheet systems, there is a more significant threat that should make you seriously consider getting rid of these outdated systems. And that is its extreme susceptibility to even trivial human errors. Missed negative signs and misaligned rows may sound harmless.

But when they damage investor confidence or cause a considerable loss of opportunity amounting to millions of dollars (Are we serious? Google up ?spreadsheet horror stories? to find out), you should understand that it?s time to move on to better alternatives.

3. Difficult to troubleshoot or test

So how about testing spreadsheets to mitigate the risks of items 1 and 2? Good luck. Spreadsheets just aren?t built for that. It?s not uncommon to have interrelated spreadsheet data scattered across different folders, workstations, offices, or even geographical locations.

Worse, even if you are able pinpoint the locations of every related file, tracing the logic of formulas from one related cell to another can take ages. It?s pretty obvious now how you?ll also encounter a similar problem when troubleshooting questionable data.

4. Obstructive to regulatory compliance

Combine items 1, 2, and 3, and what do you get? A big headache impacting regulatory compliance. There are number of regulations that have a serious impact on the use of spreadsheets.

Some of the many regulations that impact spreadsheet systems include:

And to think it looks like regulatory bodies are just getting warmed up. Over the last two decades, we’ve seen a surge in regulations that directly affect spreadsheet-based systems. Now, you tell me that you haven?t wished there was a better way to beat regulatory compliance deadlines. Well, if you?re still using spreadsheets, then there certainly is a better way.

5. Unfit for agile business practices

We’re now in an age when major changes are shaping and reshaping the business landscape. Mergers and Acquisitions, Management Buyouts, earthquakes, tsunamis, hurricanes, uprisings, climate change, new technologies, and so on. If your business is not agile enough to adapt to such changes, it could easily be left behind or even face extinction.

Spreadsheets are normally created by individuals who have not the slightest know-how regarding software documentation. In the end, spreadsheet files become highly personalised user developed applications. So when it?s time for a new person to take over as part of a large scale business change, the newcomer may have to start from scratch.

Read further about Implementing Large-Scale Business Change

 

6. Not designed for collaborative work

Planning, forecasting, budgeting, and reporting are all collaborative activities. In other words, plans, forecasts, budgets, and reports typically require information from different individuals belonging to different departments. In addition, the final documents are a result of multiple exchanges of data, ideas, and files.

Now, if your company?s offices are scattered throughout the country or if certain team members are separated by large distances, the only way to exchange data stored in spreadsheets is through email.

Experience will tell you that such a method of exchange is susceptible to duplicate and even erroneous data. Team members will tend to find it hard to keep track of similar files going back and forth, and sometimes even end up sending the wrong version.

7. Hard to consolidate

When it comes to simple data entry and quick ad hoc data analysis tasks, spreadsheets are highly favoured by end users. This has made them one of the most ubiquitous office tools on the planet. But as a consequence, data in spreadsheet-based systems are distributed throughout the organisation.

So when it’s time to generate reports, you’ll really have to go through a slow consolidation process. In most cases, end users would have to collect data from different files, summarise them, and submit the same to their department heads through emails, portable storage media (e.g. CDs or USB flash-drives), or by copying to a commonly shared network folder.

Department heads would have to undergo a similar process before submitting them to their own superiors. This has to go on until all the information reaches their organisation’s top decision makers. Throughout the entire consolidation process, data is subjected to numerous error-prone activities such as copy-pasting, cell entry, and range specification.

8. Incapable of supporting quick decision making

In a spreadsheet-based environment, extracting data from different departments, consolidating them, and summarising the information so that it could aid the company’s top brass in making sound decisions can be very time consuming.

And because we know how susceptible spreadsheets are to errors, everyone involved in the information processing has to be ultra careful to keep the integrity of the data intact. Hence it would be prudent to enforce double-checking as much as possible.

This extra but necessary exercise can further delay the process. So, when the final information arrives at the hands of the top executive, he may not have much time to work with. (Read about Business Intelligence)

9. Unsuited for business continuity

As mentioned earlier, data in spreadsheet systems are never kept in a single place. In fact, it’s the exact opposite. The worse thing about it is that they’re always in the hands of non-IT personnel, who are understandably not familiar with storage and backup best practices.

Thus, if a major disaster strikes, full data recovery can be very difficult if not impossible. As a consequence, even if the company has financial reserves, the absence of data (e.g. accounts receivable records, customer records, and inventory) to work on can prevent the company from making a quick restart.

10. Scales poorly

As an organisation grows, data in spreadsheet-based systems get more distributed; subsequently compounding the issues outlined above. It is absolutely not advisable for a large organisation to keep using spreadsheets.

 

More Spreadsheet Blogs

Spreadsheet Risks in Banks

Top 10 Disadvantages of Spreadsheets

Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry

How Internal Auditors can win the War against Spreadsheet Fraud

Spreadsheet Reporting – No Room in your company in an age of Business Intelligence

Still looking for a Way to Consolidate Excel Spreadsheets?

Disadvantages of Spreadsheets

Spreadsheet woes – ill equipped for an Agile Business Environment

Spreadsheet Fraud

Spreadsheet Woes – Limited features for easy adoption of a control framework

Spreadsheet woes – Burden in SOX Compliance and other Regulations

Spreadsheet Risk Issues

Server Application Solutions – Don’t let Spreadsheets hold your Business back

Why Spreadsheets can send the pillars of Solvency II crashing down

 

Advert-Book-UK

amazon.co.uk

 

Advert-Book-USA

amazon.com

 

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Ready to work with Denizon?

Contact Us Today