Flayton Electronics: Risk Management Project

Introduction

Any risk management project demands an evaluation of the implemented strategies and analysis of the impact these interventions had on the project. Moreover, in addition to the planned risk management interventions, some mitigation activities can be necessary. Also, after the threats have occurred and the opportunities have been realized, there can be a need for changes in the project budget and schedule. Finally, the risk register should be amended to make it appropriate for further use.

The Impact of Risk Management Interventions on the Project

Cybersecurity is crucial for business because cyber-attacks can be damaging for business (Griffor, 2017). Thus, in the case of data theft at Flayton Electronics, some risk management interventions were implemented to reduce the negative impact of the possible threats. In this case, the top-two threats have occurred. These threats were data theft itself and loss of customers. Evidently, both had a negative influence on the company. Data theft meant that the customers’ data in general and data of bank cards and accounts, in particular, were accessed by criminals and some transactions were illegal. It caused the second major risk related to the loss of customers. It was natural that the customers lost trust in the company that was attacked and made choices in favor of other companies at least during the problem was managed.

The top opportunity has been realized

The necessity of Mitigation Activities

Mitigation activities, more frequently called risk response strategies, are necessary for the project. Risk management planning demands the assessment phase which is aimed at evaluating the efficiency of the selected strategies to reduce risks and use strategies defined in the risk register. According to Hillson and Simon (2012), “effective risk responses result in minimized threats and maximized opportunities, optimizing the project’s chances of achieving its objectives” (p. 124). These responses, or mitigation activities, should be appropriate to the project objectives. Moreover, it should be kept in mind that risk response activities are usually costly because they are not included in the initial risk management budget (Hillson & Simon, 2012).

Still, they are necessary to revise the remaining risks and evaluate the existing opportunities. For Clayton Electronics managing the risks related to data theft, the following mitigation activities are possible (McNulty, 2007). First of all, the company should focus on preparation for further modification of their security tools. More attention should be paid to cybersecurity issues that will help to prevent on-line frauds and crimes that are dangerous both for the company’s reputation and budget (Griffor, 2017). Another mitigation activity presupposes stimulation of cooperation between stakeholders. Different departments and specialists working on the same project should communicate and cooperate efficiently to be able to notice and report any possible threats. On the whole, these mitigation actions can validate the risk management interventions and contribute to future project sustainability.

The necessity of Budget or Schedule Changes

Every project should have its contingency fund or risk budget to be able to manage the unexpected situations that can appear during the project implementation (Hopkin, 2017). For the risk management project of Flayton Electronics, the risk budget is already exhausted. Thus, it is necessary to evaluate the situation and decide on the necessity of budget changes. In case the major threats have occurred and their consequences are managed in a way that they do not interfere with the company’s functioning, budget changes can be not necessary. Still, it is worth it to amend the future risk budget and increase its financing. These additional costs can be spent on planning and executing interventions aimed at revealing and preventing the possible risks. It can reduce the cost of risk management in the future due to efficient prevention strategies.

Due to the use of opportunities defined in the risk register, the risk management schedule has been shortened by two months. Thus, the project schedule can be changed with the consideration of this reduction. It also means that the losses will be reduced as well because the terms of project implementation will be closer to the initial schedule.

Risk Register Update

Since the top-two threats have already occurred, it is necessary to update the risk register to focus attention on the other possible risks (Hillson & Simon, 2012). Particular attention should be given to the avoidance of IT disasters (Sadgrove, 2016). Moreover, it is important to monitor the data breaches to increase (Black, 2013).

Threat 1.

Project Number:Client:
Project Title:Flayton ElectronicsProject Manager:
Risk Ref.RBS Ref.WBS Ref.Risk Owner:
Risk Type: (T/O)Risk Status:Occurred(Draft/Active/Closed/Deleted/Expired/Occurred)
Risk Title:Data theft
Risk Description:
The companies that deal with the customers’ data in general and data of bank cards and accounts in particular are at a high risk of data theft, and Flayton Electronics faced this problem. Still, the company improved its security measures and took other steps necessary to solve the problem, maintain trust of the customers, and avoid similar problems in the future.
Cause of Risk:Effect on ObjectivesImpact Description
ObjectiveImpact Rating
Breach in the data security systemTimeNil/VLO/LO/MED/HI/VHI
Irresponsibility of the employeesCost
Quality
Other
Probability RatingVHI
Date Risk Raised:Date Risk Closed/Deleted/Expired/Occurred:
Risk Response – Preferred Strategy:
Action(s) to implement strategyAction OwnerAction by DateStatus
Improve the security measuresCompleted
Implement new security systemsCompleted

Threat 2.

Project Number:Client:
Project Title:Flayton ElectronicsProject Manager:
Risk Ref.RBS Ref.WBS Ref.Risk Owner:
Risk Type: (T/O)Risk Status:Deleted(Draft/Active/Closed/Deleted/Expired/Occurred)
Risk Title:Loss of the customers
Risk Description:
The company that fails to protect the data of its customers is at high risk of losing the customers. However, the customers of Flayton Electronics had much trust in the company. Thus, it did not experience significant customer loss.
Cause of Risk:Effect on ObjectivesImpact Description
ObjectiveImpact Rating
Customer prefer security and high quality service. Thus, they would rather choose a company without security problems to purchase goods.TimeNil/VLO/LO/MED/HI/VHI
Cost
Quality
Other
Probability RatingVHI
Date Risk Raised:Date Risk Closed/Deleted/Expired/Occurred:
Risk Response – Preferred Strategy:
Action(s) to implement strategyAction OwnerAction by DateStatus
Improve security measuresIn progress

Threat 3.

Project Number:Client:
Project Title:Flayton ElectronicsProject Manager:
Risk Ref.RBS Ref.WBS Ref.Risk Owner:
Risk Type: (T/O)Risk Status:Expired(Draft/Active/Closed/Deleted/Expired/Occurred)
Risk Title:Loss of reputation
Risk Description:
Since the financial security of the customers was in danger, the company was expected to inform them on the existing problem. However, in the case Darrell was arguing that Flayton’s could be “vulnerable simply by trying to do the right thing and getting the news out quickly” (McNulty, 2007, p. 4). However, the company that builds business on trust and fairness cannot conceal the news from its customers. The company informed the customers about the problem, but its reputation did not suffer much.
Cause of Risk:Effect on ObjectivesImpact Description
ObjectiveImpact Rating
Customers, knowing that the company concealed the information about the threat to their accounts and bank cards, would not rely on this company any more.TimeNil/VLO/LO/MED/HI/VHI
Cost
Quality
Other
Probability RatingHI/VHI
Date Risk Raised:Date Risk Closed/Deleted/Expired/Occurred:
Risk Response – Preferred Strategy:
Action(s) to implement strategyAction OwnerAction by DateStatus
Inform the customers about the existing threatCompleted
Assure the customers that the breach was revealed and the problem is being solvedCompleted

Threat 4.

Project Number:Client:
Project Title:Flayton ElectronicsProject Manager:
Risk Ref.RBS Ref.WBS Ref.Risk Owner:
Risk Type: (T/O)Risk Status:Occurred(Draft/Active/Closed/Deleted/Expired/Occurred)
Risk Title:Risk of PCI systems not working properly
Risk Description:
The PCI system that has been recently installed in Flayton Electronics was not working the way it was supposed to. The CIO reported he had found a hole in it which was a disabled firewall that was supposed to be part of the wireless inventory-control system. The problem was solved, PCI systems were checked, and the firewall was restored. Now it is working properly and with due attention of responsible employees there are not likely to be similar problems in the near future.
Cause of Risk:Effect on ObjectivesImpact Description
ObjectiveImpact Rating
Disabled firewallTimeNil/VLO/LO/MED/HI/VHI
Cost
Quality
Other
Probability RatingHI
Date Risk Raised:Date Risk Closed/Deleted/Expired/Occurred:
Risk Response – Preferred Strategy:
Action(s) to implement strategyAction OwnerAction by DateStatus
Restore the firewallCompleted
Provide security measuresCompleted

Threat 5.

Project Number:Client:
Project Title:Flayton ElectronicsProject Manager:
Risk Ref.RBS Ref.WBS Ref.Risk Owner:
Risk Type: (T/O)Risk Status:Active(Draft/Active/Closed/Deleted/Expired/Occurred)
Risk Title:Aggressive business strategy
Risk Description:
Brett Flayton was worried that his business strategy could have been too aggressive despite his confidence in his actions. He was not sure that the decision to invest in development and growth was a sound one because it caused underinvesting in security systems and made the company vulnerable. At present, when the security problem was solved, Brett Flayton can pay more attention to reviewing his business strategy to provide the best outcomes for the company and its customers.
Cause of Risk:Effect on ObjectivesImpact Description
ObjectiveImpact Rating
Aggressive business strategy, underinvestment of security systemsTimeNil/VLO/LO/MED/HI/VHI
Cost
Quality
Other
Probability RatingMED
Date Risk Raised:Date Risk Closed/Deleted/Expired/Occurred:
Risk Response – Preferred Strategy:
Action(s) to implement strategyAction OwnerAction by DateStatus
Review the company’s policy of investmentIn progress
Pay more attention to security issuesIn progress

Threat 6.

Project Number:Client:
Project Title:Flayton ElectronicsProject Manager:
Risk Ref.RBS Ref.WBS Ref.Risk Owner:
Risk Type: (T/O)Risk Status:Active(Draft/Active/Closed/Deleted/Expired/Occurred)
Risk Title:Risk of getting sued
Risk Description:
The company is still under the risk of getting sued by the customers whose data were stolen and misused by the criminals or the banks involved in the purchase transactions. Out of the two choices defined by Brett Flayton, “If we disclose, we’ll probably get sued; if we don’t, the story will eventually leak,” the company choose to disclose (McNulty, 2007, p. 5). At present, the company was not sued, but this risk cannot be eliminated because not all the Customers can be aware of their losses as the result of data theft at Flayton Electronics.
Cause of Risk:Effect on ObjectivesImpact Description
ObjectiveImpact Rating
Banks or customers who lost their money because of the company’s security breach can sue the companyTimeNil/VLO/LO/MED/HI/VHI
Cost
Quality
Other
Probability RatingLO
Date Risk Raised:Date Risk Closed/Deleted/Expired/Occurred:
Risk Response – Preferred Strategy:
Action(s) to implement strategyAction OwnerAction by DateStatus
Assure the stakeholders that the problem was solved and their data are secureIn progress
Provide the guarantees for the customers who became the victims of the criminalsIn progress

References

Black, J. (2013). Developments in data security breach liability. The Business Lawyer, 69, 199-207

Griffor, E. (Ed.). (2017). Handbook of system safety and security. Cambridge, MA: Elsevier.

Hillson, D., & Simon, P. (2012). Practical project risk management (2nd ed.). Tysons Corner, VA.: Management Concepts.

Hopkin, P. (2017). Fundamentals of risk management: Understanding, evaluating, and implementing effective risk management (4th ed.). London, UK: Kogan Page.

McNulty, E. (2007). Boss, I think someone stole our customer data. In Harvard business review (p. 1-11). Boston, MA: Harvard Business School Publishing.

Sadgrove, K. (2016). The complete guide to business risk management (3rd ed.). New York, NY: Routledge.

Cite this paper

Select style

Reference

BusinessEssay. (2024, April 12). Flayton Electronics: Risk Management Project. https://business-essay.com/flayton-electronics-risk-management-project/

Work Cited

"Flayton Electronics: Risk Management Project." BusinessEssay, 12 Apr. 2024, business-essay.com/flayton-electronics-risk-management-project/.

References

BusinessEssay. (2024) 'Flayton Electronics: Risk Management Project'. 12 April.

References

BusinessEssay. 2024. "Flayton Electronics: Risk Management Project." April 12, 2024. https://business-essay.com/flayton-electronics-risk-management-project/.

1. BusinessEssay. "Flayton Electronics: Risk Management Project." April 12, 2024. https://business-essay.com/flayton-electronics-risk-management-project/.


Bibliography


BusinessEssay. "Flayton Electronics: Risk Management Project." April 12, 2024. https://business-essay.com/flayton-electronics-risk-management-project/.