Introduction
Any risk management project demands an evaluation of the implemented strategies and analysis of the impact these interventions had on the project. Moreover, in addition to the planned risk management interventions, some mitigation activities can be necessary. Also, after the threats have occurred and the opportunities have been realized, there can be a need for changes in the project budget and schedule. Finally, the risk register should be amended to make it appropriate for further use.
The Impact of Risk Management Interventions on the Project
Cybersecurity is crucial for business because cyber-attacks can be damaging for business (Griffor, 2017). Thus, in the case of data theft at Flayton Electronics, some risk management interventions were implemented to reduce the negative impact of the possible threats. In this case, the top-two threats have occurred. These threats were data theft itself and loss of customers. Evidently, both had a negative influence on the company. Data theft meant that the customers’ data in general and data of bank cards and accounts, in particular, were accessed by criminals and some transactions were illegal. It caused the second major risk related to the loss of customers. It was natural that the customers lost trust in the company that was attacked and made choices in favor of other companies at least during the problem was managed.
The top opportunity has been realized
The necessity of Mitigation Activities
Mitigation activities, more frequently called risk response strategies, are necessary for the project. Risk management planning demands the assessment phase which is aimed at evaluating the efficiency of the selected strategies to reduce risks and use strategies defined in the risk register. According to Hillson and Simon (2012), “effective risk responses result in minimized threats and maximized opportunities, optimizing the project’s chances of achieving its objectives” (p. 124). These responses, or mitigation activities, should be appropriate to the project objectives. Moreover, it should be kept in mind that risk response activities are usually costly because they are not included in the initial risk management budget (Hillson & Simon, 2012).
Still, they are necessary to revise the remaining risks and evaluate the existing opportunities. For Clayton Electronics managing the risks related to data theft, the following mitigation activities are possible (McNulty, 2007). First of all, the company should focus on preparation for further modification of their security tools. More attention should be paid to cybersecurity issues that will help to prevent on-line frauds and crimes that are dangerous both for the company’s reputation and budget (Griffor, 2017). Another mitigation activity presupposes stimulation of cooperation between stakeholders. Different departments and specialists working on the same project should communicate and cooperate efficiently to be able to notice and report any possible threats. On the whole, these mitigation actions can validate the risk management interventions and contribute to future project sustainability.
The necessity of Budget or Schedule Changes
Every project should have its contingency fund or risk budget to be able to manage the unexpected situations that can appear during the project implementation (Hopkin, 2017). For the risk management project of Flayton Electronics, the risk budget is already exhausted. Thus, it is necessary to evaluate the situation and decide on the necessity of budget changes. In case the major threats have occurred and their consequences are managed in a way that they do not interfere with the company’s functioning, budget changes can be not necessary. Still, it is worth it to amend the future risk budget and increase its financing. These additional costs can be spent on planning and executing interventions aimed at revealing and preventing the possible risks. It can reduce the cost of risk management in the future due to efficient prevention strategies.
Due to the use of opportunities defined in the risk register, the risk management schedule has been shortened by two months. Thus, the project schedule can be changed with the consideration of this reduction. It also means that the losses will be reduced as well because the terms of project implementation will be closer to the initial schedule.
Risk Register Update
Since the top-two threats have already occurred, it is necessary to update the risk register to focus attention on the other possible risks (Hillson & Simon, 2012). Particular attention should be given to the avoidance of IT disasters (Sadgrove, 2016). Moreover, it is important to monitor the data breaches to increase (Black, 2013).
Threat 1.
Threat 2.
Threat 3.
Threat 4.
Threat 5.
Threat 6.
References
Black, J. (2013). Developments in data security breach liability. The Business Lawyer, 69, 199-207
Griffor, E. (Ed.). (2017). Handbook of system safety and security. Cambridge, MA: Elsevier.
Hillson, D., & Simon, P. (2012). Practical project risk management (2nd ed.). Tysons Corner, VA.: Management Concepts.
Hopkin, P. (2017). Fundamentals of risk management: Understanding, evaluating, and implementing effective risk management (4th ed.). London, UK: Kogan Page.
McNulty, E. (2007). Boss, I think someone stole our customer data. In Harvard business review (p. 1-11). Boston, MA: Harvard Business School Publishing.
Sadgrove, K. (2016). The complete guide to business risk management (3rd ed.). New York, NY: Routledge.