Flayton Electronics: Risk Management Project

Introduction

Any risk management project demands an evaluation of the implemented strategies and analysis of the impact these interventions had on the project. Moreover, in addition to the planned risk management interventions, some mitigation activities can be necessary. Also, after the threats have occurred and the opportunities have been realized, there can be a need for changes in the project budget and schedule. Finally, the risk register should be amended to make it appropriate for further use.

We will write a custom Flayton Electronics: Risk Management Project specifically for you
for only $14.00 $11,90/page
308 certified writers online
Learn More

The Impact of Risk Management Interventions on the Project

Cybersecurity is crucial for business because cyber-attacks can be damaging for business (Griffor, 2017). Thus, in the case of data theft at Flayton Electronics, some risk management interventions were implemented to reduce the negative impact of the possible threats. In this case, the top-two threats have occurred. These threats were data theft itself and loss of customers. Evidently, both had a negative influence on the company. Data theft meant that the customers’ data in general and data of bank cards and accounts, in particular, were accessed by criminals and some transactions were illegal. It caused the second major risk related to the loss of customers. It was natural that the customers lost trust in the company that was attacked and made choices in favor of other companies at least during the problem was managed.

The top opportunity has been realized

The necessity of Mitigation Activities

Mitigation activities, more frequently called risk response strategies, are necessary for the project. Risk management planning demands the assessment phase which is aimed at evaluating the efficiency of the selected strategies to reduce risks and use strategies defined in the risk register. According to Hillson and Simon (2012), “effective risk responses result in minimized threats and maximized opportunities, optimizing the project’s chances of achieving its objectives” (p. 124). These responses, or mitigation activities, should be appropriate to the project objectives. Moreover, it should be kept in mind that risk response activities are usually costly because they are not included in the initial risk management budget (Hillson & Simon, 2012).

Still, they are necessary to revise the remaining risks and evaluate the existing opportunities. For Clayton Electronics managing the risks related to data theft, the following mitigation activities are possible (McNulty, 2007). First of all, the company should focus on preparation for further modification of their security tools. More attention should be paid to cybersecurity issues that will help to prevent on-line frauds and crimes that are dangerous both for the company’s reputation and budget (Griffor, 2017). Another mitigation activity presupposes stimulation of cooperation between stakeholders. Different departments and specialists working on the same project should communicate and cooperate efficiently to be able to notice and report any possible threats. On the whole, these mitigation actions can validate the risk management interventions and contribute to future project sustainability.

The necessity of Budget or Schedule Changes

Every project should have its contingency fund or risk budget to be able to manage the unexpected situations that can appear during the project implementation (Hopkin, 2017). For the risk management project of Flayton Electronics, the risk budget is already exhausted. Thus, it is necessary to evaluate the situation and decide on the necessity of budget changes. In case the major threats have occurred and their consequences are managed in a way that they do not interfere with the company’s functioning, budget changes can be not necessary. Still, it is worth it to amend the future risk budget and increase its financing. These additional costs can be spent on planning and executing interventions aimed at revealing and preventing the possible risks. It can reduce the cost of risk management in the future due to efficient prevention strategies.

Due to the use of opportunities defined in the risk register, the risk management schedule has been shortened by two months. Thus, the project schedule can be changed with the consideration of this reduction. It also means that the losses will be reduced as well because the terms of project implementation will be closer to the initial schedule.

Risk Register Update

Since the top-two threats have already occurred, it is necessary to update the risk register to focus attention on the other possible risks (Hillson & Simon, 2012). Particular attention should be given to the avoidance of IT disasters (Sadgrove, 2016). Moreover, it is important to monitor the data breaches to increase (Black, 2013).

Get your
100% original paper on any topic done
in as little as 3 hours
Learn More

Threat 1.

Project Number: Client:
Project Title: Clayton Electronics Project Manager:
Risk Ref. RBS Ref. WBS Ref. Risk Owner:
Risk Type: (T/O) Risk Status: Occurred (Draft/Active/Closed/Deleted/Expired/Occurred)
Risk Title: Data theft
Risk Description:
The companies that deal with the customers’ data in general and data of bank cards and accounts, in particular, are at a high risk of data theft, and Flayton Electronics faced this problem. Still, the company improved its security measures and took other steps necessary to solve the problem, maintain the trust of the customers, and avoid similar problems in the future.
Cause of Risk Effect on Objectives
Objective Impact Rating Impact Description
Nil/VLO/LO/MED/HI/VHI
Breach in the data security system
The irresponsibility of the employees
Time
Cost
Quality
Probability Rating Other
VHI
Date Risk Raised: Date Risk Closed/Deleted/Expired/Occurred:
Risk Response – Preferred Strategy :
Action(s) to implement strategy Action Owner Action by Date Status
Improve the security measures Completed
Implement new security systems Completed

Threat 2.

Project Number: Client:
Project Title: Clayton Electronics Project Manager:
Risk Ref. RBS Ref. WBS Ref. Risk Owner:
Risk Type: (T/O) Risk Status: Deleted (Draft/Active/Closed/Deleted/Expired/Occurred)
Risk Title: Loss of the customers
Risk Description:
A company that fails to protect the data of its customers is at high risk of losing the customers. However, the customers of Flayton Electronics had much trust in the company. Thus, it did not experience significant customer loss.
Cause of Risk Effect on Objectives
Objective Impact Rating Impact Description
Nil/VLO/LO/MED/HI/VHI
Customers prefer the security and high-quality service. Thus, they would rather choose a company without security problems to purchase goods. Time
Cost
Quality
Probability Rating Other
VHI
Date Risk Raised: Date Risk Closed/Deleted/Expired/Occurred:
Risk Response – Preferred Strategy :
Action(s) to implement strategy Action Owner Action by Date Status
Improve security measures In progress

Threat 3.

Project Number: Client:
Project Title: Clayton Electronics Project Manager:
Risk Ref. RBS Ref. WBS Ref. Risk Owner:
Risk Type: (T/O) Risk Status: Expired (Draft/Active/Closed/Deleted/Expired/Occurred)
Risk Title: Loss of reputation
Risk Description:
Since the financial security of the customers was in danger, the company was expected to inform them of the existing problem. However, in the case Darrell was arguing that Flayton could be “vulnerable simply by trying to do the right thing and getting the news out quickly” (McNulty, 2007, p. 4). However, the company that builds business on trust and fairness cannot conceal the news from its customers. The company informed the customers about the problem, but its reputation did not suffer much.
Cause of Risk Effect on Objectives
Objective Impact Rating Impact Description
Nil/VLO/LO/MED/HI/VHI
Customers, knowing that the company concealed the information about the threat to their accounts and bank cards, would not rely on this company anymore. Time
Cost
Quality
Probability Rating Other
HI/VHI
Date Risk Raised: Date Risk Closed/Deleted/Expired/Occurred:
Risk Response – Preferred Strategy :
Action(s) to implement strategy Action Owner Action by Date Status
Inform the customers about the existing threat Completed
Assure the customers that the breach was revealed and the problem is being solved Completed

Threat 4.

Project Number: Client:
Project Title: Clayton Electronics Project Manager:
Risk Ref. RBS Ref. WBS Ref. Risk Owner:
Risk Type: (T/O) Risk Status: Occurred (Draft/Active/Closed/Deleted/Expired/Occurred)
Risk Title: Risk of PCI systems not working properly
Risk Description:
The PCI system that has been recently installed in Flayton Electronics was not working the way it was supposed to. The CIO reported he had found a hole in it which was a disabled firewall that was supposed to be part of the wireless inventory-control system. The problem was solved, PCI systems were checked and the firewall was restored. Now it is working properly and with due attention of responsible employees there are not likely to be similar problems in the near future.
Cause of Risk Effect on Objectives
Objective Impact Rating Impact Description
Nil/VLO/LO/MED/HI/VHI
Disabled firewall Time
Cost
Quality
Probability Rating Other
HI
Date Risk Raised: Date Risk Closed/Deleted/Expired/Occurred:
Risk Response – Preferred Strategy :
Action(s) to implement strategy Action Owner Action by Date Status
Restore the firewall Completed
Provide security measures Completed

Threat 5.

Project Number: Client:
Project Title: Project Manager:
Risk Ref. RBS Ref. WBS Ref. Risk Owner:
Risk Type: (T/O) Risk Status: Active (Draft/Active/Closed/Deleted/Expired/Occurred)
Risk Title: Aggressive business strategy
Risk Description:
Brett Clayton was worried that his business strategy could have been too aggressive despite his confidence in his actions. He was not sure that the decision to invest in the development and growth was a sound one because it caused underinvesting in security systems and made the company vulnerable. At present, when the security problem was solved, Brett Flayton can pay more attention to reviewing his business strategy to provide the best outcomes for the company and its customers.
Cause of Risk Effect on Objectives
Objective Impact Rating Impact Description
Nil/VLO/LO/MED/HI/VHI
An aggressive business strategy, underinvestment of security systems Time
Cost
Quality
Probability Rating Other
MED
Date Risk Raised: Date Risk Closed/Deleted/Expired/Occurred:
Risk Response – Preferred Strategy :
Action(s) to implement strategy Action Owner Action by Date Status
Review the company’s policy of investment In progress
Pay more attention to security issues In progress

Threat 6.

Project Number: Client:
Project Title: Flayton Electronics Project Manager:
Risk Ref. RBS Ref. WBS Ref. Risk Owner:
Risk Type: (T/O) Risk Status: Active (Draft/Active/Closed/Deleted/Expired/Occurred)
Risk Title: Risk of getting sued
Risk Description:
The company is still under the risk of getting sued by the customers whose data were stolen and misused by the criminals or the banks involved in the purchase transactions. Out of the two choices defined by Brett Flayton, “If we disclose, we’ll probably get sued; if we don’t, the story will eventually leak,” the company chooses to disclose (McNulty, 2007, p. 5). At present, the company was not sued, but this risk cannot be eliminated because not all the Customers can be aware of their losses as the result of data theft at Flayton Electronics.
Cause of Risk Effect on Objectives
Objective Impact Rating Impact Description
Nil/VLO/LO/MED/HI/VHI
Banks or customers who lost their money because of the company’s security breach can sue the company Time
Cost
Quality
Probability Rating Other
LO
Date Risk Raised: Date Risk Closed/Deleted/Expired/Occurred:
Risk Response – Preferred Strategy :
Action(s) to implement strategy Action Owner Action by Date Status
Assure the stakeholders that the problem was solved and their data are secure In progress
Provide the guarantees for the customers who became the victims of the criminals In progress

References

Black, J. (2013). Developments in data security breach liability. The Business Lawyer, 69, 199-207

We will write a custom
Flayton Electronics: Risk Management Project
specifically for you!
Get your first paper with 15% OFF
Learn More

Griffor, E. (Ed.). (2017). Handbook of system safety and security. Cambridge, MA: Elsevier.

Hillson, D., & Simon, P. (2012). Practical project risk management (2nd ed.). Tysons Corner, VA.: Management Concepts.

Hopkin, P. (2017). Fundamentals of risk management: Understanding, evaluating, and implementing effective risk management (4th ed.). London, UK: Kogan Page.

McNulty, E. (2007). Boss, I think someone stole our customer data. In Harvard business review (p. 1-11). Boston, MA: Harvard Business School Publishing.

Sadgrove, K. (2016). The complete guide to business risk management (3rd ed.). New York, NY: Routledge.

Check the price of your paper