Course Outcome

Apply lessons learned from real-world situations to present day business-continuity planning/disaster-recovery planning (BCP/DRP)

Assess risk to the continuity of business processes

Analyze "what-if scenarios

Describe Continuity of Operations Planning

Describe risk and analyze risk strategies

Assignment Instructions

This is the first individual assignment that will start to inform your phased group activity. Using the business scenario information provided by your instructor, you will identify and prioritize four critical business processes for each business area and perform a risk assessment following the Risk Assessment Form provided by the instructor and as identified by further research.

1. Your business areas should be well defined and appropriate to the case studies. The four critical processes per business area should be clearly explained and correctly relates to the case study.

2. You should conduct a risk assessment for the business area and four critical processes, ensuring that these are well defined and appropriate to the case study.

3. The risk assessment categories (columns) should be complete and measures clearly defined.

4. The mitigation strategy, additional measures, and contingency plan for the risk should be well defined and mapped to the business area and four critical processes.

Additional Guidance for Completing the Spreadsheet:

What is a business area in this scenario?

As discussed in the scenario which is one of the attachments for this assignment, there are several business areas noted: Accounting, marketing, human Resources, and payroll. You are to list these (and you can use your own names or labels), then identify four critical business processes for each area. For example:

Accounting:

• Creating billing invoices

• Management company financial assets

• Producing financial reports

• Collecting customer payments

After laying out those 4 processes (these are just examples), you will then work through the matrix. Without this, it is hard to just take a generalized business area and provide mitigation steps.

So, on your risk assessment spreadsheet, please ensure that you state the business areas and then provide 4 processes for each of these areas. You will then assess the risk for each of the four processes as you traverse across the matrix.

Probability of Occurrence:

Very Likely: 91-100%
Likely to occur: 61-90%
May occur about half of the time: 41-60%
Unlikely: 11-40%
Very unlikely to occur: 0-10%

Impact Intensity:

The impact intensity of the risk can be categorized as High, Medium and Low depending on how critical the risk and its effects can be.

Existing Measures:

The policies, procedures, and resources which are already available to prevent or reduce the impact of the risk.

Mitigation Strategies:

After analyzing all the aspects of the risks and the existing preventive measures that can be used, the project team needs to decide on the mitigation strategy to deal with the risk. There can be four different mitigation strategies. Please note that various risk management guides will provide other flavors of mitigation strategies, but for purposes of this assignment, let's go with the following:

Risk Avoidance:

Risk avoidance is the opposite of risk acceptance. It is the action that avoids any exposure to the risk whatsoever. Risk avoidance is usually the most expensive of all risk mitigation options.

Risk Transference:

Risk transference is the involvement of handing risk off to a willing third party. For example, numerous companies outsource certain operations such as customer service, payroll services, etc. This can be beneficial for a company if a transferred risk is not a core competency of that company. It can also be used so a company can focus more on their core competencies.

Risk Limitation:

Risk limitation is the most common risk management strategy used by businesses. This strategy limits a company's exposure by taking some action. It is a strategy employing a bit of risk acceptance along with a bit of risk avoidance or an average of both. An example of risk limitation would be a company accepting that a disk drive may fail and avoiding a long period of failure by having backups.

Risk Acceptance:

Risk acceptance does not reduce any effects, however, it is still considered a strategy. This strategy is a common option when the cost of other risk management options such as avoidance or limitation may outweigh the cost of the risk itself.

A company that doesn't want to spend a lot of money on avoiding risks that do not have a high possibility of occurring will use the risk acceptance strategy. Mitigation strategies taken from:

Additional Measures:

This field needs to be filled in only for those risks for which control mitigation strategies are decided.

Contingency Plan:

A contingency plan can also be added for high impact risks with a high probability of occurrence, just in case the basic measures fail to perform.

Attachment:- Project Scenario.rar