Analysis Report
Risk analysis and Decision Making
The recent researches have identified that most of the organizations in order to stay competitive are implementing latest technologies to extend sales and revenues. The decision regarding technology implementation and maintenance require corporate will. These decisions are taken and without proper risk analysis organization cannot understand the over all impact and can lead to flawed judgement causing major disruption in business operations. Systematic risk analysis using qualitative and quantitative techniques ensure long-term success of business in properly executing each and every business endeavour.
The risk analysis matter because implementing IT requires examination of tangible and intangible assets alike and consequently decision makers should be aware of its positive and negative impacts so that they can take a fully cognizant decision and can relate its outcomes for continuous improvement. In this regard this report complies risk analysis report using quantitative risk analysis method for immediate decisions regarding implementation of risk control processes.
Quantitative Risk Analysis
This technique quantifies the risk factor in terms of dollar amount and absolute figures for analyst to relate to a direct figure to understand the level of risk and the impact they face so that appropriate decision can be taken. Appendix # 1 and Appendix #2 show the risk analysis outcome with quantified figures appropriately informing the expected loss in terms of time and money. Organization is annually making $10,000,000 and if this value is calculated for a single day is approx. $27,400. Analysing appendix 1 it is clear that unavailability of active directly alone would incur a loss for 27,500, which is alone more than the daily business the organization, achieves. Database and Linux application unavailability would cause a similar loss. Furthermore, T1 line would cause 27,500, which is unacceptable. ARO table in Append 2 clearly mention the frequency of the events that can lead to a loss. The frequency of occurrence of Linux application is most frequent with once a month that projects a total of $330,000 annual loss. Further details for every loss can be view in the appendix table. If cumulative impact of the all the risk is calculated is $614,450 and organization can mitigate this risk my introducing few measures that would cost less than the loss and would allow YeldMore to be more effective and profitable.
In the light of analysis it is recommended to the senior management that immediate risk control measures be all applied and making use of priority techniques that are easily conceivable from the present analysis would directly impact the cost effectiveness. The database can cause huge loss upon occurrence but due to low probability (ARO) its overall impact is low hence decision of control matrix will determine control strategies for each risk individually. Planning each risk individually provides management with clear insight to as which risk require close monitoring and where control strategies are failing. In doing so the organization can improve continuously. Immediate action is required regarding implementation of risk control strategies.
Appendix # 1 Risk Analysis
Assets | Value | Cost of Unavailability Per/day | Incident | Cost of Unavailability Per/12hr | ||
VBN (40) | $4M | -$11,100 | Loss of connection means no access to all network, which means not generating money for this day | -$5,550 | ||
Active Directory | $10M | -$27,500 | If the salesperson can’t access to the Active Directory, no one can access the inventory, sales, supply chain, and customer information due to unavailability to authenticate salespersons. | -$13,750 | ||
Database | $10M | -$27,500 | No data to access. | -$13,750 | ||
Linux Application | $10M | -$27,500 | No access to all the proprietary programs. | -$13,750 | ||
T1 Line | $5M For each planet | -$13,750 | -$13,750 | No access to one of the plants | -$6,875 | -$6,875 |
Appendix 2: Loss Calculations
Assets | Value | SLE Calculation | ARO Calculation | ALE Calculation | |
VBN (40) | $11,100 | $11,100 | Incident occurred once a month in the past year, so ARO is 12 | 11,100×12= $133,200 | |
Active Directory | $27,500 | $27,500 | Incident occurred each quarter, so ARO is 4 | 27,500×4= $110,000 | |
Database | $27,500 | $27,500 | Incident occurred once a year in the past year, so ARO is 1 | $27,500 | |
Linux Application | $27,500 | $27,500 | Incident occurred once a month in the past year, so ARO is 12 | 27,500×12 = $330,000 | |
T1 Line | $13,750 | $13,750 | $13,750 | Incident occurred once a year in the past year, so ARO is 1 | $13,750 |