Enterprise Risk Management (Essay Sample)

Enterprise Risk Management
Name
Institution
Professor’s Name
Course title
Date of submission
Risk management majorly concentrates on noting and controlling situation or events that may have a potentiality of causing damage or rather positive or negative change.
Objectives of risk management plan include identification, analysis and give priority to the risks involved. Mitigating the risks include a processes such as contingency and mitigation and also monitoring of the impact caused by the issues.
Major elements of my risk management plan include engagement of the entire organization in the risk management process; this is because risk management is a crucial part in any organization thus it should get support from all the stakeholders of the enterprise for security risk assessment process to run smoothly. Integrate enterprise trends and this will result in a strong fraud and risk management process; for the enterprise’s risk management to be successful, the enterprise has to be aware with the local managerial processes, and also the enterprise should stay aware of what is happening in their business area and be ready to share its knowledge and experience on fraud and risk management through different enterprise forum. Comprehensive fraud protection tools must be employed at all levels within the enterprise. The enterprise should understand its customers by developing comprehensive system of administration for its entire staff that has to be observed. The enterprise should frequently review the regulations and measure to accommodate for change.
There is a wide range of risks and of different natures which are related to information technology systems that everyone in the enterprise must be aware of. The risks range from general threats which include hardware and software failures, malware and virus attacks, human error and spams. There are also criminal information technology threats which include hacking, fraud, password theft, denial of service, security breaches and staff dishonesty. Natural disasters also present much risk to information technology systems in the world today; damage of buildings and computers hardware as a result of floods fire and cyclone can result in loss or rather corruption of important information. Then risk management team should make sure none of the general threats are experienced within the enterprise systems through taking key precautions and creating awareness to the enterprise staff on what should be done in case any of the general threats occur. Natural disasters are inevitable; the enterprise must be prepared to tackle such disasters at any given time for its smooth running.
The enterprise must come up with strategies to prevent and mitigate the risks it’s exposed to. There are various ways of dealing with risks, they include avoiding the risk, reducing the risk, transferring the risk and retaining the risk. In the present times scenario, the risks of high-probability and high impact should be avoided, risks of low-probability and high-impact are usually transferred to for example insurance companies, risks of low-impact and high-probability is usually reduced, and those of low-probability and low-impact are accepted or retained by the enterprise. Decision on the risk reduction strategy must not be a one person or one team decision; despite the enterprise coming up with nice ideas on its own on how to go about risk management, it’s important to include members of the public who in one way or the other might be attached to the enterprise, affected by the risk and can make a notable difference.
Risk management involves a number of well-defined steps that can result in an informed decision making process. It includes identification of possible risks that are bond to occur and putting in place mechanisms that can significantly minimize the likelihood of the risk occurring, there should be a process in waiting that can monitor the risks and give and updated reliable information about the risks involved, there should be a decision making process given support through a framework of risk analysis and risk evaluation.
The response to a risk may risk to different decisions such as decisions to lessen the probability of the risk and its impact if the risk occurs. Risk response usually results in a potential impact to the enterprise and the impact must be approved..
There is lot of physical security methods employed in a network security plan. The security methods majorly help prevent general information technology risks. To prepare for hardware and software failure which may include power blackout, data loss among others can be dealt through putting backups in place for example power back up in case of power blackout, data storage equipment that can be used in recovery of day in case of data failure. Antivirus should be present to avoid risk of malware and virus attack. To avoid human error every employ is encouraged to keen when dealing with data or machines
The physical security methods discussed above have advantages and limitations. Their a...