Every organisation has a mission. In this digital era, as organisations use automated Information Technology (IT) systems and cyber space to process their information for better support of their missions, risk management plays a critical role in protecting an organisation’s information assets, and therefore its mission, from IT-related risk.

An effective risk management process is an important component of a successful IT security program. The principal goal of an organisation’s risk management process should be to protect the organisation and its ability to perform their mission, not just its IT assets. Therefore, the risk management process should not be treated primarily as a technical function carried out by the IT experts who operate and manage the IT system, but as an essential management function of the organisation.

All activities of an organisation involve risk. Organisations of any kind face internal and external factors and influences that make it uncertain whether, when and to what extent it will achieve or exceed its objectives.

The effect this uncertainty has on the organisation’s objectives is “risk”.

Risk is the net negative impact of the exercise of a vulnerability, considering both the probability and the impact of occurrence.

Risk management is the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level. Organisations manage risk by anticipating, understanding and deciding whether to modify it.

Throughout this process, it communicates and consults with stakeholders and monitors and reviews the risk and the controls that modify risk.

While all organisations manage risk to some degree, risk management standards establish a number of principles that need to be satisfied before risk management will be effective. The standards recommend that organisations should have a framework that integrates the process for managing risk into the organisation’s overall governance, strategy and planning, management, reporting processes, policies, values and culture.

Risk management can be applied across an entire organisation, to its many areas and levels, as well as to specific functions, projects and activities.

Although the practice of risk management has been developed over time and within many sectors to meet diverse needs, the adoption of consistent processes within a comprehensive framework helps ensure that risk is managed effectively, efficiently and coherently across an organisation. The generic approach described in the standards provides the principles and guidelines for managing any form of risk in a systematic, transparent and credible manner and within any scope and context.

This risk management framework will explore each phase of the Information Security Risk Management lifecycle, focusing on techniques that should be used to properly identify, articulate, assess, mitigate, and report on information risk.

Risks can never be entirely removed. Risk management is the ability to qualify and quantify risk elements objectively and reduce them to acceptable levels. A critical aspect of information resource protection to be considered is the need for ongoing management monitoring and review. To be effective, a security program must be a continuous effort. After attempting to come up with an appropriate mechanism to ameliorate the threat, it must be realised that not all risks can be completely overcome.

Risk management is an increasingly important business driver and stakeholders of large corporates and conglomerates, BFSI and IT/ITeS sectors, and other organisations in Sri Lanka are becoming much more concerned about risk. Risk may be a driver of strategic decisions, it may be a cause of uncertainty in the organisation or it may simply be embedded in the activities of the organisation. An enterprise-wide approach to risk management enables an organisation to consider the potential impact of all types of risks on all processes, activities, stakeholders, products and services. Implementing a comprehensive approach will result in an organisation benefiting from what is often referred to as the ‘upside of risk’.

(The writer is a Governance, Risk and Compliance professional and Director at Layers-7 Seguro Consultoria (Pvt) Ltd. He can be emailed at sujit@layers-7.com).

She sews shoes at shoe show

Probe into SriLankan Airlines’ high-flying act

Most finance firms keen to merge, not sell

Suzuki Alto replaces Maruti 800 in Sri Lanka

Singapore roadshow attracts foreign funds

DPL’s stalled gloves production to resume in April

Taxes lifted on small lorries and trucks

Central Bank’s low interest rate policy and economic pitfalls

When the politicians come marching in

Shareholding restrictions for finance companies needed – governance specialist says

Airlines, airports in changing times across the world

Cinnamon Grand and DIAGEO launch ‘Drink Wise’ campaign

Public views sought on a new national water policy for Sri Lanka

Much awaited solution to kitchen gas woes

Lankan plantations hit by fertiliser shortage, could lead to tea revenue loss

Lankan tea firm presents official tea caddy souvenirs for Sochi 2014 Winter Olympics

No roaming deposit under new Mobitel scheme

Intertek opens new Textile and Apparel Testing Laboratory in Sri Lanka

Worker remittances mainstay of Lankan economy

Unilever to improve child nutrition in partnership with health authorities, Wayamba University

Seminar series to inspire corporate managers, entrepreneurs

Top UN official meets govt. officials, visits North

Orient Finance, United Motors offer trade-in for Mitsubishi Motor Vehicles

Walla Patta – Separating the facts from fiction

Medical insurance for senior citizens in the North

Lankan Engineer who became New Zealand’s Innovator of the year to share his insights here

Footwear: Quality key in a product, now power of advertising

Nation Lanka Finance PLC raises fresh equity capital with a foreign investment group

Odel posts 9-month net profit of Rs. 195 million

Microsoft may introduce Surface device to SL

Lenovo’s Iomega appoints Softlogic as ‘authorised distributor’

Paycorp signs up with PayPal

Apple appoints Softlogic as ‘authorised service provider’ and distributor

Huawei claims most LTE deployments worldwide

Infor introduces 10x and SyteLine 9 to SL

Etihad Airways increases Colombo flights to double daily

Digitalisation of cinema to resurrect Sri Lankan film industry

RAM Ratings Lanka reaffirms Union Bank of Colombo PLC’s ratings at BBB/P3

Lanka Bell celebrates national Independence with launch of 4G connectivity

Marginal upswing in traffic at BIA

Until the cows come home