Liberty University
Understanding Risk Management Over the years, people have started relying on digital data, information, and technologies which affect every aspects of life like, education, professions, research and development. This has led to an increase level of responsibility to protect information from fraud, damage, or malicious. Risk management is the process by which you manage uncertainty that may affect outcomes that are important to you. By changing organizational practices risk management can facilitate and legitimize certain ways of organizing. It has the potential to change lines of responsibility and accountability in organizations, representing a particular way of …show more content…
Which involves prioritizing, evaluation, and implementing the appropriate risk reducing control recommended from the risk assessment process (Saha, 2007).
Vallabhaneni found the following (2013)
Risk mitigation is a systematic methodology used by senior management to reduce mission organization risk. .Risk mitigation can be achieved through any of the following risk mitigation option: risk rejection, risk assumption, risk avoidance, risk reduction, risk transfer, risk contingency and risk compliance (p.45).
The goals and mission of an organization should be considered in selecting any of these risk mitigation options. It may not be practical to address all identified risks, so priority should be given to the threat and vulnerability pairs that have the potential to cause significant mission impact or harm (Sachs, 2011).
Risk Monitor: The purpose of this last phase of the risk management is to ensure that the assumption and estimates made by the risk management team are valid during the evolution of the project (Saha, …show more content…
An organization most likely will have several risk categories to analyze and identify risks that are specific to the organization (Edmead, 2007). Once the risks are identified, the next step is to determine the risk likelihood level. “Several factors need to be considered, first, the auditor needs to consider the source of the threat, the motivation behind the threat, and the capability of the source. Next, auditors need to determine the nature of the vulnerability and, finally, the existence and effectiveness of current controls to deter or mitigate the vulnerability” (Edmead, 2007, para.7). The last is to identify the risk’s impact. “It is important for auditors to understand that not all threats will have the same impact. This is because each system in the organization most likely will have a different value” (Edmead, 2007, para.