BUS 519 - Project Risk Management
Dr. Shah Jamali
April of 2013
The one that I believe to be the best solution to address the issues faced by Flayton Electronics is that of James E. Lee. I would definitely use his recommendations because it shows all the key areas that are crucial in a risk response plan. Lee’s suggestions are typical of contingency planning; according to Heldman (2005), contingency planning is a form of acceptance because if the risk occurs, you are willing to accept the consequences and devise a plan to deal with those consequences. He is likely to act with urgency by pointing the affected parties, as the longer it takes for the company to do this will make then appear less credible. Lee also recommended that once the risk is appeared, timing is a very key element in implementing a risk response plan to minimize damages. This has to be in the form of a prompt public disclosure once adequate information has been gathered; brand restoration should be initiated through public statements to help improve the company’s image; toll-free hotlines should be set up to address customers concerns; loyalty incentives in the form of discounts and sales should be given to compensate those customers that still stay loyal to Flayton’s; releasing a formal public relations statement to acknowledge the breach and to assure the public that the matter is being taken care of; finally handling secondary risks that may have occurred as a result of the situation i.e. blogs, social media, faulty media reports, etc. Lee debated that if Brett Flayton and his team can mitigate the effects of the damage to their brand and reputation, they will be able to rise above the situation despite the fact that it may take them several years to recoup.
MEMORANDUM FOR SECURITY RESPONSE
TO: Brett Flayton
Chief Executive Officer
1 Technology Parkway
Houston, TX 77004
SUBJECT: Customer Data Security Breach
It has come to the attention of the Security & Loss Prevention department that the security of some of our customer’s credit card information has been compromised. In addition, Law Enforcement and the Secret Service are also aware of the situation and have advised us not to notify the public as yet until they have had a chance to apprehend the perpetrators. Through the counsel of Mr. James E. Lee, Senior VP of Public & Consumer Affairs, ChoicePoint, and he had a few recommendations as to our best approach.
1. Make a formal public statement once you have obtained sufficient information in order to reassure the affected parties, address their concerns and also to let them know that we are working with law enforcement to identify the violator(s). I believe we should do this quickly given that a media personality is also a victim. The longer we wait to inform the parties we run the risk of them hearing about this from external sources, which will diminish our credibility. Delaying information could also result in more fraudulent charges to the accounts of affected customers and give the impression that we either do not care or are hiding something.
2. Set up toll free lines for customers to call in and get additional information that will help to reassure them that the situation is under control. There should also be recordings that give customers instructions on how to proceed if they have found unauthorized charges on their accounts, and also provide internal contacts information for them to report the matter to.
3. Loyalty incentives should be offered in the form of special discounts, sales, gift cards and reward cash as an incentive to keep customers coming back. In an article by Associated Press reporter, Robertson (2011) despite the prevalence of data breaches, customers still entrust their personal information to retailers. It is...
References: Hillson, D., & Simon P., (2007) Practical Project Risk Management: The Atom Methodology. Management Concepts
Kloppenborg, T., Shriberg, A., Venkatraman, J. (2003) Project Leadership
Robertson, J., (2011). Customers stay despite high profile breaches. Retrieved 06/05/2012 from
Please join StudyMode to read the full document