Wednesday, February 06, 2002
On Risks: The theme of this post is risk management. Leading off is a pointer to Resource Management Systems, which sells tools that are reasonably priced and useful. Their FastPlanner for IT is an Excel add-in for IT budgeting and estimating. At $79.00 it's cost-effective because it will surely shorten the time spent doing one of the most painful tasks that goes with the territory if you're an IT manager. What does this have to do with risk? Everything. How many budgets and estimates are accurate? FastPlanner provides a framework that fosters accuracy by ensuring that all cost drivers are taken into account. Budget risk, especially when shareholder value is at stake, is inversely proportional to budget forecast accuracy. However, products aren't the only reason to visit Resource Management Systems' web site - there are online tutorials, budgeting FAQs and briefs that are valuable and freely available.
Risk Matrix from Mitre (compliments of your tax dollars) is a free risk assessment tool. You can obtain it by filling out a registration form, and instructions will be promptly sent for downloading it. The advantage of registering the tool is you'll receive update notifications. If you can't wait you can download it from my server. I do urge you to go through the registration process at your convenience if you do get the tool from me.
Simtools and Formlist are free Excel add-ins that should be in the toolbox of every risk manager, strategic planner and project manager. Simtools adds statistical functions and procedures for doing Monte Carlo simulation and risk analysis in spreadsheets. Formlist is a simple auditing tool that adds procedures for displaying the formulas of any selected range. There is an additional tool, TORNDIAG.XLS, that adds a Tornado Diagram procedure to the Excel Tools menu. This procedure can then be used to make a tornado-style sensitivity-analysis diagram in any open workbook. (Tornado diagrams show how an output value would change as various input parameters are changed, one at a time, from a given best estimate to a given low estimate and a given high estimate.)
On the topic of business continuity and disaster recovery planning, which are two activities that are steeped in risk management, I have three papers that are worth reading:
In addition, Managing Risks in an Increasingly Automated Customer Contact Center by PricewaterhouseCoopers LLP is a summary of call center automation risks that call center professionals will find useful.
- BCP and DR in Perspective
- High Availability in Perspective
- Negotiating Business Continuity Contracts
If you haven't been following the Microsoft Passport vs. Project Liberty posturing and you're involved in e-commerce you should visit ZDNet's Tech Update page for the Project Liberty Special Report. In my opinion (as well as many in the industry) there are many inherent risks in Microsoft's online ID system. For more information see also Meta's report titled Passing Passport. Passport is tied into Microsoft's .NET initiative, which has its own set of risks, foremost among them is Internet interoperability. A piece of reassuring news for those of us who espouse open standards is the ZDNet report of a .NET Alternative.
Information security policies are designed to reduce, mitigate or avoid risks. An excellent PowerPoint presentation that addresses this is Measuring Information Security Policy Conformance. I also have material on project risk management at the following pages: PM Overview Page and Tools & Documents. Both of these pages are on my old Infrastructure, Life Cycle and Project Management site. The site is dusty and does not receive much maintenance from me, but remains popular and does have a wealth of useful material.
A parting note: improving processes reduces risk. I'm including a manual in MS Word format titled Managing Process Improvement that may prove useful. If you're also interested in software engineering I'll be updating Notes from the Field with material that addresses software risk management, among other topics.