The role carrying out such a major assessment for the company and having a budgetary estimate of $700,000 is actually a junior resource. Hence, every proposal presented for the investments has to be justified with adequate quantitative and qualitative analysis backing each dollar proposed to be spent. As a matter of fact, a number of proposals are lying on the table of this role and hence the salespersons would be chasing the role actively to get their share out of this budget. The challenge of this role here is to ensure the proposition of the most appropriate investments resulting in optimum risk management for the corporate.
Proposed Risk Management Process: The Risk Management Process proposed in this case study has been presented in the figure below (Figure 1). This Risk Management Process is proposed to be governed by a committee comprising of Senior Management members, all operational heads and third party Risk Advisory Services. The CEO of the company is proposed to chair this committee such that the risk governance required to be enforced in the organization is effective. The committee will govern all risk mitigation actions, safety & security incidents, corrective & preventive actions, budgets & burn rates and disciplinary actions.
This methodology requires that all the assets are first collated and their characterization is done in detail. The characterization is normally carried out in terms of cost, criticality, location, ownership, and usage. The characterization will lead to analysis and calculation of the Asset Value. In this case study, the parameters defined to calculate Asset Value are Cost, Integrity, and Availability. The metric levels used in the case study for the three parameters are presented in Figure 2. The assignment of parameters is not only limited to monetary losses but also has been analyzed pertaining to the impact on the rest of the business due to integrity and availability aspects.