Join Mark Thomas for an in-depth discussion in this video Risk management, part of Cert Prep: ITIL Foundations.
- Risk management is often over looked, and sometimes really misunderstood as a list of things that could happen. Many organizations come up with a list of risks, and they stop there. The whole idea of risk management is to go through a life cycle of understanding what those risks are, how we analyze those and how we manage those risks. Now, on the slide there are several different models that you could look at. There's MOR, we talked about in a previous session, there's the simplified risk assessment and risk management model and there's basically the ISO that you could have in there as well.
But I want to cover a couple of key points that I want you to remember from a risk management side in terms of the model. The first thing that I want you to think about is within risk, we have to first identify what those risks are. So when we identify what those risks are, the key things, basically name the risk. What's the list of the potential things that could happen for us? When we were doing risk management, identification of risk, in a data center that I once managed, we looked at environmental risk, we looked at security risk, we looked at a lot of things that could disrupt the business, not just IT, but from the business, to understand what that list of those things could possibly be.
And we also looked at what the consequences were. So, what it is and what the consequence, if this thing actually happens, what is the level of pain that we're going to experience in the organization? Is it financial? Is it compliance? Is it physically harm to employees? Are we going to make it on the front page of the newspaper? Those are big things that you're looking at from an identification standpoint. So once you've looked at the identifying the risk, then next thing you want to do is analyze those risks.
So we've got the list of the big things that could happen and how bad it's could be, analyze those. What's the impact if this risk is really realized? Now we do some quantitative types of research on hey, if this thing becomes real, what's the likelihood this could happen, therefore that can help us understand what types of mitigations strategies we want to put in place for this thing. So quantify the impact if the risk is realized and the consequences that we would experience those and what the probability is. Again, quantitative and qualitative measures to help you understand those things.
And then the third thing from the risk, that we want to do, if we've understood the identification, we look at the analysis, now we actually need to manage those risks. And remember, sometimes folks kind of stop right here and say, "OK, we've got the list figured out." But, this is, there's a life cycle to risks that we have to cover. So when we manage these risks, we identify them, we have action plans in place, we realize that a risk may change throughout it's life cycle. What is classified as a high level risk today might not be a high level risk six months from now.
If it's maybe weather related, for example. We had a data center that was located in Kansas. You can understand that there was a high level of risk of tornado and disruption of power and disruption from a tornado. There were only certain amounts of times that we looked at those types of risks. So you monitor the changes, make sure that you are updating these through planning meetings and through possibly projects that you have in place. But as with any action, you have to remember that the cost of reducing that risk has to be weighed against one, the likelihood it's going to happen and two the cost to the business if it actually materializes.
So this is a business decision now, that you're making. If it costs this much to mitigate the risks and if that risk actually becomes real and it costs the business this much then there's a business decision we're making as a part of that. Risk management, we look at this throughout the entire ITIL model, particularly look at things like when we're analyzing and approving changes within the infrastructure, security management, continuity management. A lot of those processes are involved with risk management.
ITIL® is a registered trade mark of AXELOS Limited. This ITIL Foundations course is offered by Interface Technical Training, ATO of EXIN.
Skill Level Advanced
Qualification scheme3m 51s
1. Service Life Cycle
2. Service Management as a Practice
3. Key Principles, Models, and Concepts
4. Life-Cycle Phases
5. Life-Cycle Processes: Part One
6. Life-Cycle Processes: Part Two
7. Service-Management Functions
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.