Context of the Risk Management Plan

The report is based on the risks involved in managing a website of the organization. The researcher has selected Citistore, the largest departmental store of Hong-Kong. Websites play a major role in the development of a company. A proper website helps the management to create a brand value and increase the communications between the service users and the service providers. The websites also provide a detailed awareness on the articles that are on sale and the other types of services that are provided by the organization, share the knowledge and generate support for the organization. The website is also integral to the operations of the organization. The modern day websites of an organization are generally integrated with CRM software to increase their efficiency and make them user friendly. Websites are also considered to be the epicenter of organizational strategy as they serve as a welcome note for the audiences of the organization. Citistore has a dedicated website that caters to all the demands of the customers and also serves the purpose of the company for having a positive impact on the growth of the organization. Websites generally faces a lot of problems. Experts believe that it is much more difficult to maintain a website properly than to create one of them. Although the modern day technologies have acted as a boon for developing the websites on modern lines with the implementation of the latest technology, there are also some potential threats to the stability of the websites as serious harm can be done to these websites.

There are different frameworks that can  be followed to mitigate the risks involved in maintaining a certain website of an organization. Some of them are;

1. The citistores website must be designed and formulated in such a way that it follows all the relevant rules and procedures of the country where it operates. In Australia it is bound to abide by the Australia Protective Security Policy Framework and the Australian Information Security Manual which is formulated for ensuring the security of the IT infrastructure of the different corporate as well as government institutions.
2. The AZ/NZS ISO: 2009 is a certain framework that determines the risk in the context of the security of the stored information of the organization. Risk is said to be the effect of uncertainty on the goals of the project. The following framework defines risk to be considered in a serious manner to eliminate and reduce the risks.

The risk management process is based upon the development of the new website and its proper maintenance and functioning. The following management will be based on the  

Group Participants
Name of stakeholder and position (internal or external) Save Time On Research and Writing Hire a Pro to Write You a 100% Plagiarism-Free Paper. Get My Paper	Role in risk management process	Issues or concerns raised	Method of communication	When and how often
Managing director	· To formulate and manage risk management framework on a global level · To ensure implementation of risk administration structure and development and ongoing risk estimation of risks	Financial matters takes in the requirements of budgets, cash flow, obligations for tax, management related to creditor and debtor, along with general account and remuneration management apprehensions. Regarding equipments it generally extends to the usage of the equipment in conducting of the business and inclusive of the regular continuance and convention, theft safety and upgrades. For organizational perspectives it relates to the internal needs of the business, extending to the structural, cultural along with human resources relevant to the business. Security factor takes in the premises of the business, people and the assets. It also extends the security purpose of the information of company, intellectual possessions along with technology. Legal and regulatory observance takes into account the factors of regulations, legislation, and practice codes along with contractual needs. It also extends for conformity with added ‘rules’ like the processes and policies that might be set by the contracts, social environment or the customers. The factor of reputation entails the reputation threat of the business for the conducting of the entity on whole, the feasibility of the services along with the products or the conducting of the employees or certain others connected with business.	E-mails, meetings, memos	Weekly
Project manager	· Ensure implementation and compliance with the risk management policy and process	Operational factors takes in the regular planning along with activities of operations inclusive of people and supporting the obligatory within the business resulting in successful improvement and liberation of products and services. Contractual – Obligations related to meeting required within a contract takes in quality of product or service, delivery, warranties and guarantees, requirements related to statutory and insurance and non-performance. Service delivery – It is generally been related to the service delivery, inclusive of the service quality that is been provided or in the manner in which a product is being delivered. It takes in interaction of customers and service that is generally after-sales.	E-mails	Weekly
Risk manager	· To define the risk management policy and implement management strategies and policies	Commercial – It includes the risks connected with the placement of the market, growth of the business, development of product along with commercial achievement. Also the commercial feasibility of the products and services that is generally enlarging through the enterprises, retention along with growth of the base of customers and return.   Project – It takes in equipment management, finances, technology, resources along with the people who are involved within the management process of projects. Pulling out the operational projects of internal nature, development of business and the external projects like those assumed for the clients. Safety – It takes into account everyone who is generally allied with the business like the individual, public safety and workplace. It also applies to the cover of the products or the services that is being delivered by the business process.	E-mails, meetings	Weekly
Junior supervisor	· To participate in the review and update of operational risks · To ensure that the risks are properly identified, managed and monitored	Workplace safety – Every business possess a duty of care that is being underpinned by the legislation elated to State and Federal agencies. This takes in the sensible steps that need to be taken for protection of the healthy and safety measures of everyone positioned at workplace. Occupational health and safety is incorporated with the total strategy related to risk management ensuring risks and exposures are always recognized and testified. Measures should also be taken in lessening the factor of exposure to the risks as much as possible. Refer to Workplace safety for more relevant information.	E-mails, meetings	Daily
Management trainee	· Ensuring that the risks are properly and timely recorded to  facilitate the risk management reporting	Technology – This takes into account the process of implementation, protection and management along with upgradation with the technology. It is being extended in identifying complex infrastructure of IT and loss of the exacting function/service for an extensive epoch of time. It further takes in the requirement and cost advantage connected with the technology as part of the strategy of business development.	E-mails	Daily
Customer service representatives	· To ensure that proper services are provided to the customers in order to reduce the number of customer complaints	Client-customer relationship – Probable loss of the clients due to the existing internal and external factors.	E-mails	Daily

PEST Analysis

Political	Economic
· The regulations of web data security in different countries · The policies of the company and the country on web security	· Increase in reputation leads to increase in revenue · Proper Savings from displaying other web contents like advertising
Social	Technological
· Different social media sites can be helpful to interact with the service users · Customers voice their concerns which are addressed with the help of social media	· Latest technology to maintain the website · Use of Cloud technology helps to bring modern features and efficiency

Strengths	Weaknesses
· Website must not be complex in nature and should be easier to operate · Website must be attractive and appealing to the service users	· The failure to optimize the website for use in phones at a age when smart phones rules the world · The long queue of confirmation process
Opportunities	Threats
· The website must be simple · The language should be understandable and must have a translate option to a number of different leading languages of the world	· Use of Social media in a large scale · Website hacks

Some of the most common problems that are;

1. Poor Designing- The poor designing of the websites is one of the main problems of the industry. Unattractive websites reduces the brand value and the reputation of the company. Designing the websites is believed to be a work of art and thus the simplicity of the websites makes the page unattractive to the customers. The absence of graphic designing in the websites creates a constraint for the industry. Therefore designing of the websites must be done by an expert website designer to increase the brand awareness of the company (Amin & Hussin, 2014).
2. Exposure of E-Mail Address-There are many companies in the market that publish their e mail addresses openly in the internet to communicatte4 easily with the service users. However these pose an essential risk as because the emails are filled up with spam mails or there are chances of the mails being hacked. The absence of  latest encryption technologies also does not help the organization as because there are a number of different
3. Broken Links- The most common problems with the websites is the breakup of the links. There are often times when the site stops working. This may happen due to various reasons. But this  may lead to a number of problems for the organization as ;

• Google may impose a penalty for not  keeping the  website content updated
• The users of the system will be frustrated and will come to the conclusion that the people behind the maintenance of these websites fails to regularly keep a close tab on the website.

1. No Mobile Version- If the website fails to have a specialized mobile version the company is automatically bound to lose at least 20% to 30% of the users who may have surfed t he website. In times when smart phone have become the lifeline of the younger generation the organizations must make sure to create the mobile versions of the website for all types of service users.

Some of the most common types of risks that exist are;

1. Huge budget increase
2. Lack of preparation before the start of the web development process
3. Decision making process gets stagnant due to the involvement of a large number of stakeholders.
4. Sudden Change in the whole system in the midst of the project.

Risk Register

Category ID

Risk Description

Consequence rating

Likelihood rating

Existing controls

Mitigation actions

Cost

Risk level

Risk priority

Risk owner

Risk rating after treatment

Review date

Risk control reviewer

Provide a unique ID no.

Describe the risk & impact on org.

e.g. serious

e.g. likely

Any existing management / treatment control already in place

Specify planned strategies.  May be preventative or contingency

$

e.g. high

e.g. 1

e.g. Name of person & position

e.g. high to low

Date

Name

1596

Poor designing of the website: · Unattractive websites reduces the brand value and the reputation of the company. · Designing the websites is believed to be a work of art and thus the simplicity of the websites makes the page unattractive to the customers. The absence of graphic designing in the websites creates a constraint for the industry

Serious

Likely

Yes

designing of the websites must be done by an expert website designer to increase the brand awareness of the company

$10,000

High

1

IT department

High-low

NA

31/10/17

2365

Exposure of e-mail address: Emails are filled up with spam mails or there are chances of the mails being hacked. Absence of  latest encryption technologies also does not help the organization.

Serious

Likely

Yes

Implementing latest encryption technologies for the email address

$25,000

High

1

IT department

High-low

NA

05/11/17

7895

Broken link: The site stops working Google may impose a penalty for not  keeping the  website content updated The users of the system will be frustrated and will come to the conclusion that the people behind the maintenance of these websites fails to regularly keep a close tab on the website

Serious

Likely

Yes

Recommending the use of Xenu link Sleuth and other protective links

$12,000

High

1

IT department

High-low

NA

06/11/17

6571

No mobile version: The company is automatically bound to lose at least 20% to 30% of the users

Medium

Likely

Yes

Launching mobile app by considering the demand of the customers

$20,00

High

2

IT department

High-low

NA

10/11/17

	Impact
	Very Low	Low	Medium	High	Very High
	Very High				A slow decision making process as it involves a lot of shareholders	Lack of Preparation before starting the web development process The absence of popular support by the sponsors of the project
	High				Increasing the overall budget of the particular project	The problems arising when there is a formal request for change in the project when it is almost completed
Medium
Low
Very Low

Project/Function/Activity: Risk treatment plan
1. Risk: Huge budget increase	Risk ID #: 1
Summary:  The managers and  the people in charge of the project must have a proper and transparent estimate of the project cost and have an efficient monitoring plan to control the budget and prevent it from increase
Action Plan 1. Proposed actions Must use detailed information regarding the project Control the budget tightly Tight monitoring
2. Resource equipment Project tool and related software used in such cases of monetary control
3. Responsibility (overall accountability for Actions) Manager in charge of the project
4. Timing (specific milestones) Review reports both weekly and monthly Meetings
5. Repeating and monitoring required Management software Timeline
6. Monitoring record Management software and  tools
Compiled By:	Date:	Reviewed by:	Date:

Project/Function/Activity: Risk treatment plan
Risk: Lack of preparation before the start of the web development process	Risk ID #: 2
Summary:  Assembling all the different information and efficient planning
Action Plan 1. Proposed actions Collection of all information The use of different effective methods that will be helpful to tackle any organizational changes Effective planning for the management of the project
2. Resource equipment Document for the planning of the project Development and testing of the website
Responsibility project manager
4. Timing (specific milestones) Use of the required document Engagement of the stakeholders  Planning the project
5. Repeating and monitoring required Daily meetings to assess the improvement  Continuous assessment Weekly progress reviews
6. Monitoring record User requirement document Management of the project plan
Compiled By:	Date:	Reviewed by:	Date:

Project/Function/Activity: Risk treatment plan
Risk: Decision making process gets stagnant due to the involvement of a large number of stakeholders.	Risk ID #: 3
Summary: Involve less number of stakeholder
Action Plan 1. Proposed actions Involve less number of stakeholder Effective communications with stakeholders Reporting clearly to the stakeholders
2. Resource equipment Stakeholder management
3. Responsibility (overall accountability for Actions) Project manager
4. Timing (specific milestones) Weekly stakeholder meetings and preparing proper reports
5. Repeating and monitoring required Stakeholder management document
6. Monitoring record Stakeholder Document for communicating effectively and properly
Compiled By:	Date:	Reviewed by:	Date:

Project/Function/Activity: Risk treatment plan
Risk: Sudden Change in the whole system in the midst of the project	Risk ID #:4
Summary: Managing the project effectively from the beginning of the project. It uses a project management approach that is effective to change and allows severalchanges
Action Plan 1. Proposed actions Legalization of the documents Involvement of the client throughout the project and make sure that it has been implemented by the project team Effective management of the project scope
2. Resource equipment Documents required by the user Management documents that defines the scope of the project Project management plan documents
3. Responsibility (overall accountability for Actions) Manager in charge of the project
4. Timing (specific milestones) Weekly progress reviews Displaying work breakdown structure where all developers and client can see them
5. Repeating and monitoring required Gantt chart
6. Monitoring record User requirements document Scope management document
Compiled By:	Date:	Reviewed by:	Date:

Task 7: Risk Monitoring and Evaluation

Risk	Monitoring Tool	Monitoring Performance after risk treatment
Increase in budget	To control the cost in an effective manner	Use of effective management tools and management software
Lack of preparation before the start of the web development process	Keeping or allocating long time to plan Meetings must be conducted to have a clear idea	Greater awareness, better idea, proper preparation, better anticipation  reduces the risk
Decision making process gets stagnant due to the involvement of a large number of stakeholders.	Preparing a Stakeholder identification and management plan	Key stakeholders identified and an appropriate communications put in place and used for communication; decisions are now made faster leading to reduced risk
Sudden Change in the whole system in the midst of the project	Proper and efficient management  Scope management	Proper scope management strategy, following proper methods to adopt to sudden changes

Risk Management of large organizations like Citi stores have to be maintained in such a way that it protects the internal information of the organization. The organization has installed SCRUM Master which is designed to make necessary changes to the risk management document. It helps the management of the following organization to get a printed receipt of the company whenever required. It can be used for reviews, internal assessments and used to assess the risks while a meeting takes place. The following is printed on a hard copy or a soft copy whenever needed by the organization.

The following project will be requiring a high quality and accurate records that will be used to execute the project. The document can be archived and stored for a period of seven years in the organization. These documents are archived to help the organization when the company faces any legal problems from managing risks.

Task 1: Risk Management Framework

The categories of risk would be helping the break-down of the procedure for the prospective recognition of risk. It is significant in remembering the fact that identification of risk would be restricted by the knowledge and viewpoint of those carrying out the analysis of risk. The areas of problems along with the risks need to be best recognized by the usage of consistent foundations. There exist several examples of risk in the business of risk. The categories of risk need to be taken in one by one, offering a structured method in the identification of the risk. This enables bigger focus on an exacting group, stimulating the thought process and augmenting the opportunity in recognizing a wider assortment of risks.

Common categories of risk recognized by the management of citistore take in:

1. Financial: It takes in the cash flow, requirements of budgets, obligations of tax, general accounting concerns of management and remuneration.
2. Equipment: It generally extends to the usage of the equipment in conducting the business including the continuous use, depreciation, and theft and maintenance factor.
3. Organizational: It relates to the business’s internal needs and extending to the structural, human resources and cultural aspects of the business.
4. Security: This takes into account the premises of the business, people and assets. It generally extends to the security of the information related to the company, intellectual property along with technology.
5. Legal and Regulatory compliance: Takes into account the factors of legislation, standards and regulations along with the contractual requirements. It also extends to the added rules like the procedures, policies that might be set up by the contracts, social environment and the customers.

Given the complexity of risk management (and the rather long list above), the following four categories have been provided to simplify the types of risk an organization and/or industry may face.

• Risk to Physical Assets – By looking around your work environment, you will see physicality in terms of furniture and furnishings, equipment (such as computers and photocopiers), personal property and even landscaping. Here the risk comes from a range of sources including mishandling equipment due to a lack of training or poor maintenance resulting in injury
• Risk to Financial Assets – These are the assets with monetary value such as cash, equities and contractual rights to receive funds into the future. Of course, burglary and theft are high on the list here but also embezzlement should be considered.
• Risk to Human Assets – This is the realm of Workplace Health & Safety (aka OH&S) and significant emphasis is placed on risk minimization here, especially given the potential for loss of life if risks are not managed appropriately. There is also the financial burden in cases of litigation (suing) and time off work for employees (Williams, Siebers & Xun, 2014).
• Risk to non-physical Assets – Although this may appear to be a catch-all category, non-physical assets covers the intangibles of a business and present a set of risks that have become very relevant with the advancement of technology. Information stored in an electronic environment or software developed for your business are valuable and to be protected. Instances of cyber-hacking have become a common problem and have created great concern for some business (especially those who store personal details such as credit card information).

Having a translucent knowledge of the segments of risk can help the organization in planning of the risk and communication of the risk information. They offer a formation for recognizing the risk factor and are often recognized at initial level through the exercise of brainstorming. Adding to that is the understanding of the segments assisting the owners of the business in selecting the best possible tools and techniques for the identification of risk and evaluation. For instance, if a exacting category of risk is generally technical in nature, the methodology of identification of risk would involve important research and compilation of the existing information about the exposure of risk. A risk segment with more strategic focus, like the commercial risk, might engross a structured workshop.

References

Amin, M. R., & Hussin, H. (2014, November). E-commerce adoption in SME retail sector: A conceptual model. In Information and Communication Technology for The Muslim World (ICT4M), 2014 The 5th International Conference on (pp. 1-6). IEEE.

April, B. (2016). U.S. Patent No. 9,241,004. Washington, DC: U.S. Patent and Trademark Office.

Bogorad, W., & Antonov, V. (2014). U.S. Patent No. 8,667,587. Washington, DC: U.S. Patent and Trademark Office.

Chen, H., Beaudoin, C. E., & Hong, T. (2017). Securing online privacy: An empirical test on Internet scam victimization, online privacy concerns, and privacy protection behaviors. Computers in Human Behavior, 70, 291-302.

Chen, R., Gokhale, M., Phillips, E., Wang, L., Nijjer, R., Grover, S., … & Tsai, J. (2014). U.S. Patent Application No. 14/488,115.

Da Silveira, A. C. P., Nijjer, R., Mukherjee, R., & Grover, S. (2014). U.S. Patent Application No. 14/488,102.

Gao, X., Yang, Y., Fu, H., Lindqvist, J., & Wang, Y. (2014, November). Private browsing: An inquiry on usability and privacy protection. In Proceedings of the 13th Workshop on Privacy in the Electronic Society (pp. 97-106). ACM.

Gutteling, J. M. (2015). Risk communication. John Wiley & Sons, Inc..

Haimes, Y. Y. (2015). Risk modeling, assessment, and management. John Wiley & Sons.

Haimes, Y. Y. (2015). Risk modeling, assessment, and management. John Wiley & Sons.

Hirotomo, M., Nishio, Y., Kamizono, M., Fukuta, Y., Mohri, M., & Shiraishi, Y. (2017, August). Efficient Method for Analyzing Malicious Websites by Using Multi-Environment Analysis System. In Information Security (AsiaJCIS), 2017 12th Asia Joint Conference on (pp. 48-54). IEEE.

Karthikeyan, R. G., & Sethuraman, R. (2014). Phishing Website Detection and Prevention of Phishing Attacks: a Field Experiment. International Journal of Science, Engineering and Technology Research (IJSETR), 3(2).

Kashyap, A., & Shekhar, S. (2015). U.S. Patent No. 9,160,766. Washington, DC: U.S. Patent and Trademark Office.

McNeil, A. J., Frey, R., & Embrechts, P. (2015). Quantitative risk management: Concepts, techniques and tools. Princeton university press.

Mockus, D. S., & Segal, M. C. (2014). U.S. Patent No. 8,781,622. Washington, DC: U.S. Patent and Trademark Office.

Prasad, A. V. K. (2016). Architecture for improving security in web environment. In Design Solutions for Improving Website Quality and Effectiveness (pp. 316-333). IGI Global.

Schwalbe, K. (2015). Information technology project management. Cengage Learning.

Sridharan, K., & Kumar, P. S. (2016). An Integration of Web Mining and Security for Ensuring the E-Marketing Websites. Asian Journal of Research in Social Sciences and Humanities, 6(12), 975-991.

Wan, X., Huang, X., & Dong, Y. (2016). The Moderating Role of Product Categories in the Relationship between Online Fulfillment, Procurement, and Consumer Repurchase Intention: A Hierarchical Analysis. Journal of Supply Chain Management, 52(4), 63-76.

Williams, M., Siebers, L. Q., & Xun, J. (2014). 9 Chinese retail policy and strategy. Retailing in Emerging Markets: A Policy and Strategy Perspective, 200.