Tutorial
Wooton021
CMGT545Week5ApplyRiskAssessment.docx
Name
Instructor Name
CMGT/545: Influence And Leadership In Tech Date
Project Risk Assessment Template
As Intuit, Inc. prepares to transition to cloud-based applications, the development team has foreseen potential issues and challenges that could negatively impact the project. Complete Parts 1 and 2 below to identify and assess at least 12 risks to the project.
Part 1: Risk Assessment Table
Use the table below to list 12 risks to the project, identify the risk level and likelihood of each, and provide mitigation strategies that would reduce the impact and likelihood of each event. There should be at least 5 high-level risks.
Note: Examples have been provided in the first 3 rows of the table. You may not use the provided examples.
Risk Level
· Low (L): minimal impact to finance and time to completion
· Medium (M): medium impact to finance and time to completion
· High (H): high impact that may jeopardize the success of the project
Likelihood of Event
· Certainty: 90–100% chance of happening
· Likely: 70–89% chance of happening
· Somewhat likely: 40–69% chance of happening
· Unlikely: 0–39% chance of happening
|
Risk |
Risk Level L/M/H |
Likelihood of Event |
Mitigation Strategy |
|
No clear migration strategy in place |
M: Detailed execution steps |
Certainty
|
Develop the strategy and timeline upfront to avoid confusion |
|
|
|
|
when it comes to executing on the migration. |
|
Data Loss |
H: Configuration of backups |
Likely |
Reduce the amount of manual intervention needed to perform migration and automate as much of possible |
|
Training |
L : Application training |
Likely |
Ensure there is a training program in place for all end users and users of the web application |
|
Latency |
H: Application speed |
Somewhat likely |
Check with the ISP and validate SLA(service-level agreements) |
|
Data Access |
M : Data Access |
Certainty |
Verify with provider that the IT team can still access the data after migration, and remote uses will be limited to accessing data |
|
Infrastructure
|
H: Identify what already exists |
Likely |
Work with the IT teams to document the existing systems and their dependencies |
|
Service Provider validation |
M: Verify providers claims |
Certainty |
Verify the provider is able to support the companies requirements, verify the references |
|
Internet Access |
M: Bandwidth |
Certainty |
Ensure the cloud service provider can |
|
|
|
|
manage the expect high volume of mobile devices connecting to the application |
|
Incompatibility with existing architecture |
M: Application API review |
Certainty |
Perform an audit of the existing architecture and document any and all gaps in a detailed document |
|
Security |
H: DDoS attacks |
Likely |
Check with the vendor to see what cloud and physical security packages they offer. |
|
Human interference/Error |
M: Knowledgeable of user area only |
Somewhat Likely |
Ensure that employees are properly trained and choose participants to work on the project who have a vested interest. |
|
Regulatory/Complia nce |
H: Compliance with governing bodies |
Likely |
Implement controls that validate regulatory compliance |
|
Migrating Everything at Once |
M: Deviating from the plan |
Somewhat Likely |
Develop a schedule that details when phases of the migration can proceed and identify any predecessors |
|
|
|
|
|
|
|
|
|
|
Part 2: Risk Assessment Report
Provide a comprehensive description of each high-level risk, including a justification of your analysis and mitigation strategy.
The risks that I identified as being high risks to the project are as follows:
1. Data Loss
2. Latency
3. Infrastructure
4. Regulatory/Compliance
5. Security
Data Loss
This risk of data loss can be high with a project like this due to many unforeseen circumstances; power outage, data corruption, improper backups, human error. With a proper plan in place, this can greatly hinder the project’s completion.
In order to mitigate this risk, it is recommended that we establish a documented backup plan and ensure that we have configured an automated backup process and data validation process.
Latency
Due to the migration to a cloud-based platform, it is important that we ensure that our internet service provider(s) are able to support the increased bandwidth that will be used on our platform. If users encounter delays in sending or receiving data, it can lead to the potential loss of customers to our competitors.
In order to mitigate this risk, it is recommended that we ensure that our local network is accessible and optimized to withstand the flow of traffic. We will also have to ensure that the cloud application is able to be accessed from multiple locations at once.
Infrastructure
Due to this being a new application and process, it is important that we review the existing architecture to see if it can support the proposed changes. Depending on how our existing architecture is configured, we may need to build microservices that will support the different application protocols and changes.
In order to mitigate this risk, we will perform a comprehensive audit of the architecture during the planning phase. This will be a review that accesses our strengths and weaknesses in our existing architecture and document all the necessary changes or additions that we will need to implement to ensure compatibility.
Regulatory/Compliance
Moving to a cloud-based platform means that there are added regulatory and compliance protocols that we will have to adhere to. Cloud-based computing and industry standard regulations may be introduced
that we have not had to previously adhere to.
In order to mitigate this risk, we will review the new compliance and regulatory guidelines during the infrastructure review process. We will document each new or existing regulation and ensure that we are developing around these items so that we are in compliance once the platform is deployed.
Security
Moving data to the cloud involves a lot of security risks: compliance violations, insecure APIs, misconfigured servers, malware, external attacks, accidental errors, insider threats, etc. In addition to the technical challenges, there is also the physical risk to our server location. We will also need to ensure that each team member is performing their due diligence to ensure that they have adhered to the necessary guidelines when completing their tasks.
In order to mitigate this risk, we will review the security packages offered by the vendor to determine if that is an added cost that we can absorb. In addition to the cloud-based security package, we will develop a disaster recovery plan that considers a physical recovery process in the event of an unforeseen event. We will also ensure that all project members have documented process steps to ensure that they are not creating any unnecessary risks when completing their project steps.
