Unformatted Attachment Preview
SAM
Associates
Operating System Migration Project
15/8/18
Reg
The goal of the new project will be to migrate the computers of the organization's employees
from Windows 7 to Windows 10 operating system (OS). All four of the company’s employees
are using Windows 7 OS. Migrating to windows 10 would offer the employees several benefits.
Windows 10 OS and all relevant drivers and software Installed in four Benefits of migrating to Windows 10 include more security, higher speed, new keyboard
computers. Windows 10 training guide.
shortcuts, and virtual desktops.
4 personal computers
$796
3-Sep-18
2
6-Sep-18
1
Finance
2
Commercial
3
Finance
4
Commercial
5
Finance
6
Commercial
7
Commercial
8
Security
1
Select
2
Select
3
Select
4
Select
5
Select
Failure of one or more computers to Lower specifications
support Windows 10
Delayed implementation
Challenges
during
implementation
Lack of adequate funds
Hidden costs
Loss of valuable data
Loss of funds
Critical software failing to run
Key pheripherals failing to work
Critical security flaws
Failure to backup
data
Funds will be lost if
the project fails
Failure to satisfy
recommended
Drivers may not exist
Failure to install
critical updates
Loss of some invested
4-Major
funds
Commercial activities
2-Minor
delayed
Partial implementation
2-Minor
of the project
Commercial activities
5-Catastrophic
hindered
Profitability will be
4-Major
affected.
Commercial activities
4-Major
delayed
Commercial activities
3-Moderate
delayed
Computers
will be
4-Major
vulnerable to attacks
1-Rare
Low
3-Possible
Medium
1-Rare
Low
1-Rare
Medium
1-Rare
Low
1-Rare
Low
2-Unlikely
Medium
1-Rare
Low
6
Select
7
Select
8
Select
Jim Owens PMP PRINCE2 FACS CP 2011
Week 8 Seminar – Practical Risk
Management, Part 2
Revise your Risk Management notes
Revise last week’s seminar, “Practical Risk Management, Part 1”, and pages 34 to 39 of the
“Risk Management Guide for Small Business”, where it deals with treating the risks.
What Risk management seeks to do is to remove as many risks from the project or possible.
Then for risks that can’t be completely removed, Risk management seeks to reduce
the likelihood of a particular risk occurring in a project, and/or reduce the impact if
it does occur.
1. Complete the last section of your RMP, the Risk
Treatment plan
There are five columns to be completed in the Risk Treatment Plan:
1.
2.
3.
4.
5.
Treatment Strategy,
Treatment Description,
Treatment Resources,
Risk owner, and
Deadline
A. Treatment Strategy
This is the risk response that you will apply to the risk. You will recall from week 6 that there
are only 4 possible risk responses:
Avoidance
Changing the project plan (e.g. the scope statement, the schedule, etc) so that a particular
risk can’t happen.
Typically this means removing something from the scope of the project to completely remove
the risk, so it is 100% impossible. E.g. you have to produce website that will display on
Windows Internet Explorer, Firefox, Chrome and Opera. There is a big risk that Opera will
not display it correctly, so you remove “Opera” from the scope statement. Now that risk
cannot happen.
Mitigation
Taking action to reduce the likelihood and/or the impact of an identified risk. E.g. there is a
risk the project might be late because the team has not much expertise with SharePoint. You
can mitigate the risk by providing training to the team and/or contracting a SharePoint
specialist.
Transference
Paying someone to take the risk on your behalf (usually outsourcing or purchasing
insurance)
Note that to transfer a risk, you must transfer it OUTSIDE the company. You can’t transfer to
another team, or transfer by employing experts, because the company still owns all the risks
of its employees.
Acceptance
You simply decide that you will accept the consequence of the risk if it occurs. This may be
because you think:
•
•
•
There’s virtually no chance of it happening (e.g. a major earthquake in London), or
The impact would be negligible,
It is too expensive to deal with (e.g. the cost of insurance may be more than the
impact of the risk event), or
•
You simply have no idea what you would do!
When you accept a risk, you don’t have to do anything further. If you try to plan anything for
this risk then it becomes a mitigation.
B. Treatment Description
Having selected the strategy, this field is where you enter the details of how this strategy will
be implemented.
C. Treatment Resources
People, equipment, budget, etc required for this strategy.
D. Risk Owner
The risk owner is the person responsible for ensuring that the risk strategy is put in place,
and is also responsible for checking that the risk is dealt with according to the plan, if the risk
occurs. This person may not be the same person who actually treats the risk. For example,
the IT Manager may be the risk owner for the risk “Some laptop computers may be offsite
and not upgraded”, but it will not be the IT Manger who actually recalls and checks each
laptop, that is a task for a technician.
E. Deadline
Enter the date when the strategy has to be finalised (e.g. of the strategy is to buy insurance,
then this will be the date that the insurance has to be purchased.
Corporate Social Responsibility
2. Performing a Corporate Social Responsibility
analysis
In the Week 3 Seminar on ethics and professionalism, you saw how the ACS code of ethics
expects you to behave ethically at all times.
So that means if you are managing an ICT project you must ensure that the
project is ethically sound, and managed ethically. If it is not, then you should inform the
organisation, stating the ethical breaches. If the company is not prepared to act ethically,
then you should refuse to work on the project. In the week 3 seminar you also briefly covered
Corporate Values, and the article written by a recent president of the Australian Computer
Society, Phil Argy 'Professionalism is the Best Form of Risk Management'.
And so now you are going to examine your RMP from a social and ethical perspective.
For this we will consider, “corporate social responsibility”, which is still an emerging topic,
which means that in your professional career, you may eventually add to it.
Read Corporate Social Responsibility (CSR) which may be found here:
http://www.unisa.edu.au/Documents/EASS/HRI/working-papers/wp9.pdf
This paper looks at using the principles of corporate social responsibility as a means of
managing risk management.
The three dimensions of CSR
Principles of CSR
Processes of CSR
Outcomes of corporate
behaviour
Principle of institutional
legitimacy:
Environmental assessment:
Social impacts:
· companies are responsible · scanning the environment,
· of products and services,
for earning and maintaining a gathering information, adapting to
of policies and programs
'licence to operate' granted by changing conditions
societ
Principle of public
responsibility:
Stakeholder management:
· engaging in dialogue with key
· companies are responsible
stakeholders, collaborative
for solving the problems they
problem-solving, corporate social
cause, and for helping with
performance reporting, corporate
problems related to their
partnerships
operations
Principle of managerial
discretion:
Issues management:
· managers are responsible for
· anticipating issues, managing
behaving ethically and in
crises
favour of socially responsible
outcomes
Social programs:
· formal policies that guide
company behaviour and
legal compliance, informal
company culture and values
Social policies:
· discretionary activities
directed at specific goa
CSR Analysis of your project
Examine your project and then answer the following
three sets of questions. You will probably need your
supervisor to assist you.
The principles:
Principle of institutional legitimacy
Would the technology I develop be welcomed by society?
Principle of public responsibility
Is the benefit greater than the risk?
Principle of managerial discretion
Is my work and behaviour ethical and socially responsible?
The processes:
Environmental assessment
Have I asked the right questions?
Stakeholder management
Have I asked the right questions of the right people?
Issues management
Have I been thorough in thinking this through and prepared as well as I can?
The outcomes:
Social Impacts
Will the software/services I provide work to benefit the company and society?
Social programs
Does the software/services take into account all relevant legislation and compliance
requirements?
Social policies
Can I take my knowledge into the community to enhance the reputation of my company and
support the community in which my company operates?