A risk assessment for FDI - Research Paper Example

? Running Head: RISK ASSESSMENT Risk Assessment Risk Assessment Risk management centers on adopting methodical and steady strategies to administer all of the IT functions threats facing an organization. This paper begins with the elaboration of the organization assets, notably the information systems. Secondly, the paper identifies the organizational risks facing FDI, such as the diminishing internal IT services, and which exposes it to vulnerability in security and strategic approach. Thirdly, the paper identifies the problems facing FDI, such as cutbacks spearheaded by the CEO in the IT department in terms of budget and personnel, and which have resulted to a political infighting, whereby the top management of FDI is split on whether there needs to be cutbacks in internal IT functions in favor of outsourcing, or maintaining it as the core of the business. The mitigation strategies identified for FDI problems comprises, hiring an intermediary consulting firm that is independent from the internal politics that are going on concerning the state of IT functions. Moreover, the setting up of an audit committee would help to direct and check the internal functional transaction. Thus, they will be responsible for assessing business and IT functions risks. Furthermore, groups or concern parties will be designated as central points in the administering and directing of the organization risk assessment procedures. In addition, the paper elaborates on the important risks issues concerning IT functions when it comes to outsourcing. Finally, the paper presents the risk assessment for the company and validates the claims that IT functions outsourcing is presenting the organization with risk on IT outsourcing. Introduction Risk assessment, is the procedure of scheming quantitatively the probable damage plus monetary outlay, resulting from threats, susceptibility and by incidents impacting the collection of IT assets of an organization (Tipton & Nozaki, 2011). Information technology risk management is the essential process which aids organizations to attain new business transformations, future savings in IT and their IT systems, along with a rising reliance on delivery within the organization information systems. However, the adoption of IT functions and systems has resulted in risks related to ICT, like strategic risks, operational risks, as well as technological risks (Bahli & Rivard, 2003). Therefore, IT risks management approaches and strategies, need to be developed and implemented within organizations. Accordingly, before implementing any action that would reduce the internal IT functions of an organization, there needs to be a coherent IT risk management entails IT governance, plus information security governance being developed. The aim of this paper is to conduct a risk assessment for FDI, in order to make a compelling case as to what value the IT department brings over that of an integrator that can provide services at 40 percent less annual cost. Discussion Organizational Asset Firstly, the major organizational asset for Fast Distribution, Inc. is information, and the firm has an extensive and expansive data center which helps in keeping pace with issues, such as S&P averages. Therefore, the organization information system helps the organization to collect knowledge, in order to be utilized effectively. Secondly, the firm brand is a major organizational asset, especially after being recognized by Forbes magazine. Thirdly, innovation pushed forward by the well-honed management is also a critical organizational asset. Then there is human capital, whereby the company has over 3200 experienced and consistent employees. Organizational Risks One of the major risk associated with diminishing internal IT services in favor of outsourcing for FDI, is its exposure to vulnerability in security and strategic capability, especially from the CEO suggestion of an open market. Notably, there is always the possibility that one of the outsourcing company personnel or competitors may breach security. Another risk posed by outsourcing the IT services is the operational risk. Secondly, there is the possibility that the outsourced IT provider will not perform a good job. Consequently, this would easily undermine the company operational performance, since it is widely acclaimed for its performance in the big league, and any operational; issues would definitely undermine this vital brand and image. Thirdly, relying on exterior IT services exposes the organization to the risk of downtime, especially during vital system failures (Dibbern & Goles, 2004). Consequently, this can result in possible loss of productivity, which can even take a considerable amount of time before the issue can be resolved. This can in the end leave major operations of the company idle, including the workers, and resulting in billions of dollars of lost revenue. Furthermore, given that an internal network overseer is intimately familiar with the peculiarities and distinctive characteristics of the IT system, then it is going to be difficult for an outside contractor to be able to deliver solutions more proficiently, rapidly and personally. Notably, IT outsourcing as being pushed by the CEO, can never offer an individual touch, which comes closer to that of an internal IT administrator or COO (Tipton & Nozaki, 2011). Another risk posed by outsourcing IT services for FDI, is the reduction or even loss of technological innovation coming from the company employees. It is important to consider that the IT services personnel, know the in and outs of the company information infrastructure, and for them to be innovative they need to be in charge and in control of the system, and transferring this to an outside provider would definitely lessen their innovative capacity. Current organizational security posture Firstly, the organization internal security posture appears to be medium, since they have a central data processing environment, whereby all data is encrypted and then copied to the FTP server via automated replication. Furthermore, the processing of data is handled internally, and this ensures confidentiality and safety of its corporate information. Notably, the organization security posture appears to be static in the sense that the design of their network is very much guided by control, and centralization. The organizational also has complete automation, as well as integration to its related systems. However, there is no mention or description on whether their IT assets are equipped with dynamic vulnerability management system, since it is a crucial aspect of security. Problems That FDI Is Having The problem facing FDI from a monetary perspective is that the internal IT infrastructure and assets are using quite a huge amount of the organization finance, and when outsourced, the cost of running an internal IT functions can be reduced. Due to this fact, the cutbacks spearheaded by the CEO in the IT department, in terms of budget and personnel has resulted to a political infighting, whereby the top management of FDI is rather divided on whether there needs to be cutbacks in IT functions. Moreover, it appears that the people championing some of these cutbacks in internal IT functions, like the CEO, do not seem to realize that it is decreasing the company operational reliance on technology. This not only wipes the company progress in IT, as a key asset, but exposes the organizational information system to loss of confidentiality, integrity, as well as availability compromising the organizational information system. Consequently, the internal IT system is exposed to security risks, such as the hacking as is evident by the spike in unexplained network traffic. Mitigation Strategy The first mitigation strategy that needs to be implemented, is to hire an intermediary consulting firm that is independent form the internal politics that are going on concerning the state of IT functions. (Dube & Pare, 2003). The consulting firm will be responsible for substantiating or validating both sides of the argument, and to come up with a solution that is most appropriate. In addition, they will come up with the benefits and downsize of outsourcing and maintaining an internal IT functions, in order to enable the executives to make a decision based on facts. If outsourcing is agreed upon, then the organization should begin with gradual test provider, so as to analyze their capabilities, and retain key capabilities internally. Secondly, in order to avoid the open conflict between the CEO and COO and their interferences, it is crucial to create a centralized management office, so as to consolidate the management of IT functions. The setting up of an audit committee would help to direct and check the internal functional transaction. They will be responsible for assessing business and IT functions risks. Groups or concern individuals will be designated as central points to administer and direct the organization risk assessment procedures (Dube & Pare, 2003). Risk Assessment What is clear from the given information is that FDI going through the outsourcing will face several types of risk, which are security risks, operational, IT functions risks, and information system risks. Hence, the risk management concerns the IT activities and activities within the IT policy, and the organization information security dealings. It appears that the centralization of the internal IT system is causing the organization more resources than what the organization can sustain. The operation risk results from the scaling down of the IT resources and personnel, and this has resulted in the diminishing of FDI strategic capabilities. The security risk includes, trouncing of confidentiality, integrity, and accessibility of the information system being compromise (Calder & Watkins, 2008). The fields of vulnerability comprise communications, personnel, facilities, equipments and applications. The forms of damage include no delivery plus misdelivery of the organization services, especially since the internal IT functions is being changed from a centralized to a spread out system. There is also the denial or degradation of services, and this is notable by the unexplained traffic across the network. These damages will result in monetary loss, productivity hammering and reduction of consumer confidence (Bahli & Rivard, 2003). For that reason, determination of risks level shows that the vulnerability of risk is high when the internal IT functions are oursourced, and this would result in major effects when the above threats occur. Furthermore, there are no tangible controls in place to mitigate these risks (Dibbern & Goles, 2004). Conclusion In this assessment, the main risk factors have been identified, such as security, operational risk and loss of technological invention. Based on the above risk assessment, outsourcing of the internal IT functions will present the organization with numerous risks. Therefore, it is important that critical functions of the IT department should not be outsourced, hence there needs to be the auditing of the appropriateness and status of security controls within the existing system, so as to develop a security policy. Even though, a number of organizations are more and more outsourcing their IT functions, due to factors, such as lower operational costs, and m increased capability to focus on core fields, in this case of FDI there are quite a number of challenges as well as risks linked with IT outsourcing. References Bahli, B., & Rivard, S. (2003). The information technology outsourcing risk A transaction cost and agency theory-based perspective. Journal of Information Technology , 18 (3), 211-221. Calder, A., & Watkins, S. (2008). IT governance: a manager's guide to data security and ISO 27001/ISO 27002. London: Kogan Page Publishers. Dibbern, J., & Goles, T. (2004). Information systems outsourcing: A survey and analysis of the literature. The DATA BASE for Advances in Information Systems , 35 (4), 6-102. Dube, L., & Pare, G. (2003). Rigor in information systems positivist case research: Current practices, trends, and recommendations. MIS Quarterly, 27 , 27 (4), 597-635. Tipton, ,. H., & Nozaki, M. K. (2011). Information Security Management Handbook, Volume 5. CRC Press,. Read More