1 / 18

Communicating IT Risks to Stakeholders By Abdulaziz Ahmed Al-Duaij

Communicating IT Risks to Stakeholders By Abdulaziz Ahmed Al-Duaij Manager, Information Technology, KNPC. Agenda:. 1. What is Risk 2. What is an IT Risk 3. IT Risk Communication 4. Recognizing a Challenge 5. Three Keys to Success 6. Four IT Risk Communication Strategies 7. Q & A.

ranae
Download Presentation

Communicating IT Risks to Stakeholders By Abdulaziz Ahmed Al-Duaij

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Communicating IT Risks to Stakeholders By Abdulaziz Ahmed Al-Duaij Manager, Information Technology, KNPC

  2. Agenda: 1. What is Risk 2. What is an IT Risk 3. IT Risk Communication 4. Recognizing a Challenge 5. Three Keys to Success 6. Four IT Risk Communication Strategies 7. Q & A

  3. What is Risk ? Risk is a natural part of the business landscape. If left unmanaged …

  4. What is an IT Risk ? • Too often overlooked, IT Risk is a business risk, related to the use of IT. • Measure of an IT risk: Product of threat, vulnerability and asset values • IT Risk = Threat x Vulnerability x Asset Value

  5. What is an IT Risk ? • A more current Risk management framework for IT Risk would be the TIK framework • IT Risk = (Threat x Vulnerability/ Countermeasure) x (Asset Value at Risk)

  6. Risk Communication Communicating Risk to Stakeholders is the Top Task for Today's Risk Managers {Reveals a study by The Global Association of Risk Professionals (GARP)}.

  7. Recognizing Challenges • Even though stakeholders may be familiar with the risk assessment process, stakeholders often have different perspectives on the significance of the findings of the risk assessment and appropriate risk management actions. • Risk perception involves the influence of subjective factors on how risks are understood and valued - USEPA’s Risk Communication Handbook (USEPA 2007e). • Risk communications must not underestimate the importance and validity of risk perception.

  8. Three Keys to Success: Key 1 : Communicate Early “Communicate Early and Communicate too often” - Steve Cullum

  9. Three Keys to Success: Key 2 : Be transparent

  10. Three Keys to Success: Key 3 : Collaborate Avoid - I, me, mine Avoid negatives: “I can’t,” “I won’t,” … Keep referring to a common goal: – e.g. “In the interest of our Company… Encourage others to share their opinion Recognize people

  11. The 80–20 Principle:

  12. Four Risk Communication Strategies: Strategy-1: Expert hearings Opinions from experts with differing positions

  13. Four Risk Communication Strategies: Strategy-2: Expert Committees: Bringing experts together

  14. Four Risk Communication Strategies: Strategy-3: Stakeholder hearings Understanding both from the stakeholder's point of view and that of the organization

  15. Four Risk Communication Strategies: Strategy-4: Round tables (advisory groups): Bring a variety of stakeholder groups together in a working atmosphere

  16. Conclusion:

  17. Conclusion:

  18. Conclusion:

More Related