STRATEGIC PLANNING & ARCHITECTURE

Risk Management Template

Electronic Government Directorate

(Strategic Planning & Architecture)

Version: Draft

July 2005

Risk Management Template 1

STRATEGIC PLANNING & ARCHITECTURE

Table of Contents
Document History................................................................................................................ 3
1.Introduction.......................................................................................................................4
1.1.Purpose ......................................................................................................................5
1.2.Disclaimer.................................................................................................................. 5
1.3.Location and Currency of Document......................................................................... 5
2.Objective........................................................................................................................... 5
3.Notations........................................................................................................................... 6
3.1Example...................................................................................................................... 6
4.Development Approach.................................................................................................... 7
5. Verification & Validation.............................................................................................. 7
6.References.........................................................................................................................7

Risk Management Template 2

STRATEGIC PLANNING & ARCHITECTURE

Document History
Name Date Comments Version
Mahesh Ahuja 31/07/05 1.0

Risk Management Template 3

STRATEGIC PLANNING & ARCHITECTURE

1. Introduction

A risk is a future event which may adversely affect the project. The risk is defined as:
“The potential that a given threat will exploit vulnerabilities of an asset or group of
assets to cause loss or damage to the assets.”
The impact or relative severity of the risk is proportional to the business value of the
loss / damage and to the estimated frequency of the threat.
In this context, risk has the following elements:
 Threats to, and vulnerabilities of, processes and/or assets (including both physical
and information assets)
 Impact on assets based on threats and vulnerabilities
 Probabilities of threats (combination of the likelihood and frequency of
occurrence)

Business Risks are those threats that may impact the assets, or processes, or objectives of
a specific business or organization. The nature of these threats may be financial,
regulatory or operational and may arise as a result of the interaction of the business with
its environment or as a result of the strategies, systems, processes, procedures, and
information used by the business.

Risk Management is the process of identifying vulnerabilities and threats to an

organization’s information resources in achieving business objectives and deciding what
countermeasures, if any, to take in reducing the level of countermeasures and deciding
which, if any, to take in reducing risk to an acceptable level, based on the value of the
information resource to the organization

The process of risk management begins with identifying business objectives, information
assets and the underlying systems or information resources that generate/store, use or
manipulate the assets (hardware, software, databases, networks, facilities, people etc.)
critical to achieving these objectives.

Risk Management Template 4

STRATEGIC PLANNING & ARCHITECTURE

1.1.Purpose

This document provides help in preparing the risk catalog for the business or an
organization or specific project in focus. The catalog will help in deriving Risk
Management Process.

1.2.Disclaimer
EGD accepts no liability for the content of this document, or for the consequences of any
actions taken on the basis of the information provided, unless that information is
subsequently confirmed in writing.

1.3.Location and Currency of Document

This document is part of EGD framework and is retrieved through www.pakistan.gov.pk

portal. The document may be updated as and when required. It is the responsibility of user
to download the current version.

2. Objective
The prime objective is to identify and manage the risks before they will exploit
vulnerabilities of an asset or group of assets to cause loss or damage to the business.

Risk Management Template 5

STRATEGIC PLANNING & ARCHITECTURE

3. Notations
Content Description
Risk identification <<High Level Description of Risk>>
Risk Probability <<Likelihood of occurrence. It may be High, Medium or Low”>>
Risk Impact << Based on threats and vulnerabilities. It may be High, Medium or Low>>
Status
Risk description <<Description in Detail>>
Risk Consequences <<How it impacts the business. What losses can happen if Risk is not
managed properly >>
Risk Mitigation <<How the Risk can be taken the edge off>>

3.1 Example

Content Description
Risk identification IT-literacy in Federal Government
Risk Probability High
Risk Impact High
Status Open
Risk description Currently, few persons at the Federal Government are IT literate.
Risk Consequences The usage of deployed systems and basic infrastructure and the adoption of
new e-enabled processes will be very low.
Risk Mitigation Basic computer training be made mandatory for all Federal Government
employees of Grade BPS-5 and above. Additionally, Ministry and role specific
training should be imparted to ensure maximum usage and benefit realization
from E-Government programs.

Risk Management Template 6

STRATEGIC PLANNING & ARCHITECTURE

4. Development Approach

√ Identify all the Risks

√ Determine the probability and frequency of occurrence
√ Determine the consequences of risk i.e. what damages it can create to business
value
√ Analyze how the risks can be mitigated.

5. Verification & Validation

√ The consequences of risks should be clearly mentioned and understood by all

stakeholders.
√ This risk mitigation strategy should also be clear and understood by all
stakeholders.

6. References
6.1 2003 CISA Review Manual

Risk Management Template 7