About Us What We Do Practice Areas Clients Contact Us

Risk Management

Ostroff Consulting has undertaken numerous risk management mandates. These mandates tend to fall into 2 categories:
  1. a specific system being developed or enhanced
  2. a project (both information technology and management consulting)
Those mandates that fall into the second category can either by part of a broader Project Management mandate or are more focused on Risk Management.

Risk Management is about anticipating problems before they occur and implementing mitigating strategies to prevent the risk from occurring AND minimizing the impact of the risk if it does present itself.

In general the process
  1. identify potential risk scenarios
  2. assess the probability of the risk scenario occurring
  3. identify the impact on the project if the risk scenario occurs
  4. determine if you are prepared to live with the risk identified
  5. if the risk is to high for your tolerance
    • identify additional control measure(s) (preventive, detective, and corrective) which can mitigate the outstanding risk
    • determine the cost of implementing each potential control measure
    • using cost benefit analysis techniques and consider the residual risk, determine which potential control measure(s) you want to adopt
    • cycle back to step 2
Regardless which of the two category the mandate falls into, the approach described above is used. All that differs is the project scope.
  • A few examples of risk scenarios, which may be identified for mandates that fit into the first category would be: the System is not available, a report is lost, and an unauthorized individual accesses the system.
  • A few examples of risk scenarios, which may be identified for mandates that fit into the second category would be: Skilled resources are not available in a timely manner, office space is not available for project team members when needed, a new development methodology is being used which no one on the team has used before