IT-Risk Management
Corporate Training Program
The Appleton Greene Corporate Training Program (CTP) for IT-Risk Management is provided by Dr. Shamsuddin PhD MSc BSc Certified Learning Provider (CLP). Program Specifications: Monthly cost USD$2,500.00; Monthly Workshops 6 hours; Monthly Support 4 hours; Program Duration 36 months; Program orders subject to ongoing availability.
Personal Profile 
Dr. Shamsuddin is a Certified Learning Provider (CLP) at Appleton Greene and he has experience in information technology, management and e-business. He has achieved a Doctorate of Philosophy in Information Technology Management, a Master of Science in Project Management and a Bachelor of Science in Mathematics. He has industry experience within the following sectors: Consultancy; Banking & Financial Services; Technology; Education and Telecommunications. He has had commercial experience within the following countries: Indonesia; Thailand; The Philippines; Malaysia and Singapore, or more specifically within the following cities: Kuala Lumpur; Bangkok; Manila; Jakarta and Singapore. His personal achievements include: maintain risk exposure below budget; risk governance for software development; implement project risk management framework; IT and risk management integration and risk consulting & corporate governance. His service skills incorporate: risk management; project management; bid management; software development and training services.
To request further information about Dr. Shamsuddin through Appleton Greene, please Click Here.
(CLP) Programs
Appleton Greene corporate training programs are all process-driven. They are used as vehicles to implement tangible business processes within clients’ organizations, together with training, support and facilitation during the use of these processes. Corporate training programs are therefore implemented over a sustainable period of time, that is to say, between 1 year (incorporating 12 monthly workshops), and 4 years (incorporating 48 monthly workshops). Your program information guide will specify how long each program takes to complete. Each monthly workshop takes 6 hours to implement and can be undertaken either on the client’s premises, an Appleton Greene serviced office, or online via the internet. This enables clients to implement each part of their business process, before moving onto the next stage of the program and enables employees to plan their study time around their current work commitments. The result is far greater program benefit, over a more sustainable period of time and a significantly improved return on investment.
Appleton Greene uses standard and bespoke corporate training programs as vessels to transfer business process improvement knowledge into the heart of our clients’ organizations. Each individual program focuses upon the implementation of a specific business process, which enables clients to easily quantify their return on investment. There are hundreds of established Appleton Greene corporate training products now available to clients within customer services, e-business, finance, globalization, human resources, information technology, legal, management, marketing and production. It does not matter whether a client’s employees are located within one office, or an unlimited number of international offices, we can still bring them together to learn and implement specific business processes collectively. Our approach to global localization enables us to provide clients with a truly international service with that all important personal touch. Appleton Greene corporate training programs can be provided virtually or locally and they are all unique in that they individually focus upon a specific business function. All (CLP) programs are implemented over a sustainable period of time, usually between 1-4 years, incorporating 12-48 monthly workshops and professional support is consistently provided during this time by qualified learning providers and where appropriate, by Accredited Consultants.
Executive summary
IT-Risk Management- History
In the past three decades, billions of dollars have been spent by millions of organizations around the world in software development projects in order to achieve a number of goals, some of these include enhancement in operational processes, increasing productivity, cost reduction, security compliance, conformance to regulatory requirements, and many other strategic reasons. Usually, the vast majority of information technology projects were outsourced to IT vendors, while others were developed by the internal IT departments. The project manager is responsible for the development of the project budget where typically the approval needs to be secured from the project sponsor. A typical IT project budget will indicate the number of resources required for the project where the cost of labor can be easily determined based on the project work activities specified in the project schedule. The cost of equipment or materials that are required for the project will also be listed together with the cost to be incurred for services that are to be acquired from external vendors and/or contractors. The procurement department will then solicit the qualified vendors based on the approved budget. Whether the customer chooses to acquire the services of internal IT organization or engaging external vendors, there was one common thing behind these colossal project investments i.e. details of the cost associated with risk management were not known. There are project risks in any project, information technology (IT) project is no exception. It is common not to find details of the project risk in an IT project budget especially during the development of the project charter. This happened decades ago and still happening today. Past analysis revealed that many of the IT projects today have failed to meet the project objectives, they failed because the project management team failed to identify the major risks early in these projects! If these risks are not identified at the early phase of the project, they are unlikely to be considered during the planning phase of the project. When developing the project cost management plan, the project budget will not include the details of the cost of mitigating the risks because these risks are not captured earlier in the project. Any IT project should have project contingencies where these are defined alongside the risk mitigation process. Past project experiences revealed that the project budget did not indicate the cost of implementing the effort associated with project contingencies. The effort involves people (generally referred to as “labor”), besides the cost of labor we need to look at the cost of equipment or material associated with the work, the third party cost from external contractors, cost of licenses related to products, and any expenses related cost to perform the work. As we all know, there are many kinds of risk threatening an IT project which include among others technology risks, risk due to inflation, the risk associated with currency control, risk related to project liabilities, where all these risks pose a direct impact to the project profitability. The project managers may be aware of these risks but lack the knowledge or expertise to compute the cost of managing and controlling these risks. The project stakeholders, specifically the project sponsor need to be aware of this cost so that an accurate and comprehensive preliminary project budget can be presented to the executive management committee prior to initiating a project. Past project experiences also revealed that project managers do not have sufficient resources on the project team who are expert in identifying and qualifying the risk in the early stages of the software project life cycle and most probable reasons behind this was due to lack of training in IT risk management. Without a proven methodology, it is highly unlikely that an IT project can be successfully delivered within budget, scope, schedule, and quality.
IT-Risk Management– Current Position
Project risk management is becoming an important sub-discipline of software engineering. It focuses on identifying, analyzing, and developing strategies for responding to project risk efficiently and effectively. It is important, however, to keep in mind that the goal of risk management is not to avoid risks at all costs, but to make well-informed decisions as to what risks are worth taking and to respond to those risks in an appropriate manner. Executive management is looking at cost reduction that needs to be realized through efficient management of risk in IT projects. Project risk management provides an early warning system for impending problems that need to be addressed or resolved. Although risk has a certain negative connotation, project stakeholders should be vigilant in identifying opportunities. Although many IT project managers associate uncertainty with threats, it is important to keep in mind that there is uncertainty when pursuing opportunities, as well. It is unfortunate that many projects do not follow a formal risk management approach. Because of their failure to plan for the unexpected, many organizations find themselves in a state of perpetual crisis characterized by an inability to make effective and timely decisions.
The digital environment that surrounds us today has resulted in the proliferation of mobile applications that always need to establish a constant communication with a number of cloud computing systems. It is an internet-based computing application where all the shared resources, software, and information are provided to the computers and devices on demand. Users can access the information from anywhere and anytime, therefore, it is imperative to ensure that appropriate project risk management processes and tools are being used in e-commerce and cloud-computing related projects. A common problem cited was that few companies try to anticipate problems once systems are implemented. For example, security is a common threat to many e-commerce systems; however, few companies can actually say what impact security risk would have on their customers. As it turns out, crisis management is much more expensive and embarrassing than risk management.
Mobile application and e-commerce developers must be knowledgeable in the processes used to manage risk in their software projects. It does not matter whether a particular company is involved with software-as-a-service (SAAS) business, operating a platform-as-a-service (PAAS) provider, or a business process outsourcing provider, the process of managing and controlling risk stays the same. One of the primary issues facing software companies today is how to reduce the cost of software development that will directly contribute towards boosting project profitability.
While there is no shortcut to success, the first step is to look at the existing business processes and initiate a program to acquire new processes that will help to reduce the development cost. The obvious cost drivers are the cost of labor, cost of materials, cost of product licenses, cost of subcontractors, and the expenses associated with the people executing the work. The hidden cost drivers are the cost of unknown risks that can make up a reasonably large percentage of the entire project cost. For instance, if the requirements specification is subject to changes of x percent of the project cost, then the mitigation plan for this known risk can be easily factored into the Risk Management Plan. On the contrary, should there be any regulatory changes in the course of implementing the project, the cost of managing the hidden risks may exceed beyond the available budget and will soon eat into your project profitability. Early adoption of project risk management processes will help to minimize the impact of this hidden cost since these risks will be detected in the early stages of the project lifecycle. As soon as they are detected during the course of the project development, the appropriate action against these risks will be taken based on the response strategy defined in the Risk Management Plan. Identifying risks associated with project liabilities can help the project manager to manage the overall cost of software development. For instance, if you know the cost as a result of a late delivery of a software project, you will ensure that your project team delivers the project within the agreed schedule in order to avoid paying the penalty. Based on current assessment of IT project implementations across all industry sectors, project managers still lack the required skills in the management and control of project risk, a situation that is critical as more new technologies are being utilized in the near future and more stringent control measures need to be in place to manage the potential threats associated with the adoption of these new technologies.
By applying project risk management processes for your organization, your chances of project success increases by minimizing and eliminating negative risks so projects can be completed within budget, schedule, scope, and quality. When you don’t have risk management strategies in place, your projects get exposed to problems and become vulnerable. Effective risk management strategies allow your company to maximize profits and minimize expenses on project activities that don’t produce a return on investment.
IT-Risk Management– Future Outlook
The objective of performing risk management is to enable the organization to accomplish its mission by better securing the IT systems that store, process, or transmit organizational information; by enabling management to make well-informed risk management decisions to justify the expenditures that are part of an IT budget; and by assisting management in authorizing or accrediting the IT systems on the basis of the supporting documentation resulting from the performance of risk management.
Managing risks in an information technology project is a complex, multifaceted activity that requires the involvement of the entire organization, from senior leaders and executives providing the strategic vision and top-level goals and objectives for the organization; to mid-level managers who are involved in planning, executing, and managing projects; to individuals on the front lines operating the information systems supporting the organization’s missions and business functions. The advancement in information technology has resulted in the creation of many products and services where risk management sits at the center of these developments. To successfully execute organizational missions and business functions that are related to these information system-dependent processes, senior leaders and executives must be committed to making risk management a fundamental mission of the company’s business requirement. The top-level executives are always remained committed to ensuring that sufficient resources are available to develop and implement effective, organization-wide information systems risk management programs. Understanding and addressing risk is a strategic capability and an enabler of missions and business functions across organizations. Accountability by senior leaders for their risk management decisions are important to drive the implementation of effective, organization-wide information systems risk management programs.
Demands for risk management training has increased in the past thirty years and continue to increase for many years ahead especially from individuals or consultants with responsibilities for conducting organizational information security implementations; vendors with responsibilities for implementing information technology products, services, or application software; service providers offering outsourced services including Software-as-a-Service, Infrastructure-as-a-Service, and Platform-as-a-Service. Whenever there is an adoption of technology in products or services, there will be risks associated with the use of these inventions and so will be the knowledge and the skills required to manage the risks. Another group of individuals who need to embrace risk management processes i