Your team is to continue in its role as an external consultancy that has been hired by AE Kalina Cycle Senior management to assist the company in risk management. After completing the initial draft of your risk management plan, this second part of the assigned project requires you to create a risk mitigation (RM) plan. Senior management at AEKC allocated funds to support a risk mitigation plan, and have requested that the risk manager and team create a plan in response to the deliverables
produced within the earlier phases of the project. The risk mitigation plan should address the threats identified as described in the scenario for this project, as well as any new threats that may have been discovered during the risk assessment. You have been assigned to develop this new plan.
Your risk assessment has identified information assets at AEKC and prioritized the threats and vulnerabilities most likely to jeopardize the information resources that underpin AEKC’s business. Your task now is to plan for that eventuality of risks being realized by preparing a risk mitigation plan. To complete your risk management report, you have been asked to including the business impact analysis (BIA), the business continuity plan (BCP) and a disaster recovery plan (DRP) report with a planned response to those events that are most likely (in your assessment) to disrupt AEKC.
Project: Risk Management Plan – Part 2
For the first part of the assigned project, you created a part of the initial draft of the risk management plan. Therefore, to complete the initial draft, you must:
1. Complete the outline for the completed risk management plan.
2. Update your proposed schedule for the risk management planning process.
3. Identify the key roles and responsibilities of individuals and departments within the organization as they pertain to risk management.
4. Develop a proposed schedule for the risk management planning process.
For the risk mitigation component:
This part of the project is a continuation of Project Part 1 in which you prepared an RA plan for AEKC. Senior management at the company has decided to allocate funds for a business impact analysis (BIA), business continuity management and disaster recovery planning. Because of the importance of risk management to the organization, senior management is committed to and supportive of performing a proper analysis in these areas.
5. Prioritize the most significant risks for AEKC and provides details in a risk assessment table. Then choose the top 5 critical risks.
6. Propose a risk treatment (mitigation and internal control) strategy for the top FIVE (5) critical risks you have identified at AEKC
7. Include the BIA, BCP and DRP plans with the final risk management report