Home Editor's Choice Managing Business Case Risks

Managing Business Case Risks

Managing Business Case Risks

In every case, the risk to the organization must be reduced to an acceptable level. Here are some of the potential risks:

Failure of the security solution to accomplish objectives
Presence of residual security risks not addressed by the proposed solution

The impact of these risks can be minimized by proper project management and control of the implementation process. It is important to note that risks are events, not issues, and the probability of occurrence and estimated business impact, should be calculated and documented.

Business Case Recommendations

For security solution implementations, business case recommendations must be presented to describe the justification for the recommendations, clearly put forth to enable readers at all levels of the organization to quickly understand the extent of the investment the nature of the product, service or resources which will provide the solution.

As for any business case presentation, an executive summary should be provided to summarize the details to be found in the presentation. Executives authorized with approving the recommendations will need to have this summary presented in a format which will enable them to understand the concepts sufficiently to warrant approval.

In presenting the business case, it is important to state as many positive factors that support the recommendations, in particular, setting out why a particular option is the best. For example, it may deliver the best ROI, it is the most effective solution, or it is the only option that can meet current business needs or regulatory compliance requirements.

Senior executives will be most interested in the option which offers the lowest cost, so other key factors, compliance, operational risk, and business enhancements, need to be emphasized. A major consideration in making a final decision is the support provided to other departments in the organization.

Protecting Corporate Property and Investments

Increasing security risks in the corporate environment, particularly those from targeted intrusions by experienced hackers, emphasize the requirement to implement effective security solutions using database assurance technology. Software security solutions are now available which enable organizations to re-evaluate their corporate systems to determine the best methods for protecting corporate assets, and to incorporate these security solutions in their corporate system structure.

Legacy investments need dynamic protection methods which can adapt with changing security threats, without increasing overhead costs or interfering with business processes.

Digital security in today’s corporate environment is progressing to being much more than an after-thought to functioning as an integral part of a business operation. Risk assessment of security issues has created business cases for security solutions which require a different set of assessment criteria than for traditional and more common business case proposals.

Significant Benefits

There are significant benefits to be achieved for an organization which conducts the proper analysis and assessment of the risks and develops an appropriate security solution for database assurance, which takes account of these risks and delivers a positive ROI. These are the steps which have the potential for putting an organization ahead of any intrusion attempt.

Corporate Ethics – Greed is Not Good

Corporate ethics and ethical business practices require managerial support in order to successfully be adopted into everyday company practices. Codes of ethics for corporations should detail the company’s policies in relation to ethical treatment of all stakeholders including staff, suppliers, customers and the wider community. A guide to creating a code of ethics can be downloaded from the Institute of Business Ethics.

Public disclosure of corporate codes of ethics can assist community stakeholders to trust that businesses are acting in an honest and transparent manner in all dealings. A 2008 poll undertaken by MORI, found that 85% of consumers would be inclined to have greater trust in a company, if there was transparency and honesty in relation to the companies policies. This greater trust level would arise even if the consumer was not in agreement with all of the company’s policies.

Legal Compliance

In most jurisdictions there are many laws and other non-law treaties and agreements that mandate that business operations are carried out in a non-harmful manner. This include specific treaties with indigenous populations relating to use of traditional land, laws requiring safe workplaces and providing measures to ensure that companies do not discriminate when employing, legislation and guidelines relating to environmental impact and specific pieces of legislation such as the Sarbanes-Oxley Act which attempt to improve corporate governance procedures.

Sarbanes-Oxley Compliance

Large publicly listed companies and accounting and audit service providers in the United States are required to comply with the Sarbanes-Oxley Act (2002), enacted after the corporate collapse of Enron, which resulted from poor standards in corporate governance and audit practices.

Sarbanes-Oxley compliance requires annual filing of a disclosure document with the Securities and Exchange Commission. Amongst other requirements, the Sarbanes-Oxley Act requires that the financial statements are certified by the Chief Executive Officer and Chief Financial Officer of the disclosing company. Auditing practices are also subject to stringent legislative controls under the Sarbanes-Oxley Act.

Risk Management

There is an inherent amount of risk to every human venture, risk management policies and procedures enable companies to limit the chance that their business operations will case unnecessary or undue harm to stakeholders, the environment or the value of the company’s brand in the marketplace.

Transparency in risk management procedures can be a good corporate social responsibility activity as they can lead to increased consumer confidence in the company. This is particularly the case when the actions of the company may have a detrimental effect on the environment or health of the society in which it is situated.

Business plays a large role in the success of any economy and corporate social responsibility requires that business also takes part in society. A strong corporate governance strategy can support other corporate social responsibility activities such as community business partnerships and provide a foundation for improved stakeholder relations and a potential for an improved market share.