© The Art of Service Pty Ltd 2008 ‘All of the information in this document is subject to copyright.
No part of this toolkit may in any form or by any means (whether electronic or mechanical or otherwise) be copied, reproduced, transmitted or provided to any other person without the prior written permission of The Art of Service Pty Ltd, who owns the copyright.’ Introduction Many organizations are looking to implement Risk Management as a way to improve the structure and quality of the business. This document describes the contents of the Risk Management Toolkit.
The information found within the Toolkit is based on the ITIL Version 3 framework, focusing on the processes of Information Security Management and IT Service Continuity Management.
In addition, to these processes are the methodologies supported by ITIL Version 3 e.g.
M_o_R and CRAMM which are considered ‘best practice’ all over the world. There are also valuable insights in to managing risks within Project Management, specifically the increasingly popular PRINCE 2 methodology. The Toolkit is designed to answer a lot of the questions about Risk Management and provide you with useful guides, templates and essential, but simple assessments. The assessments and questionnaire will help you identify the areas within your organization that require the most activity in terms of change and improvement. Presentations can be used to educate or be used as the basis for management presentations or when making business cases for Risk Management implementation. The additional information will enable you to improve your organizations methodology knowledge base. The toolkit serves to act as a starting point.
It will give you a clear path to travel.
It is designed to be a valuable source of information and activities. The Risk Management Toolkit: Flows logically, Is scalable, Provides presentations, templates and documents, Saves you time. Step 1 Start by reviewing the PowerPoint presentations in the following order: Risk Management Intro Presentation.-This concise presentation gives a great introduction to the toolkit, covering definitions, general concepts and the foundations of Risk Management. Risk Management ITIL V3 – ITSCM Risk Management ITIL V3 – ISM Risk Management – PRINCE2 — Presentations 2 – 4 provide a detailed and comprehensive overview of Risk Management in each of the specialist areas of ITIL Version 3 IT Service Continuity Management, Information Security Management and the increasingly popular PRINCE2 methodology. These presentations will give you a good knowledge and understanding of all the terms, activities and concepts required within Risk Management.
They can also be used as the basis for management presentations or when making a formal business case for Risk Management implementation.
Make sure you pay close attention to the notes pages, as well as the slides, as references to further documents and resources are highlighted here. Step 2 If you did not look at the supporting documents and resources when prompted during the PowerPoint presentations, do this now.
Below is an itemized list of the supporting documents and resources for easy reference.
You can use these documents and resources within your own organization or as a template to help you in prepare your own bespoke documentation. Risk Management ITIL V3 – ITSCM: ITSCM Reciprocal Arrangements – concise example of a user friendly agreement that can be used as a template for your organization. ITSCM Business Impact Assessment – example of a complete and easy to use assessment that can be used as a template for your organization. Management of Risk Framework M_O_R – a detailed overview of the M_o_R methodology with written explanation and supporting diagrams.
This methodology is supported within the ITIL version 3 framework. IT Risk Assessment Planning – an easy to follow guide on what should and should not be covered within your Risk Assessment. IT Risk assessment score sheet –A comprehensive and ready to use score sheet, to score your risk factors. Risk Assessment and Control Form – a detailed and user friendly template that include prompts and advice and can be used within your organization. Risk Assessment Questionnaire – this is am extremely useful document that is ready to use and distribute for the purpose of obtaining feedback from staff within your organization. ITSCM2900 Business Continuity Strategy – a comprehensive and user friendly template and procedure that can be used as a resource within your organization. Typical contents of a Recovery Plan – In accordance with the ITIL Version 3 framework and the ITSCM process.
This is a list of the typical contents for a continuity recovery plan. 10.
ITSCM2400 Communication Plan- concise example of a user friendly template and procedure that can be used as a template for your organization. 11.
ITSCM2420 E-Mail Text – concise example of a user friendly template and procedure that can be used as a template for your organization. 12.
ITSCM3100 Emergency Response Plan – a detailed and comprehensive example of a user friendly template that can be used as a template for your organization. 13.
ITSCM3200 Salvage Plan Template- concise example of a user friendly template and procedure that can be used as a template for your organization. Risk Management ITIL V3 – ISM: CRAMM – Overview of the widely used CRAMM methodology and how it can be effective when used within a work environment. Risk Management – PRINCE2 Checklist on assignment of risk ownership – complete checklist you can use to ensure conformance to the PRINCE2 methodology, when assigning Risk Owners. Generic Project Risk Assessment – – concise example of a user friendly template and procedure that can be used as a template for your organization. Step 2 continued… Alternatively, continue by working through the Risk Management Framework document and the Conducting a Risk Management Review document with the focus on your organization.
This will help you ascertain the Risk Management maturity for your organization.
You will able to identify gaps and areas of attention and/or improvement. The supporting documents and resources found within the toolkit will help you fill these gaps by giving you a focused, practical and user-friendly approach to Risk Management.
Read more about ITIL: