Risk Observation: IT Department Risks

Observation 1
IT Risk (Infrastructure, system or devices Risk)
Risk Description
Infrastructures such as data server, Synology devices, Branches Internet and Computer devices
and Important data are at risk of fire, theft, system breakdown, and tempering by internal or
external staffs.

Risk Approach
Risk Officer talked with IT department to understand the IT related risks.

Potential Outcomes
Systems and Devices failure could lead to risk ranging from Operation to Fraud Risks. ( CCTV
tempering by internal Staffs at Kyone Pyaw)

Risk Strategy and Action Plan:

By Mitigate and Control,
To prevent from system and infrastructure failure, IT need to have contingency backup plan to
replace damaged infrastructure and perform the corrective actions in timely and effective
manners.

Observation 2
IT Risk (Users Risk)
Risk Description
Users’ risks are described below;

• Un-trust worthy Employees

• Lack of Computer Experience And
• Non-Sense of using Technology
• Unfriendly with Computers
• Personal Computer Usages
• Using Easy password, Default User Password And
• Set Remember Password Setting automatically
• Have No Privacy Awareness
• Share Office Related Confidential
Risk Approach
Discussed with IT department about Users’ risks

Potential Outcomes
Because of users’ risks described above, MFI could be at risk of data breach, system(computer)
breakdown or ineffective and low productivity by employees at branches

Risk Strategy and Action Plan:

By Mitigate and Control,
IT department should teach users training on how to use computers, Microsoft
application(Word,Excel), how to use Musoni and other necessary basic IT related skills.

Observation 3
IT Risk (Infrastructure, system or devices Risk)
Risk Description
External Risks
• Electricity breakdown
• Failure Of MPT, TELENOR, OOREEDOO, MYTEL
• No Backup Plan To Access Internet
• Google Breakdown
• Government Internet Restriction

Risk Approach
Risk Officer talked with IT department to understand the IT and external related risks.

Potential Outcomes
-Electricity breakdown will impact branches CCTVs, Computer and other electrical devices non-
functioning which will impact branch operations severely.
-Internet Breakdown will impact users to unable to process gmail(communication) and Musoni
,other operational related risks

Risk Strategy and Action Plan:

By Mitigate and Control,
To prevent from electricity black out, Admin need to have contingency plan to have backup
generators to continue functioning of the branches even when there is electricity blackout for a
few weeks to months in case of disaster.
Observation 4
IT Risk (People risk)
Risk Description
Head of IT and IT team members are lack of respect and make fun of everything risk officer say.
During procurement meeting, they do not participate in decision making with other department
cases and they make fun of other members also during the risk officer joining meeting.

Risk Approach
Risk Officer talked with IT department to understand the IT related risks.

Potential Outcomes
Lack of co-operative communication and respect for each other will cause loss of productivity and
ineffectiveness.

Risk Strategy and Action Plan:

By Mitigate and Control,
Management should be aware of the current head office condition and improve departmental
communication and cooperation.