Management Dashboard - Issues & Risks: Issue Summary Risk Summary Issue Status

Management Dashboard - Issues & Risks
Issue Status
Issue Summary Risk Summary
Open 0 Open 42 Open Closed In Progress Monitoring Resolved
Closed 0 Closed 0
In Progress 0 In Progress 0
Monitoring 0 Monitoring 0
Resolved 0 Resolved 0
Low Impact 0 Low 0
Med Impact 0 Moderate 0
High Impact 0 High 0
Low Priorit 0 Extreme 0
Med Priorit 0 Total Risks 42 Risk Status
High Priorit 0
Open Closed In Progress Monitoring Resolved
Total Issues 0
Issue Type Summary Risk Type Summary

Strategic 0 Strategic 6
Financial 0 Financial 6
Regulatory 0 Regulatory 7
Managemen 0 Managemen 4 100%
Operational 0 Operational 19
Risk & Issue Types Total Risk Ratings
20 1
15 0.8
10 Risk Type 0.6
Issue Type
5 0.4
0 0.2
Strategic Financial Regulatory Manageme Operational 0
nt
Low Moderate High Extreme
Cloud Computing Risk Log
Risk Last
Ref Risk Date Action Impact Risk Current
Risk Control Area Issue Likelihood Rating Likelihood Impact Mitigation Reviewe
No Type Logged Owner Rating Rating Status
Actions d
Lack of effective internal
information security governance,
Governance & Enterprise Risk risk management and compliance,
R1 Management <select> <select> N/A Open
Management and alignment with the provider
own security governance
Risk of adequate Data Protection

no longer being maintained to a
compliant level
R2 Management Data Protection Risks <select> <select> N/A Open
Media cannot be physically

destroyed, cannot be properly
identified or no adequate
R3 Management Sensitive Media Sanitisation procedure in place <select> <select> N/A Open
Loose identification of sensitive

data or protection of data in transit
or stored in the cloud, and
Information Management and Data prevention of data leakage
R4 Management <select> <select> N/A Open
Security
Risk of failing to comply with

government-mandated and
R5 Regulatory Compliance and Audit Management industry-specific regulations and <select> <select> N/A Open
standards, and failure to get audit
information from the provider
Storage, processing, disclosure to
Legal Issues: Contracts and Electronic third-party, transfer to other legal
R6 Regulatory jurisdictions of personal data and <select> <select> N/A Open
Discovery
the risk for the provider not being
able to produce business data in
case of for
Failure subpoena
the provider to detect,
handle incidents and report them
R7 Regulatory Incident Response to the agency with data that can <select> <select> N/A Open
be analysed easily to satisfy legal
requirements in case of forensic
investigations
The system cannot be audited
and/or certified as it should
R8 Regulatory Audit or Certification unavailable <select> <select> N/A Open
Failure in achieving or maintaining

Compliance (to regulation,
R9 Regulatory Compliance Degradation governance, standards) <select> <select> N/A Open
Page 2 of 6
Risk Last
Ref Risk Date Action Impact Risk Current
Risk Control Area Issue Likelihood Rating Likelihood Impact Mitigation Reviewe
No Type Logged Owner Rating Rating Status
Actions d
The agency might relinquish
control to the provider on a
R10 Regulatory Governance Degradation number of issues which may affect <select> <select> N/A Open
overall governance
Mirroring data for delivery and

Storage of data in multiple jurisdictions redundant storage without
R11 Regulatory actualised information as to where <select> <select> N/A Open
and lack of transparency
the data is stored. agency may
unknowingly violate regulations
especially
Unable if clearbusiness
to make information is
not provided interoperate
applications about the jurisdiction
between
R12 Strategic Interoperability and Portability of storageand lack of standards to
providers <select> <select> N/A Open
minimise the risk of vendor lock-in
Page 3 of 6
HUA Standard 4360:2004 Risk Management
Each risk has been rated in terms of it’s resulting likelihood of occurrence and the potential impact, using the rating system specified in HUA
STANDARD 4360:2004 Risk Management. These are explained in the tables below.
Table 1 - Types of Issues/Risks

Type Description
Strategic Related strategic mission and objectives.
Financial economic
Related to legal impact (costs,
and contractual revenues,Political
obligations. budgets).legislative
Regulatory (Compliance)impacts.
Management Related to decision making, resources, policies, etc.
Operational (Technical)Related to ICT delivery, support or management services.
Table 2 - Qualitative Measure of Consequences of Likelihood

Level Descriptor Description
A Almost certain Is expected to occur in most circumstances. More than once per year
B Likely Will probably occur in most circumstances. 1 in 1 - 3 years
C Possible Might occur at some time. 1 in 3 - 5 years
D Unlikely Could occur at some time. 1 in 5 - 10 years
E Rare May occur in exceptional circumstances. 1 in 10 years
Table 3 - Qualitative Measure of Consequences of Impact

Level Description Example detail description
No injuries, low financial loss, no risk to
1 Insignificant
reputation.
Minor First aid treatment, on-site release
2 Minor immediately contained, medium financial loss,
some customer dissatisfaction.
Medical treatment required, on-site release
3 Moderate contained with outside assistance, high
financial loss and public visibility.
Major Extensive injuries, loss of production
capability, invocation of disaster recovery
4 Major
with no detrimental effects, major financial
loss.
Death, off-site with detrimental effect, huge
5 Catastrophic
financial loss.
Table 4 - Quantitative Measure of Consequences of Impact

Level Description Example detail description
1 Insignificant Nil – Negligible
2 Minor Under 500K
3 Moderate Between $500k - $5m
4 Major Between $5m - $20m
5 Catastrophic Above $20m
Table 5 - Qualitative Risk Analysis Matrix
Consequences
Insignificant Minor Moderate Major Catastrophic
Likelihood: 1 2 3 4 5
A (almost certain) H H E E E
B (likely) M H H E E
C (possible) L M H E E
D (unlikely) L L M H E
E (rare) L L M H H
Key Description
E Extreme Risk: Immediate action required to mitigate the risk.
H High Risk: Action should be taken to compensate for the risk.
M Moderate Risk: Action should be taken to monitor the risk.
L Low Risk: Routine acceptance of the risk.
Table 6 - Issues/Risks status types

Type Description
Open New item identified and awaiting action.
Closed Item closed e.g. no longer a concern, rejected, etc.
In progress Item undergoing treatment/mitigation activities.
Monitoring Treatment/Mitigiation activities complete and being monitored.
Resolved Item resolved through treatment/mitigation actions and resolution

accepted by stakeholders.
Cloud Computing Issues Log
Ref Date Assigned
No Issue Type Logged Issue Control Area Description Impact Priority Last Update Allocation Details/Update To Status Deadline
I1 <select> <select><select> <select>
Table 1 - Types of Issues/Risks

Type Description
Strategic Related
Related strategic mission and objectives.
Related toto economic impact (costs,
legal and contractual revenues,
obligations.
Financial budgets).
Political
Regulatory (Compliance)or legislative impacts.
Related to decision making, resources,
Management policies, to
Related etc.
ICT delivery, support or
Operational management services.
Document Control
Date Version Name and Position Review type/status or amendments
Provided by
KineticIT under Final version - customised
7/7/2009 1.00
contract to the Dept original Issue-Risk log template.
of Finance
Customised for DoF project

9/11/2013 1.10 Updated and rebadged
management.
Modified - increased issues and

9/18/2013 1.20
risk items.
12/13/2013 1.30

Management Dashboard - Issues & Risks: Issue Summary Risk Summary Issue Status

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Management Dashboard - Issues & Risks: Issue Summary Risk Summary Issue Status

Uploaded by

Copyright:

Available Formats

Management Dashboard - Issues & Risks

Issue Type Summary Risk Type Summary

Risk & Issue Types Total Risk Ratings

Risk of adequate Data Protection

Media cannot be physically

Loose identification of sensitive

Risk of failing to comply with

Failure in achieving or maintaining

Mirroring data for delivery and

Table 1 - Types of Issues/Risks

Table 2 - Qualitative Measure of Consequences of Likelihood

Table 3 - Qualitative Measure of Consequences of Impact

Table 4 - Quantitative Measure of Consequences of Impact

Table 5 - Qualitative Risk Analysis Matrix

Table 6 - Issues/Risks status types

Resolved Item resolved through treatment/mitigation actions and resolution

Table 1 - Types of Issues/Risks

Date Version Name and Position Review type/status or amendments

Customised for DoF project

Modified - increased issues and

You might also like