Purpose: to ensure that the organization understands and effectively handles risks
Levels of risk management:
Every service removes some risk from the consumer but also imposes additional risk on the consumer – the balance between the two is the value proposition of the service
1. Practice success factors (PSF)
Four PSFs for RM:
1.1 Establish governance
Governance of risk requires an understanding of two different concepts:
Define both via organizational governance (provide boundaries of how practitioners operate)
Should be regular discussions at board meetings (governance of risk, risk capacity, risk appetite, and strategic risks)
1.2 Nurture a risk management culture
Once a risk identified, document in a risk register (a record of identified risks that records their current status and history)
Not easy to identify risks, must feel safe to identify mistakes made by themselves or other without fear of reprisal (must be everyone’s responsibility to identify and report risks)
A risk management culture is open and honest
1.3 Analyze and evaluate risks
Qualitative risk analysis:
Use the grid to plot a specific risk and assign an overall risk categorization, put in the risk register and then decide on preventative/mitigation actions
1.4 Analyze and evaluate risks
Quantitative risk analysis uses financial or other numerical impact, likelihood becomes a probability
This type of analysis can be used within a business case to justify investments:
Quantitative analysis is time consuming; use both types. When qualitative exceeds a specific limit, dive deeper using quantitative methods
1.5 Treat, monitor, and review risks
Document accepted risks, communicate to the stakeholder, and regularly review for changes in probability, impact, or the cost of controls
When a risk is accepted, design and implement suitable controls (method to mitigate or overcome a risk)
Regularly review controls for compliance as well as actions taken if the control isn’t being followed: Define appropriate controls across all four dimensions of service management
Go back to ITIL 4 Strategic Leader Certification Course: Practices to finish this chapter or to the main page ITIL 4 Strategic Leader Certification Course.
When you are managing a team, “how to be a good manager” is the “must”...
As manager, I am doing many reports, even when I was an ITIL consultant, I still needed to do many reports...
ITIL V3 is going to be obsolete...
Managing an IT service when I start a new company is not an easy task, particularly true, if the service...