Propose risk mitigation and management approaches for each identified risk


Describe positive and negative risks within your project.Discuss how each of the identified risks can affect the success or failure of the project and rank each risk in terms of impact to the project.Propose risk mitigation and management approaches for each identified risk.Describe the role policy plays in the planning and performing of risk management processes.

Sample paper

Risk Management

Overview of the Project

It is critical to ensure the installation of a new internet security suite in the company. This will improve the security level of the information systems thus preventing cyberattacks. In the recent period, cyber threats has become increasingly common, and with serious consequences to business organizations. This has led to the need for businesses to upgrade their security apparatus. Installation of a new internet security suite will secure the organization from various forms of threats including viruses, spyware, malware, ransomware, email and IM fraud, and from other forms of attacks. Although the installation of the new internet security suite will see the organization realize multiple benefits, there are inherent risks in conducting the project. Nonetheless, various risk mitigation approaches can help in reducing the possibility of such risks.

Positive and Negative Risks within the Project

Positive Risks. There are a number of positive risks within the project. One of the positive risks is completing the installation of the new internet security suite way ahead of scheduled time (Graham, 2015). Another positive risk is completing the project below the budget with a high margin (Graham, 2015). This could lead to unnecessarily tying resources to the project, which could be utilized in other areas. In addition, this could expose the inaccuracies of those involved in assessing the overall project costs. The organization may decide to investigate whether there is a huge discrepancy between budgeted costs and the actual costs. In such a case, the management may suspect malicious attempts to inflate the budget costs, while it could be due to other reasons such as reduction in material costs. Another positive risk may be receiving overwhelming press requests and requests from other companies because the project may have been so successful.

Negative Risks. Negative risks result to losses or even injury (Graham, 2015). One of the possible negative risks is delays in completing the project. All projects are set for completion within a specific timeframe. Going beyond this timeframe may result in additional costs and disrupt planned operations in the organization. Another negative risk is surpassing the budget. Every project has a preplanned cost outlay. At times, the project may incur higher costs than anticipated. Another risk of this nature is unexpected interruptions of the organization’s information systems. During implementation of the internet security suite, the new applications may interfere with the normal working of the organization’s system.

How Each Risk can affect the Project

Each of these risks bears significant impacts on the project. The first positive risk is completing the security suite installation ahead of schedule. The positive impact of this risk on the project is allowing enough time for testing of the new internet security suite. This would ensure that the internet security suite works as planned. On the other hand, this could lead to time wastage as employees involved in the project wait to be assigned other duties. The impact of this risk is low. The other positive risk is completing the project below the budget. The impact of this risk is unnecessary tying of resources to the project, which may be utilized in other areas. The impact of the risk is low since the organization may finally assign the held up resources to other uses after the project is over. The other positive risk is overwhelming media requests as well as request from other organizations. This may cause confusion among those involved in the project. The risk impact is low.

One of the negative risks is unexpected delays in completing the project. This may lead to extra project costs and disrupt the organization’s operation schedule. The risk impact is medium since the organization can be able to mitigate the risk. The other risk is going over the budget. This may strain the organization financially or lead to project delays. The risk impact is medium. The last risk is interruptions of the organization’s operating systems. This may disrupt the entire operations of the organization. The risk impact is high since it might lead to high losses.

Risk Mitigation and Management Approaches

Project completion before schedule can be avoided by systematically planning of all tasks in the internet security suite implementation plan. Careful project planning can help in eliminating budget discrepancies. A mitigation approach in this case would be to apply a flexible budget instead of a fixed budget (McManus, 2012). Press requests can be managed through holding regular meetings to give information to various interested parties. It is possible to eliminate the risk of delays in project completion by staying close to the original scope of the project (McManus, 2012). It is possible to avoid budget overruns by paying attention to project planning. Lastly, the risk of interruptions can be avoided by ensuring there are back up plans including backing up of data.

Role of Policy in Planning and Performing Risk Management Processes

Policy acts as a guiding framework for the organization in dealing with cyber security threats. Policy is critical in formulating guidelines that that help in implementation of strategies to deal with cyber threats (Kendrick, 2009). Another role of policy is providing a robust mechanism through which the organization can control the behavior of employees in the organization.


Graham, N. (2015). Project management for dummies (2nd edition). Hoboken: John Wiley.

Kendrick, T. (2009). Identifying and managing project risk: Essential tools for failure-proofing   your project. New York: AMACON.

McManus, J. (2012). Risk management in software development projects. United Kingdom, UK: Routledge.