INTRODUCTION TO RISK

Managing your online risks requires a comprehensive strategy implemented throughout the whole organisation, and with buy-in from board members, staff and other relevant stakeholders.

You need to be familiar with the key elements involved in managing risk as well as handling disputes, particularly when they relate to the use of online systems and networks where collaboration underpins the business relationship.

Increased business online = increase risks

Barriers to doing business online are comparatively low, but new opportunities can be accompanied by new risks. As organisations become more enabled electronically, so legal, regulatory, contractual and other risks increase.

Risk assessment means listing all of the risks a business might face and assigning varying degrees of importance to them. Risk management means prioritising these risks and formulating policies and practices to balance and mitigate them.

Every business can benefit from a risk assessment of their online systems and networks, although smaller businesses may not need to implement some of the more sophisticated techniques described in this guide.

This guide explains the risks that you and your business partners need to be aware of. It also explains how risk assessment and management can help in recognising and quantifying the risks and how to balance them against the potential gains.

Identifying hazards and risk

A hazard is anything that may cause harm to an organisation. The risk is the chance, high or low, that the organisation could be harmed by these and other hazards, together with an indication of how serious the harm could be. Vulnerability and hazards are not dangerous, taken separately. But if they come together, they become a risk - a probability that a negative impact upon your organisation will happen.

Online risks are everywhere, from the lack of security on your website to doing business online in another country. As business professionals, you need to be aware of the weak points across your online supply and demand chain. Understanding relevant laws and regulations is not just the domain of lawyers because, as senior managers and employees you are also responsible for the organisation's economic well-being.

Risks can be reduced or managed.

Risk is part of everyday life so we should understand and learn from it;

Some risks are anticipated before they happen, many are not

Risk can lead to direct or indirect loss resulting from inadequate or failed processes, people and systems, or from external events

Legal risk

Legal risk is usually caused by

a defective transaction;

a claim or counter-claim;

failing to protect company-owned assets, or

a change in the law.

Regulatory compliance

Regulatory compliance is the extent to which a company follows laws that guide activity. The term can refer to many different areas of industry and commerce, including safety regulations, hiring practices, account and tax reporting, and environmental regulations. Many businesses create programs, such as internal auditing, safety checks, and various types of tests, to ensure that they stay compliant with any applicable regulations.

Regulations are diverse, but they tend to mandate business process changes, documentation and reporting. These consistencies should allow organisations to develop an architecture that improves their response to any regulation. A good IT governance process is all about responsibility and accountability - allocating decision-making authority to those that are capable of driving governance down and across throughout the whole organisation.

Failure to commit

Failure to mitigate risk can be catastrophic. Consequences for organisations can include: bad publicity; loss of customer and shareholder confidence; at worst, business closure;

Organisations can also face civil or criminal actions, fines and compensation claims, and imprisonment for directors and other culpable parties.

Some issues that require regulatory compliance revolve around the employer/employee relationship. Non-discriminatory hiring policies, family leave, wage levels, permitted labour hours, and restrictions on employing minors may all be a result of regulatory compliance. These regulations are often a result of government legislation, but may also come from labour or trade unions. If a company fails to follow mandated regulations in regards to its employees, it runs the risk of civil lawsuits and strikes.

Agreement needed on better use of health data

Has Cabinet Office given up on trying to dictate ID solutions ?

What the Defamation Bill means for the Internet

Fixed Narrowband Market Review and Network Charge Control Consultation

Public Records (Scotland) Act 2011

Agreement needed on better use of health data

What the Defamation Bill means for the Internet

UK Information Security Breaches Survey Results 2012

ICO won’t fine websites for UK cookies violations

Government remains concerned over EU Alternative Dispute Resolution

New price caps for mobile data roaming will save business travellers over €1000

Business Continuity and BS 25999

Governance, Security And Risks Using Personal Devices At Work

Fixed Narrowband Market Review and Network Charge Control Consultation

Queen’s Speech: Business growth and fairness key to economic recovery

UK Data Retention Requirements

New ENISA paper on cyber security strategies

Socks, shoes and feet – dissecting a copyright analogy

ICO won’t fine websites for UK cookies violations

The Great Surveillance Rip-Off – spending more to achieve less

Protection of Freedoms Act 2012

Better by Design? – UK Intellectual Property Consultation

Identity and Information Governance – Standard Terms

Writing a Web 2.0 Policy

INTRODUCTION TO RISK

Increased business online = increase risks

Identifying hazards and risk

Legal risk

Regulatory compliance

Failure to commit

Members Links…

BBC Technology

Corporate

Archives

Collaboration

Products