Role of a Risk Manager

Creation of a position of risk manager is strongly recommended because the system is not likely to succeed without having one knowledgeable individual responsible for decision making, and supervision; overall control of technical and analytical activities in the process; and it is continuum.

In a small organization, the position could be assumed as a collateral one to a top level management official. In a large and complex entity, however, a separate position, that is sufficiently high in the organization, should be established for a risk manager; with authority for data processing security across the organization lines. Some requisites for a top level risk management position are;

  • Knowledge of short and long range goals of the organization;
  • Awareness of user security needs and properties to the establishment and maintenance of appropriate level of security;
  • Awareness of new technology in security;
  • Authority to make, or assist in making, policy decision on security programs and procedures;
  • Authority, with management approval, to implement security measures, deemed feasible from a risk analysis;
  • Ability to follow through, periodically, on security policies and practices in action; checking actual performance and, result and taking corrective action; if necessary punitive action.

It is advisable to take up this work along with the Date Base Administration of the organization.

ADVERTISEMENTS:

To the start of the contingency planning project, a team of 3-4 managers from various functional areas is formed. The approach normally followed is to base the contingency plans on rational economic analysis and to avoid problems of internal politics of the organization. The objectives of the project team generally include the following:-

  • Conservation of assets upon exposure to a major hazard whether fire, storm, sabotage of other hazard;
  • Assurance that the corporation will survive even if the computer facilities are disabled, or destroyed;
  • Specific action plans that a ‘prudent man’ should take while in-charge of the organization’s most vital assets: date.