Risk management is the capability of effectively mitigating risks when they occur. James W. Meritt wrote an article on risk management relating to information systems. The article talks of different types of risks and their effect the organization’s communication system. In addition, he gives examples of the items that are highly exposed to risks and gives solutions on how the risks could be mitigated.
This paper explicates his article and gives a positive critique in relation to it.
James W. Meritt, in his article, “Office of Management and Budget” talks about risk management in the organization. His article focuses mainly on the risks that are associated with information systems in the organization and how they could be mitigated. He starts by giving a clear definition of risk management. He asserts that risk management is the process of identifying, measuring, putting in place measures required to minimize factors affecting organizational resources.
In addition, Meritt goes ahead to outline different types of risks that could pose a threat to the organization’s information systems. He describes the risks and classifies them. He suggests that an organizations information system could be exposed to both natural and human risks. This is an excellent starting point for him. He ensures that the readers get a first impression on the risks before having an in depth analysis. He has clearly differentiated the risks thus enabling the reader to memorize and get the distinguishing factors between different types of risks. He gives risks such as rain, floods, and tsunami as natural risks (Meritt, 1998 pp 2). He classifies others such as hacking, fraud, and errors by the programmers as human risks.
Meritt goes ahead to give a description of how these risks affect different information items in the organization. He gives examples of the information items ranging from assets, software, and even personnel and the accompanying risks. He states that assets such as facilities could be exposed to natural risks such as floods or even the wind. This manner of presenting the risk is likely to stick in the minds of the readers because of the manner in which the risks are attached to the assets. People are thus able to work and communicate in the organization with a hint on the risks they could be exposed to. In addition, his assertion that risks could result from human error in software is vital because people would act in a controlled manner.
He describes the methods of risk evaluation. For instance, he talks of the numerical methods of evaluating risks. The description of the methods relating to risk evaluation is vital because most people in the organization are able to tell the forth coming risk. Meritt also outlines the different methods of mitigating the risks. In the outline, he talks of proper measures such as putting in place security measures. His analysis on the different methods of managing risks is vital in the sense that organizations facing these problems are likely to employ the appropriate measures in dealing with the risks. His emphasizes that risks cannot be eliminated as a motivation because people could not give up even when the risks persist. He encourages people to accept some of the risks and effectively deal with them. His points on risk management are motivating because they ensure that the individual is on toes, to minimize the risks.
In conclusion, risk management is vital for the success of most organizations. James W. Merritt’s article on risk management in organizational information system is helpful. He clearly describes all aspects relating to the risks associated with different information systems and leaves the reader more enlightened on matters relating to risk management.