1. What is the most effective way to identify risks like those you noted in the tables?
The best way to identify risk is by planning ahead and knowing what the potential of each risk happing is. This will allow an organization to plan for each risk.
2. What are some important factors when weighing the depth of a formal risk analysis? How would you balance the interruption needed for depth and the need to continue ongoing organizational activity?
Some Important factors to consider when weighing the depth of a formal risk analysis are to determine the size and complexity of an organizations IT department (Perrin, 2008). Also a budget for the process needs to be defined to ensure it does not get out of hand and cost the organization more than it is worth. I would balance the interruption needed for depth and continuing day to day work by having by having plan on what areas need to be worked in order to minimize back tracking and causing multiple interruptions.
3. What should an organization’s risk management specialist do with the information once a potential risk has been identified? What information would be needed for senior management to know the danger of each risk and the proper way to handle the risk?
Once a risk has been identified an analysis needs to be done to determine the likelihood of the risk happening, and what the impact would be. Then they need to decide whether to take action now or set up a contingency plan for if the risk does happen. The last thing would be to continually monitor their systems to watch for risks happening, new risks emerging, or changes in the risk analysis report (Wallace, 2007). Each risk needs to be presented with the target audience in mind. The person presenting the risk to senior management must provide summarized information with clear recommendations (Pfost).