Name: Aayushi Agrawal

Roll Number: A202

Subject: Software Project Management
SAP ID: 70011118003

Experiment-8

Identify, control and mitigate risks to the project (RMMM)

RMMM basically stands for Risk Mitigation, Monitoring and Management Plan. In
this plan all the steps work as a part of risk analysis. In some software teams,
these risks are documented using the RIS, Risk information Sheet. The RIS is
basically controlled using a database system for easier management of
information. After the documentation of RMMM and project is started, then the
risk mitigation and monitoring part is started.

Online Banking Management Application Risk Controls:

Options to consider include a secure end-to-end delivery channel on the public
network, strong authentication on the device, and strong secure online
application coding and testing standards for the online banking application. If a
financial institution cannot meet its controls requirements (including assessment
of the controls used by a vendor) at any point, a reassessment is necessary. A
financial institution should be able to complete an assessment and provide
ongoing risk management by answering four critical questions:
Where is it (for example, data type, hardware, software, and process)? An
effective risk assessment process should help answer this question.
Who owns it (for example, data type, hardware, software, process, and policy)? It
is critical to assign ownership in order to establish responsibility and
accountability.
How do you know? Is there a significant security gap? Are controls working
effectively? Are they the right controls? Effective risk assessment and audit
processes help answer these questions.
What does "normal" look like? Ensure that monitoring and reporting processes
related to data flow and transactions are in place in order to effectively identify
abnormal behaviour that could indicate malicious activity.
 Following this type of process will help ensure that control gaps are identified,
action plans to mitigate gaps are developed, and residual risk is acceptable. This
process also provides for effective audit validation and feedback related to the
intended control environment, leading to a safer and more successful
implementation.

Risk Mitigation:
It is an activity done basically to avoid a risk.
Steps:
1) Finding out the risks.
2) Removing causes that are the reason for the creation of a risk.
3) Controlling the related documents timely.
4) Conducting reviews in equal and consistent intervals of time to make sure
everything is working fine.

Risk Monitoring:
They are the steps taken to track the projects.
Steps:
1) To check if predicted risks occur or not
2) Make sure the steps defined to work on when risk affects are working fine.
3) To collect data for future references.
4) To allocate and associate risks with steps of the project.

Risk Management and Planning:

This step assumes that the risk mitigation failed and now the risk is creating
serious problems to the project. It is basically done by the Project Manager. The
project manager can use risk mitigation effectively to get out of this situation.
1. Identify critical suppliers. It’s important to have visibility over the
project’s third-party supply chain and access to that party’s data to
properly assess the likelihood of supply delays. Focusing on the most
critical materials, equipment, products and tier 1 suppliers should help
you prioritise and expose key vulnerabilities. Once those susceptible
factors are identified, you must determine how reliant they are on the
regions affected.
 2.  Consider legal and financial implications. Is the potential disruption
likely to qualify as a force majeure event or be seen as something that
should have been planned for? Will there be legal implications if a
company isn’t able to deliver against a contract? What will be the impact of
supply chain disruption on margins, cash flow, loan repayments and
terms? Conduct scenario planning to understand the financial
implications. For example, the cost of materials may increase due to
premiums paid for expedited freight or to buy up supply to maintain
capacity.

3. Communicate. Disruption brings the risk of reputational damage. A clear

strategy for transparent communication with all stakeholders, including
employees and every party along the supply chain, will be critical. Also
bear in mind that effective communication can boost reputations, morale
and trust among all stakeholders.

4. Conduct scenario analysis. An epidemic such as COVID-19 brings specific

challenges. Some are obvious, such as how restrictions on the movement
of people will impact productivity. But there are wider implications and,
perhaps, less obvious concerns. For example, changes to demand/use and
other consumer behaviours will place extra pressure on revenues.
Scenario planning for a range of issues is critical. Consider how alternative
delivery methods or other steps may allow projects to be be completed on
time and on budget, even if they are delayed at some stages. Also, explore
how the use of advanced controls, technology and analytics, along with
alternative construction sequencing, can accelerate capital projects while
ensuring more efficient use of resources and better decision-making.

5. Create a contingency plan. Review project controls, risk management

and governance processes to make sure they are robust enough to provide
early warnings of any cost, time or contractual issues arising from the
possible scenarios.

Prepare the Risk identification checklist

 Banking Management System error
 Data is stored inconsistently
 Invalid data is stored/ Redundancy
 Testing data is not saved
 Code inflation can occur
 Data integrity is not maintained
 Selection of irrelevant functions
Measure the impact of risks on each asset

Databases have traditionally organized information to facilitate rapid search and

retrieval operations, while the security of the stored information has in general
been a secondary consideration. Although it is relatively easy to measure and/or
calculate the response time for database search operations, there are no existing
quantitative measures that can assist information architects in evaluating the
potential for security breaches when considering alternative possibilities for
organizing and storing data.
Interfaces are the instruments of an organization's business strategy. Risk and
opportunity management are essential parts of innovation. Stock national and
international markets are competitive, demanding quality and value. In order to
remain a market leader, Stock management must accept certain project risks.
Stock Market currently does business in over 100 countries, and has over
million’s of employees worldwide. The Stock market workforce is quite diverse
and global. National Stock Exchange process that embraces this diversity and this
capability fosters the capture of ideas, issues, problems and solutions from a
technical, cultural and political perspective.

To analyse Form risks, you need to work out the likelihood of it happening and
the consequences it would have the impact of the risks you have identified. Form
Level of risk is often described as low, medium, high or very high. It should be
analysed in relation to what you are currently doing to control it. Keep in mind
that control measures decrease the level of risk, but do not always eliminate it.

Risk Based Testing is a software testing type which is based on the probability
of risk. It involves assessing the risk based on software complexity, criticality of
business, frequency of use, possible areas with defects, etc. Risk based testing
prioritizes testing of features and functions of the software application which are
more impactful and likely to have defects. Risk is the occurrence of an uncertain
event with a positive or negative effect on the measurable success criteria of a
project. It could be events that have occurred in the past or current events or
something that could happen in the future. These uncertain events can have an
impact on the cost, business, technical and quality targets of a project.

Risk modelling has been prevalent for years in certain industries in which
taking calculated risk is integral to the business, such as financial services and
energy. More recently, organizations throughout the public and private sectors
have begun to adopt a wide array of risk models and simulations to start
addressing strategic, operational, compliance, geopolitical, and other types of
risk. Wider availability of data and sophisticated analysis capabilities is making
modelling more practical; at the same time, the need to cope with an increasingly
risky environment is making it more valued.

Distribute the roles and responsibilities of people directly or indirectly

A project is successful when it achieves its objectives and meets or exceeds the
expectations of the stakeholders. People are individuals who either care about or
have a vested interest in your project. They are the people who are actively
involved with the work of the project or have something to either gain or lose as
a result of the project. When you manage a project to add lanes to a highway,
motorists are directly or indirectly who are positively affected. However, you
negatively affect residents who live near the highway during your project and
after your project with far-reaching implications. The project sponsor are
indirect people, generally an executive in the organization with the authority to
assign resources and enforce decisions regarding the project, is a stakeholder of
project. The customer, subcontractors, suppliers, and sometimes even the
government are stakeholders. The project manager, project team members, and
the managers from other departments in the organization are stakeholders as
well. It’s important to identify all the stakeholders in your project upfront.
Leaving out important stakeholders or their department’s function and not
discovering the error until well into the project could be a project killer.

Apply the appropriate risk mitigation policies

The acceptance strategy can involve collaboration between team members to

identify the possible risks of a project and whether the consequences of the
identified risks are acceptable. In addition to identifying risks and related
consequences, team members may also identify and assume the possible
vulnerabilities that risks present.

This strategy is commonly used for identifying and understanding the risks that
can affect a project’s output, and the purpose of this strategy helps bring these
risks to the business’ attention so everyone working on the project has a shared
understanding of the risks and consequences involved. The following example
shows how the acceptance strategy can be implemented for commonly-identified
risks.
Risks impacting cost

The accept strategy can be used to identify risks impacting cost. For example, a
project team might implement the accept strategy to identify risks to the project
budget and make plans to lower the risk of going over budget, so that all team
members are aware of the risk and possible consequences.

Risks impacting schedule

The accept strategy could help identify possible risks that could impact
scheduling, such as keeping the project on track to meet deadlines.

Risks impacting performance

These types of risks can involve performance issues like team productivity or
product performance and can be identified and accepted as part of project
planning so all members are aware of potential performance risks.

Check effectiveness of the RMMM by evaluating the betterment of the final

product and process of development

To check effectiveness through risk management program should identify gaps

across the project, it should also include processes by evaluating the
methodologies that quantify and measure the value of the ERM program.

The number of systemic risks identified: To systemic risk

identification detects upstream and downstream dependencies across all levels
and project areas of a dataset. Additionally, this metric will identify areas that
would benefit from centralized controls, which would eliminate the extra work
and investment of maintaining separate activity level controls, thereby
increasing database efficiency.

The percentage of process areas involved in risk assessments: ERM is

inherently cross-functional and cannot be performed in silos. Risk, much like a
project, is the sum of its parts. An incident or risk event in one area of the
business will affect other areas within the business. Process owners own the risk;
risk managers own the completeness, timeliness, and accuracy of the risk
information. As more process owners become involved in risk assessments, the
more accurate and forward-looking information is more likely to be collected.

The percentage of key risks monitored: Organizations need a more holistic

understanding of how the project metrics they rely on daily are tied to risk. If a
risk or activity changes, management have no way of knowing if and how the
change will impact their metrics. Through risk assessments and linking risks to
activities, management can start prioritizing the activities that are most in need
of monitoring.

Regular risk assessments enable the detection of increased threat levels and
potentially emerging risks before they materialize. Following this process will
prevent project metrics from being pushed out of tolerance.

The percentage of key risks mitigated: Here, transparency is key. While having

a good sense of your overall risk coverage is important, it’s not nearly as valuable
as understanding the coverage of your organization’s key risks. All risk
assessment should be based on standardized criteria, so we can determine a
uniform tolerance, or cut level, throughout the organization based on resulting
assessment indexes.

This will help to prioritize resources, allocating them to risks in need of stronger
coverage and reducing inefficiencies that come from wasting resources on low-
impact risks. With a tolerance level, this gap analysis will also serve to identify
emerging risks as they rise out of tolerance, indicating that current mitigation
activities are no longer sufficient.

Conclusion:
Whether it is because of demand from customers or a desire to enter new
markets, many community banks are beginning to offer online banking financial
services to their customers. As with all new products, bankers need to
understand the mobile banking environment being used and the associated risks.
Effective risk identification and implementation of mitigation controls and
processes based on the data type, state, and location are key to achieving this
objective. With the proper strategy and risk management elements in place, both
the bank and its customers should experience a safer online banking
environment.