Wednesday, May 6, 2020

Risk Management in Engineering-Free-Samples-Myassignmenthelp.com

Question: Discuss about the Risk Management in Engineering. Answer: Introduction The proposed project Implementation of new in patient data storing system aims at automating the process of storing patients data , who are admitted in the hospital and monitor it electronically. The proposed system aims at eliminating the hassle of manually storing the patients records and monitoring it. Both the hospital and the patients will access this health record system. The records are uploaded and transferred to and from the system electronically and the patients data is stored over a common database of the hospital with the application of cloud storage. This proposed system will make the process of data keeping simpler, easier and less time consuming. This will be beneficial for the patients as well since they would not have to carry the manual records of their previous medication in case they see a new professional. However, there are certain risks associated with the implementation of the project. These risks are needed to be eliminated or acknowledged in order to impleme nt the system successfully. The risk management strategy financial and security risks of the project is elaborated in the following paragraphs. Project Overview and boundaries of the Project The in patient data storing system for hospitals, named as My Health record System is to be implemented to automate the system of manual recordings. This system is designed with an objective of storing and accessing patients record electronically. The records and patients details are stored are at first uploaded into the system. The patients and the doctors have to register into the system in order to access the data thus ensuring the privacy of data (Woods et al. 2013). The data is stored in the cloud thus offering unlimited data entries and storage. However, there are certain limitations in this system. The data is to be stored in cloud, thus certain security issues arises with the data security (Kulkarni et al. 2012). Moreover, there is a risk of data loss in case of system failure and that would result in a huge problem. The uploading of the data is needed to be done very carefully as that would be the only copy of the patients record in the hospital. Establishing the Context For implementing the risk management strategy using AS/NZS ISO 31000:2009, the context of the risk are necessary to be defined (Ernawati and Nugroho 2012). The contexts are to be identified carefully in order to ensure an effective risk management plan. This includes establishment of internal, external, stakeholders and risk management context of the plan. These contexts are established in the following paragraphs (McNeil, Frey and Embrechts 2015). Internal Context With the emergence of digital world, people are keener on using internet to make their work easier. This idea has been implemented by the project My Health Record System for automating the storage and transfer of the patients data admit7ted in the hospital. This record will include every detail such as the name, address, medical details and prescribed medication of the patients. Both the professionals and the patients can access this record. The financial context of the business covers the responsibilities of designing the system, Initial investment for the up gradation process, uploading and archiving the previous records into the new system, and re investment strategy. Fluctuation in the finances of the hospital will resonate into every part of the business, which is needed to be tracked by the project manager and the project sponsors (Hopkin 2017). Designing a secure system is another internal context of this project. Maintaining the confidentiality of the information is necessary for the hospital in order to earn the patients trust, which is essential for business perspective. The various department of the hospital that are involved with the designing and development of this project are as follows- 1) Operations Department 2) Clinical department 3) Billing Department 4) Patients discharge department Information from all these departments is necessary for manual input of the previous patients data into the new system. The project teams involved in developing this system are listed below- 1) Designing team 2) Coding team (for database designing and coding) 3) Testing team 4) Project management team (which includes the project manager and the business nalyst of the project) Lastly the patients whose information is to be stored within the health record system are also part of the internal context of the project under consideration. External Context The external context of this project has a direct influence on the internal environment of the hospital. By implementing this project successfully and developing the My Health Record System, the hospital will have a positive impact on the other hospitals for implementing this idea and adopting the change. This will provide fresh business to the hospital by gaining more patients as everyone would love to have an electronic version of data storage instead of the traditional and manual way of data storing (Sadgrove 2016). However, with the implementation of this project, the other hospitals might be negatively affected by the competition resulting from the implementation of My Health Record System Risk management Context For this particular project, the risk management context focuses on managing only the financial and security risks associated with the implementation of the project. The primary goal of this study is to access and analyze relevant risks associated with the project and treat them accordingly (Lam 2014). The goals of the risk management plan are listed below- 1) Reduce the risk of project failure in its first year of implementation. 2) Establishing and building a system that fits the purpose of providing a better service to the patients of the hospital. 3) Ensuring that the business perspective of the project and its performance is aligned with the primary objective of the system. 4) Evaluate the risk involved in storing of patients information in cloud. Risk Criteria As this report mainly focuses on the financial and security risk of developing a new system in hospitals, the risk criteria will also be addressed only on basis of financial and security issues in the system (Christoffersen 2012). The following points are needed to be considered in establishing the risk criteria. 1) A method of determining the degree of threat in storage of patients personal information in cloud and prioritizing those threats 2) The amount of available resources in treating the risk if faced 3) Setting up a tolerability benchmark 3) The probable impact of immediate and delayed risks in the system These points aim at: 1) Helping the project manager in effective decision making 2) Considering various scenarios and their impact on achieving the objective of the project 3) Allocating resources at the initial stage of development in order to bypass high-level risks 4) Providing a clear and simple tool for clear and essential communication The internal goals of the hospital in developing the in patient data storing system are as follows- 1) The project must comply with the government regulations and laws 2) Profit must not be less than 6% 3) The system implementation should not lead to the over budget of the project 4) The system should be developed in such a way that it will be opened for further advancements if required 5) Zero turnover rates in order to avoid unnecessary costs rising from training the staffs in using the new system. Stakeholders The detailed analysis of the stakeholders involved in this project are elaborated in the following paragraph (Harrison and Wicks 2013)- Stakeholder Identification The following are the identified stakeholders of the project under consideration (Pacheco and Garcia 2012) - The Hospital Owner The Project manger ( the project deals with designing the health record system) Project Team Sponsors The Billing department of the Hospital The patients Table 1: The list of stakeholders involved in the project Stakeholder Analysis Detailed analysis of the identified stakeholders are elaborated in the following table (Lienert, Schnetzer and Ingold, 2013)- Stakeholder Influence/Interest The Hospital Owner Responsible for setting up the objectives of the project The Project manger ( the project deals with designing the health record system) Responsible for planning and executing the project according to the specified objectives Project Team Responsible for the implementation of the project within the specified time Sponsors Responsible for managing the economical aspects of the project and is the source of funding for the project The Billing department of the Hospital Responsible for providing necessary details of the patients to be uploaded into the new system The patients Responsible for supporting the project by agreeing to store their personal information and health records into a common database of the hospital. Table 2: Representing the Stakeholders Analysis Consultation Engaging the stakeholders through an appropriate communication and consultation plan is necessary to address the stakeholders interest and concerns. This project is a medium sized project and hence it is essential to recognize the potential risks associated with the opening up of a new system and build awareness in regard to the significance of the My health Record System (Lundgren and McMakin 2013). An effective Communication plan eliminates the conflict of interest and decision among the project stakeholders and therefore it is very essential for a smooth implementation of the project (Lando 2014). In order to develop an effective communication and consultation plan, a proper analysis of the power and the interest of the stakeholders in necessary to consider (Fassin 2012). The group of stakeholders who have less power or interest on this project would be least pronounced in the communication and the consultation plan. While the group of stakeholders who have high power and interest over this project should be specifically and formally addressed and included in the communication and consultation plan through proper email. Mass communication should be made with this group as this group of stakeholder has higher interest in the project. They should be informed about the project progress in daily basis. The stakeholders included into this group are the hospital authority and the owner. Stakeholders that have low interest over the project can be notified about the project progress less often. Four Risk assessment Methods The four relevant risk assessment methods are elaborated in the following paragraphs- Risk Identification For the purpose of risk identification in developing this system, two methods were primarily undertaken, brainstorming and checklist (Kerzner 2013). The Brainstorming session was proposed for evaluating the risk that might creep in while the project is implemented (Keeney 2012). The brainstorming session was performed with the investing partners and general manager of the hospital along with the project manager in a number of face-to-face meetings. The results of these meetings and discussions are to be analyzed in order to indentify the risk associated with the project (refer to appendix 12.1. for risk identification checklist). The different areas of risks associated with the project are elaborated in the following table- Risk Type Risk Description Risk Class Finance The project might not be completed within the assigned budget High Legal Complaints from patients about data privacy and security may stop the project leading to huge financial loss Low Technology Malfunctioning of the system, security and equipments Medium Security Failure of securing the confidentiality of the patients information High Future Competition Competition from other leading hospital may affect the business High Table 3: Representing the risk areas involved in the project Risk Analysis Risk analysis is a process of reviewing the risks associated with a particular project. Risks are analyzed on both qualitative and quantitative basis (McNeil, Frey and Embrechts 2015). Risk analysis is an important component of risk management. A proper risk analysis is essential to estimate the damage that might be a cause of the risk. The analysis demonstrates the relationship between the probability of the risk in occurring and the amount of damage it might cause. The risk level is determined by the combination of probability and consequence of the risk. The hospital authority adopts a proper risk analysis tool and the project manager to evaluate the risk related to the project (Cox 2012). The risk Associated with the Project The risk associated with the project are elaborated in the following table- SL No. Description of the Risk Likelihood Impact Priority 1. The Project is not completed within the estimated schedule Medium The whole procedure of upgrading the system might be delayed. High 2. An error has occurred in manual uploading of the previous records High The whole procedure of record uploading might have to be repeated leading to a considerable loss of time. High 3. The confidentiality in patients information is not maintained (Chen and Zhao 2012). Low The project may fail completely as it is essential to protect the data stored in the system, as it is a matter of maintaining the privacy of the patients details. High 4. The price of developing the system is found to be more than the advantages it offers Low This would lead to considerable economic loss of the hospital. Medium Table 4: Representing the risks Involved with the project Existing Controls and Their Effectiveness Controls are necessarily established to eliminate the probability of risks occurring. The controls are implemented after discussing its effectiveness with the management and the project manager. In any project, human error is a large possibility and hence it is significantly considered in any risk management process. Therefore, controls are to be carefully written and reviewed before finalizing. These guidelines are to be handed to the every members of project team at the beginning of project initiation. The effectiveness of these controls cannot be quantitatively measured. Risk Evaluation After analyzing the risks in terms of their probability and consequence, every risk is segregated into a unique risk rating according to their severity. Every risk is classified into three categories- High, Medium and Low. The risks that fall in the High region needs immediate attention and cannot be tolerated, the risks that fall into medium category can be tolerated only if the cost benefit analysis is extremely high, the risk that fall under low category can be ignored (Covello, Menkes and Mumpower 2012). The FMEA Analysis (refer to appendix 12.2.) is done to identify the possible risk and the damage they would create in the project. Figure 1: Representing the Risk evaluation Criteria (Source: Covello, Menkes and Mumpower 2012) Risk Treatment AS/NZS ISO 31000:2009 includes several options of risk managing and treating. These options are as follows- 1) Eliminate the risk 2) Change the likelihood of occurrence of the risk 3) Change the Consequences of the risk 4) Transfer the risk 5) Retain the risk Identification of the appropriate risk treatment There are several methods present for treating the identified risk. For this particular project the risk treatment methods were chosen on basis of (Bojanc and Jerman-BlaÃ… ¾i? 2013)- 1) Suitability and usefulness of the treatment 2) Cost of the treatment 3) Choosing the best alternatives among the existing alternatives 5) Acceptability of the residual risks Appropriate risk treatment were identified keeping in mind the criteria stated above. The best risk treatment was so design the project plan in such a way that would eliminate all the possible financial and security risks (Feng, Wang and Li 2014). Risk Recovery Implementation of the project My Health Record System is very important and therefore it is important to have a risk recovery strategy to handle the unexpected and extreme impacts. A flawless project plan is essential to eliminate the major risks associate with the project. The most prominent risk associated with this project is storing of the patients data in a secure manner. Elimination of this risk is possible by ensuring that the project plan includes the development of the system with proper cryptographic methods (Fernandes et al 2014). The storing of the patients information is carried over internet and hence additional security of the data should be ascertained. However, if any discrepancy occurs in the course of project implementation, risk recovery techniques and strategies helps in overcoming the adverse effect. The risk recovery technique applied in this project is crisis management planning that establishes a backup plan for a financial and security threat. This includes changing the whole projects plan unless necessary (Carr and Yu 2012). Risk tolerability Tolerability of risk identifies the tolerability of risks associated with the system. It is generally measured in a scale of 1 to 25 with 1 being the lowest risk level and 25 being the extreme level of risk. The risk tolerability table matrix is elaborated below- Almost Certain Medium 5 High 10 High 15 Extreme 20 Extreme 25 Likely Medium 4 Medium 8 High 12 High 16 Extreme 20 Moderate Low 3 Medium 6 Medium 9 High 12 High 15 Unlikely Low 2 Medium 4 Medium 6 Medium 8 High 10 Rare Low 1 Low 2 Low 3 Medium 4 Medium 5 Likelihood Impact Insignificant Minor Moderate Major Catastrophic Figure 2: Representing the Risk level of rist tolerability table (Source: Feng, Wang and Li 2014) Monitoring and Review After evaluating and properly managing the risk, it is essential for monitoring and controlling the risks further to ensure the effectiveness of the controls that are identified or employed to manage the risks. The risk monitoring and review strategies recommended for this project are listed below- 1) Periodic repetition of the risk management process and update of risk management process is essential to monitor and capture new risks. 2) The risk management plan should be examined and reviewed even after completion of the project. 3) Observed risk should be properly recorded in the risk register. Societal benefits of risk exposure The societal benefits of risk exposure are listed below- 1) The patients will have a clear idea about the security policies of the new system 2) The system will be beneficial not only for the inpatient but for the casualties as well 3) The system will give financial benefit to the hospital 4) It prevents further creeping up of the risk into the system 5) Exposes the vulnerability of the project under development Risk Closure The responsibility of the risk assemenet manger is to close a risk once it has been treted. The conmdition of risk closing are as follows- 1) Ensuring that the treatment actions are properly implemented 2) Positive feedback has been received after the risk treatment 3) No additional risk has been encountered while treating an existing risk. Conclusion Therefore, from the above discussion it can be concluded that risk management is very essential for successful implementation of the project. Certain steps are undertaken for proper risk management. These include, establishing the context of the risk, evaluating the risk criteria, analyzing the relevant stakeholders, establishing a proper communication and consultation plan, identification of the risk, risk analysis and risk evaluation followed by the proper treatment of the risk and monitoring the risk. A risk manager is to be appointed for properly managing all the aspects of a risk management process. After analyzing evaluating and eliminating the risk from a project, it is essential to monitor the risk even after its elimination. This is essential to prevent the any type of further risk creeping into the system or project. Since this project deals with the storing of patients data over electronic means, maintaining the security of the data is very essential. This is ensured by in volving proper cryptographic methods and encryption as various means of data security. After proper risk treatment and getting a satisfied result, the risk can be subsequently closed after evaluating certain criteria and ensuring that the risk would not creep into the system once again. References Bojanc, R. and Jerman-BlaÃ… ¾i?, B., 2013. A quantitative model for information-security risk management. Engineering Management Journal, 25(2), pp.25-37. Carr, P. and Yu, J., 2012. Risk, return, and Ross recovery. The Journal of Derivatives, 20(1), pp.38-59. Chen, D. and Zhao, H., 2012, March. Data security and privacy protection issues in cloud computing. In Computer Science and Electronics Engineering (ICCSEE), 2012 International Conference on (Vol. 1, pp. 647-651). IEEE. Christoffersen, P.F., 2012. Elements of financial risk management. Academic Press. Covello, V.T., Menkes, J. and Mumpower, J.L. eds., 2012. Risk evaluation and management (Vol. 1). Springer Science Business Media. Cox, L.A.T., 2012. Confronting deep uncertainties in risk analysis. Risk Analysis, 32(10), pp.1607-1629. Ernawati, T. and Nugroho, D.R., 2012, September. IT risk management framework based on ISO 31000: 2009. In System Engineering and Technology (ICSET), 2012 International Conference on (pp. 1-8). IEEE. Fassin, Y., 2012. Stakeholder management, reciprocity and stakeholder responsibility. Journal of Business Ethics, 109(1), pp.83-96. Feng, N., Wang, H.J. and Li, M., 2014. A security risk analysis model for information systems: Causal relationships of risk factors and vulnerability propagation analysis. Information sciences, 256, pp.57-73. Fernandes, D.A., Soares, L.F., Gomes, J.V., Freire, M.M. and Incio, P.R., 2014. Security issues in cloud environments: a survey. International Journal of Information Security, 13(2), pp.113-170. Harrison, J.S. and Wicks, A.C., 2013. Stakeholder theory, value, and firm performance. Business ethics quarterly, 23(1), pp.97-124. Hopkin, P., 2017. Fundamentals of risk management: understanding, evaluating and implementing effective risk management. Kogan Page Publishers. Keeney, R.L., 2012. Value-focused brainstorming. Decision Analysis, 9(4), pp.303-313. Kerzner, H., 2013. Project management: a systems approach to planning, scheduling, and controlling. John Wiley Sons. Kulkarni, G., Chavan, N., Chandorkar, R., Waghmare, R. and Palwe, R., 2012, October. Cloud security challenges. In Telecommunication Systems, Services, and Applications (TSSA), 2012 7th International Conference on (pp. 88-91). IEEE. Lam, J., 2014. Enterprise risk management: from incentives to controls. John Wiley Sons. Lando, A.L., 2014. The critical role of crisis communication plan in corporations' crises preparedness and management. Global Media Journal, 7(1), p.5. Lienert, J., Schnetzer, F. and Ingold, K., 2013. Stakeholder analysis combined with social network analysis provides fine-grained insights into water infrastructure planning processes. Journal of environmental management, 125, pp.134-148. Lundgren, R.E. and McMakin, A.H., 2013. Risk communication: A handbook for communicating environmental, safety, and health risks. John Wiley Sons. McNeil, A.J., Frey, R. and Embrechts, P., 2015. Quantitative risk management: Concepts, techniques and tools. Princeton university press. McNeil, A.J., Frey, R. and Embrechts, P., 2015. Quantitative risk management: Concepts, techniques and tools. Princeton university press. Pacheco, C. and Garcia, I., 2012. A systematic literature review of stakeholder identification methods in requirements elicitation. Journal of Systems and Software, 85(9), pp.2171-2181. Sadgrove, K., 2016. The complete guide to business risk management. Routledge. Woods, S.S., Schwartz, E., Tuepker, A., Press, N.A., Nazi, K.M., Turvey, C.L. and Nichol, W.P., 2013. Patient experiences with full electronic access to health records and clinical notes through the My HealtheVet Personal Health Record Pilot: qualitative study. Journal of medical Internet research, 15(3).

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.