Risk Management Plan

1. Introduction A risk is the probability of an event occurring which will have either a positive or adverse impact on a project in case it occurs. The project will cover a wide risk management plan for Shopify an e-commerce business. E-commerce companies like Shopify transact business online handling very sensitive data for their clients and retailers. Online business faces some risks ranging from internal to external in which some of them are natural disasters. Much anecdotal evidence shows that e-commerce associated risks mainly concern viruses, interception of credit cards numbers which travel over communication lines and hackers. There are several ways to avoid e-commerce problems, one of the ways is adopting a proactive risk management plan. Risk management is supposed to be identified as an integral activity of Shopify which includes monitoring sales, figuring out whether product selling is running well. Identifying a risk usually begins when a project is initiated, more risks are identified while the organization matures. In case a risk is identified, assessing it to ascertain the probability of occurrence is done first then the degree of impact is scheduled before analyzing scope, cost, and quality and finally prioritizing them. Documenting a risk is done in two stages which include: the first stage is a contingency plan which gives details of what should be done prior or during the occurrence of a security incident. The second part is developing contingency plan which is implemented before a risk occurring, but in case an emergency plan is done after the risk occurring it targets to lessen the impact of the risk. 1.1 Purpose of the project. 2 RISK MANAGEMENT PLAN The plan outlines the processes, procedures, tools that will be used to control and manage the events that may cause damage to the e-commerce firm. The document will be useful for managing and monitoring all risks the project might face. The plan will address:  Risk Identification  Risk Assessment  Risk Mitigation  Risk Contingency Planning  Risk Implementation Plan 2. General Task 2.1 Risk Register Risk Description of risk Source Likelihood Of Occurrence Severity of impact Controllability Responsibe officer 1. Fraud This is a global risk represented by merchants since online sales involves Card-notPresent Fraud is caused by hackers trying to use back doors and cause harm. High High Updated security systems and use more secure servers. Information Security Officer 2. Inadequate skills. Lack of technical skills in staff Loop hole in human resource during hiring High High Develop training plan Consultant 3. Financial risk Inadequate funding to complete the project Poor financial planning Medium Medium Re-scope project, focusing on time and resourcing Project Manager 4. Technology risk Internet service provider(servers ) crushes Negligent errors in the software design Medium High Conduct expert system update and patching Software engineer 5. Unauthorized access Information can be accessed by illegally Poor configuration systems and poor encryption transmissions. Medium Medium Choosing better encryption transmissions and choosing stronger passwords. IT manager 3 RISK MANAGEMENT PLAN 6. operational risk Web hosting company going offline due to failures Failure to perform frequent system patches and updates Low Medium Developing back up plan like outsource web hosting. IT manager 7. Transaction risk Malicious attacks from viruses, worms, Trojans horse. Emerges from hackers seeking to make damage on the organization Low Medium Having good antiviruses to detect and avoid attacks. Finance manager (he/she should ensure safe transactions ) 8. Business risk Losing site traffic by 50 percent in a short time Google changing its search engine algorithms by 50 percent. Low Medium Develop a unique quality website which servers customers clearly and precisely Company web developer All the risk identified at the beginning and maturity of the project is listed in a Risk Register. The entry grades risk regarding the likelihood of occurrence, the severity of impact,