In order to successfully integrate Risk Management with Operational Processes a methodical approach is recommended. The selection of the activities, which may be executed as a part of the integration process, depends on the initial situation of an organisation prior to the implementation of the integration. Especially depending on the number of operational and Risk Management processes, which are already implemented in an organisation, some of the implementation activities may be omitted. In general, the following processes may be executed to establish an integration process:
- Risk Management Implementation
- Operational IT Process Implementation
- Integration Planning and Initiation
- Quality Assurance
- Execution of Processes
The first two processes (not necessarily in the above order) are only relevant if not all processes, which are to be integrated, are already implemented in the organisation. It is beyond scope of this report to present detailed instructions of how to implement operational processes, like e.g. ITIL, or invent a comprehensive corporate IT Risk Management policy. For information regarding these topics please refer to the appropriate literature. It is rather assumed that all the processes are implemented and performed in a way that is for the most part compliant to the reference processes used in the project. If the deviation from these standards is too great, the integration on the basis of the project results may become more difficult. As a result, additional redesign of the processes and interfaces in between them may be necessary.
A proposal for a workflow, consisting of activities performed in the processes 3 to 5, is presented in the figure on the right. It displays an exemplary integration scenario with activities and control flows and thereby demonstrates how an integration process may look like.
The short descriptions in "Integration of Processes - Planning and Initiation" & "Integration of Processes - Quality Assurance" explain the semantics of the activities in the integration process model.