Risk

1. Global Association of Risk Professionals (GARP)
http://www.garp.com/

Global Association of Risk Professionals (GARP) is a not-for-profit association specialized in financial risk management. The Financial Risk Manager (FRM) program was organized in 1997 and has grown steadily and dramatically. The FRM is a comprehensive examination both in content and questions. The FRM covers buy and sell-side issues as well as corporate and regulatory risk concepts. It is not geared toward any one risk management discipline.

2. Professional Risk Managers International Association (PRMIA)
http://www.prmia.org

PRMIA (Professional Risk Managers International Association is a non-profit professional association of risk professionals. The PRM (Professional Risk Manager) Certification is the global standard for financial risk managers. The exam consist of
Exam I: Finance Theory, Financial Instruments and Markets (30 questions)
Exam II: Mathematical Foundations of Risk Measurement (24 questions)
Exam III: Risk Management Practices (36 questions)
Exam IV: Case Studies, PRMIA Standards of Best Practice, Conduct and Ethics (30 questions)

3. BAI Center for Certification
http://www.bai.org
Certified Risk Professional (CRP) Developed by BAI Center for Certification, the CRP designation recognizes financial services professionals who meet a demanding set of examinations, experience, education and ethical requirements.

Download Free IT Project Cost, Benefit and Risk Analysis Templates. This Templates help you to identify and calculate the Return of Investment of any IT Project by analyzing the cost and benefit of the project. This templates available in Microsoft Word and Excel format.

I. How to calculate the Return of Investment (ROI) of IT Project

Step 1: Calculate the Total Costs of Project
Items that should be calculated are:
- Costs of New Proposed Project
- Total Capital Costs (Capital_Cost tab)
- Total Non-Recurring Costs (non_recurring tab)
- Total Recurring Costs (recurring_tab)
- Total Intangible Total Recurring Costs (intangible_costs tab)
- Total Costs of Proposed Project

The thirteen layers of e-security described in The World Bank publication covers both the hardware and software pertaining to network infrastructures. These 13 layers comprise a matrix, which manages the externalities associated with open architecture environments.

1. Risk Management—A broad based framework for managing assets and relevant risks to those assets.

2. Policy Management- A program should control Bank policy and procedural guidelines vis-à-vis employee computer usage.

3. Cyber-Intelligence- Experienced threat and technical intelligence analysis regarding threats, vulnerabilities, incidents, and countermeasure should provide timely and customized reporting to prevent a security incident before it occurs.

4. Access Controls/Authentication—Establish the legitimacy of a node or user before allowing access to requested information. The first line of defense is access controls; these can be divided in to passwords, tokens, biometrics, and public key infrastructure (PKI).

5. Firewalls—Create a system or combination of systems that enforces a boundary between two or more networks.

Management of business risk is an essential component of the responsible administration of any enterprise. Almost every business decision requires the executive or manager to balance risk and reward.

The pervasive use of IT can provide significant benefits to an enterprise, but it also involves risk. Due to IT’s importance to the overall business, IT risk should be treated like other key business risks, such as market risk, credit risk and other operational risks, all of which fall under the highest ‘umbrella’ risk category: failure to achieve strategic objectives. While these other risks have long been incorporated into corporate decision-making processes, too many executives tend to relegate IT risk to technical specialists outside the boardroom.

The Risk IT framework explains IT risk and will enable users to:

There are two kind of Risk Analysis method that we can use to measure the risk level of the company. The methods are qualitative and others are quantitative. Here is simple explanation of each approach

Qualitative Risk Analysis
Using qualitative method such as analyzing Threats, Vulnerability and Controls

Quantitative Risk Analysis
Using calculation such as SLE (Single Loss Expectancy), ALE (Annual Loss Expectancy, Exposure Factor which calculated for each risk and assets'

For better understanding you can download IT Risk Analysis Excel template here