Scope of a Risk Management Plan
In addition to the objectives, identifying the scope of a risk management plan is also important. The scope identifies the boundaries of the plan. The boundaries can include the entire organization or a single system or process. Without defined boundaries, the plan can get out of control.
A common problem with many projects is scope creep. Scope creep comes from uncontrolled changes. As the changes creep in, the scope of the project grows. Changes bring in additional requirements, and uncontrolled changes result in cost overruns and missed deadlines.
For example, in the HIPAA compliance example mentioned earlier, the objective of this project is to bring Mini Acme into compliance with HIPAA. Suppose more unprotected ...
Get Managing Risk in Information Systems, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
