Embed Size (px)
Citation preview
Queensland Government Enterprise Architecture
Risks and challengesDigital and ICT strategic planning framework
Final
October 2018
v1.0.0
OFFICIAL - Public
QGEA OFFICIAL – Public Risks and challenges
Document details
Security classification OFFICIAL - Public
Date of review of security classification
October 2018
Authority Queensland Government Chief Information Officer
Author Queensland Government Chief Information Office
Documentation status Working draft Consultation release Final version
Contact for enquiries and proposed changesAll enquiries regarding this document should be directed in the first instance to:
Queensland Government Chief Information [email protected]
AcknowledgementsThis version of the Digital and ICT strategic planning framework was developed and updated by Queensland Government Chief Information Office.
Feedback was also received from a number of agencies, which was greatly appreciated.
CopyrightDigital and ICT strategic planning framework
© The State of Queensland (Queensland Government Chief Information Office) 2018
Licence
This work is licensed under a Creative Commons Attribution 4.0 International licence. To view the terms of this licence, visit http://creativecommons.org/licenses/by/4.0/. For permissions beyond the scope of this licence, contact [email protected].
To attribute this material, cite the Queensland Government Chief Information Office.
The licence does not apply to any branding or images.
Information securityThis document has been security classified using the Queensland Government Information Security Classification Framework (QGISCF) as OFFICAL - Public and will be managed according to the requirements of the QGISCF.
Final | v1.0.0 | October 2018 Page OFFICIAL – Public
QGEA OFFICIAL – Public Risks and challenges
PurposeStrategic risks are potential events or threats that affect or may result from an organisation’s business strategy and strategic objectives. The ever-increasing pace of change at which models of business and technology innovations are changing increases the need to continually identify and respond to strategic risks that threaten the achievement of strategic objectives.
AudienceA practitioner in the context of this guideline can include one or more of the following roles:
Digital and ICT strategic planners Agency and service strategic planners Workforce planners Business analysts Information managers.
Risk managementEach agency will have its own risk management framework and the practitioners need to consider this guideline within the context of the agency’s framework.
The practices in this guideline should be conducted in collaboration with the stakeholders identified in the Initiate workstream. The identification of strategic risks can be performed as part of workshop or as a separate risk workshop.
Strategic risks need to be considered from the perspective of what risks are associated with the strategy but also what risks are minimised or mitigated because of the strategy. A typical risk management cycle is represented in Figure 1 below:
Final | v1.0.0 | October 2018 Page OFFICIAL – Public
Defining strategic risks is and integral part of any strategic planning process. This guideline enables the practitioner to work with the planning sponsor and participants in the planning processs to define and assess the strategic risks directly related to proposed digital and ICT vision, objectives and strategies.
QGEA OFFICIAL – Public Risks and challenges
Figure 1 - Risk management cycle
Practitioners following a formal risk management process approach like one outlined in Figure 1, should focus on the identification, analysis, evaluation and treatment steps.
RiskWhen identifying risks, it may be useful to first consider categories of risk. Risks can also be either internal or external. Figure 2 describes some typical risk categories and risks.
Final | v1.0.0 | October 2018 Page OFFICIAL – Public
QGEA OFFICIAL – Public Risks and challenges
Figure 2 - Risk categories
Once the risks have been identified the consequences and likelihood of the risk occurring should also be identified. A risk rating (typically Extreme, High, Medium or Low) can then be derived based on the consequences and likelihood scores, applying a risk assessment matrix adopted by the agency.
It may be necessary to discuss with stakeholders, which risks are both significant and strategic, as well as which risks the agency might be willing to accept. Only those risks agreed with stakeholders should be carried forward to the digital or ICT strategic document or plan.
Practitioners should also identify mitigation strategies with stakeholders. In some cases, it may acceptable to discuss some the mitigation strategies as part of the narrative in the digital or ICT strategy or plan to convey how the agency plans to respond positively to the strategic risks.
Final | v1.0.0 | October 2018 Page OFFICIAL – Public
QGEA OFFICIAL – Public Risks and challenges
The Queensland Government Performance Management Framework also recommends the use of Strengths, Weaknesses, Opportunities and Threats (SWOT) Analysis as a method of identifying strategic risks.
When risks form part of a strategy or plan, either as a dedicated section or as part of a narrative, the Queensland Government Strategic Planning Toolkit recommends using terminology such as ‘strategic challenges and opportunities’ or ‘critical issues’.
Next stepsThe methods outlined in this guideline are iterative. It might take several workshops with several diverse groups of people to articulate the final digital or ICT risks.
Practitioners should liaise with the planning sponsor to have the strategic risks formally recognised in the agency’s risk register so all strategic risk can be formally and properly monitored and managed.
It is important to ‘play back’ the outputs of workshops to participants within a short timeframe from the workshop. This will maintain interest and ensure the participants feel like their time to participate was worthwhile.
Once the digital or ICT risks have been identified, work can commence on drafting the digital or ICT strategy or plan.
Final | v1.0.0 | October 2018 Page OFFICIAL – Public
SWOT Analysis is defined in more detail in the guideline Vision: Vision
A link to the Queensland Government Strategic Planning Toolkit is provided in the Resources section of this guideline.
Refer to the following guideline Strategy: digital or ICT strategy or plan for further information.
QGEA OFFICIAL – Public Risks and challenges
Resources
Resource Link
Queensland Government performance management framework
Link – Managing government performance resources
Final | v1.0.0 | October 2018 Page OFFICIAL – Public
