Risk Management in SharePoint Governance
-
Upload
christian-buckley -
Category
Documents
-
view
2.981 -
download
3
description
Transcript of Risk Management in SharePoint Governance
Risk Management in SharePoint GovernanceChristian [email protected]
Some of the questions we’ll ask during this webinar:
• What is the role of risk management in my SharePoint governance strategy?
• How can I better understand my customer requirements?
• What is the right balance around auditing, reviewing, and sharing risk management data?
• How can I make risk management awareness part of my organizational culture?
About
Christian Buckley, Director of Product Evangelism at Axceler
• Microsoft MVP for SharePoint Server
• Most recently at Microsoft, part of the Microsoft Managed Services team (now Office365-Dedicated) and then Advertising Operations
• Prior to Microsoft, was a senior consultant, working in the software, supply chain, and grid technology spaces focusing on collaboration
• Co-founded and sold a collaboration software company to Rational Software. At another startup (E2open), helped design, build, and deploy a SharePoint-like collaboration platform (Collaboration Manager), onboarding numerous high-tech manufacturing companies, including Hitachi, Matsushita (Panasonic), and Seagate
• Co-authored ‘Microsoft SharePoint 2010: Creating and Implementing Real-World Projects’ link (MS Press, March 2012) and 3 books on software configuration management.
• Twitter: @buckleyplanet Blog: buckleyplanet.com Email: [email protected]
Get the Book
Just released from Microsoft PressOrder your copy at http://oreil.ly/qC4loT
Tackle 10 common business problems with proven SharePoint solutions• Set up a help desk solution to track service
requests
• Build a modest project management system
• Design a scheduling system to manage resources
• Create a site to support geographically dispersed teams
• Implement a course registration system
• Build a learning center with training classes and resources
• Design a team blog platform to review content
• Create a process to coordinate RFP responses
• Set up a FAQ system to help users find answers quickly
• Implement a cost-effective contact management system
Axceler Overview
Improving Collaboration since 2007Mission: To enable enterprises to simplify, optimize, and secure their collaborative platforms
Delivered award-winning administration and migration software since 1994, for SharePoint since 2007Over 2,000 global customers
Dramatically improve the management of SharePoint
Innovative products that improve security, scalability, reliability, “deployability”Making IT more effective and efficient and lower the total cost of ownership
Focus on solving specific SharePoint problems (Administration & Migration)
Coach enterprises on SharePoint best practicesGive administrators the most innovative tools availableAnticipate customers’ needsDeliver best of breed offeringsStay in lock step with SharePoint development and market trends
Definitions
Governance is about taking action to help your organization organize, optimize, and manage your systems and resources.
A governance strategy is never static – it is
a living, breathing process and a set of rules
that you should live by, not die by!
Your governance strategy needs to be adaptable to meet the growing, changing needs of your business.
• SharePoint out of the box is a powerful platform
• But many organizations don’t think they have the time, money, people to spend on planning
• The same can be said for governance
• The result? o Site sprawlo Unfettered contento Process lawlessness
Why are we talking about governance?
• Central to your governance implementation is understanding and managing the risks involved with your SharePoint environment
• Identifying, assessing, and prioritizing risks
• Measuring, monitoring, and measuring impacts
• Reviewing and modifying your governance strategy based on changing risks and impacts
• Creating policies that secure and protect, but are also flexible enough to meet the growing demands of your organization to collaborate
Why are we talking about risk?
Governance
Strategy
Roles and Responsibilitie
s
Principles
Culture
Communication
Change Management
Risk Management
Information Architecture
Business Alignment
Monitoring and
Maintenance
Why are we talking about risk?
Risk can be driven by uncertainty in requirements or business outcome
Risk also comes at any stage of the project lifecycle, from uncertain or unpredictable root-causes
Project Management methodologies are a form of risk management
Example
You organization wants to build a project management solution that aggregates tasks across existing environments.
You can:• Buy a 3rd party solution• Build it from scratch• Deploy Project Server• Wait to upgrade to 2013
Example
A pending reorganization will require changes to information architecture, update to taxonomy.
You should:• Clarify changing roles, permissions• Understand impacted content,
sites, teams, users• Move/migrate content,
update metadata, modifying workflows and forms
Risk Management Strategies
Strategies to manage risk
Transfer: Is this something that this team even needs to address? Who should own this risk?
Avoid: Can we change our strategy so that this is no longer an issue?
Reduce: Can we minimize the effects of this issue, or reduce the probability that it will occur?
Accept: Should we start working on a plan to work through the risk, dealing with the potential or actual consequences?
Managing risk with SharePoint
Define the Roles and ResponsibilitiesProject Managers, for example, may own
Issues that arise Risks, or future threatsDocumentation Process definitionChange management processCommunication
Managing risk with SharePoint
Use SharePoint to do the basics:
Track risks and issues using lists and document libraries for each project
Setup daily or weekly alerts to notify you about additions, deletions, and changes to lists, list items, and document libraries.
Use document versioning and document check-in and check-out, creating a history of changes.
Risk management
Risk management is proactive. The goal is to help you anticipate where a process or task may fail.
If a vendor proposes 4 weeks for development, but the developer assigned to the task says it will take 8 weeks, a good risk management plan will take this gap into consideration and build contingency plans around this possible delay.
Risk management
Having a risk management view into your SharePoint implementation will:
Help your organization to anticipate, manage, and respond to changes in your environment
Enable your teams to work better together, increasing speed and responsiveness
Improve individual productivity, giving team members and executives more visibility into business problems, helping them to make better choices
Top challenges in risk management
Prioritizing risks
Defining control objectives and control activities
Measuring potential risks and control efficiency
Constantly being in reactive mode when dealing with risk
From Thomas Bahr and Michael Neumann’s article “8 Ways SharePoint Helps in Enterprise Governance, Risk and Compliance” (http://bit.ly/WIOerj)
Tips for implementing
While “best practices” may differ between organizations, there are decades or project management learning that we can look to for helpOrganizations need a transparent view of their enterprise:
Have clearly defined methodologies and processes to drive risk management
Wherever possible, automate your processes using forms and workflow
Provide a comprehensive enterprise risk and compliance management framework, and train people on how to use it
Build a library of identifiable risk indicators and control activities
Stay abreast of emerging compliance issues, industry and technology changes that could impact your business and processes
Look to industry trends and best practices
Create a governance and compliance virtual-team to regularly review and approve changes
From Thomas Bahr and Michael Neumann’s article “8 Ways SharePoint Helps in Enterprise Governance, Risk and Compliance” (http://bit.ly/WIOerj)
Create a risks matrix
Tips for Implementing
Manage enterprise risks and their related activities, procedures and documents
Manage risk controls like assets and proceduresTrack incidents and potential related risksDisplay measured risks in scorecardsDefine your own risk matrixes (impact/occurrence)Manage risk compliance documentsTrack preventive and corrective actions to treat risks Be compliant with risk management standardsAutomate risk processes with workflowSchedule and automate reporting
From Thomas Bahr and Michael Neumann’s article “8 Ways SharePoint Helps in Enterprise Governance, Risk and Compliance” (http://bit.ly/WIOerj)
Benefits of Risk Management
Business benefits
Reducing overall project costsReducing audit fees, fines and penalties through integrated systems, controls, processes and audit trailsSaving internal costs and gain efficiency by redeploying resources from manual and duplicative controlsReducing complexity of your system, or your solutionsReplacing silos of risk and compliance activities (if they exist) with an overarching, integrated viewReducing risk and compliance complexity by integrating and de-conflicting risk requirementsIncreasing business valueAligning a comprehensive risk strategy with specific execution controls through transparent processes and technology Making better, informed decisions with forward visibility into risk and compliance through data transparency and real-time reporting Improving risk and compliance management with a solid governance structure
From Thomas Bahr and Michael Neumann’s article “8 Ways SharePoint Helps in Enterprise Governance, Risk and Compliance” (http://bit.ly/WIOerj)
Planning for Risk
Planning is key
Utilize your established PM methodologyFollow these simple, and universal, guidelines for planning:
Understand your business objectivesUnderstand your end user expectationsUnderstand your governance modelTake feedback, iterate on your planMake your efforts transparent
Risk management in your governance model
Key competencies in a governance model:
1. Strategy2. Coordination3. Execution / Implementation4. Measurement / Monitoring
Best Practices
Identify a governance championClarify roles and responsibilities, and make sure people know what they are signing up forDocument your governance and change management processesClarify and document your information architecture, have a detailed map of your templates, content types, taxonomy and ownership of eachMaintain a list of current risks, make it visibleProvide a list of current and future projects / business activities to allow open dialog of potential risks
Planning
Risk management is about visibilityIf you need to audit your environment, you can’t piece together reports delivered per site. Without visibility, your admins will be completely reactionary to any breach. You need to find security problems before they become a problem.
Where to go from here
Risk management is at the core of your governance strategy’s change management modelHave a plan for identifying and addressing risksMake people accountable for risks by
Making risks visibleClarifying potential impactsIdentifying a path forwardVocalizing the decisions to be made, and the available options
In Summary….
Contact me
Order your copy at http://oreil.ly/qC4loT
Christian [email protected]+1 [email protected] and http://info.axceler.com
Additional Resources available8 Ways SharePoint Helps in Enterprise Governance, Risk and Compliance http://bit.ly/WIOerj
Developing and Enforcing SharePoint Governance Policies with Axceler ControlPoint http://bit.ly/SJVq8a
What to Look for in a SharePoint Management Tool http://bit.ly/l26ida
The Five Secrets to Controlling Your SharePoint Environment http://bit.ly/kzdTjZ