RNR Consulting was engaged by the State of Maryland Department of Budget and Management (DBM), Office of Information Technology (OIT), and Application Systems Management (ASM) Division to develop a Strategic Plan that identified, quantified, and mitigated risks associated with systems and applications. RNR Consulting also developed an implementation plan to prioritize recommended solutions that included the expected timeframe and cost to implement. The Risk Assessment and Mitigation Strategies allowed the State of Maryland to respond to a variety of changing needs in the near and distant future.

The project consisted of tasks and deliverables that were needed to enable a thorough evaluation of the current IT infrastructure, an understanding of the strategic goals, and the identification of the varied risks. The risks brought to light were quantified in terms of probabilities. From this, we had the ability to assess the potential risks associated with a particular system, program, or process.

The first phase of the risk assessment was to identify each risk and assess its magnitude and priority. This phase also categorized risks and provided necessary inputs to reduce or eliminate risks for the next phase of the project. The factors of probability and consequence were multiplied to quantify a risk rating.

The second phase of the methodology discussed the development of risk mitigation strategies and a strategic roadmap for the State. An implementation cost and priority was associated with each strategy in order to financially quantify the impact of each risk, and to determine whether it was financially viable to pursue the desired mitigation.

RETURN TO SERVICE AREA: RISK MANAGEMENT AND DISASTER RECOVERY PLANS