ABSTRACT
When we examine the business process development cycle (BPDC) (also known as the system development life cycle [SDLC]), we see that there are phases in which certain activities are scheduled to be performed. In the BPDC that I am familiar with, the first phase is the analysis process. This is the time when the case for a new project is created. The risk analysis, or project impact analysis (PIA), is used to document and demonstrate the business reasons why a new project should be approved. When the PIA is complete, the formal documentation is presented to the executive
Once a project has been approved, early in the next phase of the BPDC, the design phase, a risk assessment must be performed to identify the threats presented by this new project to the organization’s mission or business objectives. The risk assessment allows the development team and the business stakeholders to identify potential threats, prioritize those threats into risks, and identify controls that can reduce the risks to acceptable levels. Knowing the control requirements in the design phase will help reduce costs when work begins on the project in the construction or development phase.
