SUBDOMAINS:
325.3 ­ SOLVING PROBLEMS & MAKING DECISIONS
326.3 ­ EVALUATING ECONOMICS OF MANAGEMENT DECISIONS
326.4 ­ MANAGING ENTERPRISE RISK & CONTINUITY
329.5 ­ USING INFORMATION SYSTEMS FOR COMPETITIVE ADVANTAGE

Competencies:
325.3.4: Problem Solving ­ The graduate applies the problem solving process to solve organizational and team problems, and develops strategies to avoid decision­making pitfalls.
326.3.1: Decision Analysis ­ The graduate analyzes risks and values and uses a variety of decision analysis tools and decision theory to evaluate alternatives during decision­making processes. 326.4.1: Enterprise Continuity ­ The graduate analyzes enterprise continuity plans and the continuity planning process to ensure the inclusion of essential elements, processes, and stakeholder roles.
326.4.2: Continuity and the Global Marketplace ­ The graduate applies international standards to company operations and assesses and recommends strategies for maintaining organizational stability and continuity in the global marketplace.
326.4.3: Contingency Planning ­ The graduate develops and analyzes organizational contingency plans for responding to sudden and rapid environmental changes.
326.4.4 Risk Evaluation and Mitigation ­ The graduate evaluates internal and external risks and recommends risk mitigation strategies and techniques to an organization.
326.4.5: Organizational Risk Management Programs ­ The graduate develops and assesses enterprise risk management programs for organizations and incorporates industry best practices in risk management processes and programs.
326.4.6: Risk Optimization ­ The graduate uses risk control and risk optimization analytics and strategies to maximize returns relative to risk for organizations.
329.5.3: Ethics and Information Technology Security ­ The graduate makes ethical decisions for the use of information technology and creates processes to maintain the security of data in information technology systems.

Introduction:
As a newly hired consultant, you have been tasked with the duties of creating and presenting a risk management/business contingency plan for your first client. The legal department and the IT department have both expressed concerns regarding the ethical use and protection of sensitive data, customer records, and other information systems content. In the interest of creating confidence and job satisfaction in this new position, your new employer has decided to let you select your first client.
For this task, you may select your client from your actual place of employment, a local small business, or a well­known public company. The client must operate internationally in at least some aspects of its business.
Note: Any information that would be considered confidential, proprietary, or personal in nature should not be included. Do not include the actual names of people, suppliers, the company, or other identifiable information. Fictional names should be used. Also, company­specific data, including financial information, should not be included, but may be addressed in a general fashion if appropriate.
Task:
Note: Your submission may be in a variety of formats (e.g., report, multimedia presentation,

video presentation).
Parts A, B, and C should all be submitted to TaskStream at the same time, but as three individual documents. A. Create a risk register with eight risks currently facing the business to include the following.
1. Explain how one of the identified risks emanates from an aspect of the company’s global marketplace activities (e.g., manufacturing uncertainties, problems with suppliers, political instability, currency fluctuations).
2. Discuss the source(s) of each risk.
3. Evaluate the risk level for each risk in terms of severity of the impact, likelihood of occurrence, and controllability.
4. Develop an appropriate risk response for each risk to reduce the possible damage to the company. Note: This section should be included as a separate, detailed discussion to accompany the risk register.

B. Create a business contingency plan (BCP) that the company would follow if faced with a major business disruption (e.g., hurricane, tornado, terrorist attack, loss of a data center, the sudden loss of a call center in a foreign country, the collapse of a financial market or other catastrophic event) in which you include the following:
1. Analyze strategic pre­incident changes the company would follow to ensure the well­being of the enterprise.
2. Analyze the ethical use and protection of sensitive data.
3. Analyze the ethical use and protection of customer records.
4. Discuss the communication plan to be used during and following the disruption.
5. Discuss restoring operations after the disruption has occurred (post­incident).

C. Create an implementation plan in which you recommend ways of implementing, monitoring, and adjusting the BCP.

Note: Remember that the client insists on maintaining the security of data in information technology and that the potential for ongoing issues is based on global marketplace concerns.

D. When you use sources, include all in­text citations and references in APA format.
Note: When bulleted points are present in the task prompt, the level of detail or support called for in the rubric refers to those bulleted points.
Note: For definitions of terms commonly used in the rubric, see the Rubric Terms web link included in the Evaluation Procedures section.
Note: When using sources to support ideas and elements in a paper or project, the submission
MUST include APA formatted in­text citations with a corresponding reference list for any direct quotes or paraphrasing. It is not necessary to list sources that were consulted if they have not been quoted or paraphrased in the text of the paper or project.
Note: No more than a combined total of 30% of a submission can be directly quoted or closely paraphrased from sources, even if cited correctly. For tips on using APA style, please refer to the
APA Handout web link included in the General Instructions section.