University of Phoenix – CMGT/442 – Information Systems Risk Management

Your consulting organization has been hired to develop computer systems for the United Nations in the Middle East.

Create a Risk Information Sheet for at least five potential risks that should be considered.  At least three of the risks you choose should be business continuity and IT disaster recovery related.  As part of this, consider man-made and natural risks that might apply to this particular situation. 

Please note the following:

  • The risk description should fully describe the risk
  • The probability is the likelihood that the risk will occur (i.e., low, medium, or high)
  • The impact is how the organization will be effected if the risk does occur (i.e., low, medium, or high)
  • The rationale should explain the reasons for your probability and impact assessments
  • The mitigation strategy should explain how each risk will be addressed
  • There should be one risk information sheet for each risk identified
  • The risk information sheets can be completed in Word, Excel®, or PowerPoint®

The results of your assessment for each risk should be plotted in a Risk Matrix.  One axis should be probability, while the other axis should be impact. The overall risk level will be the intersection of these two factors on the matrix. The risk assessment matrix can be completed in your choice of Word, Excel®, or PowerPoint®.

The following is an example of a risk matrix with certain accidents allocated to appropriate cells within the matrix:








Stubbing Toe












Major Car Accident





Aircraft Crash






Major Tsunami