Zedan IT Blog

IT definitions, discussions and more

Category Archives: IT Managment

Contingency Vs Mitigation Planning


This paper identifies the Mitigation Planning and the Contingency planning and describes the differences between them.

Every project face some risks may lead to taking a decision for not continuing the project or impact business continuity, therefore Risk Management is an important area for Projects and Organizations.

Risk management is the identification, assessment, and prioritization of risks (defined in ISO 31000 as the effect of uncertainty on objectives, whether positive or negative).  Risks can come from uncertainty in financial markets, project failures, legal liabilities, accidents, natural causes and disasters as well as deliberate attacks.  Several risk management standards have been developed by the Project Management Institute including methods, definitions and goals.

The strategies to manage risk include transferring the risk to another party, avoiding the risk, reducing the negative effect of the risk, and accepting some or all of the consequences of a particular risk.

In ideal risk management, a prioritization process is followed whereby the risks with the greatest loss and the greatest probability of occurring are handled first, and risks with lower probability of occurrence and lower loss are handled in descending order.

Mitigation planning and Contingency Planning are parts of the Risk Management.


Mitigation planning:

The International Organization for Standardization (ISO) identifies specific principles of risk management and the process of risk management consists of several steps.  One of these steps is the Mitigation or Solution of risks using available technological, human and organizational resources.   Mitigation efforts attempt to prevent hazards from developing into disasters altogether, or to reduce the effects of disasters when they occur.

Mitigation is mainly about knowing and avoiding unnecessary risks. This includes an assessment of possible risks to personal/family health and to personal property.

However, specialists can be hired to conduct risk identification and assessment surveys.  Purchase of insurance covering the most prominent identified risks is a common measure.

Risk mitigation measures are usually formulated according to one or more of the following major risk options, which are:

1. Design a new business process with adequate built-in risk control and containment measures from the start.

2. Periodically re-assess risks that are accepted in ongoing processes as a normal feature of business operations and modify mitigation measures.

3. Transfer risks to an external agency (e.g. an insurance company)

4. Avoid risks altogether (e.g. by closing down a particular high-risk business area)

Contingency planning:

It is substituting one risk for another, so that if the undesirable event occurs you have a “Plan B” which can compensate for the ill consequences.

Also known as a worst-case scenario plan, backup plan, or a disaster recovery plan, the contingency plan is simply a secondary or alternative course of action that can be implemented in the event that the primary approach fails to function as it should. Plans of this type allow businesses and other entities to quickly adapt to changing circumstances and remain in operation, sometimes with very little inconvenience or loss of revenue. It is not unusual for organizations of different types to have both a master contingency plan that is relevant to the entire organization, as well as plans that are geared toward rapid response in specific areas of the operation.

A contingency plan is often developed by identifying possible breakdowns in the usual flow of operations, and developing strategies that make it possible to overcome those breakdowns and continue the function of the organization.

First, the plan allows the day to day operations of the business to continue without a great deal of interruption or interference.  
Next, the backup plan is capable of remaining functional for as long as it takes to restore proper function of the primary plan. 
Last, the emergency plan minimizes inconvenience to customers, allowing the business to continue providing goods and services in an orderly and time-efficient manner.

Business and government contingency plans need to include planning for marketing to gain stakeholder support and understanding. Stakeholders need to be kept informed of the reasons for any changes, the vision of the end result and the proposed plan for getting there.

Why Is the CFO Still Boss of IT?

Found interresting articles on http://www.cio.com talking about CIO and their reporting structure to CFO.  I am qouting some of it:


As businesses expanded– and as technological innovation became more fast-paced–IT deployments have gone out from the old setup and spilled over to influence the way entire organizations carry out their work.

A recent Gartner survey, however, reveals that more and more IT organizations are finding themselves easing back into the old setup, especially due to the recent financial crisis and the fact that higher-ups are still stuck in the IT-as-a-cost-center conundrum.

In the survey of over 480 senior finance managers, 42% of IT organizations are already reporting to the CFO, while a staggering 53% prefer to move to this setup.

Gartner’s survey talked with finance controllers across the globe. Computerworld Philippines ran its own survey, asking local CIOs about reporting setups in their own companies. Of those surveyed, only 25% said they report to the CFO, while 65% report to their respective CEOs.

Of those CIOs who report to their CFOs, 80% said the setup has been beneficial to their company, while the remaining 20% said otherwise.

Surprisingly, all of those who responded that they are not currently reporting to the CFO said their IT organizations are better off under the CFO.

“Where the CIO should report is a question as old as the CIO role itself,” said John Van Decker, research vice president at Gartner. “CFO reporting can lead to success if the CFO has a deep understanding of IT’s value.”


In my personal openion (and experience), IT managers, CIOs should not report to the CFO as in my past experience this structure leads to influnce IT department to allocate most of the resources and budgets to achieve Financial departments goals and objectives.   Accordingly IT Department it self became finance aware only and loose an important value in being an essential resource to achieve the organization’s (as a whole) competitive advantage,  and sometimes it is used by finance as a tool to influence organization’s strategy.

What do you think?

Read the full article: