Risk Management in SharePoint GovernanceChristian BuckleyAxcelercbuck@axceler.com

Some of the questions we’ll ask during this webinar:

• What is the role of risk management in my SharePoint governance strategy?

• How can I better understand my customer requirements?

• What is the right balance around auditing, reviewing, and sharing risk management data?

• How can I make risk management awareness part of my organizational culture?

About

Christian Buckley, Director of Product Evangelism at Axceler

• Microsoft MVP for SharePoint Server

• Most recently at Microsoft, part of the Microsoft Managed Services team (now Office365-Dedicated) and then Advertising Operations

• Prior to Microsoft, was a senior consultant, working in the software, supply chain, and grid technology spaces focusing on collaboration

• Co-founded and sold a collaboration software company to Rational Software. At another startup (E2open), helped design, build, and deploy a SharePoint-like collaboration platform (Collaboration Manager), onboarding numerous high-tech manufacturing companies, including Hitachi, Matsushita (Panasonic), and Seagate

• Co-authored ‘Microsoft SharePoint 2010: Creating and Implementing Real-World Projects’ link (MS Press, March 2012) and 3 books on software configuration management.

• Twitter: @buckleyplanet Blog: buckleyplanet.com Email: cbuck@axceler.com

Get the Book

Just released from Microsoft PressOrder your copy at http://oreil.ly/qC4loT

Tackle 10 common business problems with proven SharePoint solutions• Set up a help desk solution to track service

requests

• Build a modest project management system

• Design a scheduling system to manage resources

• Create a site to support geographically dispersed teams

• Implement a course registration system

• Build a learning center with training classes and resources

• Design a team blog platform to review content

• Create a process to coordinate RFP responses

• Set up a FAQ system to help users find answers quickly

• Implement a cost-effective contact management system

Axceler Overview

Improving Collaboration since 2007Mission: To enable enterprises to simplify, optimize, and secure their collaborative platforms

Delivered award-winning administration and migration software since 1994, for SharePoint since 2007Over 2,000 global customers

Dramatically improve the management of SharePoint

Innovative products that improve security, scalability, reliability, “deployability”Making IT more effective and efficient and lower the total cost of ownership

Focus on solving specific SharePoint problems (Administration & Migration)

Coach enterprises on SharePoint best practicesGive administrators the most innovative tools availableAnticipate customers’ needsDeliver best of breed offeringsStay in lock step with SharePoint development and market trends

Definitions

Governance is about taking action to help your organization organize, optimize, and manage your systems and resources.

A governance strategy is never static – it is

a living, breathing process and a set of rules

that you should live by, not die by!

Your governance strategy needs to be adaptable to meet the growing, changing needs of your business.

• SharePoint out of the box is a powerful platform

• But many organizations don’t think they have the time, money, people to spend on planning

• The same can be said for governance

• The result? o Site sprawlo Unfettered contento Process lawlessness

Why are we talking about governance?

• Central to your governance implementation is understanding and managing the risks involved with your SharePoint environment

• Identifying, assessing, and prioritizing risks

• Measuring, monitoring, and measuring impacts

• Reviewing and modifying your governance strategy based on changing risks and impacts

• Creating policies that secure and protect, but are also flexible enough to meet the growing demands of your organization to collaborate

Why are we talking about risk?

Governance

Strategy

Roles and Responsibilitie

s

Principles

Culture

Communication

Change Management

Risk Management

Information Architecture

Business Alignment

Monitoring and

Maintenance

Why are we talking about risk?

Risk can be driven by uncertainty in requirements or business outcome

Risk also comes at any stage of the project lifecycle, from uncertain or unpredictable root-causes

Project Management methodologies are a form of risk management

Example

You organization wants to build a project management solution that aggregates tasks across existing environments.

You can:• Buy a 3rd party solution• Build it from scratch• Deploy Project Server• Wait to upgrade to 2013

Example

A pending reorganization will require changes to information architecture, update to taxonomy.

You should:• Clarify changing roles, permissions• Understand impacted content,

sites, teams, users• Move/migrate content,

update metadata, modifying workflows and forms

Risk Management Strategies

Strategies to manage risk

Transfer: Is this something that this team even needs to address? Who should own this risk?

Avoid: Can we change our strategy so that this is no longer an issue?

Reduce: Can we minimize the effects of this issue, or reduce the probability that it will occur?

Accept: Should we start working on a plan to work through the risk, dealing with the potential or actual consequences?

Managing risk with SharePoint

Define the Roles and ResponsibilitiesProject Managers, for example, may own

Issues that arise Risks, or future threatsDocumentation Process definitionChange management processCommunication

Managing risk with SharePoint

Use SharePoint to do the basics:

Track risks and issues using lists and document libraries for each project

Setup daily or weekly alerts to notify you about additions, deletions, and changes to lists, list items, and document libraries.

Use document versioning and document check-in and check-out, creating a history of changes.

Risk management

Risk management is proactive. The goal is to help you anticipate where a process or task may fail.

If a vendor proposes 4 weeks for development, but the developer assigned to the task says it will take 8 weeks, a good risk management plan will take this gap into consideration and build contingency plans around this possible delay.

Risk management

Having a risk management view into your SharePoint implementation will:

Help your organization to anticipate, manage, and respond to changes in your environment

Enable your teams to work better together, increasing speed and responsiveness

Improve individual productivity, giving team members and executives more visibility into business problems, helping them to make better choices

Top challenges in risk management

Prioritizing risks

Defining control objectives and control activities

Measuring potential risks and control efficiency

Constantly being in reactive mode when dealing with risk

From Thomas Bahr and Michael Neumann’s article “8 Ways SharePoint Helps in Enterprise Governance, Risk and Compliance” (http://bit.ly/WIOerj)

Tips for implementing

While “best practices” may differ between organizations, there are decades or project management learning that we can look to for helpOrganizations need a transparent view of their enterprise:

Have clearly defined methodologies and processes to drive risk management

Wherever possible, automate your processes using forms and workflow

Provide a comprehensive enterprise risk and compliance management framework, and train people on how to use it

Build a library of identifiable risk indicators and control activities

Stay abreast of emerging compliance issues, industry and technology changes that could impact your business and processes

Look to industry trends and best practices

Create a governance and compliance virtual-team to regularly review and approve changes

From Thomas Bahr and Michael Neumann’s article “8 Ways SharePoint Helps in Enterprise Governance, Risk and Compliance” (http://bit.ly/WIOerj)

Create a risks matrix

Tips for Implementing

Manage enterprise risks and their related activities, procedures and documents

Manage risk controls like assets and proceduresTrack incidents and potential related risksDisplay measured risks in scorecardsDefine your own risk matrixes (impact/occurrence)Manage risk compliance documentsTrack preventive and corrective actions to treat risks Be compliant with risk management standardsAutomate risk processes with workflowSchedule and automate reporting

From Thomas Bahr and Michael Neumann’s article “8 Ways SharePoint Helps in Enterprise Governance, Risk and Compliance” (http://bit.ly/WIOerj)

Benefits of Risk Management

Business benefits

Reducing overall project costsReducing audit fees, fines and penalties through integrated systems, controls, processes and audit trailsSaving internal costs and gain efficiency by redeploying resources from manual and duplicative controlsReducing complexity of your system, or your solutionsReplacing silos of risk and compliance activities (if they exist) with an overarching, integrated viewReducing risk and compliance complexity by integrating and de-conflicting risk requirementsIncreasing business valueAligning a comprehensive risk strategy with specific execution controls through transparent processes and technology Making better, informed decisions with forward visibility into risk and compliance through data transparency and real-time reporting Improving risk and compliance management with a solid governance structure

From Thomas Bahr and Michael Neumann’s article “8 Ways SharePoint Helps in Enterprise Governance, Risk and Compliance” (http://bit.ly/WIOerj)

Planning for Risk

Planning is key

Utilize your established PM methodologyFollow these simple, and universal, guidelines for planning:

Understand your business objectivesUnderstand your end user expectationsUnderstand your governance modelTake feedback, iterate on your planMake your efforts transparent

Risk management in your governance model

Key competencies in a governance model:

1. Strategy2. Coordination3. Execution / Implementation4. Measurement / Monitoring

Best Practices

Identify a governance championClarify roles and responsibilities, and make sure people know what they are signing up forDocument your governance and change management processesClarify and document your information architecture, have a detailed map of your templates, content types, taxonomy and ownership of eachMaintain a list of current risks, make it visibleProvide a list of current and future projects / business activities to allow open dialog of potential risks

Planning

Risk management is about visibilityIf you need to audit your environment, you can’t piece together reports delivered per site. Without visibility, your admins will be completely reactionary to any breach. You need to find security problems before they become a problem.

Where to go from here

Risk management is at the core of your governance strategy’s change management modelHave a plan for identifying and addressing risksMake people accountable for risks by

Making risks visibleClarifying potential impactsIdentifying a path forwardVocalizing the decisions to be made, and the available options

In Summary….

Contact me

Order your copy at http://oreil.ly/qC4loT

Christian Buckleycbuck@axceler.com+1 425-246-2823@buckleyPLANETwww.buckleyPLANET.com and http://info.axceler.com

Additional Resources available8 Ways SharePoint Helps in Enterprise Governance, Risk and Compliance http://bit.ly/WIOerj

Developing and Enforcing SharePoint Governance Policies with Axceler ControlPoint http://bit.ly/SJVq8a

What to Look for in a SharePoint Management Tool http://bit.ly/l26ida

The Five Secrets to Controlling Your SharePoint Environment http://bit.ly/kzdTjZ