Gba Consulting Private Limited

Emerging as a global pioneer in servicing businesses to achieve professional success and wealth maximization.

Specialize in expertise required at various hierarchies of business management and diversify our services with versatile collaborations.

OUR MISSION Accomplishing high professional standing as business strategy and process collaborator coupled with strong client satisfaction and scalable team efforts.

Expanding Global Presence: Our motive is to facilitate companies build and manage their global footprints to achieve their bottom-line objectives with strategic consulting focused on innovative operations management.

As a global consultancy, we have a social responsibility that we live up to each day by treating our employees, clients and environment responsibly. We also give back to the community by way of numerous projects and initiatives. We are convinced that corporate responsibility does contribute to the success of any company in the present world scenario.

GBA Consulting has very valuable and successful client relationships with numerous large organizations. Our versatile clientele goes an extra mile to make our presence in the industry a precious one. Most of our clients are multi-million dollar and multi-national enterprises.

IT risk is not merely a technical issue causing loss or damage to company’s IT department or data center. Any unforeseen event involving a failure or misuse of IT has the potential to threaten an enterprise’s objective. IT risk therefore is a business risk, associated with the use, ownership, operation, involvement, influence and adoption of IT within an enterprise. It can occur with both uncertain frequency and magnitude, and it creates challenges in meeting strategic goals and objectives. IT risk is a component of the overall risk atmosphere of the enterprise such as strategic risk, environmental risk, market risk, credit risk, operational risk and compliance risk.

Case 1: A subsidiary of a reputed airlines, experienced a runaway IT risk incident on December 24, 2004, when the company’s crew-scheduling system failed. An airline’s crew-scheduling system is mission critical without which an airline cannot fly. December 2004 was busier than normal because of holidays and unusually bad weather which required the airlines to cancel or reschedule many flights, including 91 percent of all flights between December 22 and December 24. People at the airlines were not aware that the crew-scheduling system which was purchased from an external vendor, was capable of handling a maximum of only thirty-two thousand changes a month. At about 10 p.m. on Christmas Eve, when the airlines entered one more flight change, exceeding the monthly capacity, the system abruptly stopped functioning. The airlines technicians realize soon after, to their dismay, that the system could not simply be restarted. The only solution was to reload the entire system from scratch as quickly as possible. The tech team accomplished that task and re-launched the system late on December 25, but by then The airlines had problems assembling its widely dispersed crews and aircraft where they were needed. The airline didn’t resume normal operations until December 29. As the company struggled to recover from the disaster, nearly two hundred thousand stranded The airlines passengers helplessly roamed airport terminals throughout the United States. In addition to the damage to the company’s reputation, its management, and its customers, the airlines’ revenue losses as a direct result of this incident are estimated at about $20 million. It wasn’t just the computer system that failed -it was the airlines’ process for understanding and managing the business consequences of IT ris

Risk Management is the process of identifying, analyzing and responding to risk factors throughout the life of a project and in the best interests of its objectives. Risk Management is not just avoiding or eliminating risk. Rather it plays a major role in achieving the business objectives of an enterprise by supporting strategic and business planning, supporting effective use of resources, promoting continuous improvement, and identifying opportunities, preventing or minimizing potential loss. Proper risk management implies control of possible future events and is proactive rather than reactive. Proper risk management will reduce not only the likelihood of an event occurring, but also the magnitude of its impact. Risk Management Systems should be designed to make available a process which should manage the risks involved in all aspects and activities to maximize opportunities and minimize adverse effects. Without an effective risk management facility, enterprises cannot have useful conversations about IT riskAn effective risk management process should???Always connect to business objectives???Align the management of IT related business risk with overall ERM???Balance the costs and benefits of managing IT risk???Promote fair and open communication of IT risk???Be a continuous and ongoing processRisk management requires a comprehensive list of identified lists. Categorization of risks provides a structured & systematic approach in identifying risks to a consistent level of detail.

Essential Steps in IT Risk Management are Risk Assessment & Evaluation, Risk Response and Risk control Risk Assessment & Evaluation: An effective Risk assessment and evaluation process is essential to establish the link between IT risk scenarios and ultimate business impact. There are two approaches to Risk assessment –Qualitative risk assessment uses expert opinions to estimate the frequency and business impact of adverse events. The assessment process involves estimating relative values, determining what threats each asset may be facing, the vulnerabilities out of such threats, determining risk mitigation control methods and the cost of the same and a cost-benefit analysis on the results. Qualitative assessment enables visibility and understanding of risk rankings. Quantitative risk assessments assists in determining the amount lost from a single occurrence of the risk and also the expected loss in a year if the risk is not mitigated. Quantitative risk assessment aids the management to prioritize the assets and risks by their values and also facilitates in managing the risk by determining the Return on Security Investment. However both the approaches have their own limitations. It is difficult in qualitative assessment to justify the investment in control implementation as there is no proper basis for cost-benefit analysis. The major disadvantages of using the qualitative approach are a high level of subjectivity, huge variance in human judgments and lack of standardized approach during the assessment. The quantitative assessment, on the other hand is a complex process which is both time consuming and expensive. Both the approaches have some benefits and draw backs and neither of the approaches seem to meet all the requirements of IT risk management. A quantitative assessment might be the preferred risk assessment method when a wide choice of statistical data is available whereas with a very minimal or Incomplete data, a qualitative assessment may be the only available solution. Combination of both the risk assessment methods may be applied to maximize the desired outcome. For example, qualitative tends to be better at the initial risk assessment stage to establish priorities, and quantitative can then provide the required rigor and accuracy for the selected high-risk areas.

Mitigation is a strategy where some work is done on unacceptable risks to reduce either their probability or their impact to a point where their severity falls below the maximum risk tolerance level. Risk mitigation is the act of working to minimize the risk impact should the risk actually occur. Working to mitigate risk means that working out a plan to lessen the impact to the project should the risk event actually happen. Using the risk mitigation strategy involves taking some amount out of the contingency budget that was the expected value of the risk before mitigation. Some of this money is put into the project’s operating budget to carry out the mitigation strategy. Since the probability or impact will be reduced, the expected value of the risk will be reduced as well, and the contingency budget should be reduced accordingly. An example of mitigation may be to recommend that a data center move from weekly backups to daily backups to ensure that the client never loses more than 24 hours worth of data in the event of a disaster or crash. By taking this action the risk is not eliminated but should the risk event be realized, the impact is reduced to a considerable extent. There are many reasons for selecting one risk strategy over the other. The factors that are to be considered are cost involved and the task schedule. For example, if a schedule risk is identified for a task in the project, and if this task has many other tasks depending on it, its severity may be calculated as being lower than is apparent, and the severity should be adjusted even though the schedule impact due to the disruption may be difficult to judge. The strategy should be appropriate for the risk it is intended