sample risk assessment
DESCRIPTION
Risk Assessment prepared as a project during PMP coursework.TRANSCRIPT
Running head: MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 1
McBride Financial Security Risk Assessment
Team C: REDACTED
CMGT 542
July 17, 2011
MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 2
McBride Financial Security Risk Assessment
The McBride Financial Services company is planning to place their new office in the
Sioux Falls, South Dakota market. Information for the preparation of a Risk Assessment has
been gathered from a recent interview of Hugh McBride by Abram LaBelle of Smith Systems
Consulting. Smith Systems Consulting will be integrating the information systems network and
supporting the technology over the long term.
McBride seeks to invest some $200,000 on website development, aimed at the ability to
gather prospective client applications over the web, and follow-up with a small staff of loan
officers and administrative staff in the local market area where the client is located.
Our survey of the proposed 41st Street & Minnesota Avenue location in Sioux Falls,
South Dakota has yielded a number of risks for McBride Financial Services to be aware of and
potentially mitigate if possible or consider contingency plans in response if the risk occurs.
Our survey has classified risks by four major categories: Physical Security; Risk of
Terrorism, Natural, and Manmade Disasters; Economic; and Technical Risks.
Physical Security
McBride Financial Services seeks to use 800 to 1000 square foot ground-level, single
story offices in mixed-use retail or strip-style professional office locations. There are several
concerns for a company that possesses financial records for their clients in these types of
locations (McBride Financial Services, 2011).
First, ground-level offices with windows should be given particular consideration to the
placement of furniture, the direction facing of computer screens, and the need for secured file
MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 3
storage of paperwork. Computer screens that are left on at night, visible from exterior office
windows can easily be read with the naked eye or with binoculars from outside of the building.
Personal information on a database record, left on the screen, could be transcribed by a passerby
with no other physical access to the building. Likewise, file cabinets or desks placed near the
windows could also be the source of the same personal information disclosure if documents are
left in view.
Second, ground level offices are inherently more attractive to thieves. Financial
companies with high grade copiers, large computer flat screens, employee-owned iPods and
iPads left on desks, and business laptops are a very tempting target for an opportunistic thief.
While the ground-level offices are more convenient for clients, if customer visits are infrequent
or not necessary, consider a second or higher story location or budget for a very thorough
physical security system.
Third, near the proposed location, the general area and neighborhood is a mixture of
mostly run-down retail strip malls with some gentrification that has been slowly taking shape.
There is a pronounced population of check-cashing stores, bars, and liquor stores in the
immediate area, as many as thirty within a 2 mile radius, known to have large amounts of cash
on hand and are magnets for robbery and burglary activity. Locations with a high concentration
of these types of businesses in the vicinity indicates a neighborhood in decline, and where the
residents have little financial resources to spend (Khalfani-Cox, 2011) (Google, 2011).
Locations in the immediate vicinity of less than 0.5 miles are listed below and their
distance to the proposed intersection location (Google, 2011):
Wells Fargo 100 yards Medium risk – bank robbery
MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 4
Cash Depot 100 yards High risk – robbery
Home Federal Bank 0.2 miles Medium risk – bank robbery
Check Into Cash 0.2 miles High risk – robbery
Good Sprits Wine & Liquor 100 yards High risk – random crime
Taylor’s Pantry & Liquor 100 yards High risk – random crime
Poppadox Pub 0.3 miles Medium risk – random crime
Crow Bar & Casino 0.3 miles Medium risk – random crime
Risk of Terrorism, Natural and Manmade Disasters
Our survey of the risk of toxic chemicals in the area indicated this was a very low overall
risk. The neighborhood is on the boundary of large areas of residential single family homes and
light commercial, office, retail, and small mixed-use commercial buildings. There were no
industrial properties found within a comfortable distance from the location.
A nearby printing press, Sisson Printing at 3400 South Minnesota Avenue, approximately
four blocks from the subject location, represents a risk of hazardous chemicals release.
Commercial printing presses generate solid waste including empty containers, used film packs,
outdated chemicals that are disposed of, damaged plates, bad printing & spoilage and large
amounts of scrap paper. Wastewater from printing operations can contain lubricating oils, waste
ink, cleanup solvents, photographic chemicals, acids, alkalis, and plate coatings, as well metals
such as silver, iron, chromium, copper and barium. Air emissions include volatile organic
compounds, alcohols, boiled inks, and wetting agents as well as nitrous dioxide and sulfur
MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 5
dioxide. The culmination of toxic ink and bleaches used by modern printing presses can have
adverse effects on the surrounding environment (Illinois State University, 2011).
There is a single source of transportation and transit risk of a chemical or hazardous spill
of some kind, the I-229 freeway, serving as the through-city business loop for the I-29
North/South Interstate is located approximately 0.25 miles south of the proposed office location
and carries truck & trailer traffic throughout the day, including petroleum, agricultural
chemicals, and ethanol products.
Sioux Falls, South Dakota has a very large population of government agencies and
buildings at the city, state, and federal levels, most within 2.5 miles of the proposed office
location. Several are located less than 1.5 miles from the office and may represent a low risk of
foreign or domestic terrorism (Google, 2011):
Veterans of Foreign Wars (Fraternal
Organization)
0.2 miles Very low risk
Sioux Falls Fire Training Center (first
responder training)
0.3 miles Very low risk
US Social Security Administration 1.3 miles Low risk
Minnehaha Juvenile Training Center 1.0 miles Low risk
US Air Force Health Professional Recruiting 1.1 miles Low risk
US Housing & Urban Development 1.3 miles Low risk
US Military Entrance Processing Station
(MEPS)
1.5 miles Medium risk
MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 6
The State of South Dakota has an active and sometimes violent history of political
opposition demonstrations. South Dakota is a very conservative state, and has only a single
abortion clinic, and is located at Planned Parenthood, 6511 West 41st Street, Sioux Falls, South
Dakota – approximately 3.7 miles (albeit on the same street) as the proposed office location.
There are no doctors in South Dakota willing to perform abortions for fear of retribution on their
families and/or careers, so a doctor flies into Sioux Falls once per day from Minneapolis to meet
with patients and perform the procedures. State law prohibits the use of insurance or healthcare
benefits or subsidies for any type of abortion under any circumstances, so it is largely a cash-
only service. The office is located across the street from Roosevelt High School in an unmarked
building, facing away from the street and with a private fenced parking lot. The building is
secured and locked, and patients must request entry from a door-button & speaker – only patients
with an appointment are admitted. The waiting area has a bulletproof glass reception area, and
Kevlar-reinforced walls due to fear of attacks by protestors that picket seven days per week in
front of the location (Nieves, 2005).
Two similarly ultra-conservative groups are located 0.7 miles from the proposed office
location and frequently picket, clash with, and publish anti-abortion rhetoric in media outlets.
The Alpha Center, and the Take Charge of Your Life Organization.
SoDAK A.N.S.W.E.R. Coalition is an ultra left-wing political organization, openly
socialist/communist and supportive of ideals most Americans would find offensive, such as Pro-
Palestinian / Anti-Israeli protests, Israeli & US flag burning, and openly supports the overthrow
of the US government and Constitution. Their office location is located 0.2 miles from the
MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 7
proposed McBride Financial Services location. A recent media article written by the group
included their protest of the first execution of capital punishment in South Dakota in sixty years:
“The death penalty is promoted by ruling class supporters as a so-called deterrent to
crime, but in reality it is a way for the capitalist class to kill working-class people, especially
African Americans.” The person executed happened to be a white male that admitted guilt and
waived his rights to appeals. (SoDAK A.N.S.W.E.R Coalition, 2011).
Due to the extreme nature of their rhetoric and occasionally violent comments and
protests, it is conceivable that they may choose to make stronger political statements in the
future, resulting in harm to others.
Economic Risks
Presently, eight real estate companies remain within a 1.5 mile radius of the office
location. Of those, only two, RE/MAX and Century 21 Advantage, have more than 2 agents in
their office. Several years ago, as many as thirty companies were in the same market area
(Google, 2011). Many locations listed as real estate offices have vacated and are now occupied
by different companies in different industries.
Year over year housing price trends by neighborhood in Sioux Falls continue to show
steep declines from the previous year, with only one section of the city showing a modest gain.
The median selling price of a house in Sioux Falls is $149,900, or about half of what the average
seller’s asking list price is at $297,171, indicating that buyers and sellers have very different
expectations for executing a sales contract (Trulia, 2011). Housing inventory numbers represent
approximately a six-month supply of homes on the market, with numbers greater than adequate
for ninety-days indicating a “Declining Market” condition, with year over year average sales
MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 8
prices down by as much as 8.7% from the same month in 2010 (Trulia, 2011), with middle and
affluent neighborhoods the hardest-hit. With the home mortgage system in disrepair, high
unemployment levels, and the national banking system still cautious with regard to the real estate
market, it may be some time before the economic indicators for the Sioux Falls real estate market
recover (Trulia, 2011) (Johnson, July).
Technical Risks
The company seeks to fully outsource their information technology services with a
budget of $500.00 per month (McBride Financial Services, 2011) despite the very large initial
capital outlay of $200,000 for a fully automated mortgage application website and electronic
decision-engine. The company lacks any technically-minded leadership internally (McBride
Financial Services, 2011) and the very low monthly support budget seems very low in that
consideration, while being the primary source of business and revenue for the company.
We question whether the $500.00 per month budget figure is sufficient to manage
enhancements and upgrades to the enterprise-class ecommerce website, secure the company
databases from external intrusion, maintain desktop end-user systems, and properly secure and
monitor for intrusion attempts to the client financial records systems while seeking to
interconnect eight offices with shared data and resources (McBride Financial Services, 2011).
Mitigation Recommendations
Physical Risks
Industry best-practices for office management that the banking industry uses can be of
significant value. To protect client information, keep window coverings closed or use blinds to
obscure visibility into the office and arrange workstations so as to avoid visibility of the
MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 9
computer screens from outside through and adjacent window. Utilize idle-timeout settings on
computers to blank a screen that may potentially contain sensitive client personal financial
information after five minutes of no activity. Institute company policies that require personal
financial documents to be stored in locked filing cabinets when not in use and at the close of
business every day.
Employees are also vulnerable to random acts of crime, and annual security awareness
training should be conducted. This can include topics and requirements such as information
security mentioned above, as well as personal security and being aware of their surroundings.
A monitored business-grade security system should be installed, and automatically
activated after hours. Consider the use of perimeter-only security system features as an added
measure of security for employees that may be working after normal business hours.
For physical security, and all other threats, the first line of defense should be a thorough
data backup system that is regularly monitored and tested. Company information security
policies should prohibit the storage of personal information or client financial data on local PCs,
hard drives, flash drives, or removable disk media that is vulnerable to theft. If required for
business purposes, strong disk or tape encryption should be used.
Risk of Terrorism, Natural, and Manmade Disasters
These risks are primarily a threat to the human resource of the business. Mitigation
strategies include regular daily data backup and general employee security awareness. The
business can be alerted to a growing threat condition resulting from future socio-political factors
by taking an active or passive interest in local news and politics, and being aware of any growing
MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 10
or scheduled protests in the immediate area and taking any precautions that may be warranted if
needed.
Economic Risks
The current real estate market crisis is a nationwide, systemic condition and there is little
or nothing that an individual company can do to correct this macroeconomic trend. Mitigation
measures to consider are: keeping recurring costs as low as possible after opening the office
until economic conditions have shown improvement for several quarters. Avoid long-term office
or equipment lease agreements that would hamper defensive business decisions later if
warranted.
Technical Risks
Consider having one or more company managers attend some web development and
information technology support seminars intended for business leaders. A better understanding
of technical and ecommerce support objectives and strategies can assist in matching business
strategy and requirements to available resources.
Regularly revisit monthly business plans and capital budgets to ensure available
resources are properly prioritized for stable business operation.
Avoid single-sourced exclusivity clauses in technical support contracts. In the event that
a quality-of-service, responsiveness, or other problems are exhibited by the support provider,
there should not be any contractual damages incurred by the cancellation of the agreement and
selection of a new provider. Longer term, as cash flows stabilize and can support the overhead,
consider adding a technical manager to oversee support agreements and future website
maintenance, enhancement, and refreshment.
MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 11
Conclusions
The proposed new location for McBride Financial should prove adequate and able to
meet the company’s needs. Several risks do exist however, with the most threatening of those
potentially being the company’s own business plan, and external industry economic factors
beyond the limiting control of mitigation planning.
The opening of a new location can be quite an experience for any company. McBride
Financial has successfully identified a wide array of potential risks that range from high to low
with various impacts to their daily operations. Although it is impossible to plan for every event,
McBride Financial has gone through great lengths to mitigate every foreseen risk that could
potentially occur. Through risk analysis and management, they have provided themselves a solid
foundation on which they can continue to grow and succeed.
MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 12
References
Google. (2011, 07 16). Google Maps. Retrieved 07 16, 2011, from Google Maps Sioux Falls,
South Dakota: http://maps.google.com
Illinois State University. (2011, July 17). Illinois State University. Retrieved July 17, 2011, from
Illinois State University:
http://www.istc.illinois.edu/info/library_docs/manuals/printing/p2pract.htm
Johnson, S. (July, 17 2011). Licesned Broker-Officer, California Department of Real Estate
#01400015. (S. Johnson, Interviewer)
Khalfani-Cox, L. (2011, May 12). Payday Lenders Fuel Crime, Drive Down Residential
Property Values. Retrieved July 31, 2011, from AOL Original, WalletPop Personal
Finance: http://www.walletpop.com/2011/05/12/payday-lenders-fuel-crime-drive-down-
property-values/
McBride Financial Services. (2011, 07 17). McBride Financial Services Intranet. Retrieved 07
17, 2011, from McBride Financial Services Intranet:
https://ecampus.phoenix.edu/secure/aapd/cist/vop/Business/McBride/Intranet
Nieves, E. (2005, December 27). Planned Parenthood in South Dakota. Retrieved 07 15, 2011,
from Washington Post:
http://www.washingtonpost.com/wp-dyn/content/article/2005/12/26/ar2005122600747.ht
ml
SoDAK A.N.S.W.E.R Coalition. (2011, 07 15). SoDAK A.N.S.W.E.R Coalition. Retrieved 07 15,
2011, from SoDAK A.N.S.W.E.R Coalition: http://www.sodakanswers.org/events10.htm
MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 13
Swann, J. (2004). Protecting Your Physical Bank. Community Banker, 7-10.
Trulia. (2011, July 29). Sioux Falls Real Estate Overview. Retrieved July 31, 2011, from Trulia:
http://www.trulia.com/real_estate/Sioux_Falls-South_Dakota/