RISK MANAGEMENT FRAMEWORK FOR IT-CENTRIC MICRO AND SMALL COMPANIES WITH MODEL FOR RISK ASSESSMENT

Abstract

There are many approaches to risk management, and the practice shows that they are not suitable for IT-centric Micro Small and Medium Enterprises (MSME), but more targeted to large and complex organizations. At the same time, the existing approaches in isolation are aimed at a particular type of risk, not taking into account that MSMEs need a more integrated approach that they could apply to various types of risks they are exposed and in order to obtain adequate information for making quality decisions for managing the companies. Based on field research and direct work with companies, the issues and challenges identified for the IT-centric micro and small companies are: need for encompassing various risks, limited resources for risk management, and necessity for usable and comprehensive framework. The new framework covers people, policy, methodology and process, and tools. The method for assessment of risks is a hybrid one, as it was shown that MSME couldn’t sustain a fully quantitative approach and as managers feel more confident with qualitative estimates.