Risk Management Framework

To help keep commercial sectors, technological environments and adequately oversee exposure, our risk assessment sector " UNIVERIL MEDIAN AND COMMUNICATION GROUP (UMCC)" offers multi-resource resolutions for client focused project organizations, mitigation risk management, pre trade, at and post trade risk management.

The solutions offer continuous, multi-layered risk controls that enables organizations to measure and weigh their risk management needs identified with rate, expense and security. Our adaptable, open developed design empowers situation of threat identifications in all area which will work best with the market's business procedure including pre trade, in trade and/or post trade. Furthermore, strong multi-resource abilities help markets balance hazard crosswise over different commercial centers, customer records, topographies and monetary forms. All UMCC risk management solutions are suitable for utilization by clearinghouses, trades, retailers, inter-dealer representatives or brokers and execution sectors of all sizes, and flawlessly tie into both UMCC trading stages and outsider or restrictive exchanging and clearing arrangements.


According to our philiosophy, "risk management is obvious, but designing and implementing an effective security requires in-depth analysis and massive investment. This is because of the complex and rapid advanced security threat that challenges modern organizations. Leakage and modification of confidential information such as trade secrets and intellectual properties are the key concerns for any organization. New trends such as cloud computing, social networking and BOYD are all channels for information leakage which could damage a company reputation."

Assessing Risk Framework

In 2009, we designed a Risk Management Framework which is part of our risk management philosophy. In analyzing a company infrastructure, one needs to figure out the business justifications by looking into their valuable assets such as computers, contact information, market records, trade secrets, policies and legal agreements. Since threat multiplied by vulnerability is equal to risk, and risk being the likelihood of the financial loss of every company, it is vital to adopt an appropriate information security risk management (ISRM) approach to identify those risks, prioritize them and determine in-depth control strategies through monitoring.

The following points are must for every risk management assessment management approach which help to identify risk:

  • Assets
  • Assets values
  • Risk and threats matching to each asset
  • Possibly loss from threats or risk estimation
  • The probability of threats occurring
  • Risk cost calculation
  • Countermeasures and other activity of remedies


How We Assess Risk

The recommendation proposed by our expertise is a valuable assets to our risk management processes. Following this approach, each asset is assign to a financial value. Each financial value will then be weighed to the cost and efficacy of the countermeasures using a quantitative method. A qualitative method will then be adopted to rank the threats and the security measures related to those assets.

Once we are cleared of the company valuable assets we then apply an enterprise resource planning (ERP) software to analyze the threats to those valuable assets. In 2009, our CEO stated, "any incident that had potentials to harm those valuable assets should be seen as a threat".

The IT security assessment management is then adopted to achieve and preserve suitable levels of confidentiality, integrity, availability (CIA triad), accountability, authenticity and reliability (2009).

Winning Your Trust

To gain a security confidence from our customers and improve reputational protection and balance expenditure to the information security risk, we do adopt efficacy tools (example, the Nine-Five-Circle) to bring the information security under explicit control and to come up with a better information security management system (ISMS).

The Nine Five Circle (NFC) model for example also enable us to address the general management issues that might be vital to the entire project such as models, concepts, planning, IT security management, choosing the right safeguards and managing external connection. Knowing the critical issues of situation awareness (SA) among information security managers, the SA-ISRM model is also adopted to improve these issues

To us risk management is a continuous process (mitigation) and should be updated periodically, especially if a project has a long time frame or if changes take place significantly.

Our Risk Management Plan

This is the systematic process that aims to identify and manage risk so as to control, eliminate or minimize it, by the implementation of methods and processes to identify, analysis, evaluate and clarify the risk involved in a project. These steps help us to define all the various objectives as well as controlling the entire project and improving the communication between all team members, stakeholders and clients as well as in our decision makings. These enable us to be aware of what is to be prioritized and not (2009). Using this risk management, we are able to anticipate delays that are going to cause projects not to be delivered on time. All these are some stuffs that we manage during the planning stage and enable us to identify all the risk which may arise and adopt measures for their management.

We also think of, what will happen if a circumstance is beyond our control? Or if the equipments are delivered at the wrong location or arrives lately than expected, or even if they arrive without any installation manual.

One other risk we look upon is, what will happen if a scope creep suddenly happens which do happen mostly in big complex projects. Adopting our customized Risk Management Framework, we do group all risks we could think of into smaller manageable groups. Then we do brainstorming which enable us to come out with the decision that, the only way to minimize any disaster is to adopt a suitable method and devices.

Since risk management is a critical impact on an organization and from our experiences many software tools out there DO NOT solve these issues but rather increases complexity, resulting in additional obstacles to the risk management. We follow good practicals by drawing up the risk mitigation and adopting something much flexible by eliminating high bureaucratic methods to manage risk.


Due to some unpredictable future event or circumstance that could possible happen, we set a minimum of amount(%) as a contingency. "Contingency refers to funds which has been set aside should the project falls short of the planned budget." . "The more a project manager requests for a contingency which would first be approved by the management board, the lesser the profit for the client organization. Risk management should be updated periodically, if the project time frame is long or if significant project changes take place."

Join Our Email List

Keep up to date with information about our company by joining our mailing list.
Keep informed about our new jobs and other products.