Risk Management

1
 Content

1. Cover page

2. Executive Summary

3. Aim/s of the investigation

4. Introduction of the topic

5. Significance of this investigation

6. Listing and describe the available software

7. Software Selection for evaluation (at least 3 to be selected)

8. Critically Review the selected three Software's

9. Identify and set Criteria for Evaluation

10. Discussion on Weighting for each criteria

11. Set up Evaluation Matrix

12. justification of weighting criteria for each software ( clear evidence and comparison. required]

13. Discussion and the results

14. Discussion of Problems and Pitfalls

15. Recommendation/s

16. References

17. Appendix: Provide all supporting evidence for each software evaluated.

2
2. Executive Summary

Running a business involves a variety of risks. Some of these potential risks have the potential to destroy a
business, while others can cause serious damage that are expensive and time-consuming to fix. Regardless of the
risks inherent in doing business, executives and risk management officials can anticipate and plan for them,
regardless of the size of their company. The main objective of this study is to identify the relationship between
information technology and project risk management and other departments from the perspective of the executives
of STC, and in my capacity as the head of the information technology department in the company.

3. Aim/s of the investigation

Information technology management must include all company operations, including the risk management of the
current company, and the information systems that support these operations must be seamlessly integrated in order
to obtain maximum efficiency and effectiveness and avoid future risks. The aim of the research is to identify risk
management in STC and the role of information technology in supporting the company's risk management in
addition to project planning and control.

3
4. Introduction of the topic

If and when a risk materializes, a well-prepared business can minimize the impact on earnings, lost time and
productivity, and negative customer impact. The ability to recognize risks is an important part of strategic business
planning for both establishing and managing businesses. Risks are identified in a variety of ways. Strategies for
identifying these risks rely on a thorough examination of a company's business operations. Most organisations face
preventable, strategic, and external threats that can be managed by accepting, transferring, reducing, or eliminating
them.
Risk management is a systematic and organized process that assists the STC team in making the right decision at
the right ability to identify, categories, and evaluate risk before managing and controlling them. The goal is to
ensure that the company receives the best value in terms of cost, time, and quality by balancing the inputs to risk
management with the benefits from this business. It's simply a cost-benefit analysis. In addition, information
technology is linked to risk management in the company (Cooper, et al., 2005).
Risk management is a continuous process that is carried out in any business from beginning to end. To realize its
full potential, risk management must be executed during the first phase of the project, i.e., feasibility design. A risk
is a situation or condition that, if it takes place, will have an impact on the company's objectives, either positively
or negatively. The likelihood of an event occurring and the effect that it will have are two components of risk.
Information technology can be defined as the current electronic processing of data, which includes its storage,
processing, transmission, transmission and provision of access to it (Leckson, 2011). Information technology is an
important part of running a business because it allows you to integrate processes, ensure data accuracy, and better
manage your resources. Companies can use information technology and link it to risk management and
management strategies.
When risk management is done properly, it reduces unexpected surprises. The benefit of risk management is that
stakeholders are aware of the risk that they must bear among all the risks identified in a project and can prepare
themselves accordingly, should any unforeseen event occur. Without a doubt, this formal exercise will add to the
cost of an activity, but when viewed holistically, the benefits will far outweigh the costs. Another advantage is that
there is no passing of the buck because risks are either shared/retained or transferred based on the stakeholder's
ability to handle the risk (Hopkin, 2013).
The three methods to risk management are typically risk natural, where the company does not spend much in risk
management but is still aware of important risks, risk averse, where no investments are made, and risk adventurer,
where the organisation is ready to face all risks and is often referred to as a gambler. The success of the project's
objectives is inextricably linked to the firms' approach to risk management (Ibid).

4
The information and communication technology segment is one of the most important and growing sectors because
it contributes to long-term development in all scientific, cultural, and social areas.
In April 1998, the Saudi Telecom Company(STC) was formed as a Saudi Joint Stock Company. At the time, the
Saudi publicly owned the entire company and it was the sole provider of telecommunications services in the
Kingdom. In September 2002, the government sold 30% of its stock. From 2000 to the end of 2012, STC made a
significant contribution more than SR 112 billion to national income in the form of fees paid and the government's
contribute of annual profits.
Saudi Telecom Company (STC) expanded into Asian markets as part of a global expansion strategy. This goal has
been met through rapid expansion and geographic reach in populous high growth markets through targeted
acquisitions, which some scholars refer to as accelerated internationalization.
Since the liberalization of the Saudi telecom sector in 2004, competitors have entered the market in an attempt to
break the monopoly. These new entrants have competed for market share, dividing the Saudi telecom market
among three telecom companies: STC, Mobily, and Zain. STC maintains its lead; in 2012, it had a market share of
45 percent (of total subscriber base), Mobily had a market share of 38.3 percent, and Zain had the lowest market
share at 16.7 percent. By the end of 2020 , STC’s market share, by number of subscribers in Saudi Arabia reached
61 %.
In 2010, STC introduced a new strategy called the "LEAD Strategy." This strategy was created to focus efforts on
trying to exploit opportunities available while managing overall challenges in the coming years. The LEAD
strategy encompasses six key dimensions that have been critical to STC's success. STC's primary goal is to provide
various communication services to customers in the Kingdom by developing, managing, operating, and
maintaining fixed and mobile communication networks and systems. To that end, STC considers its customers to
be its primary priority (Al Jazira Capital, 2012).
5. Significance of this investigation

Despite recent advances in information technology and the traditional roles of these advancements and practises in
risk management, researchers in this field have not highlighted the role of risk management supported by
integrated information technology in improving facility performance.
As a result, the current study is significant because it attempts to connect the information and risk management
systems in the company, because the support of the information technology system for risk management allows the
organisation to integrate the necessary information that are the risks that arise within or outside the company, and
the information technology system works more flexible and easier to flow and access. The application to STC
acknowledges this role.

5
6. Listing and describe the available software

6.1 MATRIXX Software

Saudi Telecom Company (STC), the world's leading digital company, today announced a partnership with
MATRIXX Software to drive the continued growth of its Jawwy brand. STC is the main contractor for the project,
and Selfocus has been selected as the System Integrator (SI). Jawwy, as the number one digital solution, represents
the future of consumer mobility by providing a rich and unique customer experience built on a future-ready 5G
digital package capable of enhancing digital customer engagement at scale. Jawwy will be able to digitalize
customer interaction, clarify customer journeys, and deliver better and more comprehensive experiences by
deploying the MATRIXX digital commerce platform. To keep pace with its mobile-savvy customers, STC realized
the importance of developing Jawwy's offering. MATRIXX has proven to be successful in attracting customers
quickly and cost-effectively into production, allowing service providers to launch customized products and services
as well as being effective while managing the company's risks and providing it with the required information.
(Amine, Khan, 2013).
STC (STC) will lead the engagement by overseeing and ensuring the success of all phases of this digital
transformation project. Jawwy will be able to improve its operational performance, better serve its customers, and
explore opportunities for growth in the telecom and other industries thanks to STC's unique values and strong
commitment. According to leading industry analyst firm IDC, STC has led the KSA IT services market for four
years in a row. STC is at the forefront of reshaping the Saudi IT landscape by assisting organisations of all sizes in
realizing their full potential.
Designed and built for the modern age, the multi-patented MATRIXX digital commerce platform enables Telco's
first digital reinvention. Using the cloud-native architecture, you control implementation to quickly and easily scale
a new generation of services while ensuring high availability of distributed applications. The MATRIXX digital
commerce platform, designed to scale digital services, 5G, and the Internet of Things, gives operators the
flexibility and flexibility they need to compete and win now and in the future. It also supports and strengthens the
company's risk management in the event of working alongside it and linking risk management to the system.
6.2 Supporting Quotes
In line with the vision of the Kingdom of Saudi Arabia 2030, digital development is an essential pillar for building
a strong risk management in the company, as it is at the heart of the technology strategy. This development aims to
lay the digital foundation for a variety of business lines. In order to raise the quality of services and meet the
growing expectations of consumers - the Saudi youth segment - the company has built a stack committed to
providing the digital Jawwy brand. As part of the company's commitment to provide the best innovative services,
and to face any risks by managing risks based on modern technology (Middleton, 2013).

6
7. Software Selection for evaluation (at least 3 to be selected)
7.1 IFS
London, 12 December 2019 – IFS, the worldwide enterprise systems company, comes out and says that Saudi
Telecom Company (STC), a world-class digital leader providing innovative services and systems to our customers
and allowing the digital transformation of the MENA region, has chosen IFS Service Management to improve
process efficiency, margins, and customer satisfaction.
STC launched a comprehensive evaluation process, selecting a service platform to replace legacy business systems
while improving operational efficiency, to strengthen its market leadership and prepare the company for future
business driven by a growing need for digital revolution. STC chose IFS from a short list of solutions from some of
the world's largest vendors because of its powerful scalability, intuitive user experience, and robust functionality
(ifs.com, 2019).
7.2 Stc Cloud
Because of its comprehensive and on-demand managed IT infrastructure, it is simple to migrate operations to stc
cloud services. The cloud portfolio of the company seems to be quite diverse, providing Infrastructure as a Service
(IaaS) and Platform as a Service (PaaS) applications such as Virtual Machines (VM), Public and Private Cloud
Services, Virtual Data Centers (VDC), Oracle, Open Shift, and so on.
The company's cloud marketplace also has turnkey deployments for Enterprise Resource Planning (ERP), Human
Resource Management (HRM), Disaster Recovery as a Service (DRaaS), and other applications. The benefit is that
it will only be billed based on usage, so you can start small and scale up as your business grows. This also implies
that market fluctuations can be handled quickly.
7.3 IP-VPN service
STC was able to implement several more ICT services that serve other essential marketing segments, such as
corporations and small and medium-sized businesses (SME). IP-VPN service, for example, is used to connect
company branches, hosting and data centre services, and cloud computing.
The Group's main activities also provide a wide range of telecommunications services, including mobile (fourth
generation is the most recently developed); fixed local, national, and international telephone; and data services,
including data transmission, leased lines, Internet services, and e-commerce (AME Info, 2009).
All of these programmes complement the company's risk management strategy. It establishes the framework for the
Saudi Telecom Company's risk management operations. This framework will aid in ensuring a consistent approach
within the company to identifying and evaluating, as well as ensuring that actions taken to address risks are
proportionate, thereby utilizing resources efficiently and effectively and maintaining a balance between risks and
controls.

7
8. Critically Review the selected three Software's
IFS software is designed to manage the entire lifecycle of a service. IFS FSM can be used by organisations to
manage service contracts, work orders, parts and assets, and paperwork such as contracts and warranties. It can
generate work schedules and provide customers with more information about the work process. However, updating
the software can be time-consuming, and its configurability can be both a blessing and a curse, depending on the
user's needs.
On the other hand, IFS' product is difficult to learn; it lags in cloud leadership; its capabilities may not be as strong
for industries other than its primary targets; customization may be too complicated for smaller businesses;
upgrades may be difficult; and there is a widespread lack of brand awareness, which may compromise budget for
continuous improvement (techtarget.com, 2021).
Creating a complete IT ecosystem for a business is a difficult task. Maintenance, security management, regular
hardware upgrades, and software updates merely add to the workload. To run the Cloud Service, the company will
also require a dedicated team. All of this makes high-end in-house cloud systems a pipe dream for most businesses.
The drawbacks of a VPN service are due to potential risks, inaccurate execution, and bad habits, rather than
problems with VPNs themselves. Scalability, protection against advanced cyber-attacks, and performance are some
of the major issues with VPNs, particularly for businesses (Baukari, Ali, 1996).

9. Identify and set Criteria for Evaluation

Risk management is an essential component of good governance because it contributes to better decision-making
and goal achievement. It is critical for STC to understand that risk management appears to apply to all parts of the
company's operations, not just health and safety. When risk management is integrated into current planning and
decision-making processes, it provides a foundation for ensuring that the implications are considered, that the
impact of decisions, initiatives, and projects is considered, and that conflicts are balanced. As a result, the success
and enhancing service delivery will suffer. The company's risk management relationship is with information
technology - that of the company's ability to deal with the pace/volume of technological change, or its ability to use
technology to meet changing demands. It will also include the consequences of internal failures on the company's
ability to achieve its goals.

The criteria for evaluating the programmes used in the Saudi Telecom Company and their relevance to risk
management are that risk management works in tandem with these information technology programmes to improve
the company's ability to achieve its objectives and increase the value of the services supplied. Risk Management
will assist in ensuring that all departments within the Company understand the concept of 'risk,' and that the
Company uses a standardized approach to identifying and prioritizing risks. This, in turn, should lead to more
informed decisions about the best way to deal with each risk, whether it is to eliminate, reduce, transform, or
accept it (Gupta, et al., 2014).
8
Risk management, using information at hand technology software, helps guarantee to members and company
officials about the appropriateness of business arrangements and resource utilization. Implementing this results in
increased risk awareness and improved control, resulting in fewer risks and control failures. To maximise
opportunities, the company seeks to incorporate effective risk management into its culture, operations, structure,
and communication with other departments within the company, particularly information technology. In addition to
encouraging line managers to identify and evaluate risk management, as well as learn to accept the appropriate
risks.

In the telecommunications industry, IFS provides Enterprise Resource Planning, Field Service Management, and
Enterprise Asset Management. Customer expectations are higher than ever, putting critical strain on
telecommunications infrastructure, asset performance, and customer service operations. IFS is a single product that
offers best-in-class solutions for Service Management, Enterprise Resource Planning, and Enterprise Asset
Management. Within IFS's five key industries, IFS provides extensive software support to companies all over the
world that manufacture and distribute goods, build and maintain assets, and manage service–focused operations.
Because of positive feedback from both users and software industry analysts, IFS has become a recognised leader
and the most suggested provider in their sector (Ibid).

Cloud services enable the creation of a flexible, scalable, and simple solution to house and transform operations in
unprecedented ways. With cloud hardware, software updates, support, and well-maintained infrastructure, the
cloud also relieves pressure on on-premises IT teams and servers. The company can also get 24/7 support
whenever it needs it, allowing it to expand its operations across multiple time zones (Ibid).

The term "VPN," which is an abbreviation for Virtual Private Network, has spread among smartphone users. A
VPN is a virtual network that is connected in order to access some blocked sites, to hide while using the Internet,
or to access some of the features of applications that are accessed. Some countries have outlawed it! It is important
to understand that VPN programmes provide various levels of protection and encryption for communication only,
but they do not act as antivirus programmes, which means that you must be cautious while browsing even if the
company uses one of these programmes, because, while most VPN programmes contain firewalls, they do not act
as antivirus programmes. It does not, however, prevent viruses or malicious programmes from infiltrating the
company's devices (Snader, 2006).

9
11. Set up Evaluation Matrix

IFS software Matrix

IP-VPN service matrix

10
12. justification of weighting criteria for each software ( clear evidence and comparison. required]
Customers can use IFS's ERP systems, known as IFS Applications, on-premises, in the cloud, or as a hybrid (on-
premises plus cloud). Customers can deploy IFS Applications in one of two ways. Customers can use the
infrastructure as a service model to deploy IFS Applications, in which servers, storage, and other infrastructure
components are hosted on Azure and the client accesses and manages them remotely. Clients can also deploy as
cloud ERP software, with IFS Managed Cloud providing full cloud management.
A web browser such as Chrome, Safari, or Internet Explorer can be used to access IFS' cloud ERP software. Secure
network connections, such as Secure Sockets Layer (HTTPS) communication, private site-to-site VPN, or MPLS
connection, allow each client to access their unique copy of application software remotely.
All computing for an STC should ideally be cloud computing. It is the quickest, safest, and most adaptable method
of working. However, if a corporation has legacy software that isn't cloud-based or files on its server that aren't
cloud-based, a VPN may be the only alternative. The organisation simply logs in to cloud computing. The
company's IT department will be able to assist them in setting up the VPN as well as with any management and
issue issues (Reuters, 2013).
13. Discussion and the results
For all companies in the labor market, the IT department has become one of the most important administrative
departments in the company. It is the department responsible for managing the administrative processes and
assigning responsibilities, thus saving time and effort for both the administrators and workers in the company.
They are systems that are designed to facilitate the scheduling and structuring of the administrative system, as well
as reduce risks and provide assistance in managing risks when facing crises, thus contributing to the decision-
making process in order to achieve the desired results and agreed goals. It assists the company in a variety of areas,
from employee selection to decision making in order to compete with other business firms.
Many businesses rely heavily on information technology (IT). For example, the Saudi Telecom Company uses
information technology to identify the risks to which its information technology systems and data are exposed,
mitigate or manage those risks, and establish a reaction plan in the case of a technology disaster. IT risk
management solutions are influenced by regulatory duties surrounding privacy, electronic transactions, and staff
training. IT hazards include hardware and software failures, human error, spam, viruses, and malicious assaults, as
well as natural disasters such as fires, storms, or floods. A business risk assessment can help you manage IT
hazards. A business continuity plan can assist you in recovering from an IT incident.
The information system and IT infrastructure are the most crucial capital in STC, and the appropriate information
is a critical determinant in the company's performance. Risk management is the process of identifying, assessing,
monitoring, and controlling potential risks in order to satisfy a company's plans, objectives, and reasons for
limiting negative project outcomes (Nadikattu, Rahul, 2020).
11
It also plays an important role in the company's strategic management by controlling leads. Risk management must
also suggest a disaster recovery plan in order to systematically eliminate IT risks. Recognizing dangerous work
packages, assessing risks, identifying risk events, and building a risk management plan are all part of the risk
management framework. Because they are all susceptible to cost, time, and quality goals, they are all equally
significant. Target failures, on the other hand, are identified by both IT executives and functional managers.
The changing business world is frequently driven by information technology. IT structures and systems have a big
influence on planning, management, risk reduction, and system operations. IT policies, legislation, and
management all contribute to a complex and gloomy environment, which results in a distinct set of dangers. Any
industry or part of an organisation can be targeted by IT system failure, error, dangers, and threats (Thakurta,
2014). Any risk management strategy or policy must start with mitigating threats, consequences, and negative
outcomes. The challenge and risk management process is a brand-new threat that is keeping IT professionals and
programme managers awake at night. All approved risk management methods in the company are entrusted to IT
project managers (Barafort, et al., 2017).

STC chart | TADAWUL | TASI | Argaam

12
14. Discussion of Problems and Pitfalls

Risk management is a complicated system, as evidenced by the issues encountered in practise. It may be a very
useful tool when used correctly, but risk managers and management should be mindful of the possibility of failure.
Companies should do stress testing and scenario analysis in addition to employing quantitative measurements like
VaR to create a more balanced and thorough risk assessment. Stress testing entails exposing a company's financial
condition to significant changes in key variables. Scenario analysis is simulating a series of events (such as changes
in exchange rates, interest rates, and commodity and asset prices) in order to capture market dynamics.

Because the quick pace of IT transformation combines changes in business processes to cause sudden shifts in cost,
the cost-benefit ratio, and the ability to perform specific things in specific ways, ICT initiatives are high risk. The
dangers that ICT projects confront are not primarily financial issues. Executives at STC recognize that corporate
risk management is a critical core skill that enables the organisation to provide and grow shareholder value over
time. Risk management software can only be as effective as the people, processes, and technologies it uses if risk
management is considered as a critical tool to assist management continuously generate, sustain, and deliver value.
As CEOs place a greater emphasis on risk management as a key skill, many are recognizing the need for better data
and information to enable their companies to respond to an ever-changing risk inventory (Stulz, 2008).

However, one of the issues risk managers confront is that risk data is dispersed throughout the organisation and is
not shared across departments. The problem is that many risk management departments lack the tools they require
to successfully record and use risk data. Risk management teams must therefore allow and encourage the
acquisition, analysis, and presentation of current and future (predictive or prescriptive) risk information in order to
be genuinely effective. Predictive risk data can assist a corporation in making better-informed decisions and taking
measures that result in more consistent outcomes (Aven, 2016).
15. Recommendation/s

1. The necessity of applying information technology in all departments of the company, especially risk

management, as it is the means through which updated information is obtained to reach the best techniques and

strategies used, to ensure the interface of any risks to which the company is exposed.

2. The necessity of having a strong and stable risk management in the company that depends on information

technology in managing, mitigating and facing future risks.

13
16. References

1. Cooper D, Grey S, Raymond G, Walker P. (2005), Project Risk Management Guidelines—Managing Risk in
Large Projects and Complex Procurements. Wiley Publishers; 2005.

2. Hopkin P. (2013), Fundamentals of Risk Management. 5th ed. Great Britain: Kogan Page Limited.

3. Al Jazira Capital. (2012). Saudi Telecom Sector. Riyadh. Retrieved May 9, 2014, from

http://www.aljaziracapital.com.sa/report_file/ess/SEC-32.pdf.

4. Amine, L. S., & Khan, G. M. (2013). Saudi telecom: An example of accelerated internationalization. Journal of
Islamic Marketing, 5(1), 71-96.

5. Middleton, J. (2013, July 25). Retrieved April 12, 2014, from Telecoms Website: http://www.telecoms.com/
164852/saudi telecom-to-offload-Indonesian-unit/

6. https://www.ifs.com/news/customer/saudi-telecom-company-selects-ifs-to-improve-customer-experience, 2019

7. AME Info. (2009). STC Group implements organizational structure, from Gulf Base Website:
http://www.gulfbase.com/news/stc-appoints-saudbin-majed-al-daweesh-as-ceo-for-stc-group/99581.

8. https://www.techtarget.com/searcherp/feature/IFS-Field-Service-Management-software-Overview-pros-cons

9. Baukari N., and Ali Aljane, Security and auditing of VPN. In sdne, IEEE, 1996, 132.

10. Gupta, A. K., Govindarajan, V., & Wang, H. (2014). The Quest for Global Dominance: Transforming Global
Presence into Global Competitive Advantage (2nd ed.). John Wiley & Sons.

J. C. Snader, “VPNs ILLUSTRATED: Tunnels, VPNs, and IPSec,” Addison-Wesley, 2006.

11. Reuters. (2013). Saudi Telecom resolves $1.2 bln loan issue with creditors, from
http://www.reuters.com/article/2013/09/12/saudiindonesia loan-idUSL5N0H82G120130912

12. Barafort, B., Mesquida, A. L., & Mas, A. (2017). Integrating risk management in IT settings from ISO
standards and management systems perspectives. Computer Standards & Interfaces, 54, 176-185.

13. Nadikattu, Rahul Reddy,( 2020). Risk Management in the IT Department, International Journal Of Advance
Research And Innovative Ideas In Education, Volume 6, Issue 3, 2020. Available at SSRN:
https://ssrn.com/abstract=3620047 .

14. https://www.argaam.com/en/tadawul/tasi/stc/chart.

15. Stulz, R M (2008) ‘Risk Management Failures: What Are They and When Do They Happen?’, Journal of
Applied Corporate Finance, 20(4), 58-67.

14
 17. Appendix
11. Set up Evaluation Matrix

IFS software Matrix

IP-VPN service matrix

15
STC chart | TADAWUL | TASI | Argaam

16