Information System Risk and Security








Risk assessment is essential for any organization in order to prevent the probably issues that may occur in future. It will aid to implement proper strategies and methods for the prevention of the threats and vulnerabilities that the organization is likely to come across. The report highlights the value creation activities adopted by The Sprout Foundation. It highlights the analysis of the impact and the tolerance capacity of the organization to cope up with the situation. It discusses the risks of The Sprout Foundation based on the priority of the risks.

1. Risk Identification

1.1 Value Creation Activities and the Strategies

The Sprout Foundation mainly focuses on development of society by organizing developmental projects in marginalized areas of various countries. As influenced by Denison et al. (2019, p. 61) the organization has expanded in prominent cities of Australia, Pacific and Asian countries. It coordinates with major cities which aid them to raise funds for community developmental activities initiated by the Sprout Foundation for the community development of that region. As influenced by Lock (2017, p.78) community development activities adopted by the Sprout Foundation focuses on development of children residing in marginalized areas of that region. The Sprout Foundation sponsors for education of children. The Sprout Foundation has collaborated with local schools to increase the opportunities available for children to acquire higher education. Organization is also funding for the associated costs of education such as cost incurred for study materials and school uniforms. It also considers cost incurred for technological advancements required for developmental activities. The Sprout Foundation is also subsidizing meals that are being provided to the school going children. The organization also facilitates fund for developmental activities related to enhancement of infrastructure in marginalized regions.

The Sprout Foundation also funds for building of the essential facilities such as schools, clean water wells, health clinics which are the basic necessities of any community. As mentioned by Worth (2018, p.175) the Sprout Foundation had developed a new Community Co-Operative Improvement Programme (CCOIP) which strives to encourage the marginalized societies of a region to cooperate with each other. The CCOIP aims to coordinate the various marginalized section in order to produce a product and sell the produce in the regional market.

As mentioned by Saltzman et al. (2018, p. 52) initiatives adopted by the Sprout Foundation mainly focuses on the development of children residing in marginalized sections of the community. This will have a positive impact on the community that promotes the weaker section of the society for their development. It mainly focuses on funding the education of the children. As highlighted by Saltzman et al. (2018, p.52) enhancement in the educational qualification will enhance the job opportunities available to the children in future.

The Sprout Foundation needs to focus on the development other dimensions of basic needs for survival. As highlighted by Saltzman et al. (2018, p.56) other dimensions that are essential for development of the children in an underdeveloped community is child health care facilities which accounts for availability of proper nutritional diet and proper health care for all round development of children. As highlighted by Saltzman et al. (2018, p.56) community cooperation method adopted by the Sprout Foundation encourages to coordinated among the marginalized section in a region for the development by producing a product which will provide with earning opportunities to the people of the society. This will positively impact on society which as it will provide with an opportunity to raise the standard of living of the residents.

1.2 Roles of individuals and Departments

Collaboration of various departments in the Sprout Foundation aids in development of marginalized section of the society. They mainly focus on the area wise development of the marginalized sections of the society. This department mainly deals with the infrastructure development which enhances the standard of basic necessities that are essential for survival. The development of the schools, health clinics, wells for clean water is done under the observation of this department.

The Sprout Foundation has a financial and auditing department which looks into the matters related with the funding acquired by various institutions like World Bank and UNDP. As influenced by Cammack (2017, p.17) it also acts as a medium of collaboration among various organization which helps to raise the funds from various countries for the developmental activities taking place in marginalized sections. As influenced by Cammack (2017, p.15) it also deals with allocation of the fund in various developmental activities and also provides an account of expenditures in various developmental activities to the World Bank and UNDP.

As mentioned by Yang et al. (2017, p.175) the Sprout Foundation has a TSF Partner network which is having a wider network in Pacific and Asian communities. This enhances the opportunities for Sprout Foundation to raise fund as well as carry on developmental activities in the underdeveloped regions of other countries. Various partners associated with the Sprout Foundation helps to promote TSP SPROUT, the brand of the Sprout Foundation which encourages the residents to produce a quality product which is being sold in surrounding regional areas. As highlighted by Zhang et al (2015, p. 1928) information Technology Department associated with the Sprout Foundation has aim to improve inflow of the funds and even assess the management of the funds that is being raised. The issues related to the IT department get commissioned to Business Information Systems Manager. It also handles the information assets of the Sprout Foundation.

Human Resource team of the Sprout Foundation which comprises of one Manager and two Human Resource Specialist focuses on managing and maintaining the human resource pools. It focuses on enhancement of technology used to acquire and manage human resources. There are many human resource management tools such as SAAS which aids in proper human resource allocation in various departments of the Sprout Foundation.




Community development department

Focus on infrastructural development and enhancement of basic facilities

Infrastructure development

Finance and Auditing Department

Handles corporate data as well as reports to the World Bank and UNDP regarding incurred expenditure.

Handling corporate and sales data

Information Technology Department

Assess inflow of funds as well as manages the information assets

Information system management

Human Resource Team

Manages human resource pool working for the organization.

Recruiting skilled people

Table 1: roles and responsibilities of different departments

(Source: influenced by Worth, 2018, p. 63)

Figure 1: Responsibilities of Various Departments

(Source: influenced by Worth, 2018, p. 63)

1.3 Identification of Information Assets

The Sprout Foundation has technologically advanced data backup system which enables to store corporate data as well as sales data. Data backup service is provided by Dandenong Range which aids them to achieve the mission of organization. TSF data centre was established in east wing of Melbourne as headquarter of corporate and sales data. It has corporate data which records all data related to operational activities of the organization. CCOIP data records all expenditures related to developmental activities undertaken in the underdeveloped regions of society. As mentioned by Yang et al. (2017, p.176), it even records list of donors as well as grantors who contributes in funding. The Sprout Foundation also maintains a legal and financial records which enlist donors in a particular project and overall project details that are being conducted for developmental purposes. CCOIP sales data which is related to the sales of the products under brands name of SPROUT TSF is updated on monthly basis. It also records the expenditure that had been spent from revenue and profits incurred by selling products and its specific allocation. This enables to maintain track records regarding developmental activities that are being conducted by the Sprout Foundation. Organization has advance and continuous backup technology.

2. Analysis of the pertaining risks

2.1 Threats and Vulnerability of Information Assets

The Sprout Foundation is totally dependent on local as well as regional along with international cooperation in order to raise funds for developmental initiatives taken by organization. Revenue incurred by selling the products under SPROUT TSF brand name is not enough to sustain developmental activities in marginalized areas. As mentioned by Gandy and Veraart (2016, p.4437) there is also lack of networking among TSF partners hampers the sales of the locally crafted products in global market. This can enhance the revenue earned by brand which can be utilized for developmental activities in marginalized sections of society. As mentioned by Gandy and Veraart (2016, p.4437) lack of collaboration among TSF partners also hampers the funding that is being received from various institutions which will also hamper allocation of funds in different sectors of society which will aid in development mainly of children residing in marginalized society.

The CCOIP established by the Sprout Foundation is totally dependent on TSF partners for recording sales data periodically. Lack of frequent monitoring and data analysis of revenue earned gets hampered which in turn, affects the fund allocation for developmental purpose. Effective processing of these reports that is generated is essential to analyse the operational costs incurred by the Sprout Foundation which will aid in processing the funds that are being obtained from CCOIP sales.

The Sprout Foundation allowed its employees to use their own personal devices like mobile phones as well as laptops for the official works that is being conducted. This has been done to curtail costs related to it. Due to this provision there has been occurrence of malicious software which got introduced in the system. This affected the local and regional operational system which also hampered the data collection of the organization. As mentioned by Bryce (2017, p.98) the Sprout Foundation also lacks updated database which mainly affects proper allocation of budget in different segments of developmental process. As mentioned by Cammack, (2017, p. 17) this will also affect the process of acquiring funds from the various international organizations such as World Bank and UNDP. Funding issues will also hamper the developmental process in marginalized section of society (Refer to Appendix 1).

Different risks



Lack of strong database and daily basis upgrading information system

  • Proper allocation of budget suffered

  • Problems in acquiring funds

  • Developmental progress will slow down

  • Fragmented development

Mainly dependent on Funds

  • Low revenues for developmental purpose

  • Developmental process might cease due to lack of revenue

Establishment of SPROUT TSF brand

  • Defaming of brand

  • Increased competition with global brands

  • Affect the revenue earned by sales of products

  • Compete with the global standards

Table 2: Risks and related Threats and Vulnerability

(Source: as influenced by Norman, 2016, p89)

Figure 2: Risk Assessment

(Source: as influenced by Norman, 2016, p89)

2.2 Impact analysis of the Risks

The Sprout Foundation has a strong database but proper updating on timely intervals is lacking. It is negatively impacting the developmental process that is taking place in marginalized regions of a society. Updating of the corporate and the sales data hampers the fund allocation required for specific developmental purpose (, 2019). The project completion transparency is also essential also it will highlight the progress in various segments regarding development of children and underdeveloped society. The lack of database also creates problem in acquiring funding in future as the institutions demands progress report as well as expenditure incurred in specific projects initiated by the Sprout Foundation (, 2019). As the Sprout Foundation is mainly depended on funds acquired from various institutions such as World Bank and UNDP it will hamper the developmental progress if funding cannot be acquired (Refer to Appendix 2).

Lack of funding will result in slowdown of developmental progress of marginalized sections. It will also hamper specific target oriented developmental projects such as children development by providing them with education. Revenue shortage also leads to fragmented development as well as delayed development. As mentioned by Cammack (2017, p. 17) the Sprout Foundation mainly depends on the funds that they receive from the global organizations such as World Bank and UNDP. The major percentage of revenue acquired is spent on specific target oriented developmental projects. As influenced by Gandy and Veraart (2016, p. 4432) the organization has to maintain a proper records of the project assessment as well as expenditure that it is allocating for completion of the projects. Therefore it is essential for the Sprout Foundation to maintain the various corporate and the sales data.

The Sprout Foundation mainly depends on the TSF partners for the promotion of the SPROUT TSF brand which sells products that are being produce by residents of marginalized society. As influenced by Khan et al., (2015, p.132).Products compete with global standard which creates certain risk of producing low quality products due to lack of technology available to them. This might hamper the SPROUT TSF brand and might lead to brand defaming. The revenue generated by the Sprout Foundation by selling products produced by the people involved in the cooperative model.

The cooperative model strategy adopted by the Sprout Foundation impacts developmental process as well as the revenue earnings due to lack of accountability and coordination among members of groups which affects balance growth rate.

As highlighted by Norman (2016, p.54) developmental activities adopted by the Sprout Foundation get affected by surrounding environment such as the present economic condition of the country. The economic factors such as the inflation rate in the country determined the donors and grantors. Inflation leading to high cost of living as well as job uncertainties influences charity that is being done by public.

2.3 Prioritization of the Risks

Different Risks


Lack of strong database and daily basis upgrading information system


Mainly dependent on Funds


Establishment of SPROUT TSF brand


Formation of Cooperatives


Use of personal devices by the employees


Table 3: Prioritization of Risks

(Source: As influenced by Bozdag et al. 2015, p.4012)

Lack of strong database has been prioritized as most important aspect for developmental projects that is being adopted by the Sprout Foundation. The proper management of the corporate and sales database aids in proper allocation of funds that is being provided by the international institutions. The database is also essential to acquire funds from World Bank as well as UNDP. The Sprout Foundation has also allowed its employees to use their personal mobile phones and laptops which pose a greater threat to acquire malware in system which hampers corporate and sales data of the region.


Thus, it can be concluded that developmental projects conducted by the Sprout Foundation requires collaboration of the various departments that is involved in this process. Maintenance and transparency of the database is essential for acquiring funds from the various international institutions. Establishment of a brand name by the Sprout Foundation enable them to earn extra revenue that can be spent on the developmental processes. Although there are certain risks related to management of the Sprout Foundation such as security of the information assets which need to be addressed in order to maintain an updated corporate data as well as sales data. According to the prioritization of risk lack of update database pose threats to the organization as well as on the developmental activities that are being conducted in marginalized regions.


Armin, F., Becker, A., Dohmen, T.J., Huffman, D. and Sunde, U., (2016). The preference survey module: A validated instrument for measuring risk, time, and social preferences. 13(1), pp.23-39.

Bozdag, E., Asan, U., Soyer, A. and Serdarasan, S., (2015). Risk prioritization in Failure Mode and Effects Analysis using interval type-2 fuzzy sets. Expert Systems with Applications42(8), pp.4000-4015.

Bryce, H.J., (2017). Financial and strategic management for nonprofit organizations. Walter de Gruyter GmbH & Co KG: Berlin

Cagliano, A.C., Grimaldi, S. and Rafele, C., (2015). Choosing project risk management techniques. A theoretical framework. Journal of Risk Research18(2), pp.232-248.

Cammack, P.,(2017). The UNDP, the world bank and human development through the world market. Development Policy Review35(1), pp.3-21., What are the 5 Risk Management Steps in a Sound Risk Management Process?.Available at: [Accessed on: 11.04.2019]

Denison, D.V., Yan, W. and Butler, J.S., (2019). Managing Risk and Growth of Nonprofit Revenue. Journal of Public and Nonprofit Affairs5(1), pp.56-73.

Gandy, A. and Veraart, L.A., (2016). A Bayesian methodology for systemic risk assessment in financial networks. Management Science63(12), pp.4428-4446.

Griffiths, P., 2016. Risk-based auditing. Routledge: Abingdon

Hopkin, P., 2018. Fundamentals of risk management: understanding, evaluating and implementing effective risk management. Kogan Page Publishers: London

Islam, S., Fenz, S., Weippl, E. and Kalloniatis, C., (2016). Migration goals and risk management in cloud computing: a review of state of the art and survey results on practitioners. International Journal of Secure Software Engineering (IJSSE)7(3), pp.44-73.

Khan, F., Rathnayaka, S. and Ahmed, S., (2015). Methods and models in process safety and risk management: Past, present and future. Process Safety and Environmental Protection98, pp.116-147.

Lock, D.,( 2017). The essentials of project management. Routledge: Abingdon

McDonnell, D., (2017). Improving Charity Accountability: Lessons From the Scottish Experience. Nonprofit and Voluntary Sector Quarterly46(4), pp.725-746. (2019), Risk Mitigation Planning, Implementation, and Progress Monitoring. Available at: [Accessed on: 11.04.2019] (2019), Risk Identification and Analysis. Available at: [Accessed on: 11.04.2019]

Norman, T.L., (2016). Risk analysis and security countermeasure selection. CRC press: Florida

Olechowski, A., Oehmen, J., Seering, W. and Ben-Daya, M., (2016). The professionalization of risk management: What role can the ISO 31000 risk management principles play?. International Journal of Project Management34(8), pp.1568-1578.

Pizzol, L., Zabeo, A., Critto, A., Giubilato, E. and Marcomini, A., (2015). Risk-based prioritization methodology for the classification of groundwater pollution sources. Science of the Total Environment506, pp.505-517.

Reinsberg, B., Michaelowa, K. and Knack, S., 2015. Which donors, which funds? The choice of multilateral funds by bilateral donors at the World Bank. The World Bank: Geneva

Saltzman, J.A., Fiese, B.H., Bost, K.K. and McBride, B.A.,( 2018). Development of appetite selfregulation: integrating perspectives from attachment and family systems theory. Child Development Perspectives12(1), pp.51-57.

Tang, M., Yu, Y., Malluhi, Q.M., Ouzzani, M. and Aref, W.G., 2016. Locationspark: A distributed in-memory data management system for big spatial data. Proceedings of the VLDB Endowment9(13), pp.1565-1568.

Worth, M.J., (2018). Nonprofit management: Principles and practice. Sage Publications: California

Yang, C., Northcott, D. and Sinclair, R.,( 2017). The accountability information needs of key charity funders. Public Money & Management37(3), pp.173-180.

Zhang, H., Chen, G., Ooi, B.C., Tan, K.L. and Zhang, M., (2015). In-memory big data management and processing: A survey. IEEE Transactions on Knowledge and Data Engineering27(7), pp.1920-1948.

Looking for Management Assignment Help. Whatsapp us at +16469488918 or chat with our chat representative showing on lower right corner or order from here. You can also take help from our Live Assignment helper for any exam or live assignment related assistance.