The risk management process and its influence on business continuity in the Information Communication Technology (ICT) department at Parliament of Uganda.

Abstract

The study was on the risk management process and its influence on business continuity in the Department of Information Communication Technology (ICT) at the Parliament of Uganda. The study objectives were to: examine how risk analysis affects business continuity in the ICT Department at Parliament of Uganda, examine how risk treatment affects business continuity in ICT Department at Parliament of Uganda, and ascertain the effectiveness of risk evaluation in ensuring business continuity in ICT Department of the Parliament of Uganda. A cross-sectional descriptive design was adopted using a triangulation of qualitative and quantitative approaches. Data was collected using questionnaires, interviews and documentary review, from a sample of 76 respondents. These instruments were pretested for their validity and reliability. The study findings revealed that risk analysis had a statistically insignificant effect on business continuity, while both risk treatment and risk evaluation had a statistically significant positive effect on business continuity. The findings from the study revealed that the selected dimensions of risk management process explained by 54.5% of the variance in business continuity while 45.5% was explained by other factors. It means that the explanatory power of this model is moderately positive since a unit change in risk analysis, risk treatment and risk evaluation can only cause variability in business continuity by 54.5%. The study recommends that organizations should improve efficiency and reduce the time demands on business managers by leveraging risk assessment performed by operational or IT risk teams; risk treatment plans should be comprehensive and should provide all necessary information on; proposed actions, priorities or time plans, resource requirements, roles and responsibilities of all parties involved in the proposed actions. The study further recommends that: performance measures, reporting and monitoring requirements and finally a residual risk evaluation should be done.