If you have assets, whether in terms of office inventory or application portfolios, it is important to factor in the level of risk associated with each individual property. However unlike inventory management and risk assessment which are fairly simple, application portfolio management is slightly more complex.

By definition, risk management is the activity that includes recognition of the existing and potential risk of the asset, assessment of these risks, development of risk management strategies, and mitigation of these risks through managerial resources. Risk management strategies can include the transferring of the risk to a different party, reducing the ill-effects of the risk, avoiding one or more risks, and/or accepting the consequences of unavoidable risks.

Where can you begin with risk management?

To begin assessing the risks brought along with your application portfolio, you start by analyzing the effects on your business if your application fails to work. Start listing out all the possible ill-effects faced by your business because of the applications and find attributes that set each of them apart. This distinction will help you differentiate between different applications.

The hierarchy for this activity can include risk scenarios, application attributes, data collection as well as categorization. Under each category, you and your team can discuss and determine the possible risks that can be mitigated. It is important to remember that you can choose any hierarchy to manage these applications as long as they give you accurate results.

Grouping applications in hierarchy

One simple way of grouping similar applications together is to organize them by their lifecycle stage. These lifecycle stages can be divided into four main categories like strategy, core processes, maintenance, and conclusive. During risk assessment, it is important to know the section of the budget that is set aside to improvise on strategic applications. However, one drawback with this system is that the categorization of application under the four sections is subjective. This process could also lead to lack of investment and resources for certain applications.

A second method of categorization includes segregating applications based on their impact on business operations. The main attribute used in this scenario is how quickly the failure of each application impacts your organization. You can include multiple categories like instant (less than six hours), immediate (within two days), rapid (within ten days), serious (within two months), corrosive (within nine months), competitive (operations unharmed but competitive abilities reduced), hidden (gradual decline in regulatory compliance and customer experience quality), and none i.e. removing the application will not affect your business in any major direction.