An organization’s size can impact implementation of risk management planning because when we talk about the responsibilities of who will do the monitoring, training, and maintaining compliancy, it may be easier for a small firm that has a small team, however with a large firm with a small team that may be somewhat more difficult. When considering how much it will cost and the timeline for implementation it will also depend on the size of the organization, IT can give their recommendations but ultimately it is up to management on how much money they would like to spend on protection, system updates, and even IT personnel and if the benefit is worth the risks. It is the responsibility of the IT department to create lists of threats, vulnerabilities, recommend solutions, and costs for each recommended solution to assist with the decision.

There are different factors that determine if am organization is more susceptible to threats. An organizations culture should be considered in risk management because it could be the organization’s lack training and awareness of federal regulations, policy, and/or procedures when it comes to information technology and how it relates to the usage of the company’s technology.

Stakeholders should be involved in the process of strategizing a plan for the scope of statement because they are able to make the decisions on projects and what resources will be allocated to support them. Identifying the stakeholders and what they will be responsible for will hold them accountable for their roles of the risk management plan. The plan should assign clear responsibilities and management follow up to successfully fulfill the company’s expectations.