The desire to be vague about Risk makes some good sense. If we get too specific about Risk we might be right to think of it as a risk. But later, the risk could materialize as a hazard in a consequential lawsuit. Opposing council might even discover our Risk Analysis and use our exacting estimates of frequency, damage and obviously now feeble mitigations against us in court. But, if we do not get specific enough about risk then we could also be stupid not address completely avoidable Risk or even judged negligent in court because a reasonable person could have known this Risk mattered. Also, even the Legal world is getting savvy about the practice of Risk management. It is part of our duty to look and assess Risk. Ignorance is not only not bliss it looks really stupid and does not compare well with our pay grades in the negligence department. What kind of Yahoo earning 220k/yr plus did not know their business' Risks, or selected a bone headed professional team to advise them?
But getting more specific about risk than digital compliance: does or does not comply. Or Risk on an uncalibrated scale from 1 to 5. Gee, that Risk is a 5, so how many millions of dollars per year are at risk does that mean? Ranking uncalibrated risk is failure of basic quality standards such as Six Sigma classic: Define, Measure, Analyze, Improve, and then Control. Uncalibrated Risk on a scale of 1 to 5 neither Defines the metric of Risk nor Measures it in a reliable way. Consequentially, Analysis, Improvement and Control of Risk underperforms.
I would like to look at actual costing methods or Risk, to Monetize it in the tangible units of business cash. Cash that is either routed toward profit making ventures or alternatively routed to pay for the materialized hazard of a Risk.
You must sign in to rate content.