Find Resources and Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

Subscribe to this discussion

More Monetary Risk Management: rescuing us from a scale of 1 to 5

The desire to be vague about Risk makes some good sense.  If we get too specific about Risk we might be right to think of it as a risk.  But later, the risk could materialize as a hazard in a consequential lawsuit.  Opposing council might even discover our Risk Analysis and use our exacting estimates of frequency, damage and obviously now feeble mitigations against us in court.   But, if we do not get specific enough about risk then we could also be stupid not address completely avoidable Risk or even judged negligent in court because a reasonable person could have known this Risk mattered.  Also, even the Legal world is getting savvy about the practice of Risk management.  It is part of our duty to look and assess Risk.  Ignorance is not only not bliss it looks really stupid and does not compare well with our pay grades in the negligence department.  What kind of Yahoo earning 220k/yr plus did not know their business' Risks, or selected a bone headed professional team to advise them?

But getting more specific about risk than digital compliance: does or does not comply.  Or Risk on an uncalibrated scale from 1 to 5.  Gee, that Risk is a 5, so how many millions of dollars per year are at risk does that mean?  Ranking uncalibrated risk is failure of basic quality standards such as Six Sigma classic: Define, Measure, Analyze, Improve, and then Control.  Uncalibrated Risk on a scale of 1 to 5 neither Defines the metric of Risk nor Measures it in a reliable way.  Consequentially, Analysis, Improvement and Control of Risk underperforms.

I would like to look at actual costing methods or Risk, to Monetize it in the tangible units of business cash.  Cash that is either routed toward profit making ventures or alternatively routed to pay for the materialized hazard of a Risk.














You must sign in to rate content.
(Unrated)

Comments

RE: More Monetary Risk Management: rescuing us from a scale of 1 to 5

Hello Don,

Your question is very valid, and I might go on to afford an assumption that the question has been frustrating.

One of the approaches, as you rightly pointed out, is to tie in the monetary aspect. So, in essence, your organization may define a scale of 1 to 5 or 1 to 10, and tier them based on thresholds. 

So e.g, a 5 on a 5 scale could indicate the risk impact of anything above $1,000,000. Same way, a 1 on 1 on the same 5 scale could indicate the risk impact of anything below $1,000. That way, the system need not be too vague, but at the same, has some monetary impact tied in, to make sense of the urgency to the management. 

Eventually, as your organization uses the model, it may find the need to re-evaluate the weighting of the impacts to their scale or change the scale itself, and that it fine. In fact, that would be recommended and would indicate the risk management maturity of organization and its continuous risk management assessment itself.

Hope this helps.

Regards,
Rohit
Rohit BanerjeeInfluential at 10/18/2015 3:40:34 AM Quote
You must sign in to rate content.
(Unrated)

RE: More Monetary Risk Management: rescuing us from a scale of 1 to 5

I would have thought that the monetary value to attach to a risk is the amount it will cost in total should the risk be triggered (loss of earnings, reputational loss, cost of lawsuits, etc.).  Unfortunately, quantitative risk analysis seems to have failed us when it comes to major events such as the financial crisis, hurricaine Katrina, etc.

In IT, I find the method of calculating risk particularly troublesome - often trying to shoe horn probabilities into (say) high/medium/low meaning that a scenario with a given impact with 33% probability comes out the same as similar impacting scenarios with just 1% probability!

Phil GreenInfluential at 12/19/2015 11:41:32 AM Quote
You must sign in to rate content.
(1 ratings)

RE: More Monetary Risk Management: rescuing us from a scale of 1 to 5

I would have thought that the monetary value to attach to a risk is the amount it will cost in total should the risk be triggered (loss of earnings, reputational loss, cost of lawsuits, etc.).  Unfortunately, quantitative risk analysis seems to have failed us when it comes to major events such as the financial crisis, hurricaine Katrina, etc.

In IT, I find the method of calculating risk particularly troublesome - often trying to shoe horn probabilities into (say) high/medium/low meaning that a scenario with a given impact with 33% probability comes out the same as similar impacting scenarios with just 1% probability!

Phil Green at 12/19/2015 11:41:32 AM
I do agree that many organization to display a disturbing trend of trying to "Shoe horn" probability, without using stochastic mathematical models (deterministic or probabilistic).

However, time and again, statistical and mathematical models have proven to be near accurate in assigning a numerical value to the probability part. In my opinion, it's only the organization, or rather some select few people, who don't want to show the scary numbers, lest being called fear mongers or be afraid of being shot as the messenger of bad news. 
Rohit BanerjeeInfluential at 1/4/2016 1:55:15 AM Quote
You must sign in to rate content.
(Unrated)

RE: More Monetary Risk Management: rescuing us from a scale of 1 to 5

I would have thought that the monetary value to attach to a risk is the amount it will cost in total should the risk be triggered (loss of earnings, reputational loss, cost of lawsuits, etc.).  Unfortunately, quantitative risk analysis seems to have failed us when it comes to major events such as the financial crisis, hurricaine Katrina, etc.

In IT, I find the method of calculating risk particularly troublesome - often trying to shoe horn probabilities into (say) high/medium/low meaning that a scenario with a given impact with 33% probability comes out the same as similar impacting scenarios with just 1% probability!

Phil Green at 12/19/2015 11:41:32 AM
I do agree that many organization to display a disturbing trend of trying to "Shoe horn" probability, without using stochastic mathematical models (deterministic or probabilistic).

However, time and again, statistical and mathematical models have proven to be near accurate in assigning a numerical value to the probability part. In my opinion, it's only the organization, or rather some select few people, who don't want to show the scary numbers, lest being called fear mongers or be afraid of being shot as the messenger of bad news. 
Rohit BanerjeeInfluential at 1/4/2016 1:55:15 AM Quote
You must sign in to rate content.
(Unrated)

RE: More Monetary Risk Management: rescuing us from a scale of 1 to 5

I would have thought that the monetary value to attach to a risk is the amount it will cost in total should the risk be triggered (loss of earnings, reputational loss, cost of lawsuits, etc.).  Unfortunately, quantitative risk analysis seems to have failed us when it comes to major events such as the financial crisis, hurricaine Katrina, etc.

In IT, I find the method of calculating risk particularly troublesome - often trying to shoe horn probabilities into (say) high/medium/low meaning that a scenario with a given impact with 33% probability comes out the same as similar impacting scenarios with just 1% probability!

Phil GreenInfluential at 12/19/2015 11:41:32 AM Quote
You must sign in to rate content.
(1 ratings)

RE: More Monetary Risk Management: rescuing us from a scale of 1 to 5

Hello Don,

Your question is very valid, and I might go on to afford an assumption that the question has been frustrating.

One of the approaches, as you rightly pointed out, is to tie in the monetary aspect. So, in essence, your organization may define a scale of 1 to 5 or 1 to 10, and tier them based on thresholds. 

So e.g, a 5 on a 5 scale could indicate the risk impact of anything above $1,000,000. Same way, a 1 on 1 on the same 5 scale could indicate the risk impact of anything below $1,000. That way, the system need not be too vague, but at the same, has some monetary impact tied in, to make sense of the urgency to the management. 

Eventually, as your organization uses the model, it may find the need to re-evaluate the weighting of the impacts to their scale or change the scale itself, and that it fine. In fact, that would be recommended and would indicate the risk management maturity of organization and its continuous risk management assessment itself.

Hope this helps.

Regards,
Rohit
Rohit BanerjeeInfluential at 10/18/2015 3:40:34 AM Quote
You must sign in to rate content.
(Unrated)

RE: More Monetary Risk Management: rescuing us from a scale of 1 to 5

I would have thought that the monetary value to attach to a risk is the amount it will cost in total should the risk be triggered (loss of earnings, reputational loss, cost of lawsuits, etc.).  Unfortunately, quantitative risk analysis seems to have failed us when it comes to major events such as the financial crisis, hurricaine Katrina, etc.

In IT, I find the method of calculating risk particularly troublesome - often trying to shoe horn probabilities into (say) high/medium/low meaning that a scenario with a given impact with 33% probability comes out the same as similar impacting scenarios with just 1% probability!

Phil GreenInfluential at 12/19/2015 11:41:32 AM Quote
You must sign in to rate content.
(1 ratings)

RE: More Monetary Risk Management: rescuing us from a scale of 1 to 5

Hello Don,

Your question is very valid, and I might go on to afford an assumption that the question has been frustrating.

One of the approaches, as you rightly pointed out, is to tie in the monetary aspect. So, in essence, your organization may define a scale of 1 to 5 or 1 to 10, and tier them based on thresholds. 

So e.g, a 5 on a 5 scale could indicate the risk impact of anything above $1,000,000. Same way, a 1 on 1 on the same 5 scale could indicate the risk impact of anything below $1,000. That way, the system need not be too vague, but at the same, has some monetary impact tied in, to make sense of the urgency to the management. 

Eventually, as your organization uses the model, it may find the need to re-evaluate the weighting of the impacts to their scale or change the scale itself, and that it fine. In fact, that would be recommended and would indicate the risk management maturity of organization and its continuous risk management assessment itself.

Hope this helps.

Regards,
Rohit
Rohit BanerjeeInfluential at 10/18/2015 3:40:34 AM Quote
You must sign in to rate content.
(Unrated)

RE: More Monetary Risk Management: rescuing us from a scale of 1 to 5

I would have thought that the monetary value to attach to a risk is the amount it will cost in total should the risk be triggered (loss of earnings, reputational loss, cost of lawsuits, etc.).  Unfortunately, quantitative risk analysis seems to have failed us when it comes to major events such as the financial crisis, hurricaine Katrina, etc.

In IT, I find the method of calculating risk particularly troublesome - often trying to shoe horn probabilities into (say) high/medium/low meaning that a scenario with a given impact with 33% probability comes out the same as similar impacting scenarios with just 1% probability!

Phil Green at 12/19/2015 11:41:32 AM
I do agree that many organization to display a disturbing trend of trying to "Shoe horn" probability, without using stochastic mathematical models (deterministic or probabilistic).

However, time and again, statistical and mathematical models have proven to be near accurate in assigning a numerical value to the probability part. In my opinion, it's only the organization, or rather some select few people, who don't want to show the scary numbers, lest being called fear mongers or be afraid of being shot as the messenger of bad news. 
Rohit BanerjeeInfluential at 1/4/2016 1:55:15 AM Quote
You must sign in to rate content.
(Unrated)

Leave a Comment

* required

You must login to leave a comment.