Don’t let drivers tune the cars too much
Governing processes for risk should treat analyses like the governor on a car treats the gas peddle. Governors limit the top speed to some number below the top speed an engine can handle. This keeps the driver from blowing the engine. It allows a controlled amount of wear and tear.
We should govern risk analysis in a similar way. If we have no governance (processes and procedures), we allow analysts to run wild. This usually results in unexpected variance in analysis results. Analysts push the pedal to the medal and run rampant with interpreting the landscape. The end result is untrustworthy analyses and often ends with bad business decisions.
Governance can also be the enemy of ‘good’
You often hear the saying, ‘perfection is the enemy of good’. Driving for perfection in governance often leads to thinking in place of the analyst. Robust governance processes usually have good intentions. But, often have unintended consequences. These processes answer questions related to the analysis. The unintended result is a system that cannot adapt to emerging issues. This is just another way to wind up making bad business decisions.
RiskLens helps find the sweet spot
There’s value in governance processes. If done right, they lay out the road for success. RiskLens puts organizations on the right track thanks to 3 key implementation practices:
- Establishing reusable libraries of data
- Publishing analysis playbooks
- Leveraging a proven model
Our application supports libraries for main risk components:
- Assets
- Threats
- Loss Tables (think actuary tables)
Outside of the software application, the RiskLens team is well versed in best risk management practices. We help organizations draw the lines between:
- Analyst requirements
- Governance expectations
Finally, we leverage Factor Analysis of Information Risk (FAIR) as our foundational risk model.
- RiskLens trains risk analysts on FAIR, so they can conduct risk analyses consistently and repeatably.
Lead with your peers
Large enterprises and government organizations leverage RiskLens to establish efficiency and consistency within their programs. RiskLens’ ultimate goal is to help people transform their risk analysis programs from qualitative in nature to quantitative. Along that journey, organizations struggle with the need to establish governance but not leash analysts. Tackling these struggles is commonplace for us. We would like to take the journey with you.