Quality of your risk analysis is important. Establishing a consistent and efficient process for performing QA of an analysis should be viewed as a requirement.
If this process takes only 5 minutes or less – there are no excuses why each and every quantitative risk analysis using FAIR shouldn’t be reviewed. In this post, I will walk you through a process each of our risk consultants uses to review their own FAIR analyses.
Does the min, average, max look reasonable? At the aggregate level – it is often tough to identify any issues, but we tend to look for “surprises”.
The scenario explorer shows the summary results of all independently analyzed scenarios. The scenarios that have the largest and smallest average exposure should seem reasonable.
Both the derived Loss Event Frequency (LEF) and the single event Loss Magnitude (LM) should appear reasonable.
One of those inputs may need to be refined. If single event LM appears suspiciously high or low, check the loss factor workshop questions (sensitive records, outage duration, etc.).
That is it!
If you perform any other types of QA over your analysis – the customer success team would love to know!