Analyst Tips: How To QA Review Your FAIR Analysis In Only 5 Minutes

January 22, 2019  Chad Weinman

Quality of your risk analysis is important. Establishing a consistent and efficient process for performing QA of an analysis should be viewed as a requirement.

If this process takes only 5 minutes or less - there are no excuses why each and every quantitative risk analysis using  FAIR shouldn't be reviewed. In this post, I will walk you through a process each of our risk consultants uses to review their own FAIR analyses.

Step 1: Look at Aggregate Loss Exposure

Does the min, average, max look reasonable? At the aggregate level - it is often tough to identify any issues, but we tend to look for "surprises".  

Step 2: Navigate to the RiskLens platform scenario explorer

The scenario explorer shows the summary results of all independently analyzed scenarios. The scenarios that have the largest and smallest average exposure should seem reasonable.

Step 3: Click into those scenarios with the largest and smallest average exposure

Both the derived Loss Event Frequency (LEF) and the single event Loss Magnitude (LM) should appear reasonable.

Step 4: If LEF appears suspiciously high, check the vulnerability percentage as well as the Threat Event Frequency (TEF)

One of those inputs may need to be refined. If single event LM appears suspiciously high or low, check the loss factor workshop questions (sensitive records, outage duration, etc.).

That is it!

If you perform any other types of QA over your analysis - the customer success team would love to know!