I recently had the pleasure of onboarding to RiskLens a financial organization’s Global Information Security team that has championed Factor Analysis of Information Risk (FAIR™) for the past few years. The team had the right people in place, with three certified FAIR analysts, but with FAIR on a spreadsheet their only resource, performing quantitative risk analysis was challenging and time consuming.
Among the challenges:
- Worry that their formulas were buggy or inaccurate. In particular, they had no confidence in results on the magnitude (or financial impact) calculations.
- Managing multiple versions of spreadsheets, causing confusion, re-work, or even the potential for losing track of the current file.
- Lack of structure for gathering, recording and then retrieving the data collected from the organization for analysis.
- Lack of robust reporting. Simply put, the organization was missing out on the “wow factor” when delivering results.
Zack Kramer is a Risk Consultant for RiskLens
Unleashing the Potential of the RiskLens Platform
The RiskLens platform is the only SaaS platform purpose-built for FAIR quantitative risk analysis (and by the creators of the FAIR methodology). It makes FAIR analysis fast and easy.
In the RiskLens platform, analysts follow a question/answer workshop format that guides them to properly scope an analysis and gather the right data.
Not only does the platform empower analysts to ensure the right questions are being asked during the data gathering process, but it also utilizes tailored data libraries such as loss tables and data helpers that enable analysts to customize, save and store data and analyses in RiskLens (as shown in the image below). This feature of the platform allows for consistency with future analyses.
To help manage version control, RiskLens comes with built-in audit logs and user administration. Audit logs provide full transparency within the platform and with administrative functions, users can be assigned only the functions they truly need to further avoid any mistakes.
Next, on to the most important part of any risk analysis: analyzing and reporting results. With FAIR on a spreadsheet, the analysts would need to interpret results and create a new report for each scenario. The RiskLens platform allows for automated reporting exports and the ability to capture results on a timeline. Just think of all the work the analysts had to complete -- what is the point if they cannot effectively communicate their results to decision makers?
RiskLens provides built-in reporting at the analysts’ disposal – and RiskLens delivered the “wow factor” through aggregation of risk scenarios into a Risk Assessment, allowing for the organization to see the total loss exposure they were facing, along with the ability to look at each scenario independently.
These images show aggregate risk reporting:
This image shows a breakdown by scenario:
With Comparison Reporting, the analysts were able to compare multiple risk analyses within the same risk assessment to report on changes in risk and comparative analyses.
The image below shows the reduction in risk by running a comparison analysis:
Associating a risk treatment to a risk scenario enabled the analysts to report on cost associated with the risk as well as performing a cost-benefit analysis.
With Rapid Risk Assessment, analysts could, in minutes, turn around a top risks report to present to senior management or the board.
Functions and Formulas Included
Finally, how did we solve the age-old problems with formulas that break, or those long nights trying to perfect a function for FAIR on a spreadsheet?
Imagine the look on the analysts’ faces when we told them we have a platform that encompasses every function and formula they need to complete their FAIR analyses. With built-in scoping, ranges with rationale capabilities and built-in descriptions, Monte Carlo simulations, and guidance the whole way, RiskLens checked every box for the team.
For the analysts, data gathering was the most challenging part of the risk analysis process, their struggle to determine the forms of loss applicable to the loss event being the biggest chasm. With some additional expertise provided by the RiskLens Professional Services team during on-boarding, along with their existing FAIR knowledge, the analysts were ready to cross that gap.
RiskLens not only provided the guidance needed each step of the way, but also gave the Global Information Security Team the confidence to deliver their results to key decision makers.