As Sir Arthur Conan Doyle stated . . .
“It is a capital mistake to theorize before one has data. Insensibly one begins to twist facts to suit theories, instead of theories to suit facts.”
Data is critical to risk management, and the more objective and quantitative the data is, the more value risk provides to the risk owners in the business.
Organizations take risks all the time but fail to quantify these risks effectively in an environment that demands an understanding of the risk exposure to objectives in order to make decisions. Too often, risk management is seen as a compliance exercise and not truly quantitative analysis that is of value to the organization’s strategy, decision-making, and objectives. A cavalier approach to risk management stuck in subjective and qualitative risk assessments leads to the inevitable failure . . .
[THE REST OF THIS ARTICLE CAN BE FOUND ON THE LOGICGATE BLOG WHERE GRC 20/20’S MICHAEL RASMUSSEN IS A GUEST AUTHOR]