Exaprotect BlogManager

s we saw in part 2 of this series, some of the traditional arguments used for distinguishing between quantitative and qualitative risk analysis (RA) are based upon dubious assumptions. Many writers assume that “quantitative” equals objective and numerical, while “qualitative” equals subjective and non-numerical. This is incorrect, however. Both quantitative and qualitative RA are compatible with objective and subjective approaches. Additionally, both types of RA must be numerical in order to be meaningful. So if the quantitative-qualitative distinction isn’t significant because one is objective and numerical while the other is subjective and non-numerical, then why does the distinction matter?

Read more: http://www.bloginfosec.com/2008/11/05/the-difference-between-quantitative-and-qualitative-risk-analysis-and-why-it-matters-part-3/

Organizations implement IT projects for a myriad reasons, such as to improve e-commerce capabilities, increase market share or achieve operational efficiencies. Project success will depend on several factors, including the capacity, skills and competencies of the project team and retaining the team once assembled.

Hence, a key project risk factor is the selection of the project team. A key decision many organizations face is ”do we undertake the project in-house, or do we engage consultants to manage and implement the project on our behalf?“ Depending on the nature of the project, the organization may have to live with the consequences of this decision for many years to come.

(more…)

As risk management matures and develops, reputational risk is gripping the imagination of many CEOs. A series of recent surveys illustrate that boards not only consider that reputational risk exposure is increasing, but that it is now the most serious threat to their company.

In a volatile global marketplace, where media coverage is almost simultaneous across the world and where reputation is seen as a key source of competitive advantage, trust and confidence are now understood to be key business drivers. However, reputation is subjective and elusive. It is not readily defined. It is an intangible asset. While it exists primarily in the minds of customers, shareholders and the public, it can have a profound impact on the balance sheet.

(more…)

CEOs now readily recognize that risk is ubiquitous Also boards commonly accept the tenet that risk management improves business performance. However the benefits of risk management derived by organizations will depend directly on the level of maturity of their risk management practices.

In the absence of an organization-wide knowledge infrastructure, repeatable results depend entirely on the availability of specific individuals with a proven track record - and this does not necessarily provide the basis for long-term success and continual improvement throughout an organization. As a result, organizations are increasingly turning to maturity models for assessing and improving processes on the premise that the quality of a system or product is highly influenced by the quality of the process used to develop and maintain it.

(more…)

Protection of shareholder value is seen as the chief benefit of Enterprise Risk Management (ERM). Hence enterprise risk management is now firmly on the boardroom agenda. So why is it proving so difficult to implement?

Companies cannot reap the benefits of risk management unless they have the right foundations in place. Any management activity requires a clearly defined set of objectives, clarification of the tasks to be performed, planning and management. Risk management is no exception. In addition, any activity that has multiple participants requires a coordinated consistent approach that aligns all the necessary elements. This uniform approach can be orchestrated through the use of a framework.

(more…)