John Wheeler, Global Research Leader - Risk Management Technology at Gartner, the influential technology consulting firm, gave the keynote address “Why Digital Business Needs IRM [Integrated Risk Management] and Risk Quantification.” John’s premise: “digital business” isn’t just about running software and storing data anymore, it’s the thorough transformation of businesses through new business models enabled by digital.
At first glance that just raises digital risk, but Gartner argues that it equally raises the flip side, of digital opportunity, and risk professionals need to start thinking of risk as running in both directions. In effect, this is an even stronger case for risk quantification in financial terms. Wheeler shows integrated risk management – with the different risk disciplines centered on digital risk management in this chart:
Gartner foresees 50% of large enterprises on an IRM system by 2021.
FAIR Institute Announces 2019 Winners of Annual Excellence Awards at FAIR Conference
The “Use Case Panorama: How Quantification Enables Risk-Aligned Decision Making” brought together FAIR practitioners Alex Rogozhin of BB&T, Laura Voicu of Swisscom, Luke Domet of Fidelity Investments and India Sutton of Daimler Mobility AG, who went into detail on how they started their FAIR programs – the common thread was start small but be prepared to extend once the organization realizes the value of quantification. As Alex Rogozhin said, “FAIR analysis has this byproduct impact – looking at system holistically.” Luke Domet described how his team took on a massive task, risk analysis of 8,000 applications run by Fidelity. Based on interviews with stakeholders, they developed five standard risk scenarios to apply to all applications and mapped those to FAIR.
FAIR analysis owes some key components to the work of statistician Douglas Hubbard – particularly calibrated risk estimation – so Hubbard’s appearance to talk about “How to Manage Risk with Limited and Messy Data: Overcoming the Myths” was kind of a homecoming. Some of Doug’s pithy advice:
Doug also made the case that the supposedly most difficult thing to measure in a data breach – reputation loss – is actually the easiest: “You have all the data. There’s no such thing as secret reputation damage!”
James suggested five things for a killer board report:
Chris had his own list of questions for boards to ask:
And in conclusion...
At the closing, Jack Jones thanked the crowd for its “courage” in continuing to push forward with the quantification revolution, despite the headwinds – “It gives me the energy to continue to work in the ways that I can.” And Nick let everyone know that they will likely be hearing from a new group at the FAIR Institute, the FAIR Enablement Specialists, who will “ask you what you are trying to accomplish with the FAIR Institute and how can we help you.”