From the desk of Evan Wheeler, chair of the Operational Risk workgroup at the FAIR Institute
What first attracted me to FAIR, was its applicability to information security risks, but it offers so much more than that. Although the name implies a focus on information and data risks, the basic ontology and analysis structure is certainly not limited to the cyber arena. As a risk professional with responsibilities for the broad range of different operational risks, FAIR has become my go to model.
Reflecting on our inaugural call
Back in May, we held our inaugural session of the Operational Risk workgroup, and the amazing turnout was just one confirmation that FAIR is widely thought off as a risk methodology for operational risk professionals across many industries. Many topics were discussed, including:
- If you want to adopt FAIR for operational risk, where do you start?
- How do you implement FAIR in parallel with an existing risk methodology/system?
- How do you get your organization to adopt FAIR terminology and use it in regular discussions?
- Metrics for evaluating execution of the risk program and how you measure success
- Utility of FAIR for low frequency/high impact events
- Which tools are available to assist with FAIR analysis?
- How to expand the use of FAIR beyond cyber scenarios
- How does FAIR compare to or complement NIST CSF?
- How can FAIR be used for human safety risk?
- Applicability to transaction focused and fraud risk scenarios
- How does FAIR compare with other operational risk “frameworks” (e.g. BASEL), including mashups and hybrid approaches?
- How FAIR can scale to meet ever growing risk management demands, and at an enterprise level
- Transitioning from a pure compliance focus to a quantitative analysis approach
- How FAIR might be leveraged differently at a start-up company versus a mature and highly regulated organization
- Using FAIR in consulting engagement with clients
Join your peers at the Operational Risk workgroup
This group has been formed to provide a peer driven forum for sharing strategies and ideas to maximize the benefits of using FAIR as the basis of your operational risk analysis methodology.
If that’s something you want to be a part of, become a member and join us on our monthly workgroup calls. The next call is scheduled for June 28, 2016 at 3:00 PM EDT, and we will be discussing Strategies to Start Adopting FAIR for Ops Risk.