Risk Assessment and Cognitive vs. Confirmation Bias

April 24, 2018
Norman Marks is a major blogger on risk management topics and he recently wrote a post on the pitfalls of bias when assessing a topic having to do with risk assessment. Here's how the two terms of cognitive and confirmation bias are defined: | A cognitive bias is a mistake in reasoning, ...more

Help Us Stamp Out Ordinal-based Risk Assessment; Join our Global Movement!

July 23, 2017
If you are involved with any risk assessment technique that uses ordinal-based values or associated heat maps, you need to read this! For over 4 years we have been working to educate risk assessment teams on the major need to stamp out ordinal-based risk assessment practices and the related ...more

Risk Management

May 30, 2017
Like governance, and compliance management, we believe that Risk Management is a special form of business intelligence and it's not easy to master. Here's how we define it: | | Enterprise risk management spans a set of structured practice disciplines  that generate shareholder value by ...more
Category: Risk Management

Reading List on Risk Assessment and Risk Management

March 28, 2017
The following extensive reading list has been compiled from several sources such as,, Shared Assessments, Sira and Auditnet: Predictably Irrational, Revised and Expanded Edition: The Hidden Forces That Shape Our Decisions Ariely, Dan Foundations of Risk Analysis: ...more

New Simulation Models in our Analytical Model Repository

March 12, 2017
There is a major trend in the information security practice sector which is the use of Monte Carlo simulation in the risk assessment process. If you are interested in this approach to refine and improve your risk assessments, then you will be interested in exploring the 12 new simulation models ...more

Control Self-Assessments (CSA's)

April 12, 2016
Because our flagship whitepaper entitled, "Industry-driven Crowdsourcing and Benchmarking" is focused on the subject of analytical tools that our Members generate and share, we get a lot of questions on Control Self-Assessments or CSA's. These tools are known by most of us as surveys. But ...more

Contextual Data Will Become Vital

March 30, 2016
I just came across Brenda Boultwood's article for GARP; "How People, Data and Conduct Will Shape Risk Management in 2015". In it she talks about context and the contextual data that concerns our ability to understand the implications of risk. This struck a cord with me because, I see Predictive ...more

Is your Risk Assessment Approach Too Simplistic?

March 30, 2016
We just spotted this article in Coprporate Risk & Insurance’s risk magazine:   Merrill Lynch criticised by regulator for ‘simplistic’ risk management The Bank of America’s UK Merrill Lynch business has been criticised by regulators for weak risk management. The Prudential Regulation ...more

The Reengineering of Risk Assessment

March 30, 2016
It's amazing how often we come across companies that are spending millions of dollars having their employees rate risks using ordinal or Likert scales within a commercially purchased tool or in a home-grown spreadsheet or Word document. This needs to stop and it needs to stop fast! Shareholder ...more