jump to navigation

2-D Risk Maps July 30, 2005

Posted by newyorkscot in Risk Mgt.

In James Lam's Enterprise Risk Management book, there are some general approaches to Operational Risk Management as well as brief discussions on some of the specific techniques on how to assess and control risks. One particular approach is that of developing 2-D Risk Maps whereby a general risk assessment is treated with the application of relative risk rankings (with respect to probability and severity). Additionally, he discusses risk indicators and performance triggers that get factored into the "dashboard".

I can think of a number of examples of the indicators and triggers (e.g. 99.97/8/9% uptime of a production application or piece of hardware, etc). But, I would love to see some specific examples of these Risk Maps for an bank's application environment as I think this could be a rather tough thing to create given the diversity and complexity of the enterprise. Presumably, the severity ranking would include the criticality of the application in general, impact of certain functions/information not being available, and the knock-on (chain) effects. As for probability, I would imagine that it is more of a combination of some emperical data (ie knowledge of existing problematic systems) and a some finger-waving guestimates.



No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: