Reduce Uncertainty Around Risk with Quantification
LogicGate | November 3, 2021
In the latest episode of GRC & Me, we enjoyed discussing the importance of risk quantification with Bob Maley and how it helps organizations better communicate risk. Bob is the Chief Security Officer at Black Kite and has been involved in security for most of his career—from law enforcement to the former Head of Global Third-Party Security & Inspections at PayPal. Bob has experienced enough to have a true and total perspective on the benefits of risk quantification. Below are some of thehighlights from our conversation, but check out the full episode to hear everything Bob had to say!
Qualitative Methodology vs. Quantification
When you use terms like high-risk, it can mean different things to different people. A board member will see it as something different than a CFO or a CEO would. That is why when using qualitative or subjective language you run the risk of it being interpreted differently by people, but on the other hand, when using numbers and ranges it can help show the actual impact of risk in monetary terms. When you're quantifying risk, you're presenting information that allows the people responsible for the risk to understand the impact it will have on the organization.
As Bob put it, "That's the key difference when you do it in a quantitative way, you're looking at it in a methodical process that reduces uncertainty.”