We have all seen our favorite risk management output – the vaunted risk heat map. These colorful graphs stimulate conversation and are staples of risk reporting. However, we are also very aware of their shortcomings. Unfortunately, qualitative output, even when bounded by scales and ranges, are still subject to interpretation. More importantly, qualitative assessments lack a level of detail that is critical to making the right business decision.
Today, we announced our next generation of risk quantification capabilities for Archer Insight and the new Archer Insight Workbench offering. Using Archer Insight, organizations can use quantitative assessments within their enterprise risk management (ERM) programs to calculate financial and non-financial risk exposures and provide critical business insights to better assess, aggregate and report on risk. The new Archer Insight Workbench risk modeling tool is purpose-built for risk analysts and enables them to create their own models to dig deep into risk scenarios.
Unlike systems that utilize qualitative risk analysis techniques, Archer Insight is designed to simplify the calculation and aggregation of risk exposure. It enables risk functions to standardize the calculation of financial exposure, differentiate risks in terms of rate of occurrence and magnitude, measure the value of controls, and manage risk based on the relative impact to the business. In short, it replaces qualitative and semi-quantitative scales with two simple questions – what is the general rate of occurrence of a risk? and what is the range of potential impact?
Of course, the first question that comes up is “Where do I get the data for these estimates?” The good news is that quantitative assessments take uncertainty into account. Instead of being vague about uncertain inputs (“I think the likelihood is Medium”), shifting to quantitative inputs (“I think the rate of occurrence is 5 times a year”) puts a more tangible estimate into the equation. Then, these estimates can be tracked against real occurrences and shifted to better reflect the risk. In other words, by being more specific about the uncertainty, you are more aware of what you should be monitoring and the adjustments you make in the future are meaningful.
This release puts vital tools in the hands of risk teams. The two approaches - quantitative assessments within ERM and risk modeling – provide risk teams with broad capabilities to better analyze and communicate risk. A major benefit of this approach is the agnostic nature of Archer Insight. The quantitative assessment built into Archer Insight can be applied to all types of risks including enterprise, operational, and cyber risks. As risk management teams seek to put the best information in the hands of their decision makers, risk quantification has become a critical element of their strategy. Archer Insight brings exciting new capabilities to your GRC program and takes ERM to the next level.
To read our announcement, visit: Archer Introduces Next-Generation Risk Quantification Capabilities for Archer Insight and New Archer Insight Workbench