It's time for organizations to reevaluate their approach to risk management and consider new, more effective techniques and strategies, Jack Jones, chairman of the FAIR Institute and executive vice president of R&D at RiskLens, told attendees this week at the FAIR Conference.
Modern businesses are increasingly aware of risk management's importance; however, many fail to implement the right approach for their specific needs, Jones explained in an interview with Dark Reading ahead of this year's show, taking place this week in Washington, DC.
"Over the last several years, the conversation around risk quantification and risk analysis has evolved from 'can it be done' to 'should we do it,' and now, 'how do we do it,'" he said. The "how" is a problem for many risk professionals who try to implement change and are challenged by organizational and industry inertia that pushes back against them, Jones said.
Some of the pushback they normally hear: "We already do risk management," "What we've been doing works; why change?" and "What you're proposing is not yet 'best practice.'"
Jones' focus today is on the value proposition of risk management programs. "Part of what we expect to provide to this conference is helping people have those conversations and helping them describe the value proposition for change," he said. There are multiple paths to risk quantification and risk management; Jones wants people to understand which is best for them.
One of the major holes in modern programs is they aren't actually managing risk. "What's they're doing is controls management," said Jones, explaining how this approach is more checklist-based than compliance-based. "That's superficial from ..
Support the originator by clicking the read the rest link below.
