The December issue of the ISSA Journal was released and my article on the Future of IT Risk is on the cover. The theme for this month’s Journal is “The Next 10 Years” and I wanted to highlight where I saw the industry going. I begin with a look back on the progress away from ordinal scale, verbal risk labels and project out on where things will go. I cover regulatory, insurance, and customer pressures to quantify as well as outline a path forward where risk quantification can be used as a competitive advantage.
Check it out in your mailbox or read it online now.
In this month’s ISSA Journal, my colleagues and I wrote about Risk Forecast Accuracy. This is a practice that all mature risk functions should pursue and we offer an approach that is relatively straightforward and practical in its application.
If we accept that risk is a statement about the future, then its important to also measure how well we did at forecasting these bad things. Its a job that requires staying up to date on what is happening in the industry and to what extent it will apply to your specific organization. It provides not only a good measure of how well you did, but also a foundation upon which you can base what your risk should be going forward.
Risk work is never complete; continuous improvement should be our goal. Embrace being incomplete.