About BWise


Proposed Residual Risk

November 2, 2010 by
Filed under: Risk Management

In each of the last few design sessions that I have had with customers during ERM and ORM implementations an interesting discussion has arisen, initiated by the risk managers or risk officers from the Customer Side. Can BWise support us in calculating the residual risk? Well, the short answer is yes, but...

Can you calculate residual risk? Quickly the discussion was turned into a conversation on how to calculate risk and trying to see if the calculated result makes sense. The typical way to assess risks in BWise is on two scales, the impact and the likelihood, we assumed that preventative controls reduce the likelihood and that detecting controls can only reduce the impact since the event already has occurred. I think that depends on the definition of the risk.

If we can calculate residual risk then what formula do we use? The Customer proposed to put a weight on the control that would represent a maximum percentage of the inherent risk that would be reduced. À different number of controls would in that case not be allowed to reduce more than 100 percent of the impact or likelihood. Next the rating of the control weight is measured, the control design and performance was rated this results in a percentage of the maximum reducing percentage. As you can see this begins to get complicated and it is all still very subjective.

When putting the end results up for discussion, we argued that the calculated residual value is really just an indication of what it could possibly be and could help the risk assessor to direct his qualitative opinion. The most important question is whether we would want the assessor to have this information if we know it influences his opinion and that the calculation in itself is very, well, subjective.

Tags: Risk, Risk Management

More Information

Nasdaq Offices

What is GRC?

Read the definition of Governance, Risk and Compliance

Gartner ORM report

Nasdaq's BWise has been positioned as a Leader in Gartner's Magic Quadrant for Operational Risk Management Report, 2016. 

Forrester report

Forrester positioned Nasdaq BWise as a Leader in New Report, The Forrester Wave™: Governance, Risk, And Compliance Platforms, Q1 2016.

Why BWise

Download the brochure: Three Key Reasons why Hundreds of Customers Rely on Nasdaq BWise.

Scroll up