“Risk” is not a primary metric.
What do I mean by that?
Primary metrics you can measure easily.
In physics they are things like length, weight, temperature, time-duration.
Secondary metrics most people can understand: rate of change that we call speed (length as distance and elapsed time).
Some secondary and many tertiary we can understand intellectually, but they have to be tabulated and calculated – acceleration.
Some such as ENTROPY still baffle people.
My experience with managers is that they often confuse risk for any number of things, not least of all simply equating risk to threats.
The again, I’ve met managers who would only commission a TVA if it was a contractual requirement, and then they might just ignore it, or if the contract required it, use it obsessively but with no actual understanding. BTDT.
What matters most to managers are things they can measure.
- Budget
- Completion Milestones
- Number of Bugs Fixed
- Number of Lines of Code Produced
- Worker Attendance
- Liabilities concerned with compliance
It takes an enlightened manager to look above and beyond this.
Not least of all because they are judged (and promoted) by “deliverables”. Non-tangible deliverables such as ‘quality’, ‘security’, ‘resilience’ are hard to metricate.
We (for various values of in-group membership) may see that and assert that risk can be measured and managed, but lets face it, that’s our profession and speciality.
Related articles by Zemanta
- MetricStream Enters into Agreement to Provide Enterprise Risk Management Software Solution to AEI (prweb.com)
- MSCI and RiskMetrics Announce Early Termination of Hart-Scott-Rodino Waiting Period for Pending Merger (eon.businesswire.com)
- Levi & Korsinsky, LLP Investigates Possible Breach of Fiduciary Duty by the Board of RiskMetrics Group, Inc.- RISK (eon.businesswire.com)
- Is ISO 27001 Right for Your Company? – New On-Demand Webinar Offers Answers from Pivot Point Security – A Champion of the Information Security Standard (prweb.com)
- Iso 27001 Audit Evidence Acquisitionv3 (slideshare.net)
- Iso 27001 2005 document kit (slideshare.net)
- The Key to Productive Project Supervision ” Oystercove’s Inspirasi (linusfernandes.com)
- Easypaisa – ISO/IEC 27001:2005 Certification (teabreak.pk)
- Productivity Framework (slideshare.net)