This week on a LONG and in-depth Office Hours, hosts Dan Zitting and Kevin Legere try to teach the basics of using scenario modeling (or simulation analysis) to enhance risk management and risk assurance. Scenario modeling enables GRC professionals to make far more informed risk decisions by considering the universe of potential outcomes of a given risky scenario... by understanding the probability of outcomes that are inside or outside the organization's risk tolerance, we can make quantified and informed decisions that make the organization better and impress the crap out of management! We'll run through a real case study from the Arizona State Lottery to make the points, with a little side lesson what does "random" truly mean. Find out if the pick 3 lottery really is indeed truly random!
This week on Office Hours, our hosts, Dan Zitting and Kevin Legere, talk about managing risk events. What are risk events? They could be anything from an ethics hotline reports, conflict disclosures, security incidents, sexual harassment incidents, unexpected financial instrument value fluctuations, physical security breaches, vendor failures, etc., etc. No matter which function you're in or the risk you're responsible, it is surely possible to centralize the capture, review, and remediate these events in a way that maximizes assurance of appropriate follow-up while creating insightful reporting and automating much of the process. In this episodes we share examples of how to do so in ACL software, bu the principles apply regardless.