[Steve Vetter]

This appears to be a very comprehensive document. I read with special interest Section 7: Risk Analysis. I’d like to hear from others in how this is executed at your agency. The reason I ask is that the techniques such as root cause, impact chain, etc. require some level of support to walk folks through the thinking. While the document notes that these are not all done for every risk, for the risks that are examined in this manner, it is led by the CRO’s office or does some of the analysis come completed from the functions/offices where the risks are identified? Further, this could be a lengthy process…what are others’ experiences in this area?

[Author]

Posts