Question asked by Anonymous
AFERM Experts Say...
Quantifying value of any kind is dependent upon what is being measured. For example, risk management measures the impact of uncertainty against an organization’s objectives, so the unit of measurement depends upon those objectives. For cost or price-related objectives a common metric is money. For schedule-related objectives it is typically a unit of time. Metrics will vary for performance-related objectives based on key performance parameters or requirements. Like all useful measures, those parameters should be SMART – that is, Specific, Measurable, Attainable, Realistic and Time-bound. The Project Management Institute article “Quantifying Risk: Measuring the Invisible” describes several methods aligned with cost, schedule, and technical objectives.
Beyond that traditional risk management triad, the ability to quantify ERM value depends on whether the objectives can be quantified. For example, objectives related to staffing in an enterprise can be quantified by head counts or staff hours. Government compliance-related objectives can be quantified by number or severity of audit findings.
Other objective categories can be a little more difficult. For example, measuring reputation or safety. Fortunately, even when an objective defies static quantification its change can still be measurable. Survey results, while not so meaningful taken individually, can provide a measure of an enterprise’s reputation over time. A count of incident reports on any given day may not be a meaningful measure of safety, but when tracked over time can support objectives to improve such a critical factor of business success.
In short, quantifying objectives is a critical step in defining the terms needed to convey the value of an organization’s risk management efforts. In closing, Albert Einstein reportedly once wrote on a blackboard: “Not everything that counts can be counted, and not everything that can be counted counts.”