Smoking Out the Bad Actors: Risk Analysis in the Age of the Microcomputer

Risk analysis involves both risk assessment and risk management. Applied to data processing, risk assessment is a method of estimating exposure of computer resources to loss. Risk management attempts to select a set of safeguards to maximize exposure reduction while staying within real-world constraints. A prototype system for risk analysis is presented that identifies "bad actors" and suggests which items to change first, independent of the underlying model. Generally, managers have used sensitivity analysis to decide which safeguards to implement. The proposed goal-seeking program eliminates the need for a human to do the sensitivity analysis arithmetic or to suffer the tedium of trial and error. The program asks users which dependent variable they wish to minimize or maximize and then proceeds to vary all of the independent variables, keeping track of which most influence the variable of interest. The program reports the results when it has tried all cases. The program runs on an IBM PC, and it accepts variables in the RiskCalc external file format.