Through the years, we at ACI have developed a collection of dogmas reflecting our thinking, and building on our experience. Time after time, they have proved to be useful and help us stay sharp when we navigate towards optimal IT risk management.
“We will try, and we will fail. We will learn from it, and then we will try again.”
“Risk management with confidence in flawed methods is worse than intuition and dice rolling.”
“All models are wrong. Some models are useful.”
“Rhythms and checklists are fundamental to all development. Without them, it will be colorful and fun, but you get nowhere.”
“Risk management requires the use of several models. Understand the organization and the models – adapt and adjust continuously.”
“Even a few measurements reduce uncertainty in a risk analysis. What can be done with fewer elements is pointless to do with more.”
“Go to the Gemba! To understand reality, IT specialists need to visit the company physically. It does not promote the necessary cooperation that they sit separately.”
“Information security in the organization must be controlled by risk tolerance and frequent fact-based risk analyses, not by fear and intimidation tactics.
“3. Tool, 2. Development, 1. Design. Remember to pick the right order!”
“If it matters, it can be observed. If it can be observed, it can be measured.”
The dogmas put into practice
For more than ten years, we have employed and tested these dogams in our work. They continue to provide a positive result and continuously sharpen our efficient and thorough consultants and services. This has benefited many organizations in the financial and utilities sectors over the years.