A typical first assessment can yield 1-250 different actions for resolution. To manage such a large number of actions, FutureFeed offers a Project Builder so that users can group actions into manageable groups, Projects, for decision-making and management.
When building a project, each action may be rated for its individual Impact, Effort, and Cost. Each has a five-point scale. By averaging the scores, FutureFeed creates an ROI Rating (Return on Investment).
FutureFeed relies upon the COSO Risk Framework to provide ratings that are informative but do not imply more accuracy than is possible at the early stages of an assessment.
The ratings are completely subjective and should be thought of as a communication tool for decision-making and prioritization.
Impact
The Impact Rating, from Extreme to Minimal, provides guidance on the perceived impact on completing the action. Some users report using this scale to evaluate:
- The expected compliance gain
- The cybersecurity impact
- The impact on productivity or efficiency
Whatever measure works for the organization, it should be communicated well so that the same understanding exists, regardless of the reader.
Effort
Think of Effort as a measure of team resources needed to complete an action. Alternatively, it can be thought of as the distraction factor for the team from their regular duties. Either way, ratings of Extreme through Minimal provide a tool to set team expectations of the relative effort amongst Actions competing for team time and attention.
Cost
Especially during an assessment, when a gap is discovered in an interview, there is natural curiosity as to the cost of the fix, or mitigation. However, for the assessor, these conversations are a distraction that can slow progress to a crawl.
Consequently, FutureFeed offers a quick solution that keeps assessors moving and provides some gratification to interviewees. Each action is rated on a relative scale of $$$$$ through $. Once everyone knows that one $ means "around $500," and not "around $2,500" or anything else, conversations and prioritization can take place with ease.
The Dollars Scale is defined in Company Profile>Financial 360°>Dollar Scale Mapping.
ROI Rating (Return on Investment)
The ROI Rating is calculated by assigning a value of 1 through 5 to each of the Impact, Effort and Cost ratings and averaging the results. A score of 5 is best in each category.
Example. In this case, the Impact is Extreme, while the cost and effort are low. The result is an ROI of 3.3. The higher the ROI, the more attractive the Action.
| Factor | Rating | Formula |
|---|---|---|
| Impact | Extreme | 5 |
| Effort | Medium | 1 |
| Cost | $$ | 2 |
| ROI | 2 * Impact ----------------- (Effort + Cost) |
2 * 5 |
Example. In this case, the Impact is Extreme, while the cost and effort are low. The result is an ROI of 1.1. The lower the ROI, the less attractive the Action.
| Factor | Rating | Formula |
|---|---|---|
| Impact | Extreme | 5 |
| Effort | Medium | 4 |
| Cost | $$ | 5 |
| ROI | 2 * Impact ----------------- (Effort + Cost) |
2 * 5 |
Comments
0 comments
Please sign in to leave a comment.