We have a patent pending algorithm to optimize controls based in order to provide with lowest cost of control and adequate risk coverage.

                                       We consider risk and cost based control optimization using a mathematical model. This model, based on principles of linear programming and other optimization techniques, minimizes the total cost of compliance ensuring adequate coverage for all risks. The input could be the regular risk control matrix, cost of implementing each control (including implementation cost, internal and external audit cost), type of control (primary vs secondary), required coverage for each risk etc.. and the model could compute multiple feasible set of optimum controls. At this point, any one set of optimum control may be selected based on discussions with management and external auditors.

Solution Overview:

          In contrast, traditional ‘old way’ of control optimization is based on manually looking into the controls and subjectively taking off redundant controls. This process may minimize the number of controls, but does not necessarily provide the best risk coverage at lowest possible cost as cost of the controls is usually not considered. For example, it might be more cost effective to have 3 simple controls in place rather than having a complex control if the total cost of 3 simple controls is less than the 1 complex control, and the 3 controls together adequately address the risk. Also, while selecting the best set of control, we need to take care of available organizational resources. If set A of feasible controls requires buying 2 servers but set B of feasible controls do not require that, it may be wise to select the set B as the total cost of control is minimized. It is extremely difficult, if not impossible, to do this kind of scenario analysis with manual controls optimization.