Knowledge base · v1
The reasoning behind the numbers.
Methodology guides, worked examples, and a glossary covering every tool in the Monty & Co suite. Written for risk professionals — the tools assume you know what a control is and the docs do too.
Methodology
Concept guides — what bow ties model, how Monte Carlo works, why distributions matter, and how a risk matrix actually carries decision weight.
What is a bow tie?
ISO 31000-aligned causal model linking causes through controls to a single risk event and out to consequences.
Monte Carlo basics for project risk
Why simulating thousands of project outcomes beats a single deterministic estimate, and how P50 / P80 / P90 read in practice.
Probability distributions in PRQ
Triangular, PERT, and fixed — when to reach for each one, what the parameters mean, and how to elicit them in a workshop.
Risk matrices and the residual / target / appetite triple
How a 5×5 matrix encodes likelihood × consequence into a band, and why three plotted ratings (where you are, where you're going, what you'll tolerate) carry more decision weight than one.
What is single-event risk quantification?
Quantify the financial exposure of a single risk event using Monte Carlo simulation. When to reach for it instead of PRQ, how multi-driver causes + impacts aggregate, and how treatments earn their cost via the cost-benefit table.
Accounts and cloud sync
Why Monty & Co is local-first by default and cloud-synced when you sign in, what magic-link auth does (and why no passwords), how migration between local and cloud works, and how multi-device behaviour resolves.
Tools
Practical usage guides for the tools currently shipping. Walk through every panel, every export, every assumption — written assuming you know risk, not the UI.
Using Beau-Tie
Build a bow tie diagram from scratch: causes, controls, the central event, impacts, ratings, and exports.
Using Project Risk Quantification
Run a Monte Carlo simulation: set up the project header, populate the register, choose iterations, optionally specify correlations, and read the results.
Using Event Risk Exposure
Set up a single-event Monte Carlo model: the event, multi-driver causes + impacts, existing controls + treatments with shared targets, then run baseline-vs-treated and read the cost-benefit.
Examples
End-to-end walkthroughs against the in-app sample data. Open the tool alongside the article and follow exactly what the example does.
Walkthrough — Cybersecurity data breach (Beau-Tie)
Map a customer-data-breach scenario in Beau-Tie: four causes, two impacts, eleven controls, and the residual / target ratings that drive the treatment plan.
Walkthrough — Acme Platform Migration (PRQ)
Quantify the cost-risk exposure of a $1.5M cloud migration: four risks, two distributions, 10 000 iterations, and the recommended P80 contingency.
Walkthrough — Customer data breach (Event Risk)
Quantify a customer-data-breach event end-to-end: two cause drivers (phishing + insider), two impact dimensions (regulatory + reputational), shared controls + dual-target treatments, and per-treatment ROI.
Reference
Risk and Monte Carlo terminology used across the suite, anchored to ISO 31000:2018 vocabulary where it diverges from common usage.