04 July 2012

July 4th, 2012: U.S. Vets Bring 236 Years of Freedom...

Operational Risk professionals know and understand that on this July 4th, 2012, we celebrate our freedom because of one reason.  Our veterans who serve and those who have served, the United States of America.  In this year, we ask you to do your best to hire a veteran for your business.  They make excellent Operational Risk Management experts and here are the other reasons your company should hire a vet:

  1. Companies Value Veterans' Leadership and Teamwork Skills
  2. Veterans Character Makes Them Good Employees
  3. Veterans are Disciplined, Follow Processes Well and Operate Safely
  4. Companies Seek Veterans' Expertise
  5. Veterans Adapt and Perform Well in Dynamic Environments
  6. Veterans are Effective Employees
  7. Veterans in the Organization are Successful
  8. Veterans are Resilient
  9. Veterans are Loyal to their Organization
  10. Hiring Veterans Carries Public Relations Benefits
  11. Hiring Veterans is the "Right Thing to Do"

Source:  Employing America's Veterans - Perspectives from Businesses

Happy 236th Birthday America!  Hire a Vet this year...

02 July 2012

Derecho: OPS Risk in the NCR...

The Operational Risk professionals in the Washington, D.C. region are scrambling these past few days as a rare "Derecho" swept across Ohio, West Virginia, Virginia, and the National Capital Region of the United States on Friday night.  The power generators are now humming at full capacity and the diesel fuel trucks are going into action for the myriad of data centers impacted by the massive power outage:

Widespread hurricane-force winds associated with a multiple-state derecho has taken out power to millions and left at least 15 dead. 
A derecho defined as a widespread, long-lived wind-storm with a band of rapidly moving showers or thunderstorms, formed in northern Indiana and raced east and southeast into the Mid-Atlantic states within 10 hours, according to the Storm Prediction Center (SPC). 
Widespread high wind gusts in excess 70 to 90 mph were reported as the derecho downed thousands of trees, power lines and damaged homes and other structures along its estimated 600 to 700-mile path Friday afternoon into late Friday night.

The term "Business Resilience" is now becoming a more widely used term beyond just Business Continuity, as corporate and small enterprises focus on being able to withstand at least a 72 hour (3 day) incident of this magnitude.  Not forecasted and unlike a hurricane, where business may have days to prepare, this is a real wakeup call for many.

Even when you are the mighty Amazon Web Services, mother nature can take her toll.  Several high profile sites were down for some period as a result of the massive Derecho:
A severe patch of storms that rumbled across the Eastern U.S. — leaving nine people dead and millions without power — also disrupted an Amazon Web Services data center, affecting service for social media sites like Pinterest, Instagram and Netflix, which host their services at Amazon’s data centers.
Business Resiliency is about bouncing back, quickly.  Ten minutes later, the power services were restored and they were up and running.  Power yes, data is a different issue.  The Amazon Web Services (AWS) is just one reason why the "Cloud" is here to stay and the adoption rate by many business CIOs is rising.  Now, are there some cloud providers capable of withstanding a strong thunderstorm such as this?  Absolutely.  If you are a business with mission critical applications that are reliant on the cloud service providers infrastructure, you may ask what due diligence has your organization done?   What are the interdependencies of your cloud service provider?

When you tour one of these data centers, you will see the massive CAT diesel generators and your tour guide may tell you that they spin up in "xx" number of seconds upon power failure.  The next question is, what is the size of the fuel supply?  The rest of the Business Continuity 101 questions then get answered. So how do you know for sure that you WILL NOT be impacted because of an adverse event such as this one, in the National Capital Region this weekend?

You don't.  Regardless of the data hosting or cloud provider the risk is real and data availability will never be 100%.  This brings us back to resilience and the degree to which an Operational Risk professional visualizes and has effective strategy execution for those processes and systems that are the lifeblood of almost every enterprise today.  Even though we have some so far, the business case for resilience continues to become more apparent on a daily basis:
"Even as the impact of disruptions was growing, so too was their frequency, velocity and unpredictability.  Who anticipated a Japanese reactor meltdown, a deep water oil spill or an Icelandic volcano what closed trans-Atlantic traffic?  In the age of volatility, companies must develop the capacity to manage the outcomes of disruption, irrespective of trigger."  U.S. Resilience Project - Resilience Roundtable Report 

Here in the metro region of the United States Capital, critical infrastructure is being tested.  At hundreds of roadway intersections with traffic lights out, at senior citizen centers, gas stations, restaurants and all those impacted without air conditioning as the temperature soars to the high 90s again today.  Saving data or saving lives, the people and the organizations who have the resources, time and correct tools will continue to try and hedge risk, mitigate risk and avoid risk.

It is only those who deny the existence of risk in their environment, that will become victims of this or a future event.  For each person or organization who has the resources, time and tools and then still becomes a victim, we can only ask why?  Why would you put yourself in this situation?

Questions for Future Consideration:

  1. How can the public and private sectors better collaborate to address emerging risks?
  2. How can the competitive advantages of resilience be balanced against the shared value of collaboration and information-sharing around best practices, processes and tools?
  3. How can the private sector leverage best practices in risk management and resilience to identify opportunities to streamline rules and regulations?
  4. What are the new skill sets needed to create a resilient workforce able to anticipate and manage volatility and uncertainty?