Organizations across the globe are operating each day with Operational Risks. As a result, management is doing their best to implement a combination of Operational Risk Management (ORM) capabilities.
The strategy is to manage risk to the enterprise through a series of controls and modification of human behavior. Is it possible to create the most ideal organization from the start? Could you design it with the lowest possible Operational Risk exposure at every physical, process, virtual and human component?
What do we mean by this? Lets play a game. Or more importantly, lets imagine a workplace exercise to design the ideal professional services organization in one hour:
This organization will be in the private sector. The fictitious name for the organization is "Improvise, Inc." All of the legal entities have been created and it is registered as a U.S. Delaware company. It will have the following characteristics, capabilities, assets and purpose:
200 humans with advanced education between 25 and 65 years old. 50% Men & 50% Women
Global reach of professional services. (It sells intellectual capital and information)
Office hubs are physically located across four locations: Denver, Zurich, Abu Dhabi, and Singapore.
Language expertise includes English, German, French, Italian, Arabic and Mandarin.
Subject Matter Expertise of the Improvise associates is diversified. The core staff devoted to operational administrative processes is also diversified by physical location, 4 people each. Therefore, less than 10% core overhead.
Improvise, Inc. generates revenues by selling information, advisory services and subject matter expertise. The diversity of it's 200 humans and their Intellectual Capital provides professional services to Fortune Global 500 companies.
Now, to start the exercise you will have one hour to design the ideal mosaic of people, processes, systems and external factors to operate Improvise, Inc. on a daily basis. Begin.
How would you begin designing the ideal organization? Will you have a headquarters location? Will the offices have four leased corporate offices or utilize a virtual / shared space model? What will the facilities layout be with single offices, cubicles, conference rooms? Would you start with human resources and the hiring and selection process? What kind of systems and tools would you procure to issue to your new associates? How would you communicate and what vendor/providers will Improvise use outside its core? What organizational "Rule-sets" will be established?
Who will govern and what roles of power and influence will these employee-owners (Associates) have to make decisions for the good of Improvise? What countries across the globe will you dispatch your associates to do their work? How will you keep them safe and secure where and how they travel? What vendors and service providers will you contract with to provide digital communications and store your valuable intellectual property?
Will you locate your Associates across the four locations equally? Since you have 200 split into 100 men and 100 women, will you have 25 of each or 50 people in each office? Will they all be citizens of that native country only? Again, we are designing the ideal organization with Operational Risk Management (ORM), as our highest priority in the design. Is this even a valid consideration?
What about the use of digital assets? Will your associates at Improvise use PC or Mac, both? Microsoft or Linux-based? Android or iOS? Anti-virus scans daily or monthly. VPN, yes or no. Public or Private cloud? Encrypt data to remote sites? Retention and privacy policy? What happens when an associate goes home? When they leave the organization? Is there an "Acceptable Use" policy in place? And the list goes on.
Will Improvise standardize on a single travel agency, airline or hotel chain? What kind of training will occur with your associates on international customs, cultures, threats and vulnerabilities. Who will be accompanied by a buddy system or personal protection specialist when they travel? Will travelers receive intelligence briefings or reports in advance of their departure? Commercial or private carrier?
What processes are to be put in place for Improvise to follow, in the way it sells and delivers it's professional services? What autonomy does each associate have to make their own decisions on the price, scope and deliverable to a client? How do you interact, treat and question yourselves? Are your associates subject to any laws from the U.S. or the country they are operating in with regard to selling your professional services? Why are we doing all of this?
So when you are done with this first phase of the exercise after one hour, how could you improve Improvise, Inc. over your lifetime? Hopefully, this illustrates the breadth and depth of Operational Risk Management (ORM) and some of the key considerations. Your single points of potential failure. Your risk exposures and places to focus your design. Your decisions and how this shapes your culture and principles. Your trust and transparency.
One last thought. How would you currently judge your risk parity? In other words, how have you allocated risk effectively across the organization. Not in terms of assets, but in terms of volatility. Think about it. What kind of social contract do you have in place to operate together?
Is it true, that you are now on your way to achieving true "Business Resilience"...
The strategy is to manage risk to the enterprise through a series of controls and modification of human behavior. Is it possible to create the most ideal organization from the start? Could you design it with the lowest possible Operational Risk exposure at every physical, process, virtual and human component?
What do we mean by this? Lets play a game. Or more importantly, lets imagine a workplace exercise to design the ideal professional services organization in one hour:
This organization will be in the private sector. The fictitious name for the organization is "Improvise, Inc." All of the legal entities have been created and it is registered as a U.S. Delaware company. It will have the following characteristics, capabilities, assets and purpose:
200 humans with advanced education between 25 and 65 years old. 50% Men & 50% Women
Global reach of professional services. (It sells intellectual capital and information)
Office hubs are physically located across four locations: Denver, Zurich, Abu Dhabi, and Singapore.
Language expertise includes English, German, French, Italian, Arabic and Mandarin.
Subject Matter Expertise of the Improvise associates is diversified. The core staff devoted to operational administrative processes is also diversified by physical location, 4 people each. Therefore, less than 10% core overhead.
Improvise, Inc. generates revenues by selling information, advisory services and subject matter expertise. The diversity of it's 200 humans and their Intellectual Capital provides professional services to Fortune Global 500 companies.
Now, to start the exercise you will have one hour to design the ideal mosaic of people, processes, systems and external factors to operate Improvise, Inc. on a daily basis. Begin.
How would you begin designing the ideal organization? Will you have a headquarters location? Will the offices have four leased corporate offices or utilize a virtual / shared space model? What will the facilities layout be with single offices, cubicles, conference rooms? Would you start with human resources and the hiring and selection process? What kind of systems and tools would you procure to issue to your new associates? How would you communicate and what vendor/providers will Improvise use outside its core? What organizational "Rule-sets" will be established?
Who will govern and what roles of power and influence will these employee-owners (Associates) have to make decisions for the good of Improvise? What countries across the globe will you dispatch your associates to do their work? How will you keep them safe and secure where and how they travel? What vendors and service providers will you contract with to provide digital communications and store your valuable intellectual property?
Will you locate your Associates across the four locations equally? Since you have 200 split into 100 men and 100 women, will you have 25 of each or 50 people in each office? Will they all be citizens of that native country only? Again, we are designing the ideal organization with Operational Risk Management (ORM), as our highest priority in the design. Is this even a valid consideration?
What about the use of digital assets? Will your associates at Improvise use PC or Mac, both? Microsoft or Linux-based? Android or iOS? Anti-virus scans daily or monthly. VPN, yes or no. Public or Private cloud? Encrypt data to remote sites? Retention and privacy policy? What happens when an associate goes home? When they leave the organization? Is there an "Acceptable Use" policy in place? And the list goes on.
Will Improvise standardize on a single travel agency, airline or hotel chain? What kind of training will occur with your associates on international customs, cultures, threats and vulnerabilities. Who will be accompanied by a buddy system or personal protection specialist when they travel? Will travelers receive intelligence briefings or reports in advance of their departure? Commercial or private carrier?
What processes are to be put in place for Improvise to follow, in the way it sells and delivers it's professional services? What autonomy does each associate have to make their own decisions on the price, scope and deliverable to a client? How do you interact, treat and question yourselves? Are your associates subject to any laws from the U.S. or the country they are operating in with regard to selling your professional services? Why are we doing all of this?
So when you are done with this first phase of the exercise after one hour, how could you improve Improvise, Inc. over your lifetime? Hopefully, this illustrates the breadth and depth of Operational Risk Management (ORM) and some of the key considerations. Your single points of potential failure. Your risk exposures and places to focus your design. Your decisions and how this shapes your culture and principles. Your trust and transparency.
One last thought. How would you currently judge your risk parity? In other words, how have you allocated risk effectively across the organization. Not in terms of assets, but in terms of volatility. Think about it. What kind of social contract do you have in place to operate together?
Is it true, that you are now on your way to achieving true "Business Resilience"...
No comments:
Post a Comment