25 May 2019

Memorial Day 2019: The Courage of Risk Decisions...

Walking through Section 60 at Arlington National Cemetery on Memorial Day weekend is a stark reminder of the Operational Risk Management challenges we have faced these past 18+ years.  One example can be found in the budget at the Pentagon, on how to defeat the IED.

Billions of dollars are devoted to the strategies and tactics to keep U.S. "boots on the ground" on foreign lands from becoming KIA, an amputee or another invisible wound such as Traumatic Brain Injury or Post Traumatic Stress.

Regardless of the dollars devoted, many grave markers in Section 60 have birth dates in the 1980's and 1990's.  Standing there remembering Neil, a tear rolled down a cheek and the wind quickly blew it away...
"Memorial Day is a United States federal holiday which occurs every year on the final Monday of May.[1] Memorial Day is a day of remembering the men and women who died while serving in the United States Armed Forces.[2] Formerly known as Decoration Day, it originated after the American Civil War to commemorate the Union and Confederate soldiers who died in the Civil War. By the 20th century, Memorial Day had been extended to honor all Americans who have died while in the military service[3]."
If you are currently in the military we will thank you for your courage of service on Veterans Day, as we have before.  This day however, is for those in the U.S. forces who have died while serving.

Simultaneously, we must thank all of the other "Operational Risk Management" subject matter experts.  The "Quiet Professionals" who operate everyday in the shadows.  We hope that their decisions will continue to be the right ones.  They live each day with the burden of managing risk decisions, that could send another U.S. patriot on their way to Section 60 or a remembrance "Star" on the wall at Langley.

This Memorial Day and each day after, an average of 22 veterans will take their own lives.  Here in their own home town, in their own country.

The risks that each of us take in our chosen careers and life decisions, is a mosaic of future events that can be managed.  The likelihood and impact of those risks can be assessed and decisions can be made.  What risks will be mitigated, accepted or avoided all together?

It is up to you.  These courageous decisions will determine your risk appetite and your willingness for the consequences of your choice.

On our July 4th birthday, we will all remember why we celebrate Memorial Day in the United States.

It is worth the sacrifice, the loss and the tears.  God bless our heroes and our great nation...

11 May 2019

Insider Threat: Corporate Integrity Culture...

Does your organization have a culture of "Corporate Integrity?" One can only wonder how these findings have changed since these results.

The depth and breadth of Operational Risks were apparent over eight years ago in the 2011 CyberSecurity Watch Survey by CSO Magazine, USSS, CERT and Deloitte.

The most common insider e-crime at 63% is unauthorized access to / use of corporate information. Here are the others:
  • 57% - Unintentional exposure of private or sensitive data
  • 37% - Virus, worms or other malicious code
  • 32% - Theft of intellectual property
When asked which electronic crimes were most costly or damaging the results were:
  • 38% - Outsiders
  • 33% - Insiders
  • 29% - Unknown
Regarding the "Insiders" reasons were given for not referring for legal action, the one that stands out in our mind is this one. 40% could not identify the individual(s) responsible for committing the eCrime. And maybe even more astonishing is that 39% did not have enough information or a lack of evidence, to proceed with either civil or criminal litigation.

So what is really going on with these survey results presented so far? Even though the respondents say that 33% "Insiders", they have done little to collect enough evidence to identify who the responsible parties are to the incident. This may be for several reasons including the lack of internal expertise to preserve evidence and conduct timely investigations.

We have addressed the "Insiders" that make up one third of the digital incidents, yet what about the "Unknowns" who add an additional 29%. The combination of the two make up 62% of all the incidents in the study.

This is where Operational Risk professionals can have a significant impact within the enterprise.

The unauthorized access to information and use of that information is at the center of this issue. When an organization realizes that this "information" has impacted them, the funds have been stolen, the trades have been placed or the press has published a trade or national security secret.

Regardless of the high tech tools utilized or the systems and controls within the organization, there are always methods and processes that if properly implemented, will reduce the number of "Unknowns" and "Insider" threats.

In your particular case, it just may come down to developing more effective situational awareness with your employees.

Suppose you create a mandatory program for all employees that is focused on corporate integrity and each year the CEO kicks off the first session with their own attendance and their own direct reports, including the Board of Directors.

Next, all senior staff attend the program and posted on the corporate Intranet are webcast shows with several 5 minute clips of parts of the one day session.

Finally, the roll out for the remainder of the employees is tied to the annual 360 degree review, that each manager does with their subordinates in the company.

Employees must understand the ethical behavior expected of them. New employee orientation should detail the organization's mission, values and code of conduct, types of fraud, compliance, their responsibility to report violations of ethical behavior and impropriety, and details of the hotline or other ways to report incidents and other integrity concerns.

Periodic training throughout an employee's career reinforces awareness and the cost of internal incidents.

If your organization does not currently have a program as we have described earlier, then maybe it's time to start one.

If you already have one in place, how effective is it in detecting the "Insider Threat" and the spectrum of Operational Risks within your organization...

04 May 2019

Neurodiversity: Leveraging the Capital of the 4th Industrial Revolution...

"Grasping the opportunities and managing the challenges of the Fourth Industrial Revolution require a thriving civil society deeply engaged with the development, use, and governance of emerging technologies. However, how have organizations in civil society been responding to the opportunities and challenges of digital and emerging technologies in society? What is the role of civil society in using these new powerful tools or responding to Fourth Industrial Revolution challenges to accountability, transparency, and fairness?"  World Economic Forum

Is automation the current answer to all of our problems?  When will the research tell us the true impact of too much "Screen-Time" on our brains?  What will be the next terror incident in our society, that is "broadcast live" over the Internet?

These questions and more, are on the minds of community leaders in government, the R&D scientists and also the Chief Operational Risk Officer of your organization.

Our cultures, innovators and tools are on a major collision course, that will prove to be more challenging than we could ever have anticipated.  Even those working in the early days of the IBM Watson project, would probably tell you of their fears of the future.

Yet our youth across the globe, are being submerged in technology and software interfaces so early in life, that they may not learn how to think or work in manual/analog mode.  They will only have the creativity to code or to automate with software, unaware that history may have accomplished some of the same tasks without software, hundreds of years ago.

How might the older generations teach the younger generations about the way it used to be done?  Why would we even try to do this in a more manual method or process?  To provide context and generate cognitive creativity.

The truth is, that educators believe that innovation of technologies is driving their curriculum and our communities own economic development.  The impacts of automation and technology are being continuously researched in the wave of change known as the "Fourth Industrial Revolution".

These trends have significant risk implications on our workforce and the future opportunities of the vocational education and training of our future force.  This is clearly evident across our communities, business entities, military service and government policy.

The rapid adoption of digital innovation has impacted the requirements of certain knowledge workers to be more versatile.  They must be more adaptive, collaborative and have expanded skill-based capabilities for problem-solving.

Do not underestimate the importance of the soft skills and people skills for continuous development and reducing risk.  Simultaneously, we must understand the impact of advanced technologies on our workforce and the real opportunities in leveraging our neurodiversity assets.

How might we better understand the diagnostics of our own human capital, to leverage and apply the right people, with the correct technology, in the most compatible job?

What is your business, military branch or government agency doing today to cross-train and educate your employees?

When was the last time you put your STEM engineering group, through a soft-skills course on communications?  How might your business development team, become immersed in the new design for a next generation digital tool?

So what?

The Operational Risk before you is all about people and your evolving human capital.  When was the last time your Board of Directors contemplated the interaction with your Human Resources department and the workforce recruitment processes?

When was the training of new hired employees and even employees with 1, 3 and 5 years or more of tenure focused on new soft-skills?  New skills and techniques for Collaborative Dialogue, Negotiation or Management Coaching?

The human capital risks in your organization are changing rapidly and they are not always about automation and disruptive technologies.

The greatest risk to you and our society is your managements failure to recognize and apply, what you have learned about your people...