26 October 2019

General Counsel: Directors Top 10 Mistakes...

"There is no question that AI is materially affecting business models and operations. Now that it's getting serious attention from shareholders, employees, other corporate stakeholders, boards need to pay attention, too." Corporate Board Member Magazine
In the July/August issue of Corporate Board Member Magazine in 2006, an article by Randy Myers talked about ten insightful and reinforcing items of interest.

General Counsel to Directors: Your 10 Most Common Mistakes

The in-house lawyers think that you've got a lot to learn about risk, trust, and reward. And when there's trouble, you too often fail to follow the Boy Scout creed: Be Prepared. By Randy Myers

1. Not Asking Questions
2. Failing to Understand the Company and the Risks it Faces
3. Failing to Lead on Ethics and Compliance
4. Not Insisting on a Crisis-Management Plan
5. Speaking out in a Crisis Before the Facts are in
6. Relying on the Wrong Outside Counsel
7. Failing to Understand Attorney-Client Privilege
8. Underestimating Regulators
9. Giving too Much Leeway to Rainmakers
10. Getting Caught Up in the dilemma of False Options

And as Randy so clearly has stated: "Serving on a corporate board isn't easy. Avoiding these common mistakes should be."

We can't accept that No. 4 even is on this list. No. 2 and No. 3 is ever so common place. And No. 7 is not a surprise. But what continues to amaze even those professionals associated with consulting to the Board of Directors is No. 8.

Fast forward to 2019.
"The number of public companies disclosing artificial intelligence (“AI”) as a material risk factor in their SEC filings has grown exponentially from virtually none in 2016 to more than 80 this year alone."  --By  Lisa Fontenot and Cassandra Gaedt-Sheckter
The Chief Risk Officer (CRO) is the independent keeper of oversight in the corporate enterprise. Should any organization be the subject of an investigation by the SEC, FTC or any other government regulator, they need to look to the CRO.

It's the job of any CRO to keep regulator awareness at a high level and to let the business be in charge of risk management. Whenever you see a CRO getting involved in managing the risks of the business, then the independence and clarity of oversight has been extinguished.

The General Counsel and the Chief Risk Officer must work hand-in-hand to follow the Boy Scout creed:

Be Prepared.

20 October 2019

Privacy: The "New" Age of Unreason...

In the new age of unreason, Charles Handy the author of The Age of Unreason would say that discontinuous change is upon us. He would say that we need to outsource everything that is not a core function of the enterprise. And he would say that learning, is the same as change from a different worldview.
Mark Zuckerberg came to Washington, DC, on Thursday to claim the mantle of Martin Luther King and the Founding Fathers as a champion of free speech. Standing in the stately Gaston Hall auditorium at Georgetown University—which has hosted the likes of Bill Clinton, Barack Obama, and Bono—the Facebook CEO declared, “I’m here today because I believe we must continue to stand for free expression.”

And a city full of regulation-hungry politicians and foes of Big Tech undoubtedly thought: How’s that working out?  --Ars Technica-Steven Levy, wired.com -
Making changes is also about learning what those changes will mean, to everything that interfaces with that change. It means that testing must take place in a lab or compartmentalized area of the business to insure that the change doesn't impact the core operations.

In the words of Charles Handy:

"Learning is not finding out what other people already know, but is solving our own problems for our own purposes, by questioning, thinking and testing until the solution is a new part of our lives."

"If changing is, as I have argued, only another word for learning, then the theories of learning will also be theories of changing. Those who are always learning are those who can ride the waves of change and who see a changing world as full of opportunities rather than damages. They are the ones most likely to be the survivors in a time of discontinuity."


Adaptation in order to survive in the corporate world is nothing new. The risks associated with making new decisions depend on how that decision will impact the other persons, processes or systems in the enterprise.

It means observing performance and measuring the results, to determine if the change is worth the new risks that the organization is about to encounter...

13 October 2019

Organizational Culture: Four Steps to Wisdom...

Data->>Information->>Knowledge->>Wisdom
"Each step up in learning requires a new technology platform. The technology platform that will make possible the leap from Information to Knowledge is the blending of computers and telecommunications with human actions. By the time the knowledge phase matures, around a decade from now, billions of people will use computers with no training at all. Can we imagine the technology platform that will enable us to take the final step to wisdom?" --Four Steps to Wisdom - From "The Monster Under The Bed" by Stan Davis and Jim Botkin

Stan and Jim wrote this book and it was published in 1994. Getting to wisdom is surely now upon us in 2019.  Or is it?

Maturing from step-to-step is not as easy as it may seem.  Think about that learning phase where your organization was taking on the chasm between "Information" to "Knowledge".  What kinds of challenges did you encounter and then conquer in your cultural transformation?
wisdom noun (1)

wis·​dom | \ ˈwiz-dəm
Definition of wisdom

1a : ability to discern inner qualities and relationships : insight
b : good sense : judgment
c : generally accepted belief

The transformation in your organizations from "Knowledge" to "Wisdom" may take much longer to accomplish than the "Information" to "Knowledge" phase.  This is because your culture has not matured enough to even consider the technology platform necessary to make the leap to "Wisdom."

Davis and Botkin talk further about this:  "Business-driven learning will be organized according to the values of today's information age:  service, productivity, customization, networking, and the need to be fast, flexible, and global." Page 18

Does this sound familiar?  Maybe you have heard the words Scrum or DevOps being thrown around in your particular organization.  Or perhaps you have started to focus on agility or innovation as the latest phase of transformation awareness in your business, agency or enterprise.

How can you and your organization take the next step, if you have not achieved the previous level of maturity in your technology adoption?  The speed and comprehension to utilize technology to effectively learn, is a combination of factors beyond just the hardware and software.  It is also a maturity of your learning culture.

As your enterprise makes the leap from "Knowledge" to "Wisdom" the speed of change in your organizational culture must also be commensurate with the speed of change in our technology platforms.

Is your organization still maintaining your own servers and hosting your E-mail internally?  There must be a really good reason why.  Yet have your techies been throwing around that new solution named "Kubernetes."

So as you and your organization tries to innovate into 2020, ask yourself.  Is our learning culture ready for the next generation of technology adoption?

06 October 2019

A Renewed Sense of Courage: Readiness, Response, Recovery...

"Abqaiq is a single point of failure that could remove millions of barrels per day from the global oil market for an extended period if damaged badly enough. It has long been identified as the top security risk worldwide

For that reason, Abqaiq has been one of the most heavily protected places on the planet. Saudi Arabia has armed guards to protect the perimeter, and security forces actively target threats from foreign militants and domestic dissidents."  John Kemp is a Reuters market analyst.

Our U.S. Critical Infrastructure Protection is a national priority.  Our state and local governments are still pressed to do more with less and to continue to keep such a vigilant force emotionally engaged. There is still frustration with the lack of public-private coordination, yet it is improving one step at a time.

The focus on Critical Infrastructure resilience programs centers upon these four objectives:

1. Prevention Planning

2. Impact of Loss Analysis (Economic/Local)

3. Cycle Time to Recovery

4. Understanding Interdependencies

The diverse set of stakeholders who own and operate these critical assets are continuously opening new doors of trust and cooperation. Yet the private sector is still timid to reveal it's greatest vulnerabilities and share in the risk with the public domain, to work on mitigating or reducing this exposure.

One only has to look no further than a consistent breakdown of our power grids, to know that a simple lack of maintenance is sometimes the only culprit, not a natural but a man-made disaster.

So predicting the rate of failure or loss on future communications networks, pipelines, bridges, tunnels and rails could be as simple as the rate of reinvestment in repair, up keep and preventive maintenance. Yet that is not our greatest fear.

Remaining vigilant requires a more thorough understanding of threat and the myriad of tools being utilized by criminals and nation states to attack us. Once you understand this, you realize that your greatest fear is, the unknown.

The Low Probability, High Consequence event. That is what keeps all of us awake at night and what keeps us getting up in the morning, to do it all over again. We are all searching, detecting and monitoring, in hope that we are not too late once more.

And maybe even more important than this, is the hope that when that day, hour or minute does arrive, that we have the courage to respond, recover and revive ourselves even faster than the last incident.

To be better. And more resilient than we ever have been before...