08 July 2023

Mechanisms: For Continuous Risk Monitoring...

Years ago working in concert with fellow risk professionals within the ranks of an international organization off Route 123 in Tysons Corner, our “Team Leader” was briefing us in a small conference room on the 5th floor at 8:00am.

One of the systemic problems at large institutions including organizations like this one is keeping your finger on the pulse of all "Risk Indicators". Unfortunately for SVP's and other executives in the corporate hierarchy, the organizations middle managers are creating a potential layer that impedes the best "Early Warning System" you have at your disposal. 

She continued her dialogue with substantial hand gestures as she circled our long table in the middle of the room:

“When problems surface here on the front line or in the "Cube City" down in Information Systems, sales or operations, the normal agenda is for the employee to go to their direct supervisor to raise the "Red Flag" or disclose the incident. And the first behavioral response by the Middle Manager is to keep it quiet. Fix it before anyone else finds out. Keep it under wraps until damage control can be implemented.”

When you are the head of Enterprise Risk Management, you need truth mechanisms to bypass and eradicate the barriers filtering data, your intelligence, incidents and overall hunches.

There is no magic system or process that will solve it all. The only way to attempt at breaking through this layer of social and organizational dysfunction is to circumvent it.

Design a continuous risk monitoring system that shall be implemented and operating anonymously 24/7. Do this if you require the correct people in the upper echelons of executive management responders to “Feel, See and HEAR the Pulse" of any risk hotspots in the enterprise.

These hotspots translate into "Risk Indicators" from the sources themselves, people who know what's going wrong and know the truth.

A Continuous Risk Monitoring System (CRMS) is an automated human feedback and problem identification mechanism for detecting organizational risks.

It allows leaders of large enterprises to quickly identify problems and incidents of all kinds within their company. 

Call it a sophisticated whistle-blower system or suggestion box if you will, but that is exactly what it is, on steroids.

The ideal system would emulate communication patterns in small groups which is often a major ingredient in successful teams.

It would also run on the existing iPhones, computers and networks of the organization such as applications like Slack, Teams or Wickr.

Think about how long it takes today for data and information to percolate and bubble up from the places in your organization that are considered "Current Risk Hot Spots”.

The point our Team Leader was emphasizing is that for far too long we have been playing the old telephone game. You know, the one that you played as a kid sitting around the kitchen table or on the floor in a circle.

"One person starts and whispers into the ear of the person to their right. Just a sentence or two. By the time the message gets around to the 3rd or 4th person, now the data is dramatically different than the original. It's been interpreted, edited and even sanitized."

As the current CEO, walk down and visit the person who is in charge of your anonymous electronic suggestion box or the mandated legal “Whistle-Blower” program at your own organization.

Is it the Chief Risk Officer (CRO) or Chief Security Officer (CSO) in your own HQ or perhaps an HR Manager in another state or country?

Ask them to print out the “Activity Log” for the past 30 days. Ask yourself how you might work with your front line leaders to develop an encrypted innovative solution that can't be filtered, changed or deleted.

Now you might be on your way to detecting the real story, in real-time…

No comments:

Post a Comment