QFD: The End of Compliance...

Corporations will continue to be responsible for the criminal behavior and actions of their employees, 3rd party suppliers and other contractors for at least the near term.

In any case that has the defense legal eagles and "Usual Suspects" arguing against the corporate liability issue, the intent is getting cloudy or is it crystal clear?

Even if your Corporate Compliance Programs are in full force and the financial integrity unit is robust in it's efforts, the "Operational Risk" still exists for litigation.

Regardless of the amount of awareness building, education and corporate window dressing, you can't ultimately control human behavior. 

More compliance enforcement and regulatory pressure may seem to be the answer. A voluntary effort to shore up security, soundness and the opportunity for malfeasance in the work place may not be working effectively.

And still the liabilities exist from the plaintiffs and government adversaries to gain compensation. So what is the answer?

The answer lies in the "Enterprise Architecture" of our institutions and the failure to implement the process of "Quality Function Deployment" (QFD). This has been ignored by senior executives and US business because many judge it to be too complex.

One only has to look at the state of our automobile manufacturers versus the likes of Japanese companies to get a sense of the success of incorporating QFD on a comprehensive basis. But now apply this to the culture of an organization and how each individual makes logical business decisions instead of emotion-based decisions.

What many liability issues begin with are the employee(s) who made a bad decision.

QFD in its simplest form is a tool to promote communications. Among peers and connected teams within the organization it provides the methodology to catch errors, omissions and emotional bias early in the process.

As an example, let's take the Request for Proposal (RFP).

Many companies depend heavily on winning business by responding to RFP's. A "deal makers" perception of importance to the RFP determines the effort for the response.

Many times, this is influenced by an incentive plan. The human behavior to accept or decline the effort on an RFP as well as what it takes to push it through the organization for executive sign offs, is not always compatible with the strategic and quality measures of the enterprise.

Over time this will form an unimaginable amount of moral decay within a company. This leads to bad behavior and unethical decisions that people make because the business environment has rewarded it for far too long. So who is to blame here? The employee or the culture and company that has condoned and encouraged the behavior that ultimately damaged someone or something.

Implementing QFD in your information-based enterprise could have a dramatic impact on achieving a defensible standard of care by reducing the likelihood of catastrophic emotional decisions.

More importantly, QFD programs such as this that are directly reducing the likelihood of bad employee behavior and criminal incidents, can reduce the necessity for invasive compliance programs that most everyone wants to ignore.

Corporate Directors: Continuous Continuity (C2) of the Enterprise...

The modern enterprise that effectively manages the myriad of potential threats to its people, processes, systems and critical infrastructures stands to be better equipped for sustained continuity.

A Business Crisis and Continuity Management (BCCM) program is a dynamic change management initiative that requires dedicated resources, funding and auditing. Corporate Directors must scrutinize organizational survivability on a global basis.

Since effective BCCM analysis is a 24/7 operation, it takes a combination of factors across the organization to provide what one might call C2, or "Continuous Continuity”.

A one-time threat or risk assessment or even an annual look at what has changed across the enterprise is opening the door for a Board of Directors worst nightmare.

These nightmares are "Loss Events" that could have been prevented or mitigated all together.

The following testing techniques must be used to ensure the continuity plan can be executed in a real-life emergency:

• Table-top testing: Discussing how business recovery arrangements would react by using example interruptions
• Simulations: Training individuals by simulating a crisis and rehearsing their post-incident/crisis management roles
• Technical recovery testing: Testing to ensure information systems can be restored effectively
• Testing recovery at an alternate site: Running business processes in parallel with recovery operations at an off-site location
• Test of supplier facilities and services: Ensuring externally provided services and products will meet the contract requirements in the case of interruptions
• Complete rehearsals: Testing to ensure the organization, employees, equipment, facilities and processes can cope with interruptions

Many of these best practices talk about a BCCM that will be periodically updated. Periodic is not continuous. Change is the key factor here.

What changes take place in your organization between these periodic updates? How could any organization accurately account for all the changes to the organization in between BCCM updates? The fact is that they can’t.

This will change over time as organizations figure out that this is now as vital a business component as supply chain management. The effective BCCM framework will become a core process within the organization if it is not already, dynamically evolving by the minute as new change-based factors take place in the enterprise.

As new or terminated employees, suppliers and partners come and go into the BCCM process, the threat profile is updated in real-time. This takes the operational management that much closer to C2, or "Continuous Continuity”.

Having survived several large quakes in Southern California in years past, we are not sure that all of the testing in the world can prepare people for human behaviors that come from within.

"People literally lose all sense of common sense when you are on the 42nd floor of the 50+ sky scraper and without any warning it physically sways a couple feet to the left and a few more feet to the right. Believe me, the issue is not the testing itself, it’s how to create a real enough scenario that you get similar behaviors out of unsuspecting people."

Certainly the largest organizations realize that the external threats are taking on new and different forms than the standard fire, flood, earthquake and twister scenarios. These historically large catastrophic external loss events have been insured against and the premiums are substantial.

What it is less easy to analyze from a threat perspective are the constantly changing landscapes and continuity postures of the internal facets of the organization having to do with people, processes and systems.

Corporate Boards of Director’s are now being continuously subjected to regulatory scrutiny across the globe to ensure the continuity and survivability of the enterprise.

It is their duty and responsibility to their shareholders to make sure this occurs on a continuous basis. The world can only hope that our Global 500 companies are well on their way to achieving C2 already.

Corporate Directors are ultimately responsible for Continuous Continuity (C2) of the Enterprise…

Infinistructure: Who Knew What When...

Who knew what when? This is the question of the last few months as we now embark on the path towards recovery.

The Operational Risks that have plagued our aging county, state and federal institutions are growing and the convergence factor has brought us even bigger systemic organizations "Too Big To Fail."

While many will be side tracked by the need to deal with the toxic assets still on the books or in sinking agencies the "Zero's and One's" don't lie.

The information, digital evidence and just pure data audit trails will remain for many to be caught, charged, indicted and then sent before a jury to decide their fate.

Managing risks in the enterprise today takes on many flavors and within several departmental or enterprise domains of expertise.

Whether it be the C-Suite, legal department, the IT department, Internal Audit, Security department or even the Operational Risk Management Committee the "Zero's and One's" don't lie.

Think about how much time the people behind organizational malfeasance spend on trying to cover their tracks, clean up the digital "Blood Trail" of their crimes and wrong doing all the while knowing that someday, a smart investigator or forensic examiner will connect the dots. Game over.

Regardless if you are two paid-off programmers who have been enforcing the "Business Rules" in their software by the boss or an internal threat actor does not matter.

Whether they are copying, stealing, altering or damaging the digital information within the organization does not matter; these Operational Risks still remain constant.

The resources and the money devoted to continuous due diligence, monitoring and preemptive strategy to Deter, Detect and Defend the digital assets of the enterprise need to grow dramatically to stay ahead of the curve.

The best way to figure out “What to do” and “How to do it” will require outside assistance. Moving your digital assets to be professionally managed makes sense for economic and other financially prudent reasons.

Yet this migration away from large numbers of people managing and maintaining your information technology infrastructure internally and on your payroll is just the standard "outsourcing" strategy right?

It has it's own set of 3rd party supply chain set of risks. After your next incident who will be asking: Who knew what when?

Many private sector and government enterprises who are augmenting their COOP and the economic strategy of "Cloud Computing" have realized the smart course of implementing and migrating to managed services and infrastructure suppliers.

"How can the utilization of an "Infinistructure" with the knowledge and application of a legal compliance ecosystem in your enterprise mitigate the risks associated with bad actors, unprepared personnel and the digital loss of key evidence?"

Stay tuned for more on this later. In the mean time remember this.

All of the newest technology, fastest AI computers and neural networks enabled with encryption and secured physical locations will not be enough to save your institution from Operational Risks.

It is just one more piece of the total risk management mosaic, that will still require the smartest people and the most robust policy and processes imaginable.

Who knew what when? This will continue to be the biggest question of the next decade.

operational risk

Private Sector: Proactive Continuity & Protection of Critical Infrastructure…

Before 9/11 who at your organization was responsible for the continuous “Continuity of Operations“ for the business?

Last time your Board of Directors had their quarterly or annual meeting, was your compliance with the U.S. CII Act of 2002 on the agenda?

You know, the Critical Infrastructure Act of 2002 (CII Act):

“Under provisions of the Critical Infrastructure Information Act of 2002 (CII Act), information that is voluntarily submitted per those provisions will be protected from public disclosure until and unless a determination is made by the PCII Program Office that the information does not meet the requirements for PCII. If validated as PCII, the information will remain exempt from public disclosure.”

Critical Infrastructure Information (CII) is information not in the public domain and related to the security of CI or protected systems by either physical or computer based attack that harms commerce in the United States or threatens public health or safety.

Today, who in your particular organization is responsible for the PCII Program and are the entities that submit information:

• Private Sector companies
• State, local, and territorial government entities
• Working groups comprised of government and private sector representatives

"It is well known that over 85% of Critical Infrastructure is owned and operated by these organizations in the United States."

Consider this thought.

AI is increasingly being powered now by the Private Sector. Crypto mining is powered by the Private Sector. There are 16 more key CI Sectors.

The companies that are in your city, county or state that are directly tied to your Critical Infrastructure to provide Water, Electricity and Natural Gas, Emergency Services, Healthcare, Information Technology and Transportation are all components of the on-going safety and security of your community.

Who in your organization is responsible for the key relationships of all of the CI entities that you rely on to operate and serve your community each day?

Is it your CISO? Is it your CSO? Is it your CFO? Is it your CIO? Is it your COO?

If you don’t know that answer in your Board of Directors Meeting then add this to your To-Do list with your CEO.

Here are four key areas of focused leadership in your role to build resilience of Critical Infrastructure Protection in your organization:

> R_ecruiting

> E_ducation

> N_etworking

> S_haring Information

After you and your RENS team have prioritized "Critical Infrastructure Protection" and the safety of the American people at your organization, how will your own leadership be visible and proactive?

Never forget!

Trust Decisions: EO of ORM...

In our most uncertain times over the past few years, it is again time to revisit several key factors of Operational Risk Management (ORM) within our Global Critical Infrastructure organizations.

Think of examples like Maersk or Boeing and UnitedHealth Group or Silicon Valley Bank.

Into the future, our Risk, Security and Controls personnel shall have equal power with the executives who are responsible for bringing in the revenue.

This means that the future power-base of the Sales and Marketing teams would need to also be on par with the Internal Audit, Security and Risk Management executives.

This internal culture shift is harder to achieve than one would think.

The ego's aside, the people who make it their job to worry about potential losses, look over the horizon and to mitigate risks day in and day out, are just not used to warning everyone each day to every alert, each instance or possible threats.

It is because everybody loves to hear that the business has been won, the competition defeated and the company just closed the biggest "Deal" in it's history. Let the spin doctors in Marcom get the Press Releases flying!

Not the doom and gloom.

It has been said before, the tone starts at the top.

The CEO and Board of Directors who are cognizant of the necessity for effective risk management objectives must also create a balanced power-base at the top to balance the "Revenue Generators" with the “Risk & Loss mitigators.”

So who are some of these people who deserve a greater exposure to this new born culture shift:

• _Director of Information Security promoted to CISO. (Chief Information Security Officer)

• _Director of Corporate Facilities to CSO. (Chief Security Officer)

• _Director of Regulatory Affairs to CCO. (Chief Compliance Officer)

• _Director of Privacy to CPO. (Chief Privacy Officer)

• _Director of Human Resources to CHO. (Chief Humanity Officer)

If the CEO thinks that this is too many chiefs in the "C" Suite, then what about the idea of creating the:

Executive Office of Operational Risk Management (ORM)

This would be on par with the Chief Financial Officer and might even include the Chief Information Officer.

The new EO of ORM would now be on the same level of power with the EVP of Sales or Marketing and beyond the Chief Operations Officer (COO).

They would be laser focused on mitigating a spectrum of corporate threats, implementing relevant employee education and determining the true effectiveness of any organizational risk controls.

Just not so much on the effectiveness of sales incentives and corporate promotions or the uptime of corporate marketing processes.

So what does someone such as Sherron Watkins, the former VP of Corporate Development at Enron Corporation think the moral is?

You've been asked this one numerous times Sherron, I'm sure, but what's the moral of the story?

“Being an ethical person is more than knowing right from wrong. It is having the fortitude to do right even when there is much at stake.”

Analytic Priorities: Crossing the Digital RubiCON...

The governance of information within the government enterprise or the private sector enterprise remains very much the same. Both are subjected to a myriad of laws to help protect the civil liberties and privacy of U.S. citizens. Yet the data leaks, breaches and lost laptops keep both private sector and government organizations scrambling to cover their mistakes and to keep their adversaries from getting the upper hand. Again, the governance of information is the core capability that must be addressed if we are to have effective homeland security intelligence sharing to defeat the threats to the homeland 100% of the time.

The stakeholders in the information sharing environments will say that they have all the laws they need to not only protect information and also to protect the privacy of and liberties of U.S. citizens. What they may not admit, is that they do not have the assets within the context of their own organizations to deter, detect, defend and document the threats related to too much information being shared or not enough. These assets are a combination of new technologies, new education and situational awareness training and the people to staff these respective duties within the enterprise architecture.

Operational Risk Management is a continuous process in the context of our rapidly expanding corporate environments. What is one example? People traveling to emerging markets to explore new business opportunities or new suppliers that will be connected by high speed Internet connections to the supply chain management system. These boundaries of managing operational risk, have not only expanded, they have become invisible.

Ru·bi·con

1. a river in N Italy flowing E into the Adriatic

—Idiom

2. Rubicon, to take a decisive, irrevocable step

This "Digital Rubicon" before us, to take on a more "Active Defense" in navigating the risk across international waters of e-commerce, privacy and legal jurisdictions will forever shape our future. The decisions made on what constitutes an adversarial attack in the cyber domain, will not be as easy as the dawn of the nuclear age. Policy makers today have to weave the potential implications into a sophisticated decision tree that crosses the complex areas of intelligence, diplomacy, defense, law, commerce, economics and technology.

The new digital "Rule Sets" are currently being defined by not only nation states but the "Non-State" actors who dominate a segment of the global digital domains. The same kinds of schemes, ploys, communication tactics and strategies are playing out online and what has worked in the physical world, may also work even better in the cyber-centric environment. Corporations are increasingly under estimating the magnitude of the risk or the speed that it is approaching their front or back door steps.

The private sector is under tremendous oversight by various regulators, government agencies and corporate risk management. Yet the "public-private" "tug-of-war" over information sharing, leaks to the public press and Wikileaks incidents has everyone on full alert. As the government has outsourced the jobs that will take too long to execute or that the private sector already is an expert, operational risks have begun to soar.

As the private sector tasks morph with the requirements of government you perpetuate the gap for effective risk mitigation and spectacular incidents of failure. Whether it is the failure of people, processes, systems or some other clandestine event doesn't matter. The public-private paradox will continue as long as the two seek some form of symbiosis. The symbiotic relationship between a government entity and a private sector supplier must be managed no differently than any other mission critical resource within an unpredictable environment.

Once an organization has determined the vital combination of assets it requires to operate on a daily basis, then it can begin it's quest for enabling enterprise resiliency. The problem is, most companies still do not understand these complex relationships within the matrix of their business and therefore remain vulnerable. The only path to gaining that resilient outcome, is to finally cross that "Digital Rubicon" and realize that you no longer can control it.

The first step in any remediation program, is first to admit the problem and to accept the fact that it exists. Corporate enterprises and governments across the globe are coming to the realization that the only way forward is to cooperate, coordinate and contemplate a new level of trust.

operational risk

Operational Risk: Volatility of Change...

What is volatility and how could this be an operational risk in your particular institution or organization?

The threat of "Volatility" depends on what is being measured. The stock price. The return on capital. The key is that you want to reduce volatility in most cases.

It scares some people. Long term investors, employees and customers.

Volatility is the standard deviation of the change in value of a financial instrument with a specific time horizon. It is often used to quantify the risk of the instrument over that time period.

Who likes volatility?

Volatility is often viewed as a negative in that it represents uncertainty and risk.

However, volatility can be good in that if one shorts on the peaks, and buys on the lows one can make money, with greater money coming with greater volatility.

The possibility for money to be made via volatile markets is how short term market players like day traders make money, and is in contrast to the long term investment view of buy and hold.

So volatility is in the "eye of the beholder". The point is that some people thrive on it and others are better off with that smooth and predictable future.

Risk in a financial institution is defined in terms of earnings volatility. Earnings volatility creates the potential for loss. Losses, in turn, need to be funded, and it is the potential for loss that imposes a need for institutions to hold capital in reserve.

This capital provides a balance sheet cushion to absorb losses, without which an institution subjected to large (negative) earnings swings could become insolvent.

How much capital is allocated to Operational Risk is a measurement issue. The decisions an institution makes in managing Operational Risks is not risk versus return, but risk versus the cost it takes to avoid these threats.

The key determinant of an institutions risk factor against operational failures is not the amount of reserve capital, it is the performance of management.

In fact, in a few spectacular cases of operational failures, incremental capital would have made no difference to the firm's survivability. It comes back to strategy, safety, security and soundness.

How volatile are your earnings? At the end of the day the question is about management controls and measurement.  What if your measurements were not earnings, but the number of workplace accidents and acts of violence?

How effective are they at mitigating operational risks in the areas of the institution that can't be insured?

Look at places where "Change" is happening in huge volumes and at a rapid pace and you will know where to begin.

Trust Decisions: Creating a State of Zero Surprise…

Most people believe in some form of risk management and the truth is, that it doesn’t work all the time. It doesn’t work because the human being is incapable of processing all of the possible rules of the moment, the game, in any specific scenario, fast enough.

The organization or environment you are operating within and the responsibility you are tasked with each minute of each hour of each day, requires you to make “Trust Decisions.”

There are three essential qualities of Trust:

1. “Trust is a rules-based exercise.”
2. “Trust decisions are fueled by information.”
3. “Trust decisions are mathematical.”

“In a digital world where we are struggling to sustain and build trust across a global, wired landscape of human affairs characterized by reports and allegations of cyberwars, digital theft, electronic espionage, and the loss of human dignity through ubiquitous surveillance, this essential truth changes everything.”

“Achieving Digital Trust: The New Rules For Business At The Speed of Light” - By Jeffrey Ritter Page 51-53

As you begin to think about your daily tasks, do you know and understand the rules?

Trust Decisions require a “Yes” or “No”. There is no “Maybe”.

Unfortunately, humans operate differently than machines and software that were designed with rules that are truly binary. Zero or One.

That is why we designed and built tools and innovations that can follow the rules at tremendous speeds using rules that we agreed upon.

How well do you know the rules that are the origin of behavior within your most trusted tool?

Is it a gondola? Is it an alarm? Is it a safety switch? Is it a software program? Is it a computer embedded in another machine?

Rules are followed. Information is gathered. Calculations are executed.

So what?

“Taking the risk” means choosing not to calculate trust and the first opportunity to do so occurs far earlier than you might ever imagine.“

“Decisions that are thorough—decisions that are to be trusted—create more wealth.”

“Achieving Digital Trust: The New Rules For Business At The Speed of Light” - By Jeffrey Ritter Page 75-77

Humans are continuously processing a combination of all three qualities simultaneously and yet you know when “Trust” is quickly eroding in your vision, your senses and your mind.

You are comparing all of these qualities simultaneously based upon your past performance and/or experiences.

Therefore, failures of people, processes, systems and external events seem to occur randomly.

Is it possible to achieve a state of zero surprise? Where all risks are mitigated and humans can achieve an environment of trust that is sustainable. We think it is. In the right environment and in a specific scenario, surprise is now almost “impossible”.

How safe, secure and wealthy do you feel today?

Mechanisms: For Continuous Risk Monitoring...

Years ago working in concert with fellow risk professionals within the ranks of an international organization off Route 123 in Tysons Corner, our “Team Leader” was briefing us in a small conference room on the 5th floor at 8:00am.

One of the systemic problems at large institutions including organizations like this one is keeping your finger on the pulse of all "Risk Indicators". Unfortunately for SVP's and other executives in the corporate hierarchy, the organizations middle managers are creating a potential layer that impedes the best "Early Warning System" you have at your disposal. 

She continued her dialogue with substantial hand gestures as she circled our long table in the middle of the room:

“When problems surface here on the front line or in the "Cube City" down in Information Systems, sales or operations, the normal agenda is for the employee to go to their direct supervisor to raise the "Red Flag" or disclose the incident. And the first behavioral response by the Middle Manager is to keep it quiet. Fix it before anyone else finds out. Keep it under wraps until damage control can be implemented.”

When you are the head of Enterprise Risk Management, you need truth mechanisms to bypass and eradicate the barriers filtering data, your intelligence, incidents and overall hunches.

There is no magic system or process that will solve it all. The only way to attempt at breaking through this layer of social and organizational dysfunction is to circumvent it.

Design a continuous risk monitoring system that shall be implemented and operating anonymously 24/7. Do this if you require the correct people in the upper echelons of executive management responders to “Feel, See and HEAR the Pulse" of any risk hotspots in the enterprise.

These hotspots translate into "Risk Indicators" from the sources themselves, people who know what's going wrong and know the truth.

A Continuous Risk Monitoring System (CRMS) is an automated human feedback and problem identification mechanism for detecting organizational risks.

It allows leaders of large enterprises to quickly identify problems and incidents of all kinds within their company. 

Call it a sophisticated whistle-blower system or suggestion box if you will, but that is exactly what it is, on steroids.

The ideal system would emulate communication patterns in small groups which is often a major ingredient in successful teams.

It would also run on the existing iPhones, computers and networks of the organization such as applications like Slack, Teams or Wickr.

Think about how long it takes today for data and information to percolate and bubble up from the places in your organization that are considered "Current Risk Hot Spots”.

The point our Team Leader was emphasizing is that for far too long we have been playing the old telephone game. You know, the one that you played as a kid sitting around the kitchen table or on the floor in a circle.

"One person starts and whispers into the ear of the person to their right. Just a sentence or two. By the time the message gets around to the 3rd or 4th person, now the data is dramatically different than the original. It's been interpreted, edited and even sanitized."

As the current CEO, walk down and visit the person who is in charge of your anonymous electronic suggestion box or the mandated legal “Whistle-Blower” program at your own organization.

Is it the Chief Risk Officer (CRO) or Chief Security Officer (CSO) in your own HQ or perhaps an HR Manager in another state or country?

Ask them to print out the “Activity Log” for the past 30 days. Ask yourself how you might work with your front line leaders to develop an encrypted innovative solution that can't be filtered, changed or deleted.

Now you might be on your way to detecting the real story, in real-time…

OPS Risk: Global Digital Spring...

Over a decade later since the Arab Spring of 2011, our planet has witnessed the growth of personal mobile communications and the explosion of the Quantum "Internet of Things".

The utilization of wireless mobile communications and its intersection with social media apps in our emerging nations civilian environments is here to stay. 

How these latest digital consumer-based applications have been now leveraged for situational awareness (GPS) and information operations is exploding across the emerging nations, where the mobile Internet is now gaining even more ubiquitous use.

What this also means for our risk managers in the C-Suites of major technology companies is a heightened sensitivity and awareness to the ways your tools and capabilities could be utilized in the hands of the wrong end user.

No different than the early days of unleashing certain web tools like Metasploit, to help understand our digital vulnerabilities within the confines of the corporate enterprise.

These same new open-source “App tools” could be utilized by nefarious cyber forces to quickly exploit the unknown weaknesses in our own U.S. government and corporate network systems.

Yet like many inventions by our mission-driven mankind, they can be used for good and simultaneously for evil in the hands of a certain person.

Operational Risk Management in the high technology sector (Ai?) will be just as much of an imperative for continuous compliance as the manufacturing and international shipment of products from Barrett or the manufacturers of Detcord.

The "Export Control" compliance mechanism is here to stay and companies who operate in the new age of emerging social media via mobile technologies, will need more effective OFAC internal controls.

Operational Risks may exist within the business processes that you use with your international sales and business development organization.

When was the last time you had a compliance-based OFAC discussion within the ranks of the C-Suite at your new emerging technology company?

Are you fully funded by the VCs and ready to sell your new encrypted FinTech or social media app for Android to the world?

Innovative organizations need to make sure that part of the roll out strategy, encompasses the effective conversations with the correct government departments.

This is also to determine the right process and the online tools available to better understand where and who you can sell your products to outside of the United States.

The worlds last “Arab Spring” and the next organized movement utilizing social media and satellite mobile Internet technologies that include encrypted messaging, GPS and live video, shall be even more closely scrutinized by internal compliance officers and the regulatory watchdogs domestically and abroad.

Yet the most effective internal management tools going forward, may just lie in the same ones used by your own Mother and Father growing up.

The ethical and the growing moral arguments in many cases can have a dramatic impact on young people at an early stage in their lives, as you hand them their first mobile phone as a parent.

Perhaps it is still not too late to remind and reinforce and to emphasize the fact that our exponential High-performance computing (HPC) cyber environments, are powering nothing more than the digital mirror image of the physical world we already know about. Both Good and Bad.

Our future of effective enterprise Operational Risk Management (ORM) online and the effective compliance with potential legal sanctions, may well begin with a heart-to-heart conversation at your next company executive retreat or “All-Hands” fire side chat meeting...