Volatility: Enemy #1...

Organizations implement Operational Risk solutions to lower "volatility" in earnings growth and return on capital. The focus on volatility is because no institution likes to see peaks and valleys in their earnings or their return on capital. A steady and consistent growth curve without "Volatility" is the goal by many steadfast organizations.

Contrary to the goal of minimized "volatility" there are also those who feed off of the chaos and the large swings between these highs and lows in the marketplace and with specific companies in vital sectors of the financial economy. Will a Blueprint for Regulatory Reform be the answer?

As a hedge fund investor, can you explain what the strategy is for your investment fund? Do you know what your money is being invested in? Does your hedge fund manager provide transparency on calculating your return on funds invested? What was the reason you invested in alternative investments to begin with?

Carrying this analogy to the operational processes within your organization, the goal is to keep the processes running smoothly. When people or systems deviate from the agreed upon "Rule Sets" then change ensues along with the volatility of the performance measures.

Errors, Omissions and systemic "glitches" are the catalysts to volatility that creates fear, uncertainty and doubt. Do you understand the Math? When the process gets to this stage and people don't trust the rules anymore, you are on the brink of a failure and impending loss, in dollars or peoples lives.

Operational Risk Management is a discipline that is emerging in corporate ranks because it has already proven that it saves lives. The regulators and inspector generals are going to demand it.

The "Rule Sets" of playing business in the financial, health care and energy sectors are not the only ones being subjected to this increased scrutiny and renewed focus on OPS Risk.

Lessons learned are being discussed in the ranks of the U.S. Treasury Department and the Department of Defense all relating to the failure of people, processes, systems and or external events.

Whether you utilize Operational Risk Management (ORM) in the Defense Industrial Base or in the Financial Services sector it's important to revisit what it is NOT:

Operational Risk is Not:

• About avoiding risk
• A safety only program
• Limited to complex-high risk evolutions
• A program -- but a process
• Only for on-duty
• Just for your boss
• Just a planning tool
• Automatic
• Static
• Difficult
• Someone else’s job
• A well kept secret
• A fail-safe process
• A bunch of checklists 
• Just a bullet in a briefing guide
• “TQL”
• Going away

The goal of Risk Management is not to eliminate risk, but to manage risk so the mission can be accomplished with minimum impact. We manage risk to operate, not avoid risk as a means to prevent loss.

Operational Risk is all around us and now ready for prime time focus in terms of strategy execution, implementation and measurement...

Trust Decisions: EO of ORM...

In our most uncertain times over the past few years, it is again time to revisit several key factors of Operational Risk Management (ORM) within our Global Critical Infrastructure organizations.

Think of examples like Maersk or Boeing and UnitedHealth Group or Silicon Valley Bank.

Into the future, our Risk, Security and Controls personnel shall have equal power with the executives who are responsible for bringing in the revenue.

This means that the future power-base of the Sales and Marketing teams would need to also be on par with the Internal Audit, Security and Risk Management executives.

This internal culture shift is harder to achieve than one would think.

The ego's aside, the people who make it their job to worry about potential losses, look over the horizon and to mitigate risks day in and day out, are just not used to warning everyone each day to every alert, each instance or possible threats.

It is because everybody loves to hear that the business has been won, the competition defeated and the company just closed the biggest "Deal" in it's history. Let the spin doctors in Marcom get the Press Releases flying!

Not the doom and gloom.

It has been said before, the tone starts at the top.

The CEO and Board of Directors who are cognizant of the necessity for effective risk management objectives must also create a balanced power-base at the top to balance the "Revenue Generators" with the “Risk & Loss mitigators.”

So who are some of these people who deserve a greater exposure to this new born culture shift:

• _Director of Information Security promoted to CISO. (Chief Information Security Officer)

• _Director of Corporate Facilities to CSO. (Chief Security Officer)

• _Director of Regulatory Affairs to CCO. (Chief Compliance Officer)

• _Director of Privacy to CPO. (Chief Privacy Officer)

• _Director of Human Resources to CHO. (Chief Humanity Officer)

If the CEO thinks that this is too many chiefs in the "C" Suite, then what about the idea of creating the:

Executive Office of Operational Risk Management (ORM)

This would be on par with the Chief Financial Officer and might even include the Chief Information Officer.

The new EO of ORM would now be on the same level of power with the EVP of Sales or Marketing and beyond the Chief Operations Officer (COO).

They would be laser focused on mitigating a spectrum of corporate threats, implementing relevant employee education and determining the true effectiveness of any organizational risk controls.

Just not so much on the effectiveness of sales incentives and corporate promotions or the uptime of corporate marketing processes.

So what does someone such as Sherron Watkins, the former VP of Corporate Development at Enron Corporation think the moral is?

You've been asked this one numerous times Sherron, I'm sure, but what's the moral of the story?

“Being an ethical person is more than knowing right from wrong. It is having the fortitude to do right even when there is much at stake.”

Reputation Risk: Is Murphy to Blame?

Any board member or executive today is well aware of the direct impact of an adverse event or significant business disruption can have on shareholder value and customer confidence. When it does happen, how many people just throw up their hands and shout, Murphy's Law!

"Murphy's Law ("If anything can go wrong, it will") was born at Edwards Air Force Base in 1949 at North Base.

It was named after Capt. Edward A. Murphy, an engineer working on Air Force Project MX981, (a project) designed to see how much sudden deceleration a person can stand in a crash."

Murphy is all about managing the "What if's" and planning for their possibility.

More than one business has been subjected to the Law's of Murphy whenever a complex and logistical project or program is underway.

If you are one of those corporate executives who has been unable to use your security badge the Monday after the big office move, you are not alone.

The question is not that it could happen, it's what impact will it have on employee satisfaction the day it happens, and beyond.

In your future planning to mitigate the Operational Risks associated with Murphy and your reputation, we are reminded of a few of our favorite Murphy's Laws:

1._Computer systems are unreliable, but humans are even more unreliable. Any system which depends on human reliability is unreliable.

2._If there is a possibility of several things going wrong the one that will cause the most damage will be the one to go wrong.

3._A difficult task will be halted near completion by one tiny, previously insignificant detail.

4._High speed chases will always proceed from an area of light traffic to an area of extremely heavy traffic.

5._Every emergency has three phases: PANIC... FEAR... REMORSE.

Do you think you're spending too much time with your team planning? You haven’t.

Success in your organization doesn't happen because everything goes according to the plan. It happens because you were prepared when things go wrong.

The organizations whose team has planned for every possible scenario and trained together in live simulations will become the most successful.

Their missions will be accomplished on time and within budget.

Incidents of different severity and frequency are happening around you and your organization every day.

Would your employees know what an incident looks like let alone know what to do next to mitigate the risk to them and the organization?

Operational Risk: Volatility of Change...

What is volatility and how could this be an operational risk in your particular institution or organization?

The threat of "Volatility" depends on what is being measured. The stock price. The return on capital. The key is that you want to reduce volatility in most cases.

It scares some people. Long term investors, employees and customers.

Volatility is the standard deviation of the change in value of a financial instrument with a specific time horizon. It is often used to quantify the risk of the instrument over that time period.

Who likes volatility?

Volatility is often viewed as a negative in that it represents uncertainty and risk.

However, volatility can be good in that if one shorts on the peaks, and buys on the lows one can make money, with greater money coming with greater volatility.

The possibility for money to be made via volatile markets is how short term market players like day traders make money, and is in contrast to the long term investment view of buy and hold.

So volatility is in the "eye of the beholder". The point is that some people thrive on it and others are better off with that smooth and predictable future.

Risk in a financial institution is defined in terms of earnings volatility. Earnings volatility creates the potential for loss. Losses, in turn, need to be funded, and it is the potential for loss that imposes a need for institutions to hold capital in reserve.

This capital provides a balance sheet cushion to absorb losses, without which an institution subjected to large (negative) earnings swings could become insolvent.

How much capital is allocated to Operational Risk is a measurement issue. The decisions an institution makes in managing Operational Risks is not risk versus return, but risk versus the cost it takes to avoid these threats.

The key determinant of an institutions risk factor against operational failures is not the amount of reserve capital, it is the performance of management.

In fact, in a few spectacular cases of operational failures, incremental capital would have made no difference to the firm's survivability. It comes back to strategy, safety, security and soundness.

How volatile are your earnings? At the end of the day the question is about management controls and measurement.  What if your measurements were not earnings, but the number of workplace accidents and acts of violence?

How effective are they at mitigating operational risks in the areas of the institution that can't be insured?

Look at places where "Change" is happening in huge volumes and at a rapid pace and you will know where to begin.

Global Risk Economy: Follow the Money...

Operational Risk in the global economy is migrating to places that 10 years ago would not have been easily forecasted.

New countries, financial institutions and software technologies have changed the playing field for our risk management executives.

Why is this happening?

One example is the movement of employment to more emerging markets where corporate tax rates are lower and the supply of talented workers with specific skill sets is prevalent.

The simple movement of people and systems to those new countries creates new found risks that may not have been as pervasive in the past for the institution.

Another example is the evolution of new computing platform paradigms such as the emergence of "The Cloud" or “Infrastructure-as-a-Service".

This outsourced IT model not only provides economy of scale in terms of just in time computing power but also the more economical licensing models.

Operational Risk within the confines of the global workplace will continue to follow what countries are attractive and where these people and the systems are now operating from.

Along with this migration of responsibilities of vital corporate processes to other cultures and countries comes the risks associated with potential lack of safeguards, both legally and to the physical protection of key corporate assets.

In the United States, our “True International Economy" explains why there are tens of millions of employees now working for US-based corporations outside the country.

Once you have accepted this fact, your personal risk mindset may also change.

How many U.S. organizations have now moved their Corporate Headquarters to Dublin?

How many American companies now have personnel in foreign countries reviewing online “Social Media” content with the assistance of AI?

"You may have heard the phrase "Follow The Money" in several contexts in the past."

Whether it was Watergate investigations in the 70's or now the 2020’s and the new “Global War in Space”.

The real-time tracking of where money flows, can be a core indicator of where Operational Risk managers need to keep their radar focused and on high alert.

Operational Risk Management (ORM) in the next decade will take on a whole new international meaning and significance than it currently does today.

The risks associated with people, processes, systems and external events will become even more exponential…

operational risk

Problem-Set: Enterprise OPS Risk...

Who is responsible when a particular Operational Risk problem-set has risen to your organizational awareness?  Clue: It is not the name of a department or single person.

This means that all people in your company, agency or command unit may have encountered behaviors, information or evidence of potential Operational Risk loss event outcomes.

Until you have a documented 1-Pager in your organization, you don’t have a problem-set or someone with the responsibility to solve it.

What is the Problem-Set? Give it a short Title that identifies the issue.

How do you describe the Background on the new problem-set in less than two short paragraphs?

Explain the Challenge ahead.

In less than one paragraph of three or four sentences, explain what the intended outcomes of solving the problem-set will be.

Now provide the Boundaries in your process of discovery and activity, that will provide you with the solutions solving the problem-set.

Now, who is the Owner / Sponsor of this problem-set?

“You have an “Operational Risk” loss event potentially waiting to happen.”

The people and/or the team who have been assigned to the defined  “OPS_RISK_PROBLEM-SET” (ORP), now have the organizational responsibility and power to engage with mitigating the risk of the potential outcomes, by designing and implementing the prototype Solution.

If leadership assigns you to this particular 1-Pager, it is now your responsibility to follow the process and to execute the steps you have been trained to carry out within your organization.

This shall occur in a timely manner, based upon the severity of the Operational Risk:

Design an easy and memorable numerical scale that could be utilized with the team or owners of your Problem-Set to provide a quick numerical severity for the ORP.

SEVERITY / LIKELIHOOD OF LOSS EVENT

LOW >>>>> 1 >>>>> 3 >>>>> 6 >>>>> 10+ HIGH

Stack rank your company, agency or command unit ORPs from High Severity to Low Severity on a pre-determined schedule, relevant to the size and pace of your national regulatory requirements.

If your organization is categorized as one of the 16+ national Critical Infrastructure Sectors as defined by the U.S. Department of Homeland Security (DHS), your organization shall engage in a continuous process of solving new problem-sets that are being continuously discovered in your enterprise.

Now you are on your way to solving more problem-sets with timely defined solutions within your entire Operational Risk Management (ORM) organization.

Onward!

Trusted Horizon: "Augmented Intelligence"...

When you read that critical powerpoint report last week at work, did you trust what the author had written?

How did you make the decision to trust the numbers that the author placed in the columns and rows chart on page 3?

Did you trust the author and source because of their previous track record of accuracy?

Did the numbers come from a sensor that has been tested in an independent lab to a 99% level of truth?

You trusted that report at work for a reason. It was a “Trust Decision”.

Why?

Have you personally tested the math? What is the source of the data?

So why do you trust Apple vs. Samsung? Verizon vs. AT&T?

Would you pay $100 for a machine that was 99% accurate or could you live with a machine that was 50% accurate and only cost $50?

Think about your mobile navigation mapping app. Where are you going?

These kind of discussions are fundamental yet necessary for us at this point in our digital innovation journey. Just as humans have since the inventions of the Personal Computer, Internet and Quantum Computing.

Trust Decisions are mathematical.

mathematical

adjective

1: of, relating to, or according with mathematics

2 a: rigorously exact : PRECISE

b: CERTAIN

3: possible but highly improbable

We have been trusting computers, data and all kinds of sensors as a result of established testing standards. You name it. ATM’s. Stock Markets. Airplanes. Rockets.  Satellites.

Today, would you trust the answer of any question asked to your favorite Large Language Model (LLM)?

LLM’s will challenge your future digital “Trust Decisions” because you might decide whether you believe Chat-Brand A vs. Bard-Brand B vs. Claude-Brand C.

No different than your preference today on using Google search or Bing.

Are human lives at stake? How will we ensure the trust of our digital machines? 

Into the future, our ability to produce high accuracy “Trust Decisions” will depend on your own “Augmented Intelligence” (Ai)...

Mechanisms: For Continuous Risk Monitoring...

Years ago working in concert with fellow risk professionals within the ranks of an international organization off Route 123 in Tysons Corner, our “Team Leader” was briefing us in a small conference room on the 5th floor at 8:00am.

One of the systemic problems at large institutions including organizations like this one is keeping your finger on the pulse of all "Risk Indicators". Unfortunately for SVP's and other executives in the corporate hierarchy, the organizations middle managers are creating a potential layer that impedes the best "Early Warning System" you have at your disposal. 

She continued her dialogue with substantial hand gestures as she circled our long table in the middle of the room:

“When problems surface here on the front line or in the "Cube City" down in Information Systems, sales or operations, the normal agenda is for the employee to go to their direct supervisor to raise the "Red Flag" or disclose the incident. And the first behavioral response by the Middle Manager is to keep it quiet. Fix it before anyone else finds out. Keep it under wraps until damage control can be implemented.”

When you are the head of Enterprise Risk Management, you need truth mechanisms to bypass and eradicate the barriers filtering data, your intelligence, incidents and overall hunches.

There is no magic system or process that will solve it all. The only way to attempt at breaking through this layer of social and organizational dysfunction is to circumvent it.

Design a continuous risk monitoring system that shall be implemented and operating anonymously 24/7. Do this if you require the correct people in the upper echelons of executive management responders to “Feel, See and HEAR the Pulse" of any risk hotspots in the enterprise.

These hotspots translate into "Risk Indicators" from the sources themselves, people who know what's going wrong and know the truth.

A Continuous Risk Monitoring System (CRMS) is an automated human feedback and problem identification mechanism for detecting organizational risks.

It allows leaders of large enterprises to quickly identify problems and incidents of all kinds within their company. 

Call it a sophisticated whistle-blower system or suggestion box if you will, but that is exactly what it is, on steroids.

The ideal system would emulate communication patterns in small groups which is often a major ingredient in successful teams.

It would also run on the existing iPhones, computers and networks of the organization such as applications like Slack, Teams or Wickr.

Think about how long it takes today for data and information to percolate and bubble up from the places in your organization that are considered "Current Risk Hot Spots”.

The point our Team Leader was emphasizing is that for far too long we have been playing the old telephone game. You know, the one that you played as a kid sitting around the kitchen table or on the floor in a circle.

"One person starts and whispers into the ear of the person to their right. Just a sentence or two. By the time the message gets around to the 3rd or 4th person, now the data is dramatically different than the original. It's been interpreted, edited and even sanitized."

As the current CEO, walk down and visit the person who is in charge of your anonymous electronic suggestion box or the mandated legal “Whistle-Blower” program at your own organization.

Is it the Chief Risk Officer (CRO) or Chief Security Officer (CSO) in your own HQ or perhaps an HR Manager in another state or country?

Ask them to print out the “Activity Log” for the past 30 days. Ask yourself how you might work with your front line leaders to develop an encrypted innovative solution that can't be filtered, changed or deleted.

Now you might be on your way to detecting the real story, in real-time…

Volatility: Enemy #1…

Organizations implement Operational Risk solutions to lower "volatility" in earnings growth and return on capital. The focus on volatility is because no institution likes to see peaks and valleys in their earnings or their return on capital.

A steady and consistent growth curve without "Volatility" is the goal by many steadfast organizations.

Contrary to the goal of minimized "volatility" there are also those who feed off of the chaos and the large swings between these highs and lows in the marketplace and with specific companies in vital sectors of the financial economy. Will another Blueprint for Regulatory Reform be the answer?

As a hedge fund investor, can you explain what the strategy is for your investment fund? Do you know what your money is being invested in?

Does your hedge fund manager provide transparency on calculating your return on funds invested? What was the reason you invested in alternative investments to begin with?

Carrying this analogy to the operational processes within your organization, the goal is to keep the processes running smoothly. When people or systems deviate from the agreed upon "Rule Sets" then change ensues along with the volatility of the performance measures.

Errors, Omissions and systemic "glitches" are the catalysts to volatility that creates fear, uncertainty and doubt.

Do you understand the Math? When the process gets to this stage and people don't trust the rules anymore, you are on the brink of a failure and impending loss, in dollars and/or peoples lives.

Operational Risk Management is a discipline that is remerging in our corporate ranks because it has already proven that it saves lives. The regulators and inspector generals are going to raise it’s mandate within our institutional ranks once again.

The "Rule Sets" of playing business in the financial, health care and energy sectors are not the only ones being subjected to this increased scrutiny and renewed focus on OPS Risk as lessons were learned over 15 years ago:

“In March of 2008, the Department of Defense learned that four non-nuclear nose cone assemblies and their associated electrical components for a ballistic missile where mistakenly shipped to Taiwan in the fall of 2006. These items were originally shipped in March 2005 from F.E. Warren Air Force Base in Wyoming to the Defense Logistics Agency warehouse at Hill Air Force Base in Utah. There are no nuclear or fissile materials associated with these items.

Upon learning of the error, the U.S. government took immediate action to acquire positive control of the components and arranged for their safe and secure recovery to the United States. These items have been safely returned to the United States.”

After this event, lessons learned and “After-Action-Reports” were generated in the ranks of the U.S. Treasury Department and the Department of Defense all relating to the failure of People, Processes, Systems and or External events.

Operational Risk is all around us and continuously ready for prime time focus in terms of our leadership strategy execution, implementation and measurement.

Whether you utilize Operational Risk Management (ORM) in the Defense Industrial Base or in another Critical Infrastructure sector in the United States, it’s important to revisit what it is NOT:

Operational Risk is Not:

• About avoiding risk
• A safety only program
• Limited to complex-high risk evolutions
• A program -- but a process
• Only for on-duty
• Just for your boss
• Just a planning tool
• Automatic
• Static
• Difficult
• Someone else’s job
• A well kept secret
• A fail-safe process
• A bunch of checklists
• Just a bullet in a briefing guide
• “TQL”
• Going away

The goal of Risk Management is not to eliminate risk, but to manage risk so the mission can be accomplished with minimum impact...

Reliable: Who Do You Have Faith In?

When you think of the person you would recommend for a particular task or to perform defined professional services, who comes to mind?

There are many ways and words to describe a person or the business, yet if you had only one word to choose from, what would it be?

Reliable  adjective

1: suitable or fit to be relied on: DEPENDABLE

2: giving the same result on successive trials

Reliable noun

1: one that is reliable

In many cases, this is the word people really mean to use, as the basis for their recommendation.

Whether a business or a person is reliable, makes all the difference in your world, especially if you must rely on the outcomes of their service or duty.

When someone or something you pay for, does not meet a series of positive results, you begin to question your decision to utilize the service or receive the product for use.

Unfortunately for many people and businesses, this word “Reliable” is not considered or even measured on a consistent or measurable basis.

"Over the course of time in your life, think of one person or business you could say was truly reliable."

Think of this one person or business you have utilized for more than ten years that is reliable.

In any professional capacity, becoming reliable takes many years of practice and substantial learning. It requires the development of people, processes, systems and real innovation.

Now, think about someone or an entity (business, product, government agency) that you have lost faith in.

The people or businesses that you have stopped interaction with, have become “Unreliable” for your particular requirements or expectations of quality of service.

How would our world change for the better if there was more learning and focus on being “Reliable”?

How can you as a person or business become top of mind, when someone is asked “Who would you recommend” to: _________________?

You too, can become truly reliable…

Foresight: Circumspection as to Danger or Risk...

As you walk through your business office or around your organizations campus this week, how will you use foresight?

You have always had the ability to foresee and view looking forward, yet how effective have you applied this ability in your current environment?

The act or power of foreseeing is a skill that you can learn and utilize on a daily basis to your advantage. To increase your safety. To insure your security. To expand your prudence.

Are you operating each day in your work or even family activities without ever thinking about the future?

What if?

Do you ever ask yourself this question as you proceed into your day, your week or the next month or are you oblivious to the changing conditions, people, processes and behaviors externally developing around you?

Reactive people who are constantly surprised and organizations that are less than prepared for sudden change events, are ever more present.

Anticipating the future and using real-time sensory data to your advantage is just the baseline towards more effective individual prudence and continuous business foresight.

"The speed of life or the accelerating volumes of data streaming through the digital veins of your organization, just might have you overwhelmed and even distracted."

How might you and your team develop greater foresight and reduce the significant risks in your business future?

As a Team Leader, the answer begins with finding a very scarce commodity these days.

Time.

Let’s just start with 2 hours, across 4 consecutive weeks so 8 blocks of time.

The difference is, these two hours each week with your team shall be devoted to developing greater foresight.

Your skill and good judgement, in the use of resources while you apply this to caution or circumspection of danger or risk, will create a true difference.

Your facilitation of the process and methodology, insures your teams focus on using and applying foresight, in your particular areas of business operations or your teams specific responsibility.

The teams outcomes shall be applied and tested, measured and recorded to determine the true results. For 4 consecutive weeks, your "Business Foresight" and prudence will be rapidly growing. Now repeat in bi-annual sessions.

Your expanding corporate ability to govern and the discipline by the use of team reasoning will ensure a more safe and secure journey into the future…

Onward!

ORM Tools: So Many Choices...So Little Time

As the software marketplace begins to mature with the newest systems for various facets of Operational Risk, how do you know what software tools are right for your organization?

For starters, there are dozens if not hundreds of specific tools on the market today for helping you manage everything from Risk and Control Self Assessments (RCSA), Supply Chain Risk to documenting processes for SOX 404 compliance. 

"You can benefit from building your structures for processes, business strategy and tests for procedures. This still leaves many choices to evaluate and vendors who will flog you with powerpoints."

There are several key components of the ORM Framework Management that are essential when considering software tools to assist you:  

Policy 

Create security policies, standards and procedures, distribute them online, educate and train employees, and track compliance, exceptions and violations.  

Threat 

Comprehensive and customizable early warning system providing notification of physical and digital threats, vulnerabilities and malicious code to help prevent attacks before they affect the enterprise.  

Assets 

Manage enterprise assets such as buildings, vehicles, inventory, servers, applications or data centers and their relationships to ensure you are protecting your critical assets according to management expectations. 

Risks 

Perform online risk assessments to determine the proper controls to be implemented on specific assets based on their use and risk to the enterprise. 

Incidents 

Report incidents, manage their escalation, track investigations and analyze resolutions.

In evaluating the current information security, regulatory and legal environment, consider these five key flaws with today’s ORM software solution programs:

1. Dependence on inadequate and incomplete technology-based point solutions; 

2. Failure to integrate people, process and systems into an effective operational risk program; 

3. Lack of decision support and an actionable understanding of the threat to the entire spectrum of corporate assets; 

4. Reactive response to perceived problems rather than proactive initiatives based on sound risk management principles; and

5. Cost and shortage of properly skilled IT personnel to suport the programs.

The Gartner Group has identified three major questions that executives and boards of directors need to answer when confronting significant issues: 

•  Is your policy enforced fairly, consistently and legally across the enterprise.
•  Would our employees, contractors and partners know if a violation was being committed?
•  Would they know what to do about it if they did recognize a violation?

If you don't know the answers to these questions then there is much more work to do and much more strategic planning necessary before any software system is implemented for Operational Risk Management...

Transparency of Actions: Building Organizational Trust…

Is paranoia and the secrecy of strategic actions by a senior management leader a major vulnerability in your organization?

The Operational Risks associated with your paranoid “Need-to-Know” culture, could lead to the failure of key management initiatives or even the latest offensive launched on your competition.

Whether you are a leader of the largest country in our world by area of land mass, or you are the Chief Executive Officer of a growing enterprise, your future success leading the organization truly lies in the hearts of people.

Have you recently launched a new policy or company strategy that has taken much of those on the front lines by surprise?

Are you invoking a new “Go-to-Market” strategy in the field without the majority of your Board of Directors to support your new ideas and actions?

The failures of People, Processes, Systems and the risks of certain External Events will eventually lead to your Operational demise. The destruction of a home for so many. It could take weeks, months or possibly years.

While your authoritative and brute force tactics from the Top begin to unfold, your employees and followers are losing faith in you. They are beginning their own plans to exit the organization and escape your toxic paranoid attitude.

Unfortunately, your own ego and the fog of your imagined legacy is ultimately what will lead to your organizations slow and painful failure.

"How might you change this and keep your upward trajectory in the marketplace and across the globe before it is too late?"

It begins with mending and growing relationships that you have ignored. Relationships that over the years have stood next to you and behind you waving your flag.

Time is running out. As a leader, the admission that you have taken the wrong course and made paranoid decisions without collaboration of other key leaders is a starting point.

You and your Board of Directors need to Understand, Decide and Act. Very soon.

How might a “Backwards-from-Perfect” approach in consultation and consensus with your strategic partners make a difference in the hours and days ahead?

The historic legacy you leave in Wikipedia and in all the hearts of the people in your particular tribe of followers, is now before you.

It is now time to become more transparent, generate a series of active “Trust Decisions” and to deliver the actions to save the heart and soul of all that they believe in…

Managing Operational Risks: On the Wall at 100 Ft...

After days taking in the magnificent sights at 100+ feet below the surface off Grand Cayman Island, we were reminded how Operational Risk Management is prevalent in even remote places like this.

Take for example the mandate for using dive computers, as a guest of Wall to Wall Diving. For those not initiated with Scuba Diving, you might not realize that "sensors" are utilized in measuring potential threats to your life from something called "The Bends", or decompression sickness.

Giles Charlton-Jones and his wife Deanna from Wall to Wall Diving use a combination of proven Operational Risk Management processes and tools to reduce the risks to their clients. They do this because their small business is no different than that of a Fortune 500 company. As the owners and primary shareholders of any organization, it is the law in most cases to provide Duty of Care.

Decompression sickness, (DCS), diver's disease, the bends, or caisson disease is the name given to a variety of symptoms suffered by a person exposed to a reduction in the pressure surrounding their body. It is a type of diving hazard.

Dive computers perform a continuous calculation of the partial pressure of gases in the body based on the actual dive profile. As the dive computer automatically measures depth and time, it reduces the need for the diver to carry a separate watch and depth gauge and is able to warn of excessive ascent rates and missed decompression stops.

Many dive computers also provide additional information to the diver, for example, the water temperature, or the pressure of the remaining breathing gas in the diving cylinder.

The key point is, that these sensors attached to each diver, help Deter and Detect potential threats associated with decompression sickness. This even includes a calculation when it is safe again to fly on an airplane.

Like other manufacturers in the high technology systems sector, SCUBA (Self-contained Underwater Breathing Apparatus) has it's own champions of companies who focus on the latest tools and solutions to help you manage risks. Who plan for future threat scenarios based upon collected intelligence over years of experience.

Suunto is just one example of a Finnish company, who have been developing instruments for measurement and sensors for various outdoor pursuits. Whether it be on the mountain at 20,000 ft. or underwater at 125 ft..

Weather and our Earths environment will always play a part in the daily risks mountaineers and divers face and who are proactive with the use of the correct tools, so they can operate in a more safe and secure manner.

Yet without the investment with “True Professionals” who have years of the relevant training, decades of experience and brilliant intuition, all the best tools will never be quite enough.

“How often do you encounter situations where the new threat intelligence collected and the automatic warning alerts have not been enough, to keep you out of harms way?”

As a global Fortune 500 company, the Board of Directors represents the interests of shareholders, as oversight owners of the company, in optimizing value by overseeing management performance on the shareholders' behalf.

The Board of Directors responsibilities in performing this oversight function include a Duty of Care and a Duty of Loyalty.

A Director's Duty of Care, refers to the responsibility to exercise appropriate due diligence in overseeing the management of the company, while continuously making OPS Risk decisions and performing other vital mitigation actions.

It remains refreshing to witness that even on a small island in the British West Indies, that the owners/operators are true professionals who are applying the practice of “Operational Risk Management” (ORM) in their own small employee-owned business.

First, they utilize it each day because they are Professionals. Second, they do it instinctively, because they know that it can mean the difference between life and death or predictive harm in an organizations daily operations.

As we near the end of another year of growing risks in 2021, we say congratulations to all of you who have found the science of “Operational Risk Management”.

Thank you to all of you, who have applied your own professional services “Art”, to make our world, more safe and secure in 2022! Godspeed!