Sunday, November 24, 2024

Future Risk: What is True...

On the dawn before the next large public gathering across the world, Operational Risk Management (ORM) professionals are on edge.  Readiness and contingencies are at their highest level in anticipation of any globally televised event.


The same crisis management environment exists four or more times a year within the confines of the Board Room and Executive suite.


Operating at the "Speed of Business" and effectively managing daily, weekly, and quarterly risk management tasks requires an adaptive and resilient culture.  A culture that has been born and evolved from its Genesis to a daily run rate based upon two main components.


  • Trust is the first one and to many a given in any high performing environment.  To be able to trust the person to your left and to your right requires many tests.  It builds over time yet it must start with the right elements and be nurtured for it to flourish.
  • The second component is far more complex.  It requires you to embark on a continuous discipline with yourself and the people to your left and right, to know "What is True."


"What is True" means one set of reality for you and perhaps something different for those around you.  Your mission is to get to a single version and reality of what is true faster than your competition, your adversary or your partner.  Survival will be a factor of your speed to understanding as a team, "What is True" and then your adaptive nature to the consequences of your actions.


Are you accountable for your outcomes?  Have you accepted the consequences of your behavior?  So what does all of this have to do with Operational Risk Management?  It has everything to do with it. The most high consequence event to any risk matrix, is the fact that people do not see themselves or others in a "True" perspective.  They are not operating in reality.


What is your willingness to bring current problems to everyone to dissect, understand and solve?  Those who continue to operate without a proactive problem-solving environment are headed towards disaster.  Surprises.  Being blind-sided.  Never saw it coming.


When you hear people saying these things.  You have someone who has not been proactive in the continuous identification of problems and communicating those problems to the team to be solved.


You see, leadership is about continuously testing, designing and improving the process or the product.  The thinkers and the doers, the blueprint and the construction, the designers and the operators must be in a synchronous harmony together.


Ask yourself; how is this movie unfolding compared to the script that was written?  How has the change and the rate of change had consequences?  What have I and my team done to adapt, by changing the design or the people to achieve the mission? 


The "Speed of Business" is the environment and the successful outcome we all seek and is captured in three words.  "What is True."

Saturday, November 16, 2024

Vigilance is The Name of The Game...

President George W. Bush logged a victory in 2006 when the U.S. House of Representatives renewed the USA Patriot Act, a law that gave the FBI expanded powers to investigate terrorism after the Sept. 11 attacks.

When was the last time as a CxO in your organization that you reviewed the law? Here are a few of the renewed provisions:

>Section 201 Gives federal officials the authority to intercept wire, spoken and electronic communications relating to terrorism.

>Section 202 Gives federal officials the authority to intercept wire, spoken and electronic communications relating to computer fraud and abuse offenses.

>Subsection 203(b) Permits the sharing of grand jury information that involves foreign intelligence or counterintelligence with federal law enforcement, intelligence, protective, immigration, national defense or national security officials

>Subsection 203(d) Gives foreign intelligence or counterintelligence officers the ability to share foreign intelligence information obtained as part of a criminal investigation with law enforcement.

>Section 204 Makes clear that nothing in the law regarding pen registers an electronic device that records all numbers dialed from a particular phone line stops the government's ability to obtain foreign intelligence information.

>Section 209 Permits the seizure of voicemail messages under a warrant.

>Section 212 Permits Internet service providers and other electronic communication and remote computing service providers to hand over records and e-mails to federal officials in emergency situations.

"Whether you are a government or a small business you must have a layered and defense in depth approach to the safety and security of your enterprise. You have to monitor insiders, gather intelligence and keep an eye on foreign competitors."

Key people in your organization are key targets for a spectrum of threats both physical, economic and digital. When is the last time you saw a CEO, CFO, CRO or Board Member walk down to the INFOSEC department and ask the team if they had all the tools and resources they need to do their jobs effectively.

And if they did raise their hand and say they could use some help with solutions to help combat all insider threats including intellectual property leakage, vendor collusion, financial fraud, and customer data loss. You might recommend they look at the FedRamp Marketplace.

The leaders of a medium-size community bank, Fortune 500 enterprise, Private Sector Critical Infrastructure company and local city government still have the same thing in common today as with George W. Bush 18 plus years ago…

Monday, November 11, 2024

Veterans Day 2024: Our Father U.S. Marine...

 Growing up as the first son of a U.S. Marine officer, you learn much of what it means to be a Veteran.

Loyalty. Dedication. Perseverance. Discipline. Trust. Integrity. Valor.

On this November 11, 2024 it is Veterans Day in the United States of America. A day in America to pause and to acknowledge those who made the decision to serve, in a branch of our Armed Forces.

As a young man approaching graduation of high school the Vietnam War was in full swing and conscription was a weekly discussion around the dinner table. Will your number be called?

The defense of an entire country requires a tremendous number of people to operate at home and across the entire globe.

Some veterans had the opportunity to travel across continents and were stationed in foreign countries. Our men and women were sailing across oceans on the surface and others deep undersea. They were flying whenever and wherever needed to go head-to-head with the evil people and forces in our world.

Veterans from around the USA put their lives in the hands of our country to protect our loved ones and our way of life here.

Veterans who have served our nation honorably have a real understanding of what it means to sacrifice, to work beyond exhaustion, to feel proud of becoming an expert in skills, knowledge and special activities experience.

In years past, as our colleagues waited for the hospital van to arrive on the shore of the Potomac River inside Ft. Belvoir, we prepared for the weekend warriors who wanted to go fishing.

The 501c3 we volunteered to assist would come each weekend over the summer to teach Ft. Belvoir veterans to fly fish or just try and catch a fish on that day. In the sunshine, outdoors and outside the hospital.

Years later, on one weekend when Dad was in his mid 80’s, we drove down I-95 to Quantico VA to visit the National Museum of the Marine Corps.

He could not believe all of the memories coming back to him. 90 Minutes later, as we pulled out of the parking lot to Fuller Road, we looked to the right and saw the entrance to the base where he had attended Officer Candidate School (OCS).

“Let’s go in there he commanded”. So as we approached the gate and pulled up to the Guard, then we said: “This U.S. Marine would like to enter and to drive through the base where he learned to become a First Lieutenant.

The guard asked, “Let me see your Drivers Licenses”. “OK, go ahead he said as we then drove through the gate.”

This is when it really started to sink in. Where and why our Dad learned all about being a leader of U.S. Marines and soon thereafter a devoted Father.

"On this Veterans Day in America, we say thank you."

For all that you have done to protect the American people and our United States to keep us safe…and to learn to serve with pride...

Saturday, October 26, 2024

Onward Together: Teams Navigation...

 Before you were wise, you just acted out from pure thoughtlessness. You tried to fix situations without truly understanding the problem-set.

At some point in your life long experiences you might read a passage or paragraph in a book or online. Perhaps it is in a room where you are listening to someone preach, or a guest speaker for an event you are attending.

Then the feeling starts to come over you. You are thinking about what you have just encountered and now you start to wonder. Your mind is asking more questions.

After this encounter and as you say to yourself I belong here, in this place with these people, you are on your way to new insights.

As you begin your journey towards new problem-sets to create solutions that will benefit others you care about, you will then start to believe in your direction.

You will be listening and questioning. Over and Over. You will then create a test to determine if your hypothesis is clear.

You will be testing and observing. Over and Over. You will then adapt and change your solution to ensure it is even more reliable. You are an "Innovation Navigator"...

"Reliable in different places. Reliable in different situations. Reliable with different people using your prototype solution."

So what?

After you have talked to enough people you belong with and then you believe that you have the correct solution, then you shall discover the real change in behavior.

As you continue to navigate your life solutions journey “Always Be Ready” for the time, place and person we sometime have named the saboteur.

Will you encounter an act or process tending to hamper or hurt the mission? Sabotage can be destructive or obstructive actions by others to change you.

Being prepared today for the unknown in the future. Using knowledge gained by continuous testing and observation.

Learning and adapting in order to survive the continuous change ahead of you will not be easy.

Who is your most trusted team mate or partner to do it together?

Find the person and build the team of true professionals as soon as you are able. Communicate.

Communicate. Face-to-Face. Observe each others behavior.

Navigate, Change, Test, Adapt, Endure. You are on a life long journey of discovery, learning and wonder…

Onward Together!

Saturday, October 19, 2024

Acknowledgment: Forever Grateful...

When was the last time your true business accomplishments were being acknowledged and your personal character celebrated?

As we all watched the 20+ people assemble in the banquet suite facing the Pacific Ocean last evening, you could tell they were all so excited to see the surprise on her face, as she walked into the room at 6:00PM.

The point in your work timeline when you are transitioning from one key role to another and have proven your results is a good place to reminisce and to listen to those who admire and trust you.

Hearing others who are your peers and fellow colleagues stand up over dinner and explain why you are someone they have learned from and that they have valued your leadership, will always be a remembered milestone in your life.

Two out of Ten people in a room, are exactly who the “80/20 Rule” science and “Pareto Principle” are all about.

If you want to find and recruit 4 people to your team, then do the math on how many will not make the final cut.

It is just so refreshing to see a group of professionals all celebrating one of their own:

“The Pareto principle (also known as the 80/20 rule, the law of the vital few and the principle of factor sparsity) states that for many outcomes, roughly 80% of consequences come from 20% of causes (the "vital few”).”

The statistics and the “Moneyball” math is what truly sets you apart as a multi-million dollar producer from those with just the fundamental skills.

As your recognition stories continued from your colleagues into the evening there were plenty of laughs and also a few tears that filled the room. Then she just smiled at us.

How might you ever become close to the 2 people out of 10?

Some might say you are just born into it, it’s all in the DNA. Others would say you have to train, repeat and train harder in order to excel at your particular chosen profession.

Coaches and researchers and professional trainers would all have various opinions on what the ratios should be, to find that next Gold Medal Winner or Scientific Scholar or Sales Leader or even a BUD/s school graduate.

Yet that alone does not make the person that others truly admire, beyond their God given skills or training outcomes.

It is something else. “Extreme Ownership” of the organizations problem-sets and the dedication to finding relevant and timely solutions.

When you finally find the right formula and you find yourself in the spotlight someday being acknowledged and celebrated by your peers and close colleagues, say it to yourself in all CAPS:

“IT WASN’T EASY AND “I REALLY EARNED IT”…It has been a good run...

Onward and Godspeed!

Saturday, October 12, 2024

Resilient Future: Curious Observation...

On this vibrant and chilly Fall day, facing West towards the mountains, as the sun rises behind us a few bright star-like lights shine for just a few minutes.

These reflections are from the bright morning sun shining off home windows near Evergreen Meadows some 40 miles away, yet just perfectly in our vision, starts our day ahead.

The tree leaves are actively changing colors and signals to us to now begin to prepare for the changing environment ahead.

In other work or government assignments, perhaps you and your project team have been measuring your environment. Have you been checking your “Threat Management App” this moment for the detection of more serious anomalies this minute.

Being actively observant in nature and your own organizational environment could be the real difference between loss or growth. In your life, you must “Always Be Ready”.

Your ability to continuously increase your resilience to changing temperatures in nature and also the change in temperament of your organizations beneficiaries, will make a significant difference.

As you think about your role, your position and the current project you are now assigned to, the question remains: Who are you serving?

There is change in the wind and you must prepare now, you shall be proactive in your thinking over the horizon, so that you also can anticipate the future outcomes.

How might you spend more time in curious dialogue with your respective beneficiaries to better understand their point of view, their particular requirements and their current temperament?

The problem-set before you requires valuable time, brain power and resources to determine the validity of your current hypothesis.

In the path forward, most researchers, analysts and scientists would probably say that if you have not changed your hypothesis, then you have not used enough data or time to ascertain the true reality of the problem at this point in time.

How might you analyze more data from various sources faster with little error so that you arrive at a valid “Trust Decision”?

Being proactive is not being forceful. Being proactive is being curious. It is a mission of discovery and building wisdom.

Your future actions are a factor of your problem-set and the ability to accurately solve it with a solution defined by your curious observation.

There is change in the wind before us and we must “Always Be Ready”…

Saturday, September 28, 2024

Pain or Joy: Change Management 101...

Habits are hard to change.  It takes discipline and continuous perseverance.


When was the last time you changed something that increased your revenue?  Your health.  Or your safety and security.


Change and managing change whether in the corporate ranks of your Fortune 500 Global Enterprise or back in your own personal life at home is a true challenge.


Before you even thought about what you needed to change in your business or your own life, you probably have encountered one of two experiences:

    • Pain
    • Joy

Which one of these two experiences have you recently encountered?


You see, our human behavior is quite predictable and it is usually one of these two motivators in life that will change your behavior.


Educating yourself and others you care about requires that you sometimes utilize one of these motivators in order to initiate new change.  Let’s begin with “Pain”.


These realities are exactly what the evil in our world today continues to prey on.  Those individuals who are unable or unwilling to change, and to manage change in their lives.


“It is really very simple. In the foreseeable future, we will not function as a global society without the Net and the immense digital resources and information assets of our society. The addiction is established—commerce, government, education, and our neighbors offer no option other than to require that we rely upon digital information in making decisions. But we will not function successfully if the war for control of those assets is lost. The battlefield, however, is the one on which trust is to be gained or lost—trust in the information we use, trust in the infrastructures that support us, and trust in the decisions we make in a digital world.”  Page 19 - Achieving Digital Trust | The New Rules For Business At The Speed Of Light  - Author Jeffrey Ritter


In your own digital life, these habits may be as simple as using the same password on multiple accounts that each of us rely on, each day or each week of our lives.  You know who you are.


As the continued use of “Ransomware” remains so pervasive across the globe and is utilized by so many criminal gangs and nation states, each one of us must consider our personal and business habits.


At home and at work.


It is now time to change.  It is time to change your digital habits so you may avoid the pain and continue to have even more joy in your life.


Take action.


Start a new habit now of changing the weak password on your bank accounts.  Make it 20 characters, and make it random.  Easily addressed when you "Use a Password Manager App".  Then set a reminder to change it on January 1, April 1, July 1, and October 1 of each year.


“Microsoft warns that ransomware threat actor Storm-0501 has recently switched tactics and now targets hybrid cloud environments, expanding its strategy to compromise all victim assets.


The threat actor first emerged in 2021 as a ransomware affiliate for the Sabbath ransomware operation. Later they started to deploy file-encrypting malware from Hive, BlackCat, LockBit, and Hunters International gangs. Recently, they have been observed to deploy the Embargo ransomware.


Storm-0501's recent attacks targeted hospitals, government, manufacturing, and transportation organizations, and law enforcement agencies in the United States.” BleepingComputer


After you have successfully accomplished this simple task in your business and in your own personal life, remember:


The “Pain” of doing this simple “Change Management” step in your life, will help bring you continued “Joy” for so many years to come…:)


Godspeed!

Saturday, September 21, 2024

RENS: Growing Your Enterprise...

 There he was, in the early morning light, prancing along outside the fence line just seventy-five feet away.

The young “Buck Deer” with his adolescent antlers stopped and glanced over at the house, just to acknowledge that he saw us sitting on the deck.

As Fall arrives and kids are back in school, it seems as if the pace of work and the demands on peoples time starts to take its toll. Be aware.

Years ago, as some wise people developed the systems and programs around the acronym RENS, they knew from years of experience on the front lines of true battle why it was so vital to success:

  • Recruiting
  • Education
  • Networking
  • Sharing Information

This is the high level context for what your daily activities shall be focused on each day, of each week of each month this year.

"How might you design your program, your systems, your time allocations towards these four key components of your enterprise?"

The original designers knew that each organization is unique and therefore, provided an acronym to keep you on track. Easy to remember, harder to implement effectively on a consistent basis.

If you advertise as one example, for a particular event and you ask people to RSVP, how do you respond after they fill out your form, full of personal contact details?

If they actually attend the event and take the time to see and hear all about your X or Y, how do you respond after they leave and think about what they heard and experienced at your event?

Do you follow-up or do nothing?

At a recent weekly event the guest speaker and very wise man broke down the Recruiting part of RENS to further to three simple steps:

  • Belong
  • Believe
  • Behave

First, if you haven’t created an event where people immediately feel like they belong there, that you too believe in many of the same things they do, you will have a rough time ever getting to the last “B”.

How might you get other people to behave in a certain way?

The tough part about RENS is, that if you are not executing 100% on the effectiveness of your “Recruiting”, how will you ever get the opportunity to Educate, Network and then Share truly vital Information?

Perhaps even more difficult, how will you ever get good people to join your "Just Cause"?

As the “Young Buck” glanced back at us one more time as he went around the tall Spruce tree, we smiled and waved…

Saturday, August 31, 2024

Critical Infrastructure: OSINT to the Rescue...

Over the past decade our U.S. Critical Infrastructure has become even more vulnerable.

Why?

In the early days of the commercial Internet 2000-2001, there were several dozen of us working in a Rosslyn building on Wilson Boulevard in Arlington, Virginia to answer our growing Fortune 500 and government clients questions of “Who”, “What”, “Where and “How”.

We already knew the answer to “Why”.

The 24/7 Internet crawler algorithms our techies engineered were doing their intended tasks and retrieving Terabytes of data on a 24/7 basis for our further human analysis.

All of this was well on its way before the more sophisticated use cases of the Internet for the implementation of the Banking infrastructure, Retail transactions and Telecommunications were in place.

The systems and infrastructure we now call “Critical”, was just in its early stages of iP maturity.

Remember, the iPhone was not invented until around 2007!

Afterwards and yet even more vital to this day, you might think about your own organizations “Operational Risk Management” (ORM) objectives and tasks into three key categories:

  • Human
  • Physical
  • Cyber

Over the course of your companies legal, compliance and security organizations conducting regular “Threat and Hazard Identification and Risk Assessment” (THIRA) activities and rules, the reality begins to set in.

The Board of Directors are still asking, "How can we as people address the exponential growth, change and remediation without more automation, software and systems?"

"This is when new companies were born to build the software to help humans keep a better eye on the risk management of our growing Critical Infrastructure."

As new software companies were born to address THIRA applications, some people began to feel like it all had NOT been solved.

Asymmetric Warfare today, not only includes our “Nation States” across the globe, but also Black hat “Hacktivist” organizations and individual people. In every country with the Internet.

Evidence of these individuals and groups growing existence are still the “Why” for your own organizations THIRA activities.

This also includes the “Why” for our US Homeland Security organizations such as CISA and others in the National Intelligence and Law Enforcement arenas.

Perhaps even more vital, are the private organizations who are still in the business today of “Open Source Intelligence” (OSINT) since the dawn of the Internet…

Saturday, August 17, 2024

Remember: Imagine Our Resilient Future...

Where were you on the morning of September 11, 2001?

In the middle of our mutual “Information Security” and data privacy dialogue over breakfast on the ground floor restaurant of the Reston Hyatt, we both suddenly over heard the peoples commotion and muddled cries.

In the adjacent bar area others were watching the morning television news and were witnessing the continuous replay of an airliner crashing itself into one of the New York City World Trade Center Twin Towers.

We jumped up to walk around the corner into the room and saw the growing shock on peoples faces, as they hurried out the door to pick up or go check on their loved ones.

Then we saw the 2nd plane hit.

Walking back into pay our bill a few minutes later, both of us looked at each other and realized what this meant. Or did we?

Like some other days across your life, this particular morning in America was full of confusion, emotion, tears and fears.

Soon thereafter, driving away from the Reston Town Center near Dulles (IAD), in the distance to the East as the morning sun was rising, you could now see the billowing black smoke rising from the Pentagon burning.

Over the next decade, much of our thinking on our true vulnerabilities as a nation would come before us to solve.

Before 9/11, there were few aviation engineers thinking about reinforced and secure cockpit doors on commercial airliners.

The evolution of “Homeland Security” over the next decade included new buildings and technologies up and down Chain Bridge Road in Northern Virginia.

Predictive Intelligence and Color-Coded warning levels was now focused more on peoples thinking and behavior, not just about flying objects over a country border.

Asymmetric Warfare would become a National focus.

Certain kinds of fertilizers such as "Ammonium Nitrate" would soon be taken off the shelf of local gardening centers and wholesalers in our farming communities and locked up.

Information Technology was now to become a force multiplier. Business Continuity Planning (BCP) was now a mandate. What if?

Operational Risk Management (ORM) was the new normal.

After 9/11, there were new travel innovations like TSA PreCheck. Where even to this day, only one photo ID is required to apply in pre-enrollment, as they take your fingerprints and your photo to match up with vast government databases.

In using another ID travel service years before, CLEAR, even a retina scan was taken in order to back up fingerprinting and two photo IDs.

As we approach our next 9/11 ceremonies around the United States this September 2024, take a few minutes yourself to “Never Forget”.

Acknowledge the vital missions of all those serving who are in uniforms, all those in semi-formal suits, ties and dresses sitting around the conference table and the tireless shifts of analysts and tech people behind the screens who are on continuous watch.

24x7.

Now just 23 years after that historic morning in New York, NY, Arlington, VA and Shanksville, PA, we shall all continue our next year of Citizen Vigilance, our National Resilience and our continuous Freedom as true Americans.

And on this Wednesday September 11, 2024, sitting outside on your own back deck or patio watching another sun set or the moon rise, think about how you too will achieve a more resilient journey into the Future…with those you love.

Godspeed!

Sunday, August 11, 2024

Volatility: Enemy #1...

Organizations implement Operational Risk solutions to lower "volatility" in earnings growth and return on capital. The focus on volatility is because no institution likes to see peaks and valleys in their earnings or their return on capital. A steady and consistent growth curve without "Volatility" is the goal by many steadfast organizations.

Contrary to the goal of minimized "volatility" there are also those who feed off of the chaos and the large swings between these highs and lows in the marketplace and with specific companies in vital sectors of the financial economy. Will a Blueprint for Regulatory Reform be the answer?

As a hedge fund investor, can you explain what the strategy is for your investment fund? Do you know what your money is being invested in? Does your hedge fund manager provide transparency on calculating your return on funds invested? What was the reason you invested in alternative investments to begin with?

Carrying this analogy to the operational processes within your organization, the goal is to keep the processes running smoothly. When people or systems deviate from the agreed upon "Rule Sets" then change ensues along with the volatility of the performance measures.

Errors, Omissions and systemic "glitches" are the catalysts to volatility that creates fear, uncertainty and doubt. Do you understand the Math? When the process gets to this stage and people don't trust the rules anymore, you are on the brink of a failure and impending loss, in dollars or peoples lives.

Operational Risk Management is a discipline that is emerging in corporate ranks because it has already proven that it saves lives. The regulators and inspector generals are going to demand it.

The "Rule Sets" of playing business in the financial, health care and energy sectors are not the only ones being subjected to this increased scrutiny and renewed focus on OPS Risk.

Lessons learned are being discussed in the ranks of the U.S. Treasury Department and the Department of Defense all relating to the failure of people, processes, systems and or external events.

Whether you utilize Operational Risk Management (ORM) in the Defense Industrial Base or in the Financial Services sector it's important to revisit what it is NOT:

Operational Risk is Not:

  • About avoiding risk
  • A safety only program
  • Limited to complex-high risk evolutions
  • A program -- but a process
  • Only for on-duty
  • Just for your boss
  • Just a planning tool
  • Automatic
  • Static
  • Difficult
  • Someone else’s job
  • A well kept secret
  • A fail-safe process
  • A bunch of checklists 
  • Just a bullet in a briefing guide
  • “TQL”
  • Going away

The goal of Risk Management is not to eliminate risk, but to manage risk so the mission can be accomplished with minimum impact. We manage risk to operate, not avoid risk as a means to prevent loss.

Operational Risk is all around us and now ready for prime time focus in terms of strategy execution, implementation and measurement...

Sunday, August 04, 2024

Always Be Ready: Follow Your Heart...

Waking up to a glorious sunrise in any new town across the USA is inspiring. Today is another one of those days.

The long journey you have been on all these years is full of hardship, yet full of faith.

“Never Forget” the Americans and true professionals that have endured our asymmetric threats and continuous vulnerabilities.

People, Processes, Systems or External events. We must continuously and “Always Be Ready”…

After all of these years of hard work, to many hours standing or waiting in airports and now seeing the finish line, or the minutes winding down on scoreboard clock.

Even just the smile this morning from a cherished loved one after hours of research and keyboard time, you know why.

Before you were old enough, the reasons for the early mornings or the significant travel did not seem worth it.

The journey was constantly in question. The competition too challenging.

"Yet in our America, most anything is possible. With hard work and dedication. With the right colleagues, coaches, mentors and instructors you too are well on your way."

You are here for a reason and all the years, days, hours and minutes devoted to your own particular journey are soon to be known.

Maybe it is that smile when she wakes up and sees you. Maybe it is that laugh when he is watching “Paw Patrol”.

Or maybe it is walking hand-in-hand with your wife or husband on another early morning in your new neighborhood, or somewhere else in the United States of America.

On this Sunday in America, say another silent prayer looking at our flag waving in the wind, while the birds are chirping and a dog is barking with a siren in the distance.

Are you going to compete today? Will you be ready?

After you make it to your own finish line, look up…

Friday, July 26, 2024

Enterprise Resilience: Compete or Die...

Enterprise Resilience is the road to competitiveness. It is the global answer to many of the Chief Security Officers (CSO) who have faced the troublesome battle of selling more "Fear and Doubt" to the Board of Directors.

When Deborah Wince-Smith stood up on the stage at the 21st Annual Security Briefing at OSAC November 16th, 2006, her words were music to our ears:

“It is undeniable that the world has gotten more risky. Businesses now function in a global economy characterized by increasing uncertainty, complexity, connectivity and speed. Managing this rapidly changing risk landscape is an emerging competitiveness challenge—a challenge that demands resilience: the capability to survive, adapt, evolve and grow in the face of change.”

“Globalization, technological complexity, interdependence, and speed are fundamentally changing the kind of risks and competitive challenges that companies— and countries—face.”

“Failure, whether by attack or accident, can spread quickly and cascade across networks, borders and societies. Increasingly, disruptions can come from unforeseen directions with unanticipated effects.”

“Global information and transportation networks create interdependencies that magnify the impact of individual incidents. These types of risk demand new methods of risk management.”

Thinking back to those days, was this a way for the Chief Security Officers (CSO) of the Fortune 500 to finally shift their thinking from just security protection to something less macho?

How could "Resilience" become a platform for a mind set shift to justify new funding?

"After all, now we aren't trying to scare people into the low probability high impact incidents anymore and are focusing in on the high probability incidents, that may have enough impact to cause a significant business disruption."

What are the incidents and areas of risk that insurance won't touch these days?

If the insurance companies can write the policy to give you peace of mind, then is this necessarily an area that you can ignore because you have transferred the risk to someone else? Maybe not.

Being agile, ready and capable of a quick recovery is what competitiveness is all about, on the field, on stage or around the table in the Board Room.

Working towards control and protection while fear builds in the back of your mind makes you stiff, depletes your energy and creates doubt.

And when you are operating a business or standing on the tee of your first sudden death hole on any PGA weekend, you better have resilience.

The business equivalent to homeland security and critical infrastructure protection is Operational Risk Management (ORM)—a domain that many executives see as the most important emerging area of risk for their firms. Increasingly, failure to plan for operational resilience can have “bet the firm” results.

We all know that it costs lot's of money to have any systems downtime, that's why so many dollars have been invested in Disaster Recovery (DRP) and other Business Continuity Planning (BCP). Delta?

Yet is this the kind of resilience that is going to make you more competitive to seize more opportunities? The economics of resilience are more than investing for the likely or unlikely information systems incident that will attack your organization tomorrow.

The threat of “Tort Liability” and the loss of reputation remains top of mind these days with every major global company executive.

The threat is real and increasing at a faster rate than many other real operational risks to the enterprise.

Litigation from regulators, class actions and competitors has given the term Legal Risk new emphasis and meaning.

Once corporate management understands the need for a "resilience" mentality in place of a "protection" mental state, a new perspective is found.

Investing in the vitality, agility and competitive capabilities of the organization sounds and is more positive.

It alleviates the fear of doom and gloom and inspires new found innovation.

The future of your organizations longevity and in it's adaptability can be achieved with a new perspective. Compete or die.

Enabling Global Enterprise Business Resilience is just the beginning...

Friday, July 19, 2024

Operational Risk: People, Process, Systems & External Events…

When was the last time your team presented their plan to execute your next major milestone in your important project?

As you lean back in your chair and hear the “What”, “Why”, “Where”, “How” in the bullets and pictures on each of their presentation slides, you might be pleased with what you see.

Now, what is the alternative plan for this particular operation? Just in case.

The more you experience change and the real setbacks of your intended goals, achievements or anticipated outcomes, the realization occurs that you will need a “Plan B”.

You know, a back-up plan. Perhaps you even may need a fail-safe:

fail-safe

adjective

1: incorporating some feature for automatically counteracting the effect of an anticipated possible source of failure.

What is your universal unlock code? What is your alternative plan? How will you ensure the safety, security and service of your intended game plan today?

Unfortunately in business and in any other highly engineered or sophisticated operation that is vital to your growth and success, you will need to create an alternative plan.

Operational risk is defined as the risk of loss resulting from inadequate or failed processes, people, and systems or from external events. These risks are further defined as follows:

* Process risk – breakdown in established processes, failure to follow processes or inadequate process mapping within business lines.

* People risk – management failure, organizational structure or other human failures, which may be exacerbated by poor training, inadequate controls, poor staffing resources, or other factors.

* Systems risk – disruption and outright system failures in both internal and outsourced operations.

* External event risk – natural disasters, terrorism, and vandalism.

The definition includes Legal risk, which is the risk of loss resulting from failure to comply with laws as well as prudent ethical standards and contractual obligations. It also includes the exposure to litigation from all aspects of an institution’s activities.

How will you ensure the safety, security and service of your intended game plan today?

The teams who incorporate comprehensive Operational Risk Management (ORM) into each daily process, shall achieve their goals and will outperform the competition…