Operational Risk Management (ORM) is about continuous innovation. It
requires a steadfast momentum towards a future spectrum of dynamic
resilience. The shift in thinking is that your ability to survive the
impact of any adverse incident to your people, process, systems or other
external factor is commensurate with your current-state of resiliency.
You must establish and cultivate the creative and innovating environment in your organization at the core. Then wrapped around this ecosystem of core human potential, the culture evolves into a ripe entity of new possibility. New hope. Simultaneously the visions of what contributes to a healthy environment and the attributes of what creates a deterioration, starts to become more clear to you.
You see, when most people think about risk management they are immediately drawn to threats and vulnerabilities external to the organization. Protect against known external threats and remediate known vulnerabilities.
How much time is devoted to understanding the maturity and the resilience of your core internal ecosystem of human capital. From the inside out. The same human capital that will either achieve survival after any known or unknown incident, could also contribute to it's inevitable demise.
So what are we talking about it? How well do you know your company? Jason Fried, CEO of 37signals.com explains:
Managing Operational Risks with an organization begins with the clairvoyance and the insight gained from knowing your human capital. Knowing your people when they come on board and knowing how they change over time. Do you think that the person you hired two years ago is still the same person? What about ten years ago or 20? People change for a myriad of reasons impacted by the environment on the home front and certainly their work place environment.
The resilience of your organization begins and ends with knowing your company. In order to know your company, you need to know your people. Your ecosystem of innovation possibility and the longevity of your organization depends on it. As a recent example, commentary by George Bamford:
You must establish and cultivate the creative and innovating environment in your organization at the core. Then wrapped around this ecosystem of core human potential, the culture evolves into a ripe entity of new possibility. New hope. Simultaneously the visions of what contributes to a healthy environment and the attributes of what creates a deterioration, starts to become more clear to you.
You see, when most people think about risk management they are immediately drawn to threats and vulnerabilities external to the organization. Protect against known external threats and remediate known vulnerabilities.
How much time is devoted to understanding the maturity and the resilience of your core internal ecosystem of human capital. From the inside out. The same human capital that will either achieve survival after any known or unknown incident, could also contribute to it's inevitable demise.
So what are we talking about it? How well do you know your company? Jason Fried, CEO of 37signals.com explains:
Quantity vs. Quality. If you have read any of Jason's books such as "Rework" you know what we are talking about. 37 Signals has been in business now about 16 years and has just surpassed xx people. Congratulations Jason.
- As CEO, maintaining a healthy culture isn’t someone else’s job — it’s my job. I had to take responsibility for knowing my people and knowing my company. That buck starts and stops with me.
- Answers only come when you ask questions, so the tool had to be built around questions. People generally don’t volunteer information re: morale, mood, motivation unless they’re directly asked about it.
- The entire system had to be optional. No one at the company should be forced to use it. Forcing people to give you feedback is ineffective and builds resentment.
- This couldn't be a burden on my employees. Employees would never have to sign up for something or log into anything.
- Information had to come in frequently and regularly. Huge information dumps once or twice a year are paralyzing and lead to inaction.
- I had to follow-through. If someone (or a group of people) suggested an important change, and it made sense, I had to do everything I could to make it happen. I wasn't creating this system to gather information and do nothing about it.
- It had to be automated, super easy (for me and my employees), non-irritating, and regular like clockwork. This had to eventually become habit for everyone involved. If it ever felt like something that was in the way or annoying, it wouldn’t work. It had to be something people looked forward to every week.
- Feedback had to be attached to real people - it couldn’t be anonymous. You need to know your people individually, not ambiguously. If someone has a problem, you need to know who it is so you can talk to them about it. This requires trust on everyone’s part.
- Success depended on a combination of automated, and face-to-face, back-and-forth with my team. The unique combination of automated and face-to-face communication play off each other in really positive ways.
Managing Operational Risks with an organization begins with the clairvoyance and the insight gained from knowing your human capital. Knowing your people when they come on board and knowing how they change over time. Do you think that the person you hired two years ago is still the same person? What about ten years ago or 20? People change for a myriad of reasons impacted by the environment on the home front and certainly their work place environment.
The resilience of your organization begins and ends with knowing your company. In order to know your company, you need to know your people. Your ecosystem of innovation possibility and the longevity of your organization depends on it. As a recent example, commentary by George Bamford:
In the summer of 1972, state-of-the-art campaign spying consisted of amateur burglars, armed with duct tape and microphones, penetrating the headquarters of the Democratic National Committee. Today, amateur burglars have been replaced by cyberspies, who penetrated the DNC armed with computers and sophisticated hacking tools.
Where the Watergate burglars came away empty-handed and in handcuffs, the modern- day cyber thieves walked away with tens of thousands of sensitive political documents and are still unidentified.
Now, in the latest twist, hacking tools themselves, likely stolen from the National Security Agency, are on the digital auction block. Once again, the usual suspects start with Russia – though there seems little evidence backing up the accusation.