Future Risk: Citizen Soldiers Extinct...

It is not often that we see an editorial article that prompts us to get the scissors out of the drawer to cut it out of the Washington Post.  It remains in the saved articles file from 2009 and is relevant still to this day.

This Opinion written by Matthew Bogdanos, is worth some additional consideration from an "Operational Risk Management" perspective.   He is a Colonel in the U.S. Marine Corps Reserves and now an assistant district attorney for New York City.  He writes:

"A nation largely founded on the citizen-soldier ideal finds itself, following Vietnam and the expulsion of recruiters from campuses, with the military and civilian worlds warily eyeing each other across a cultural no man's land. As budgets shrink future forces, veterans will be fewer and the chasm wider -- to our peril.

No one wants everyone to think and act alike. Diversity is a major source of our nation's strength. But this diminishing shared experience leaves us ill-prepared against global terrorism. As the British general Sir William Butler warned a century ago, "A nation that will insist upon drawing a broad line of demarcation between the fighting man and the thinking man is liable to find its fighting done by fools and its thinking done by cowards."

We will leave it up to the OPS Risk Managers of the globe, whether to agree with Col. Bogdanos and his comments. What is our take away from his words about "Duties That Are Best Shared?" We think it's quite simple:

How can an "Operational Risk Manager" make effective decisions without having walked a few "clicks" in another persons boots?   Effective decision support from the Incident Command Center is far more effective, if the person making those decisions has relevant and first hand on the ground experience.

In the corporate world, asking a new hired employee to take the week long orientation training, without having done it yourself, is not only bad management, it's reckless governance of the organization.

Years ago after the invasion of Baghdad, this OPS Risk manager (Bogdanos) did what we do every day. He adapted, improvised and overcame risks in order to recover stolen artifacts from the museums.  The investigation was successful because not only was he someone that had experienced what it was like to operate in a war zone, he also was a subject matter expert on much of what was recovered.

If you are going to be an effective risk manager in your government organization, startup or Fortune 500 company, you have to train with your troops in the business unit or at the base. You have to know first hand, what you are talking about.

Without these, "we risk a future without all of us working towards the same ends --whatever society decides those ends should be."

You need to "get out of the building" as we say these days.  Solving problem-sets within your agency or with your "Cash Cow" customer, requires getting right in the bulls eye of the issue.  Seeing it, touching it and hearing it first hand.

Without this insight, you lack the understanding, empathy or compassion for the people who experience the problem each day.  You fail to see how a new approach, process or new system will be better.

If you think this is sound reasoning and you are looking for others to assist you in your problem-solving journey, look no further than the Defense Entrepreneurs Forum (DEF).  You will find others who are focused on National Security innovation and have definitely been "outside the building."

Maybe even more vital, is their mindset on disciplines such as design-thinking, lean methodologies and achieving decision advantage.  Col. Bagdanos, "Citizen Soldiers" are definitely not extinct.

Happy St. Patrick's Day!

Security Governance: Rededication...

Security Governance is a discipline that all of us need to revisit and rededicate ourselves to. The policies and codes we stand by to protect our critical assets should not be compromised for any reasons. More importantly, security governance frameworks, must make sure that the management of a business or government entity, be held accountable for their respective performance.

The stakeholders must be able to intervene in the operations of management, when these security ethics or policies are violated. Security Governance, is the way that corporations or governments are directed and controlled. A new element that has only recently been discovered, is the role of risk management in "Security Governance."

Security Governance, like Corporate Governance requires the oversight of key individuals on the board of directors. In the public sector, the board of directors may come from a coalition of people from the executive, judicial and legislative branches.

The basic responsibility of management, whether in government or the corporate enterprise is to protect the assets of the organization or entity. Risk and the enterprise are inseparable. Therefore, you need a robust management system approach to Security Governance.

If a corporation is to continue to survive and prosper, it must take security risks. A nation is no different. However, when the management systems do not have the correct controls in place to monitor and audit enterprise security risk management, then we are exposing precious assets to the threats that seek to undermine, damage or destroy our livelihood.

An organization’s top management must identify, assess, decide, implement, audit and supervise their strategic risks. There should be a strategic policy at the board level to focus on managing risk for security governance. The security governance policy should mirror the deeply felt emotions of the organization or nation, to its shareholders and citizens. It should be a positive and trusting culture capable of making certain that strategic adverse risks are identified, removed, minimized, controlled or transferred.

An enterprise is subject to a category of risk that can’t be foreseen with any degree of certainty. These risks are based upon events that “Might Happen”, but haven’t been considered by the organization. Stakeholders can’t be expected to be told about these risks because there is not enough information to validate or invalidate them. However, what the stakeholders can demand, is a management system for Security Governance that is comprehensive, proactive and relevant. The management system includes organizational structure, policies, planning activities, responsibilities, practices, procedures, processes, and resources.

It is this Security Governance management system that which we all should be concerned and which we seek from our executives, board members and oversight committees to provide. There should be a top management strategic policy to focus on managing risk for security governance.

This risk management system should establish the foundation for ensuring that all strategic risks are identified and effectively managed. The policy should reflect the characteristics of the organization, enterprise or entity; it’s location, assets and purpose. The policy should:

1. Include a framework for governance and objectives
2. Take into account the legal, regulatory and contractual obligations
3. Establish the context for maintenance of the management system
4. Establish the criteria against what risk will be evaluated and risk assessment will be defined

A process should be established for risk assessment that takes into consideration:

• Impact, should the risk event be realized
• Exposure to the risk on a spectrum from rare to continuous
• Probability based upon the current state of management controls in place

The strategic security risks that the organization encounters will be dynamic. The management system is the mechanism by which the executives identify and assess these risks and the strategy for dealing with them.

It is this system which we are concerned about and which we seek to provide in order to achieve our Security Governance.

Perseverance: How many problems have you solved today...

"We can not solve our problems with the same thinking we used when we created them."  --Albert Einstein

Measuring success, is something that happens on a daily basis in life and in business.  The metrics however are different.  Or are they?

When Wall Street or the Board of Directors measures success, the quants are looking at mathematical equations to determine Earnings Per Share (EPS) or Return on Equity (ROE) of a business.  After all, how can an investor determine where they should invest their capital.  Operational Risk is always a factor.

When people measure success about their life, the measuring tools and methods are sometimes different.  For one person, it is whether they or their children have finished the day without that feeling in their gut of starvation.  For another person, it is whether they will live long enough to see their first grand child.  For others, just living a life full of faith, integrity, ethics, trust and resilience is enough.

Some people might measure success by the car they drive, the house or neighborhood they live in or the Country Club where they are a member.  In Silicon Valley, the metric may be how many rounds (A, B, C, D) of funding, your startup has achieved.  Around the beltway in Washington, DC the metric could be, whether your "Program" was funded in the last budget cycle.

The problem-sets that we engage with in business, organizations, government and in life, require the time and the effort to truly assess the catalyst and the environment that you are operating within.  But not too long.  Speed and time to a solution, can be your strategic ally or your lethal enemy.

To solve an identified problem requires an analysis of the root cause and the final solution may be achieved in small incremental steps.  The final answer may take minutes, hours or even years.  The one factor that will remain constant, is your ability to forge successful relationships with others to assist you.

The other factors of achieving success, once you truly understand the real problem, is the ability to adapt, pivot and perseverance.  The continued effort to do or achieve something despite difficulties, failure, or opposition.

How long have you been persevering?

1 day.  1 month. 1 year.  5 years. 20 years.  40 years.  60+ years.  You see, your success is based upon experience and wisdom, yet it has only one metric.  How many problems have you solved so far?

What you see and hear today, what you think about and how you do it, is all in your ability and capacity to solve the daily problems of life and business.

So what?  This is nothing new...

You have no doubt heard or read, a famous book about similar topics and subjects.  How to be successful?

What if perseverance was that one differentiator, that determines whether you are successful, or not?

Again, you have heard it all before.  Stop doing this, start doing that.  Keep doing it.  Did you hear that from your mother, father or your latest boss?  Really, is that all success is about?

Guess what?  Are you still alive?  Did you, or your children or parents go to bed hungry tonight?  If the answer is yes that you are reading this, and no one was hungry...you have been successful today.

Remember, tomorrow you will be solving more problems and persevering...to persist in a state, enterprise, or undertaking in spite of counterinfluences, opposition, or discouragement..

Godspeed!  Have a prosperous journey...