In our most uncertain times over the past few years, it is again time to revisit several key factors of Operational Risk Management (ORM) within our Global Critical Infrastructure organizations.
Think of examples like Maersk or Boeing and UnitedHealth Group or Silicon Valley Bank.
Into the future, our Risk, Security and Controls personnel shall have equal power with the executives who are responsible for bringing in the revenue.
This means that the future power-base of the Sales and Marketing teams would need to also be on par with the Internal Audit, Security and Risk Management executives.
This internal culture shift is harder to achieve than one would think.
The ego's aside, the people who make it their job to worry about potential losses, look over the horizon and to mitigate risks day in and day out, are just not used to warning everyone each day to every alert, each instance or possible threats.
It is because everybody loves to hear that the business has been won, the competition defeated and the company just closed the biggest "Deal" in it's history. Let the spin doctors in Marcom get the Press Releases flying!
Not the doom and gloom.
It has been said before, the tone starts at the top.
The CEO and Board of Directors who are cognizant of the necessity for effective risk management objectives must also create a balanced power-base at the top to balance the "Revenue Generators" with the “Risk & Loss mitigators.”
So who are some of these people who deserve a greater exposure to this new born culture shift:
- _Director of Information Security promoted to CISO. (Chief Information Security Officer)
- _Director of Corporate Facilities to CSO. (Chief Security Officer)
- _Director of Regulatory Affairs to CCO. (Chief Compliance Officer)
- _Director of Privacy to CPO. (Chief Privacy Officer)
- _Director of Human Resources to CHO. (Chief Humanity Officer)
If the CEO thinks that this is too many chiefs in the "C" Suite, then what about the idea of creating the:
Executive Office of Operational Risk Management (ORM)
This would be on par with the Chief Financial Officer and might even include the Chief Information Officer.
The new EO of ORM would now be on the same level of power with the EVP of Sales or Marketing and beyond the Chief Operations Officer (COO).
They would be laser focused on mitigating a spectrum of corporate threats, implementing relevant employee education and determining the true effectiveness of any organizational risk controls.
Just not so much on the effectiveness of sales incentives and corporate promotions or the uptime of corporate marketing processes.
So what does someone such as Sherron Watkins, the former VP of Corporate Development at Enron Corporation think the moral is?
You've been asked this one numerous times Sherron, I'm sure, but what's the moral of the story?
“Being an ethical person is more than knowing right from wrong. It is having the fortitude to do right even when there is much at stake.”