05 December 2021

Managing Operational Risks: On the Wall at 100 Ft...

 After days taking in the magnificent sights at 100+ feet below the surface off Grand Cayman Island, we were reminded how Operational Risk Management is prevalent in even remote places like this.

Take for example the mandate for using dive computers, as a guest of Wall to Wall Diving. For those not initiated with Scuba Diving, you might not realize that "sensors" are utilized in measuring potential threats to your life from something called "The Bends", or decompression sickness.

Giles Charlton-Jones and his wife Deanna from Wall to Wall Diving use a combination of proven Operational Risk Management processes and tools to reduce the risks to their clients. They do this because their small business is no different than that of a Fortune 500 company. As the owners and primary shareholders of any organization, it is the law in most cases to provide Duty of Care.

Decompression sickness, (DCS), diver's disease, the bends, or caisson disease is the name given to a variety of symptoms suffered by a person exposed to a reduction in the pressure surrounding their body. It is a type of diving hazard.

Dive computers perform a continuous calculation of the partial pressure of gases in the body based on the actual dive profile. As the dive computer automatically measures depth and time, it reduces the need for the diver to carry a separate watch and depth gauge and is able to warn of excessive ascent rates and missed decompression stops.

Many dive computers also provide additional information to the diver, for example, the water temperature, or the pressure of the remaining breathing gas in the diving cylinder.

The key point is, that these sensors attached to each diver, help Deter and Detect potential threats associated with decompression sickness. This even includes a calculation when it is safe again to fly on an airplane.

Like other manufacturers in the high technology systems sector, SCUBA (Self-contained Underwater Breathing Apparatus) has it's own champions of companies who focus on the latest tools and solutions to help you manage risks. Who plan for future threat scenarios based upon collected intelligence over years of experience.

Suunto is just one example of a Finnish company, who have been developing instruments for measurement and sensors for various outdoor pursuits. Whether it be on the mountain at 20,000 ft. or underwater at 125 ft..

Weather and our Earths environment will always play a part in the daily risks mountaineers and divers face and who are proactive with the use of the correct tools, so they can operate in a more safe and secure manner.

Yet without the investment with “True Professionals” who have years of the relevant training, decades of experience and brilliant intuition, all the best tools will never be quite enough.

“How often do you encounter situations where the new threat intelligence collected and the automatic warning alerts have not been enough, to keep you out of harms way?”

As a global Fortune 500 company, the Board of Directors represents the interests of shareholders, as oversight owners of the company, in optimizing value by overseeing management performance on the shareholders' behalf.

The Board of Directors responsibilities in performing this oversight function include a Duty of Care and a Duty of Loyalty.

A Director's Duty of Care, refers to the responsibility to exercise appropriate due diligence in overseeing the management of the company, while continuously making OPS Risk decisions and performing other vital mitigation actions.

It remains refreshing to witness that even on a small island in the British West Indies, that the owners/operators are true professionals who are applying the practice of “Operational Risk Management” (ORM) in their own small employee-owned business.

First, they utilize it each day because they are Professionals. Second, they do it instinctively, because they know that it can mean the difference between life and death or predictive harm in an organizations daily operations.

As we near the end of another year of growing risks in 2021, we say congratulations to all of you who have found the science of “Operational Risk Management”.

Thank you to all of you, who have applied your own professional services “Art”, to make our world, more safe and secure in 2022! Godspeed!

20 November 2021

Metadata: Guardians on the Front Lines...

Continuous Continuity (C2) in your particular enterprise is a priority you shall not just focus upon during our U.S. Infrastructure Security Month.

Last week here, we reviewed Ten Steps your organization can practice on a regular basis to enhance your focus on Continuous Continuity and simultaneously your overall Operational Risk Management (ORM).

Let’s circle back to a few vital areas to emphasize as we increase our production and consumption of corporate or organizational “Data”.

Of Metadata. “Data that provides information about other data”.

The details on the creation date, time and application generating these words as they were originally written, is just one small example. What about the actual platform and the browser that was used:

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:94.0) Gecko/20100101 Firefox/94.0
Screen Resolution: 1680 x 1050 (pixels)
Browser Dimensions: 1005 x 853 (pixels)
Cookie Status: Enabled

You understand that the data you can’t see on your screen and the data you may not even care about, is present, and that the metadata is being collected by some entity somewhere.

The amount of data and the speed of data is now overwhelming our global digital world we live in the year 2021 and beyond. The question remains, So What?

If you are a seasoned General Counsel (GC) today with a Fortune 1000 organization doing business on a global basis, your Blackberry :) must be "buzzing" every few minutes. Just the legal risk alone being encountered will always be a factor of the number of deals, the number of employees and the growing number of countries you are operational.

As a corporate GC of a global enterprise, you have a fiduciary responsibility to protect the enterprise from all adversaries, such as the rogue employee, the government regulator, competitors, digital hackers, nation states and all of the plaintiff class actions.

The Rule of Law in your organization is in your hands. How you transfer the "Talking Points" on ethics, compliance and legal messages to your employees, partners, suppliers and adversaries is ever more critical.

The true effectiveness of your relationship with internal partners such as your CEO, CFO, CSO, CISO and Internal/External First Responder leadership could mean the survival of the company itself.

When was the last time you as a GC took the “Ethics," “Compliance” and "Rule of Law" program directly to your employees in face-to-face sessions?

How might you provide your employees, partners or 3rd-Party suppliers with the first hand opportunity to meet, greet and engage with the General Counsel of your particular enterprise?

By doing this, you are directly engaging with the people on the front lines, to be our "Guardians" for your company and to build trusted relationships with all of them.
Get out There.

11 September 2021

11 September 2021: What is True...

When these words found their way from pen to paper seventeen years ago today, the truth of what was written was unknown:

-------------------------

11 September 2004

Third Anniversary of 9/11

As We Mark The Third Anniversary of 9/11 one can imagine how the world will be in the next three years. A globe pock marked by terrorist incidents. Russia, Malaysia are of recent headlines. How soon will the terror strike the US again? Many say before the election and only then will we have what we need to reinforce what work has already been accomplished, and will never be completed.

The people of the free world know in their hearts that the struggles of real estate and religion will continue for decades to come. Only those who are proactive, preventive and aware of the continuously changing threat will survive.

God bless us all.

Posted by Ed at 9/11/2004 10:49:00 AM

-------------------------

Today on this morning of 11 September 2021 at 8:46 AM, as our fellow loved ones gather around our 9/11 Memorial in the World Trade Center plaza of the former Twin Towers, the Pentagon or Shanksville and they read the names of the fallen that day, tears come to our eyes. Once Again.

For those who died that day. And for those who will have died decades afterwards.

And for all of those Americans who roll out of bed each day in our United States and Overseas, to raise our American Flag and to work until the stars are out to defend everything that it stands for.

Who we really are, as Americans, each day as we pray and every day the musical notes of “Taps” plays.

"The Only Thing Necessary For Evil To Triumph Is For Good Men To Do Nothing."
--Edmund Burke

On this 9/11 day as we remember again. Each of us knows where we were, when we heard and saw the news unfolding before our very eyes.

The smoke rising from the WTC in New York City, the Pentagon in Arlington, Virginia and the fields near Shanksville, Pennsylvania. What we witnessed on 11 September 2001, was pure “Evil” at work.

"How much do you let what you wish to be true stand in the way of seeing what is really true?"

Today, as these words are written, we know the truth…Never Forget!

28 August 2021

Never Forget: The Prescience of our Risks…

Historical facts and real time data will remain an empirical reminder of our mistakes in the past, of our “Lessons Learned”. Those who study the why and the how from only our past 20 years of history, will be able to adapt, can proactively improve outcomes and will over time increase our respective levels of resiliency.

“The 19 men who hijacked and crashed the four planes were all trained by al Qaeda. Three of the suspected pilots—Mohamed Atta, Marwan Al-Shehhi, and Ziad Jarrah—were part of an al Qaeda cell based in Hamburg, Germany. All four pilots took flying lessons in the United States.

Fifteen of the hijackers came from Saudi Arabia, two from the United Arab Emirates, one from Egypt, and one from Lebanon. The oldest was 33; the rest were between 20 and 29. The group also included two sets of brothers: Wail and Waleed Al-Shehri on American Flight 11, and Nawaf and Salem Al-Hazmi on American Flight 77. The hijackers began entering the United States in January 2000 to advance the plot. All 19 were in the country by early July 2001.”

Yet are we simply repeating the same behavior and forgotten our lessons of the true data?

A proactive set of activities are continuously required to sense the unforeseen. We shall continue to devote our time, new resources and growing intelligence towards the heartbeat of our emotions.

The hope is, that we do not lose sight of the foundations and the continuous requirements for our Operational Risk Management.

The prescience of our risks, are based upon the past and the history already laid down before us. The continuous ability for you to become even more reliable, more consistent and to hedge against significant loss is in your own hands.

How might you become more resilient to the change events that still lie ahead of us:

Operational risk is defined as the risk of loss resulting from inadequate or failed processes, people, and systems or from external events. These risks are further defined as follows:
* Process risk – breakdown in established processes, failure to follow processes or inadequate process mapping within business lines.
* People risk – management failure, organizational structure or other human failures, which may be exacerbated by poor training, inadequate controls, poor staffing resources, or other factors.
* Systems risk – disruption and outright system failures in both internal and outsourced operations.
* External event risk – natural disasters, terrorism, and vandalism.

The definition includes Legal risk, which is the risk of loss resulting from failure to comply with laws as well as prudent ethical standards and contractual obligations. It also includes the exposure to litigation from all aspects of an institution’s activities.

How might we gain the foresight required in an evolving physical and virtual environment with:

  • More Threats.
  • More Data.
  • More Speed.
  • More Decision Makers.
  • More Competition.

We shall “Never Forget”…

21 August 2021

Always Remember: Continuous Insight After Two Decades…

After 9/11, Business Continuity got plenty of attention, yet to this day many companies remain ill-prepared for disaster. This CFO article in 2003 reinforces the reality of this fact.

Even if you have tested your Business Continuity Plan (BCP), it doesn't mean that your own organizations suppliers and partners have:

Source: Scott Leibs, CFO Magazine September 01, 2003 "In the weeks following September 11, 2001, the New York Board of Trade (NYBOT) was praised, in these pages and elsewhere, for having invested in a disaster recovery plan that proved nearly priceless. The commodities exchange had been spending $300,000 annually for a backup facility that sat idle for years, an expense that had been questioned but that paid off: the exchange not only used the site in the days after 9/11 but continues to use the site as its de facto headquarters as it transitions to a new one in lower Manhattan this month.

That was the kind of success story that was supposed to galvanize the business-continuity market, highlighting as it did the vulnerability not only of computer systems but also of phone, power, and transportation grids. What had been seen as an issue affecting primarily a company's data center was now framed as a strategic imperative affecting every aspect of infrastructure."

Here are ten steps for consideration to Practice Continuous Continuity (C2) for Enterprise Resilience:

  1. Develop and practice a contingency plan that includes a succession plan for your executive team.
  2. Train backup employees to perform emergency tasks. The employees you count on to lead in an emergency won't always be available.
  3. Consider creating offsite crisis meeting places for top executives and operational teams.
  4. Make sure employees—as well as executives—are involved in the exercises so that they get practice in responding to an emergency and following orders in potential chaos.
  5. Make exercises realistic enough to tap into employees' emotions so that you can see how they'll react when the situation gets stressful.
  6. Practice crisis communication with employees, customers and the outside world.
  7. Invest in an alternate means of communication in case the phone networks go down, including wireless devices.
  8. Form partnerships with local emergency response groups—firefighters, police and EMTs—to establish a good working relationship. Let them become familiar with your company and site.
  9. Evaluate your company's performance during each test, and make changes to ensure constant improvement. Continuity plans should reveal weaknesses.
  10. Regularly test your continuity plan to reveal and accommodate changes. technology, personnel and facilities as they are in a constant state of change at any organization.

As part of the audit of your Continuous Continuity (C2), include the check up on your most vital 3rd party suppliers. They must be as prepared and resilient as you are. You may require that they be included in all of your scenario exercises, to make sure that you know their level of readiness...

20 March 2021

Mission Leader: Independent Resilience...

What are you and your organization working on today, to become more independent? 

Definition of independent

(1) : not dependent: such as

   a (1) : not subject to control by others

(2) : not affiliated with a larger controlling unit

   b (1) : not requiring or relying on something else : not contingent

The Continuous Continuity of your endeavors may well be determined by how much you rely on others for your own survival.

When you or your organization becomes “Interdependent” on resources, or vital capabilities that ensure your survival, then you are increasing your exposure to becoming even more vulnerable.

“Continuous Continuity” requires a mind set that is Proactive, is full of awareness and is consistently asking “What if”?

As a leader in your small group, in your business unit or in your local County, what are you doing today to become even more resilient?

You see, it is your symbiosis and the “Interdependencies” with others, that may become your ultimate and true vulnerability to Operational Risk.

“Independent Thought Leadership” requires discipline and once you commit yourself, it means that you will now be on your way to a more resilient state of being, growing within your particular ecosystem of choice.

Where are you operating today? What is your role in the “Continuous Continuity” of your Life, your Family, your Business, your Faith and your Country?

Your future depends upon your ability to become more Resilient. How will you accomplish a strategy to assist others around you, so they also will become more independent?

What will you learn today to make you stronger, smarter or more clear in your mind about how to assist others?

How might you apply this new found skill or knowledge to your life, that will ensure your own longevity and your consistent personal satisfaction?

As an independent “Mission Leader” you too will become one additional resilient component in an environment of future risks. Here is what lies ahead of you:

The 16th edition of the World Economic Forum’s Global Risks Report analyses the risks from societal fractures—manifested through persistent and emerging risks to human health, rising unemployment, widening digital divides, youth disillusionment, and geopolitical fragmentation. Businesses risk a disorderly shakeout which can exclude large cohorts of workers and companies from the markets of the future.

A “Mission Leader” then takes this knowledge onward to teach others. They apply what they have learned and accomplished, to share it with people they care about...

23 January 2021

Predictive Intelligence: Imagine the Catalyst…

 “The true sign of intelligence is not knowledge but imagination.”

— Albert Einstein

When was the last time you found yourself preparing for something that has not happened yet?

Why were you thinking about it? Was it fear?

What did you fear? Was it the potential for a significant loss event? Loss or change of what?

How will you prepare in such a way, that it gives you some assurance that the potential loss event will not occur? Or if it does, the outcomes will not be a total catastrophe:

Definition of catastrophe

  • 1 : a momentous tragic event ranging from extreme misfortune to utter overthrow or ruin.
  • 2 : utter failure.
  • 3a : a violent and sudden change in a feature of the earth.
  • b : a violent usually destructive natural event (such as a supernova).
  • 4 : the final event of the dramatic action especially of a tragedy.

How might you prepare proactively with your Team, to alleviate fear and to provide greater confidence of action?

What particular environment are you thinking about right now?

Is it Land, Sea, Air, Space or Cyberspace? Will the Catalyst for the loss event you fear, begin in plain sight? Will you see it or hear it coming? Or could it be silent and invisible?

How will you know when it has started? What indicators or changes might you measure, to give you some early warning?

Your imagination has not been exercised hard enough or long enough. You will be vulnerable and you shall experience loss at some point.

Can you imagine working along side trusted people or colleagues together to imagine your fears? Will you Understand, Decide and Act? As a team…

How might you devote a few hours per week to the people, processes, systems and external events that you fear?

Your proactive strategy will make a difference. A purposeful journey of imagination each week will increase your “Proactive and Predictive Intelligence”.

Now imagine that a person on your particular team is your Catalyst. How will you make “Trust Decisions” to imagine what they might do or how the person will make a mistake? How could the persons actions become the genesis of a real catastrophe?

Wake up. You are vulnerable today. The proactive time and the degree of effort and resources that you devote to your own Operational Risk Management (ORM) shall make all the difference.

Between a life of trusted possibilities or one full of continuous despair…it is your choice.

Onward!