28 August 2021

Never Forget: The Prescience of our Risks…

Historical facts and real time data will remain an empirical reminder of our mistakes in the past, of our “Lessons Learned”. Those who study the why and the how from only our past 20 years of history, will be able to adapt, can proactively improve outcomes and will over time increase our respective levels of resiliency.

“The 19 men who hijacked and crashed the four planes were all trained by al Qaeda. Three of the suspected pilots—Mohamed Atta, Marwan Al-Shehhi, and Ziad Jarrah—were part of an al Qaeda cell based in Hamburg, Germany. All four pilots took flying lessons in the United States.

Fifteen of the hijackers came from Saudi Arabia, two from the United Arab Emirates, one from Egypt, and one from Lebanon. The oldest was 33; the rest were between 20 and 29. The group also included two sets of brothers: Wail and Waleed Al-Shehri on American Flight 11, and Nawaf and Salem Al-Hazmi on American Flight 77. The hijackers began entering the United States in January 2000 to advance the plot. All 19 were in the country by early July 2001.”

Yet are we simply repeating the same behavior and forgotten our lessons of the true data?

A proactive set of activities are continuously required to sense the unforeseen. We shall continue to devote our time, new resources and growing intelligence towards the heartbeat of our emotions.

The hope is, that we do not lose sight of the foundations and the continuous requirements for our Operational Risk Management.

The prescience of our risks, are based upon the past and the history already laid down before us. The continuous ability for you to become even more reliable, more consistent and to hedge against significant loss is in your own hands.

How might you become more resilient to the change events that still lie ahead of us:

Operational risk is defined as the risk of loss resulting from inadequate or failed processes, people, and systems or from external events. These risks are further defined as follows:
* Process risk – breakdown in established processes, failure to follow processes or inadequate process mapping within business lines.
* People risk – management failure, organizational structure or other human failures, which may be exacerbated by poor training, inadequate controls, poor staffing resources, or other factors.
* Systems risk – disruption and outright system failures in both internal and outsourced operations.
* External event risk – natural disasters, terrorism, and vandalism.

The definition includes Legal risk, which is the risk of loss resulting from failure to comply with laws as well as prudent ethical standards and contractual obligations. It also includes the exposure to litigation from all aspects of an institution’s activities.

How might we gain the foresight required in an evolving physical and virtual environment with:

  • More Threats.
  • More Data.
  • More Speed.
  • More Decision Makers.
  • More Competition.

We shall “Never Forget”…

21 August 2021

Always Remember: Continuous Insight After Two Decades…

After 9/11, Business Continuity got plenty of attention, yet to this day many companies remain ill-prepared for disaster. This CFO article in 2003 reinforces the reality of this fact.

Even if you have tested your Business Continuity Plan (BCP), it doesn't mean that your own organizations suppliers and partners have:

Source: Scott Leibs, CFO Magazine September 01, 2003 "In the weeks following September 11, 2001, the New York Board of Trade (NYBOT) was praised, in these pages and elsewhere, for having invested in a disaster recovery plan that proved nearly priceless. The commodities exchange had been spending $300,000 annually for a backup facility that sat idle for years, an expense that had been questioned but that paid off: the exchange not only used the site in the days after 9/11 but continues to use the site as its de facto headquarters as it transitions to a new one in lower Manhattan this month.

That was the kind of success story that was supposed to galvanize the business-continuity market, highlighting as it did the vulnerability not only of computer systems but also of phone, power, and transportation grids. What had been seen as an issue affecting primarily a company's data center was now framed as a strategic imperative affecting every aspect of infrastructure."

Here are ten steps for consideration to Practice Continuous Continuity (C2) for Enterprise Resilience:

  1. Develop and practice a contingency plan that includes a succession plan for your executive team.
  2. Train backup employees to perform emergency tasks. The employees you count on to lead in an emergency won't always be available.
  3. Consider creating offsite crisis meeting places for top executives and operational teams.
  4. Make sure employees—as well as executives—are involved in the exercises so that they get practice in responding to an emergency and following orders in potential chaos.
  5. Make exercises realistic enough to tap into employees' emotions so that you can see how they'll react when the situation gets stressful.
  6. Practice crisis communication with employees, customers and the outside world.
  7. Invest in an alternate means of communication in case the phone networks go down, including wireless devices.
  8. Form partnerships with local emergency response groups—firefighters, police and EMTs—to establish a good working relationship. Let them become familiar with your company and site.
  9. Evaluate your company's performance during each test, and make changes to ensure constant improvement. Continuity plans should reveal weaknesses.
  10. Regularly test your continuity plan to reveal and accommodate changes. technology, personnel and facilities as they are in a constant state of change at any organization.

As part of the audit of your Continuous Continuity (C2), include the check up on your most vital 3rd party suppliers. They must be as prepared and resilient as you are. You may require that they be included in all of your scenario exercises, to make sure that you know their level of readiness...