On The Lookout To Managing Risk

So risk management is one of the most important skills for leadership. 

Risk is a function of threats, vulnerabilities, probabilities, and countermeasures. 

If we don’t manage risk by mitigating it, avoiding it, accepting it, or transferring it, we “risk” being overcome by the potentially catastrophic losses from it.

My father used to teach me when it comes to managing the risks in this world that “You can’t have enough eyes!”

And that, “If you don’t open your eyes, you open your wallet.”

This is a truly good sound advice when it comes to risk management and I still follow it today. 

Essentially, it is always critical to have a backup or backout plan for contingencies.

Plan A, B, and C keeps us from being left in the proverbial dark when faced with challenge and crisis. 

In enterprise architecture, I often teach of how if you fail to plan, you might as well plan to fail. 

This is truth–so keep your eyes wide open and manage risks and not just hide your head in the sand of endless and foolhardy optimism for dummies. 😉

(Source Photo: Andy Blumenthal)

FOIA Making Us Stronger

To commemorate 46 years since the Freedom of Information Act (FOIA) was passed on July 4, 1966, the Project on Government Oversight (POGO) came out with a infographic showing the significant progress that has been made in government transparency and areas they still see for possible improvement.

Similarly, Government Executive Magazine ran an feature article in June 2012 called “The Truth Behind Transparency,” calling progress with open government as “tough to gauge.”

The basic idea of FOIA as the website for Sunshine Week put it is: “the public’s right to know about its government.”

Obviously, as GovExec points out, one of the main questions over the years with FOIA is “how quickly and fully do agencies respond to FOIA requests?”

To much and too soon, and do you perhaps put at risk various sensitive information, jeopardizing elements of the functioning of government itself?

Too little and too late, and then is the opportunity for mismanagement, waste, fraud, and abuse simply an after fact?

As Beth Novek, former deputy chief technology officer for open government, described it, open government is a “shorthand for open innovation or the idea that working in a transparent, participatory, and collaborative fashion helps improve performance, inform decision-making, encourage entrepreneurship and solve problems more effectively.”

Transparency can aid in accountability by shedding a light on leadership and its performance management. It can also be a great opportunity to bring new ideas and opinions to the fold, perhaps leading to better decisions and results, at the end of the day, for all.

The challenge for government is to guard against any information risks to the safety and security of our nation.

An informed nation, is a stronger nation–to me, it is a foundation of a government “of the people, by the people, for the people.”

Government and the people working together, duly informed, to confront our toughest challenges and solve our greatest problems.

100% Burglar Proof–Tell Me Another One

So I saw this advertisement for a “100% burglar proof” system and I was just bewildered.

Does anyone really think we can be 100% sure of anything–let alone security?

Everyday thieves rob the safest banks, cyber criminals hack the most secure systems, and crooks break into the most secure sites.

Everything we do comes down to risk management–assessing and classifying risk, selecting controls to mitigate risk, and monitoring those for effectiveness and necessary modifications.

For children, maybe things are basic black and white–it’s simpler that way “good guys” and “bad guys” and so on, but for adults we know there are at least “50 shades of grey” and that means that there are no certainties in life–whether security, sure financial bets, or perfect opportunities–everything is a gamble in some respects.

I remember someone once joked about even marriage being somewhat chancy, since “you never really know the person until you wake up with them in the morning every day.”

With 20-20 hindsight, all the pundits seem brilliant, but only the prophets can predict the future with accuracy.

As to any product or vendor that markets itself as having a 100% success rate, you better get yourself a money back guarantee on it, because you will definitely need it! 😉

(Source Photo: Andy Blumenthal)

9/11 – A Lesson In Risky Business

Corresponding to the 10th anniversary of 9/11, Bloomberg BusinessWeek (5-11 Sept 2011) has a great article on risk management called The G-d Clause.

When insurers take out insurance–this is called reinsurance, and reinsurers are “on the hook for everything, for all the risks that stretch the limits of the imagination”–that’s referred to as The G-d Clause–whatever the almighty can come up with, the “reinsurers are ultimately responsible for” paying for it.

And obviously, when insurers and reinsurers don’t well imagine, forecast, and price for risky events–they end up losing money and potentially going out of business!

Well when it came to 9/11, insurers lost fairly big financially–to the tune of $23 billion (it is in fact, the 4th costliest disaster since 1970 after Japan’s tsunami, earthquake and Fukushima nuclear disaster ($235B), and hurricanes Katrina ($72B) and Andrew ($25B) in the U.S.)

Even Lloyd’s “that invented the modern profession of insurance [and] publishes a yearly list of what it calls ‘Realistic Disaster Scenarios,'” and while they had imagined 2 airlines colliding over a city, even they failed to anticipate the events of September 11, 2001. 

According to the article, even insurers that make their living forecasting risks, “can get complacent.”

And the psychology of the here and now, where “people measure against the perceived reality around them and not against the possible futures” is the danger we face in terms of being unprepared for the catastrophic events that await, but are not foretold.

In a sense, this is like enterprise architecture on steroids, where we know our “as-is” situation today and we try to project our “to-be” scenario of the future; if our projection is to far off the mark, then we risk either failing at our mission and/or losing money, market share, or competitive advantage.

The ability to envision future scenarios, balancing reality and imagination, is critical to predict, preempt, prepare, and manage the risks we face.

Post 9/11, despite the stand-up of a sizable and impressive Department of Homeland Security, I believe that our achilles heel is that we continue to not be imaginative enough–and that is our greatest risk.

For example, while on one hand, we know of the dangers of weapons of mass destruction–including nuclear, chemical, biological, and radiological devices–as well as new cyber weapons that can threaten us; on the other hand, we have trouble imagining and therefore genuinely preparing for their actual use.  

Perhaps, it is too frightening emotionally or we have trouble coping practically–but in either case, the real question is are we continuing to proceed without adequate risk-loss mitigation strategies for the future scenarios we are up against?

Frankly, living in the suburbs of our nations capital, I am fearful at what may await us, when something as basic as our power regularly goes out, when we get just a moderate rain storm in this area. How would we do in a real catastrophe?

In my mind, I continue to wonder what will happen to us, if we proceed without taking to heart the serious threats against us–then the tragic events of 9/11 will have unfortunately been lost on another generation.

Like with the reinsurers, if we do not open our minds to perceive the catastrophic possibilities and probabilities, then the risky business that we are in, may continue to surprise and cost us. 

(All opinions my own)

(Source Photo: here)

>Taking the Politics out of Enterprise Decision Making

>

Some people say power is primarily exerted through military might (“hard power”), others says it is through use of diplomacy—communications, economic assistance, and investing in the global good (“soft power”). Then, there is a new concept of employing the optimal mix of military might and diplomacy (“smart power”).

It’s interesting to me how the Department of Defense—military approach—and the Department of State—diplomatic approach—is as much alive and well in our enterprises as it is in the sphere of world politics to get what we want.

At work, for example, people vie—some more diplomatically and some more belligerently—for resources and influence to advance their agendas, programs, projects, and people. This is symptomatic of the organizational and functional silos that continue to predominate in our organizations. And as in the world of politics, there are often winners and losers, rather than winners and winners. Those who are the “experts” in the arts of diplomacy and war (i.e. in getting what they want) get the spoils, but often at the expense of what may be good for the organization as a whole.

Instead of power politics (hard, soft, or smart), organizations need to move to more deliberate, structured, and objective governance mechanisms. Good governance is defined more by quantifiable measures than by qualitative conjecture. Sound governance is driven by return on investment, risk mitigation, strategic business alignment, and technical compliance rather than I need, want, like, feel, and so forth. Facts need to rule over fiction. Governance should not be a game of power politics.

Henry Mintzberg, the well-known management scholar, identified three mechanisms for managers to exert influence in the organization (Wall Street Journal, 17 August 2009):

1. Managing action—“managers manage actions directly. They fight fires. They manage projects. They negotiate contracts.” They get things done.

2. Managing people—“managers deal with people who take the action, so thy motivate them and they build teams and they enhance the culture and train them and do things to get people to take more effective actions.”

3. Managing information—“managers manage information to drive people to tale action—through budgets and objectives and delegating tasks and designing organization structure.”

It is in the third item—managing information—that we have the choice of building sincere business cases and creating a genuine call to action or to devolve into power politics, exerting hard, soft, and smart influence to get what we want, when we want it, and how we want it.

When information is managed through the exertion of power, it can be skewed and distorted. Information can be manipulated, exaggerated, or even buried. Therefore, it is imperative to build governance mechanisms that set a level playing field for capturing, creating, calculating, and complying with a set of objective parameters that can be analyzed and evaluated in more absolute terms.

When we can develop decision support systems and governance mechanisms that take the gut, intuition, politics, and subjective management whim out of the process, we will make better and more productive decisions for the enterprise.