Uncategorized

I’ve had a lot of conversations about risk assessments recently and just finished a new feature in the Decis platform, both of which prompted this thought: What if we have things backwards? What if our risk assessment updated us instead of the other way around? We spend days — sometimes weeks — building a comprehensive risk assessment to understand our risks and build mitigation measures. But these are snapshots in time and can quickly become overtaken by events. That’s when we move from risk management to incident management or at minimum, we have to review our mitigation. ...

For most people, this will be a busy time of the year: end-of-year performance reviews, last-minute budget planning, holiday parties, or a final push to achieve their annual goals. All of this adds up to a very busy time when all you want to do is take a break. However, there’s one other thing I’m going to suggest you squeeze in before you start next year’s ERM program. An end-of-year review This review will neatly tie up everything you did over the past year and get you ready for the next. And best of all, it’s something you can do in an afternoon. ...

My risk management master’s course had a heavy reading list as you’d expect but a lot of these set texts – and the course material itself – was pretty thick and not much fun. However, I found a few books that I used alongside the course work which helped summarize a lot of the technical, academic stuff and, frankly, made it less dull. I wanted to share a few of these with you beginning with a book about when and how things go wrong. ...

*I received an email a few years ago from someone just getting started in risk management asking if I had any thoughts or advice on the risk management skills they needed. The response quickly became several pages long and I thought it was worth turning it into a blog piece that others might benefit from. So here are 10 considerations for new risk managers (although this could also be titled ‘Letter to a 30-year old me’ or a 40-year old me.) * ...

A while back, I wrote something on the need to speak up, even when it’s hard. That’s something we face as risk managers, but it’s also a necessity in other parts of our lives. I’ve also written about how there are risks that are so big and uncomfortable that they’re left in the corner: we pretend not to see them. I even wrote a whole piece on Jim Barksdales’ rule about snakes: “The first rule of snakes is, if you see a snake…Just take care of it”. Basically, if you see a problem, don’t stand around staring, debating whether it’s real or not, just deal with it. ...

Just-in-time inventory is the idea that the materials you need arrive just as you need them. This approach cuts down on the cost of storage space and reduces the amount of inventory sitting around doing nothing. A just-in-time approach is very efficient but very fragile. If the supply chain hiccups and inventory gets delayed, the knock-on effects shudder through the whole supply chain. Just in time inventory works, until it doesn’t Toyota discovered this in 1997 when a supplier’s factory burned down. Aisin Seiki was the sole-supplier of a critical part Toyota used in the majority of their vehicles, and the fire left them with just two-three days of inventory because of their just-in-time inventory system. Toyota’s recovery, which amounted to an almost national-mobilization of Japan’s industrial base, was incredible and taught manufactures the world over many valuable lessons. ...

Original image – Partnership for a Drug-Free America There are lots of things that are hard about risk and risk management: you are often dealing with abstracts and potential events; showing success can be challenging when your job sometimes means nothing happens; you might not be seen as adding value. But the biggest challenges always seem to concern discussions about risk. These discussions are hard, even when we have set out clear definitions for what we mean by risk and have everyone on the same page theory-wise. ...

If you’re cooking, you need a way to tell how hot the oven is. You won’t be able to tell the difference between 275oF and 325oF just by sticking your hand inside – both are going to feel hot to you – but this is the difference between a perfect, crunchy yet chewy meringue and something that’s dry and explodes into a pile of dust. So we use a thermometer to give us the information we need. ...

Your biggest risks aren’t usually the ones staring you in the face The big ticket items – the ones that are at the top of everyone’s list, the first thing the CEO wants to talk about – aren’t usually the biggest risk you’re facing. These might be the biggest threats. These might reflect everyone’s biggest fear. But because these are so well known. Because these get so much attention, you’re probably spending a lot of time and effort on these risks. The result is thatthese are closely monitored, well mitigated and heavily managed so the resultant risk is relatively benign. ...

It was the highpoint of a recent meeting with a large firm’s corporate security team. While we were showing them around DCDR, the CSO leaned over to a colleague and said “I love the simplicity“. Cue smiles from our side…. Our intent was always to make the best piece of risk management software possible and a key part of that was to keep things simple. However, as time goes on, it’s easy to lose sight of the original concept, to add ‘just one more feature’ and eventually end up with a Frankenstein’s monster which looks nothing like your original idea (and that everybody hates). ...