Lootok

Menu

What's new?

Join Lootok in Philly for RIMS 2017!

As you are making plans for the RIMS 2017 Conference in Philadelphia, make sure you don’t miss Lootok’s Sean Murphy and Jeremy Stynes speaking on Monday, April 24th. They will be exploring the psychology of risk, sharing innovative ways to market your program, and breaking down traditional myths of Business Continuity Management. All in our signature, non-conventional Lootok way. We hope you come and join us!

RIMS 2017: April 23-26th, 2017 | the Pennsylvania Convention Center | Philadelphia

Lootok Sessions on Monday, April 24 :
12:00 – 12:25 pm | Market Your Program Like a Product | Jeremy Stynes, President
1:00 – 1:25 pm | Five Myths of Operational Risk and Business Continuity Management | Sean Murphy, CEO
3:00 – 4:00 pm | Risk Shrink: Exploring the Psychology of Risk | Sean Murphy, CEO, Lootok; Hester Shaw, Internal Control Framework Director, GSK

Lootok Rims 2017 Philadelphia cheesesteak
Join Lootok for some juicy sessions on Business Continuity!

 

Read Post

Risk Management’s Sweet Spot

Chris de Wolfe, global director of risk management at Mars Inc., shares his challenges of getting the global risk management program at Mars up and running.

“The CRM group had a lot to offer but was severely underutilized, which led to high insurance premiums, a high risk profile, and a significantly reduced resiliency and recovery capability,” Chris said.

Reflecting on how Mars as a business became a major success, de Wolfe decided that he needed to market and promote his own department in the same way. Partnering with Lootok, a risk management consultancy firm, he developed a strategy to engage with the employees in a fun yet educational way. He devised a 5- to 10-year plan, broken into 12- to 18-month strategies and individual project plans by mapping out all of the products and services that risk management offers. He conducted a perception survey and drew up a program based on the ABCs of risk management.

“The ABCs allowed people to understand that risk management not only provides insurance, but it also ensures that the business continues,” said de Wolfe.

Sean Murphy, CEO and founder of Lootok, said of de Wolfe:

“I’ve known Chris for 10 years and what differentiates him is that he treats his program as a business. He had a good program before but he wasn’t satisfied with it so he completely revamped it and is now reaping the benefits.”

Read full article

Read Post

How do you create situation awareness—Fresh perspectives with Mica Endsley

I had the privilege of sitting down with Mica Endsley —author of Designing for Situation Awareness: An Approach to User-Centered Design. Mica is the president of SA Technologies. Previously she was the Chief Scientist for U.S. Air Force.

Mica shares with us lessons learned from her book—Designing for Situation Awareness. I asked her nine (9) questions to solicit her thoughts on situation awareness, technology, and mental models.

Mica Endsley
Mica Endsley

Read Post

What is the best way to tell stories as means to communicate - Cliff Atkinson on Fresh Perspective

 

Read Post

How would a physicist approach risk management - Mark Buchanan on Fresh Perspective

 

Read Post

How to use Scenario Planning in Risk Management - Thomas Chermack on Fresh Perspective

 

Read Post

Can a crisis make you a celebrity?

Picture of man speaking to the press
Ready or not.  Say, “Cheese!”

While artists, athletes, and performers struggle to make their mark in the public eye with a memorable act or viral moment, a different type of celebrity has been emerging on the scene - the spokesperson for a crisis.

Here’s a quick exercise to highlight the point:

Jeffrey Boyd, Lew Frankfort, and Stephen Hemsley. Do these names sound familiar?
If not, don’t feel bad. They are the CEO’s of Priceline.com, Coach, and UnitedHealth Group, respectively.

Now, how about the names Tim Cook and James Comey?
We can immediately recall them as the CEO of Apple and the FBI Director, respectively, feuding over a locked iPhone involving a federal investigation of the San Bernardino shooting.

The media diligently covered Cook and Comey’s debate for more than three months. During that time, both men emerged as stars in a cast of characters ranging from lawyers, judges, politicians, and even presidential candidates. The media and public tuned in to hear their perspectives on data privacy, security, technology, civil rights, and terrorism.

Read Post

Part V | Perception: we can control everything vs. Reality: we can only influence

Perception:

We Can Control Everything

Reality:

We Can Only Influence

We tend to believe the more control we have over something, the better. And why wouldn’t we? Control gives us predictability. It’s efficient. It stabilizes. It makes our lives easier and heck of a lot less stressful.

Isometric grey image

Read Post

Part IV | Perception: the risk manager’s job is to manage risk vs. Reality: to run a company

Perception:

The Risk Manager’s Job is to Manage Risk

Reality:

The Risk Managers Job is to Run a Company

If I had better foresight, maybe I could have improved things a little bit. But frankly, if I had perfect foresight, I would never have taken this job in the first place.
- Richard F. Syron

Isometric grey image

 

Read Post

Part III | Perception: it’s a paint-by-numbers vs. Reality: you paint it like pollock

Perception:

It’s a paint-by-numbers

Reality:

You paint it like Pollock

Before we do anything in our risk management planning, we need to make sure we understand the environments we work in. Everything we do should accommodate the attributes and characteristics of our environments.

Isometric grey image

Read Post

Part II | Perception: it’s like building a house vs. Reality: it’s like running a farm

Perception:

It’s like building a house

Reality:

It’s like running a farm

There are certain building blocks to any program, but how we approach risk management planning will inform our results from the start. Keeping an eye towards sustainability is key.

Isometric grey image

Read Post

Debunking myth #5: Best-in-class BCM software exists

Will BCM software deliver on its promise of making your BCM program easier to run? Is it really possible for BCM software to eliminate the difficulties in running your program?

Yes, it can—but there’s a catch. It won’t address challenges that are unique to your program. Essentially, your problems need to be shared by every other customer of the software.

Download Best-in-class BCM software exists, the fifth myth in Lootok’s series on the five myths of business continuity management (BCM)!

Best-in-class BCM software exists
Myth #5: Best-in-class BCM software exists

See Myth #1: The plan is the promised land.
See Myth #2: You need a business impact analysis (BIA).
See Myth #3: The risk matrix measures risk.
See Myth #4: It gets cheaper and easier.

Read Post

Fresh perspectives: biggest challenge in risk management – metrics

What’s the biggest challenge in risk management? If you ask risk analysis expert Yossi Sheffi, it’s the lack of an industry metric. For example, when you choose a supplier, how can you quantify how risky your choice is? When it comes to metrics, Sheffi says, risk still remains an area where gut feelings and opinions play a major role. And the biggest challenge for risk managers? Defuse the responsibility for managing risk throughout the whole company.

Read Post

Fresh perspectives: resiliency strategies

Risk analysis expert Yossi Sheffi discusses two fundamental resiliency strategies that organizations can use to recover from an incident: redundancy and flexibility. Using the examples of Intel and Southwest Airlines, Sheffi talks about the role of redundancies, flexibility and interchangeability, and communication and culture to provide risk managers with realistic and practical approaches to consider.

Read Post

Fresh perspectives: risk matrix

Risk analysis expert Yossi Sheffi explores the capabilities and limits of the traditional risk matrix, and adds another axis called “detectability.” Detectability has to do with time dimensions, or how much time we have to prepare and react to a threat. There are some events, such as a cyberattack or theft of intellectual property, that have no warning; you realize their occurrence only after they hit you. While the standard use of the risk matrix is influenced largely by the past, adding detectability means greater opportunity to tackle impending threats.

Read Post

Fresh perspectives: insights

What happens when we’re in a crisis we haven’t seen before, and our experience is insufficient? Such a situation requires us to gain “insight,” or develop new patterns that change the way we understand things and consequently, change the actions we consider. Research psychologist Gary Klein investigated the different ways that people form insights, and the factors that prevent us from having them.

Read Post

Fresh perspectives: crisis management team

There are certain challenges that face a crisis management team in the “Golden Hour,” the moment when team members convene to make critical decisions. Research psychologist Gary Klein discusses the need for team members to size up not only the situation, but also each other’s capabilities, roles, and responsibilities at time of event. That’s why it’s key for a crisis management team to regularly practice and train together.

Read Post

Fresh perspectives: uncertainty metaphors

How do most organizations handle uncertainty? They gather more information. Research psychologist Gary Klein explains why this isn’t always the best course of action. After all, it’s easy to gather information and sit on it; it’s harder to know how to make sense of events, and make a coherent story based on the data we have.

Read Post

Debunking myth #4: It gets cheaper and easier

Keeping a BCM program alive doesn’t get cheaper or easier over time. In this eBook, we’ll talk about why.

Download It gets cheaper and easier, the fourth myth in Lootok’s series on the five myths of business continuity management (BCM)!

It gets cheaper and easier
Myth #4: It gets cheaper and easier

See Myth #1: The plan is the promised land.
See Myth #2: You need a business impact analysis (BIA).
See Myth #3: The risk matrix measures risk.
See Myth #5: Best-in-class BCM software exists.

Read Post

Fresh perspectives: recognition-primed decision model

How can leaders make good decisions under the extreme time constraints of a crisis? To find out, research psychologist Gary Klein studied fire fighters to understand their approach to making crucial, complex decisions so quickly. The recognition-primed decision (RPD) process, as he explains, reveals how these professionals assess the situation: they compare familiar patterns and cues to past experiences to know which actions to take.

Read Post

Debunking myth #3: The risk matrix measures risk

The risk matrix is a standard tool commonly used in risk assessments. It’s straightforward to use, and easy to explain. The only trouble is, the risk matrix doesn’t actually forecast or measure risk.

When used as a quantitative tool, the risk matrix is misunderstood. Our challenge as practitioners is to recognize the limitations of the risk matrix, so we can use it in a way that increases understanding of the threats around us. In this eBook, we explore how.

Download The risk matrix measures risk, the third myth in Lootok’s series on the five myths of business continuity management (BCM)!

The risk matrix measures risk
Myth #3: The risk matrix measures risk

See Myth #1: The plan is the promised land.
See Myth #2: You need a business impact analysis (BIA).
See Myth #4: It gets cheaper and easier.
See Myth #5: Best-in-class BCM software exists.

Read Post

Debunking myth #2: You need a business impact analysis (BIA)

Many of us business continuity management (BCM) professionals are convinced that a business impact analysis (BIA) is a “must-have” for any company. On top of that, we often believe the more information we gather, the better. But after the enormous effort to collect mountains of data and conduct endless interviews, we end up with little value to show for it.

Doing a BIA is expected of us, but do companies actually need a BIA? I guarantee that conducting an extensive BIA project is a quick way to exhaust your resources, stall your program agenda, and taint the reputation of your program. But if you’re willing to question why you’re doing a BIA, and then facilitate the process in a practical way for participants, you can maximize your investment. This eBook explores how to do this, and why it matters.

Download You need a business impact analysis (BIA), the second myth in Lootok’s series on the five myths of business continuity management (BCM)!

You need a business impact analysis (BIA)
Myth #2: You need a business impact analysis (BIA)

See Myth #1: The plan is the promised land.
See Myth #3: The risk matrix measures risk.
See Myth #4: It gets cheaper and easier.
See Myth #5: Best-in-class BCM software exists.

Read Post

Debunking myth #1: The plan is the promised land

As BCM professionals, we’ve long believed in the myth that a plan is our key to recovery during a disruption. Often, we hyper-focus on the plan as undeniable proof that the right actions will be taken in an incident. This is the worst possible approach. Learn why in our eBook, The plan is the promised land, the first in Lootok’s series on the five myths of business continuity management (BCM)!

The plan is the promised land
Myth #1: The plan is the promised land

See Myth #2: You need a business impact analysis (BIA).
See Myth #3: The risk matrix measures risk.
See Myth #4: It gets cheaper and easier.
See Myth #5: Best-in-class BCM software exists.

Read Post

Business continuity and the Sony data breach

A massive data breach at Sony Pictures Entertainment, which experts believe was targeted by North Korea as retaliation for a film depicting the assassination of its leader Kim Jong Un, has led to an international incident that has gained the attention of business continuity professionals. Even large companies like Sony can sometimes put business continuity planning on the back burner.  BC professionals say that attacks like this can sometimes change their minds.

Read Post

Seven insights from superstorm Sandy: a financial sector retrospective

$18 billion dollars. That’s the number estimated in damages caused by Hurricane Sandy just in the state of New York alone. With the unexpected turns that transpired amidst the super storm, all businesses were reminded of the importance of business resiliency.

Given the vast amount of information presented to-date, it is still very important that the financial sector revisit the surprises from Sandy to ensure that critical financial services are better protected. A team of experienced BCM advisors gathered the recommendations in the accompanying table from industry thought leaders in leading global financial services companies to learn from their perspectives.

Read Post

Carnival Cruise Lines: What they should have done

At first glance, it appears that Carnival Cruise lines was well prepared when one of their ship had an engine fire and subsequently lost power last week. The media, however, tells a different story.  Here are three points that Carnival may have overlooked in their crisis response.

carnival
Carnival cruise

 

Read Post

How Oreo style the spotlight during the Super Bowl, and other lessons for scenario planning

The highest rated Super Bowl in history may go down in the books for the 34-minute power outage that upstaged the million dollar ads. With all the chatter about the blackout, advertisers were concerned about the effect on television ratings, while some brands capitalized on the opportunity to own the conversation through social media. Many are claiming the real winner of Sunday’s game to be Oreo, whose clever blackout tweet got retweeted 10,000 times in less than an hour.

oreo

When it comes to planning, the power outage also demonstrated that organizations must consider not just critical processes and recovery time objectives, but should also anticipate the impact of potential scenarios. Business continuity is about bouncing back, as well as taking advantage of the situations that may present themselves during incidents—particularly in this case, high profile events. Have you considered this when doing business continuity scenarios or exercises?

Read Post

What a crisis requires, beyond a barebones plan

The fact that Tokyo found the nuclear reactors in a worse state than previously announced underscores the need for honest, factual information for public consumption, and the importance of media in delivering this communication. The age where authorities view the public as a panicky wildcard that needs to be soothed, rather than as an equal partner in mitigating and recovering from a disaster, must come to an end – especially in a world where, thanks to the internet and information networks, information is disseminated to a wider audience at a faster rate than history has ever experienced before.

Was the community immediately surrounding Tepco’s reactor integrated in mitigation efforts prior to the incident? Subsequent actions and the announcement of possibly 30 billion dollars in claims indicate the opposite.

Read Post