The risk matrix is a standard tool commonly used in risk assessments. It’s straightforward to use, and easy to explain. The only trouble is, the risk matrix doesn’t actually forecast or measure risk.
When used as a quantitative tool, the risk matrix is misunderstood. Our challenge as practitioners is to recognize the limitations of the risk matrix, so we can use it in a way that increases understanding of the threats around us. In this eBook, we explore how.
I had the pleasure to interview Gary Klein the author of “Seeing What Others Don’t,” “Streetlights and Shadows,” “Working Minds,” and “Sources of Power.” His research and experience is invaluable to anyone in the field of risk management. In this interview, Gary talks about the difference between a well-ordered domain (i.e., normal business environment) and complex domain (i.e., crisis environment). Understanding the characteristics and attributes of each environment is critical to understanding what tools, processes, and capabilities needed to be successful in each environment.
Many of us business continuity management (BCM) professionals are convinced that a business impact analysis (BIA) is a “must-have” for any company. On top of that, we often believe the more information we gather, the better. But after the enormous effort to collect mountains of data and conduct endless interviews, we end up with little value to show for it.
Doing a BIA is expected of us, but do companies actually need a BIA? I guarantee that conducting an extensive BIA project is a quick way to exhaust your resources, stall your program agenda, and taint the reputation of your program. But if you’re willing to question why you’re doing a BIA, and then facilitate the process in a practical way for participants, you can maximize your investment. This eBook explores how to do this, and why it matters.
As BCM professionals, we’ve long believed in the myth that a plan is our key to recovery during a disruption. Often, we hyper-focus on the plan as undeniable proof that the right actions will be taken in an incident. This is the worst possible approach. Learn why in our eBook, The plan is the promised land, the first in Lootok’s series on the five myths of business continuity management (BCM)!
An ISO-aligned business continuity plan includes business continuity procedures for managing a disruption and continuing operations, based on recovery objectives identified in its business impact analysis.
In today’s business world, we are all faced with multiple responsibilities. It is easy to let things like business continuity, disaster planning, and crisis management fall to the bottom of the list, especially when there have been no recent crises to remind us of their importance. But planning for failure can contribute to your company’s success. Both in the event of an incident and in improving your current workflow, obstacles to continuity often turn out to be obstacles to success.
The fact that Tokyo found the nuclear reactors in a worse state than previously announced underscores the need for honest, factual information for public consumption, and the importance of media in delivering this communication. The age where authorities view the public as a panicky wildcard that needs to be soothed, rather than as an equal partner in mitigating and recovering from a disaster, must come to an end – especially in a world where, thanks to the internet and information networks, information is disseminated to a wider audience at a faster rate than history has ever experienced before.
Was the community immediately surrounding Tepco’s reactor integrated in mitigation efforts prior to the incident? Subsequent actions and the announcement of possibly 30 billion dollars in claims indicate the opposite.