New York-Based Corporate Risk Management Firm Joins BDO
CHICAGO, January 9, 2019 — BDO USA, LLP, one of the nation’s leading accounting and advisory firms, today announced the asset acquisition of Lootok, a crisis management and business continuity consulting and technology firm headquartered in New York. The acquisition of Lootok bolsters BDO’s proactive risk management capabilities, offering clients an end-to-end suite of services across the risk continuum.
Founded in 2006, Lootok integrates military models, cognitive science, design thinking and game theory with industry risk management standards to create new ways of understanding the disciplines of business continuity, crisis management, and enterprise risk management. Lootok helps organizations of all sizes and industries transform their risk programs through risk assessment, program design, self-service technologies, and activity-based learning and engagement.
Consulting at the board and the C-suite levels require more than experience and expertise. Presence matters. Strength of conviction matters. This caliber of consultant is a partner who confronts the thorniest topics head-on and who can speak the language of today’s leaders. Lootok has found such a talent. It is with great enthusiasm and expectation that Lootok announces Brian Collins as Managing Director. Mr. Collins joins Lootok with more than twenty years of risk management experience across industries and sectors. Based in Washington, DC, he will lead the global crisis management practice.
Mr. Collins is a decorated Marine officer with awards for valor in combat and service. He has worked at the highest levels of government with General/Flag Officers, Assistant Cabinet Secretaries, and Ambassadors. He paired his extensive governmental experience with a master’s degree from Georgetown University and graduated from the Senior Executive Fellows program at the Harvard Kennedy School.
New partnership between two industry leaders brings a new level of talent to outsourced risk programs
Lootok, a leading crisis management and business continuity consulting and technology company, and Andersen Steinberg, an executive search and recruitment firm specializing in risk and resilience, announced a new strategic partnership today. The new alliance will give Lootok an even deeper level of expertise and global resources.
Creating a fully outsourced crisis and business continuity program often requires a global team of highly specialized professionals, and Lootok’s hiring process has always adhered to the most rigorous standards. That thoughtful process can sometimes be time-consuming, a necessity that must be balanced with a need for rapid scalability. The new partnership allows Lootok to achieve that scalability while maintaining the highest level of quality.
“To meet the demand for fully outsourced crisis and business continuity programs, Lootok needed a model that allowed us to deploy the right resources in record time,” said Sean Murphy, CEO of Lootok. “Recruiting the best minds in the risk and resiliency industry, supporting local languages and bringing in specialized skillsets is all a part of our business model. With a global network and a reputation for attracting the finest risk talent, our alliance with Andersen Steinberg gives us the ability to achieve that rapid scalability while accessing the finest talent, while bringing world-class service to our clients.”
Both firms have kindred corporate philosophies and a deep understanding of the value that quality talent brings to clients, culture, and profits. “What matters to Lootok, also matters to Andersen Steinberg,” said Murphy. “When companies call on Lootok to manage their crisis and business continuity programs, Lootok becomes their global team, and the right resources are critical to the success of the program.
In managing a program, Lootok brings together management of technology, training, awareness, messaging, reporting, rollout, and support. A diverse group of specialists is essential, and team members may need to be fluent in multiple languages, understand a niche area of supply chain risk, or have deep knowledge of a specific technology. Andersen Steinberg specializes in finding talent that meets those unique criteria.
Together, the partnership gives Andersen Steinberg the opportunity to place the next generation of leaders in global risk, while giving Lootok the ability to scale their innovative services that have transformed the industry over the last ten years.
New technology and devices bring employees together in a global market
Businesses are living in the era of global culture, communication and commerce, greatly increasing the need for multilingual capacity. Little wonder that language learning has become a crucial component of corporate learning programs in the past decade.
Research from Technavio indicates that the corporate language learning market is on the cusp of major expansion. The market research firm released its findings in a press release, showing that corporate online language learning in the U.S. is expected to grow at a compound annual growth rate of 16% between 2017 and 2021.
Is the corporate language learning industry headed for big changes in the next couple of years? Experts seem to think so.
Why all this attention on language learning in the corporate world?
For starters, businesses no longer operate with geographic limits anymore. The internet has made every industry a global one. Because of this, nearly every working adult will at some point encounter language and cultural barriers that can make things challenging. Emerging technologies will have an impact as well.
“Artificial intelligence is now pushing up against human learning of languages,” said Jeremy Stynes, President of Lootok said, “and with it being so much more accurate now, it’s easy to see how this could become scalable.”
Ignore these trends at your own risk. Stynes shared the story of a former employer that spent a great deal of time and money on localizing the language of corporate training content, only to discover that there were tools (like Google translator) that provided a far better solution.
Read the full article with commentary from Jeremy Stynes on HR Dive.
The threats impacting businesses today are complex, insidious, and almost always have an up or downstream impact on technology. Cyber attacks are also borderless and can impact core operations as easily as business partner and supply chain operations. Therefore, when companies look to increase their resiliency they must weigh equally their operational and technological vulnerabilities.
One challenge that many organizations face is that there is no single entity governing cybersecurity and crisis management. With different reporting structures, separate budgets, and uncoordinated planning, they struggle to stay in sync. This partnership takes aim at breaking down those silos and helping organizations to get an honest and holistic view of their risk landscape.
Despite the occasional stuffed-shirt boss looking over my shoulder and saying “This isn’t playtime!” some of the best jobs I’ve ever had incorporate a level of playfulness, and the results have always proven to be effective.
A favorite exhortation among fast-food bosses is, “If you’ve got time to lean, you’ve got time to clean!” But a little leaning now and then, and even a little guided playfulness, can go a lot further towards getting employees actively engaged in a corporate goal than will any angry mandate.
Where employers and employees alike go wrong is falling into the trap of believing that work isn’t supposed to be fun. Sean Murphy, CEO and founder of Lootok, a crisis management and business continuity consulting and technology company, went into this business – which is normally as dry as a Prohibition-era liquor cabinet – with the idea of actually transforming it into something people actually want to do.
Read the full article with commentary from Sean Murphy on HUFFPOST.
Corporate training is big business. Last year alone, American organizations spent a whopping $70.65 billion on corporate training and associated administrative costs, based on data from Training magazine’s 2016 Training Industry Report. Most companies are willing to invest in the learning and development of employees because they must compete in ever-changing markets, which requires enhanced skills.
According to a McKinsey Quarterly survey, nearly 90% of organizations indicated that building on the capabilities of employees is a top priority. However, only around a quarter said that they can accurately measure the success of their learning programs in terms of improved performance. There seems to be a disconnect between investing in learning programs and having a direct understanding of the impact on the bottom line.
Read the full article with commentary from Jeremy Stynes on HR Dive.
It’s a well-known fact that a strong corporate learning program is an effective retention tool.
By encouraging employees to actively participate, employees can better understand new concepts practically, rather than just absorbing a slew of information. Participatory learning can increase employee career satisfaction when it’s carried out correctly.
According to the National Institutes for Health, the very process of participating in any change activity can support workforce learning. A 2009 study conducted by E. Rosskam involved teaching employees new health procedures in order to improve safety. By using a shared platform where learners can interact and support one another, employees can perceive learning as something they own.
HR Dive talked with Sean Murphy, CEO of Lootok, a business continuity and crisis management firm with headquarters in New York City, about the concept of participatory learning. When employees buy in to active career development, this participation creates another layer in the experience.
Read the full article with commentary from Sean Murphy on HR Dive.
For more than 10 years Lootok has pushed the boundaries of traditional crisis management and business continuity (BC). “I launched Lootok with the singular vision of doing BC differently,” said Lootok CEO, Sean Murphy. “Global volatility and increased competition have escalated the need for companies to prepare for disruptions. While everybody knows that they should have a BC program, nobody wants to do the work. BC is only important when it’s too late, and when an incident does occur, any data and plans that have been collected typically remain untouched.”
Lootok continually confronts these challenges by offering fresh points of view on industry standards and new ways to transform programs to meet today’s highly networked environment. Sean Murphy explains: “I knew that BC was an essential part of business. The negative returns I so often saw were not the result of BC itself, but rather how it was implemented. At that point, I saw a major opportunity in going beyond the cookie-cutter approach and offering something of lasting value.”
With this goal, Lootok based its services on a deep understanding of industry expertise and interdisciplinary sciences. Why integrate interdisciplinary sciences? It is a simple answer, according to Sean: “We get better results. Through integrating cognitive sciences, gamification, and branding concepts we capture higher-quality data, buy-in at all levels of the organization, and sizable costs savings through self-service and automation.”
2017 marked a reflective period in Lootok’s history, where the company restructured areas of the organization to yield even greater innovation and sharpened its services to Lootok clients. Lootok is excited to announce that there are four changes in its talent pool that set the stage for this evolution.
Zona Walton [ADP - Global Business Resiliency] and I spoke at a private conference last month. The title of our session was The Future of Resiliency. We explored the idea that the future of resiliency isn’t resiliency; that is, it will be something else.
In our session, we covered the critical aspects of rolling out and maintaining a global supply chain operational risk – business continuity program. Supply chain leaders are naturally gifted at managing risk, as it is part of their daily lives. But, supply chains are naturally dynamic (i.e., disruptive), which makes many of our traditional operational risk – business continuity techniques ineffective. Supply chain leaders need risk management techniques and tools to help them make decisions, solve problems, and communicate in complex environments.
Learning objectives covered:
Common pitfalls (i.e. too fast, too big) of risk and resiliency supply chain rollouts.
The necessary methodologies, tools, and roadmaps to be successful in today’s complex, nonlinear, supply-chain environments.
One of the challenges we have in risk management, crisis management, and security management is striking a balance between customized and standard solutions. Customized solutions and approaches tend to be more expensive now (implementation) and later (maintenance). However, customized solutions resolve specific requirements. Standard solutions tend to be cheaper, but we don’t get exactly what we want. Our challenge is balancing requirements and spend to get the most out of our budgets.
When is good good enough?
Jeremy Stynes, Lootok’s CCO / CTO, has coined a term he calls Snowflake Syndrome. Snowflake syndrome is when someone believes that they are so unique they demand special attention and design - but reality is ... they’re not special. They believe their project/initiative/program is one-of-a-kind, a snowflake. The challenge of the Snowflake Syndrome is rooted in people’s mental models. People can suffer from the syndrome when they confuse their personal uniqueness, or desire to be unique, with the organizational program they are responsible for. It can also come from working in organizational environments that lack standardization and procedures; therefore snowflake solutions are everywhere. It is easy to believe you are a snowflake when everything and everyone around you is a snowflake. Snowflake thinking can lead to overly complex (unique) design and processes. Anytime we see inconsistent design or costly overruns the snowflake syndrome is close by.
When working with the masses [end-users; not experts in risk management, business continuity, crisis management], I find it beneficial to present clear, concise, and concrete packaged solutions. People need guidance and structure to help them think through problems and build effective plans. This is one of the reasons Lootok created the 8Rs™ of Resiliency. The goal the 8Rs is to reduce uncertainty, simplify complexity, structure thinking and dialogue, build common ground, and establish preparatory activities. The 8Rs facilitates planning with a plan as the end deliverable (i.e., plans are the byproduct of planning). The 8Rs are designed to provide people with a set of options they can employ to continue operations under various threats and timelines. The 8Rs™ of Resiliency comprises of the following:
Relocate - physical moving assets (e.g., people, technology, equipment) to another location
Reassign – transferring processes (i.e., work) to another location
Repair / Replace – capabilities in place to fix the problem at time of event
Reinforce – fortify, strengthen, assets to tolerate greater impacts and occurrences
Replicate – simultaneous production (i.e., processes, technology, work) at two locations [duplication]; active-active
Redundancy - extra capacity and inventory
Risk Transfer – shift risk to other entities through insurance, contracts, and risk pooling
Relinquish – do nothing [e.g., too cost prohibitive]; risk acceptance strategy
Since starting Lootok, once a year I go to Rochester, Minnesota, my home State, to take my annual executive physical at the Mayo Clinic. It gives me a good reason to get back to Minnesota to visit family and friends, while maximizing my medical checkups. In just two days, more than fifteen doctors evaluate me. Risk management shares many similarities with the medical field, and it’s where you find the best analogies and metaphors. I wanted to share few of the insights I have gleaned over my time at Mayo.
Risk management is analogous to the immune system. It is not a thing or part. It is a system that co-exists within other systems that must properly function with a larger system called the organization | organism. You cannot just fix the immune system, buy it, or expect miraculous resiliency overnight. The immune system must be earned, strengthened and maintained every day. You need healthy habits, positive attitude and healthy living and work environments, proper planning and long-term vision and dedication, so forth. Risk management works the same way. Risk management also has the same challenges as our immune system: we don’t think much about it until something goes wrong.
I appeared on Federal News Radio and shared my thoughts on new approaches to risk management and how to develop an effective approach to business. You can stream the recording for free here: Interview with Sean Murphy
Look forward to hearing your thoughts and comments!
Chris de Wolf (Mars) and I got back together in April at the RIMS’16 conference for an overwhelmingly well-received session where we talked about transforming the risk function from a program to a business.
“Shaking up the Status Quo - Innovations in Risk Management” gave us the opportunity to tell the story of how we reinvented risk management - business continuity. Long story short: We were looking for a better way.
What’s the biggest challenge in risk management? If you ask risk analysis expert Yossi Sheffi, it’s the lack of an industry metric. For example, when you choose a supplier, how can you quantify how risky your choice is? When it comes to metrics, Sheffi says, risk still remains an area where gut feelings and opinions play a major role. And the biggest challenge for risk managers? Defuse the responsibility for managing risk throughout the whole company.
Risk analysis expert Yossi Sheffi discusses two fundamental resiliency strategies that organizations can use to recover from an incident: redundancy and flexibility. Using the examples of Intel and Southwest Airlines, Sheffi talks about the role of redundancies, flexibility and interchangeability, and communication and culture to provide risk managers with realistic and practical approaches to consider.
Risk analysis expert Yossi Sheffi explores the capabilities and limits of the traditional risk matrix, and adds another axis called “detectability.” Detectability has to do with time dimensions, or how much time we have to prepare and react to a threat. There are some events, such as a cyberattack or theft of intellectual property, that have no warning; you realize their occurrence only after they hit you. While the standard use of the risk matrix is influenced largely by the past, adding detectability means greater opportunity to tackle impending threats.
What happens when we’re in a crisis we haven’t seen before, and our experience is insufficient? Such a situation requires us to gain “insight,” or develop new patterns that change the way we understand things and consequently, change the actions we consider. Research psychologist Gary Klein investigated the different ways that people form insights, and the factors that prevent us from having them.
There are certain challenges that face a crisis management team in the “Golden Hour,” the moment when team members convene to make critical decisions. Research psychologist Gary Klein discusses the need for team members to size up not only the situation, but also each other’s capabilities, roles, and responsibilities at time of event. That’s why it’s key for a crisis management team to regularly practice and train together.
How do most organizations handle uncertainty? They gather more information. Research psychologist Gary Klein explains why this isn’t always the best course of action. After all, it’s easy to gather information and sit on it; it’s harder to know how to make sense of events, and make a coherent story based on the data we have.
How can leaders make good decisions under the extreme time constraints of a crisis? To find out, research psychologist Gary Klein studied fire fighters to understand their approach to making crucial, complex decisions so quickly. The recognition-primed decision (RPD) process, as he explains, reveals how these professionals assess the situation: they compare familiar patterns and cues to past experiences to know which actions to take.
I had the pleasure to interview Gary Klein the author of “Seeing What Others Don’t,” “Streetlights and Shadows,” “Working Minds,” and “Sources of Power.” His research and experience is invaluable to anyone in the field of risk management. In this interview, Gary talks about the difference between a well-ordered domain (i.e., normal business environment) and complex domain (i.e., crisis environment). Understanding the characteristics and attributes of each environment is critical to understanding what tools, processes, and capabilities needed to be successful in each environment.