New York-Based Corporate Risk Management Firm Joins BDO
CHICAGO, January 9, 2019 — BDO USA, LLP, one of the nation’s leading accounting and advisory firms, today announced the asset acquisition of Lootok, a crisis management and business continuity consulting and technology firm headquartered in New York. The acquisition of Lootok bolsters BDO’s proactive risk management capabilities, offering clients an end-to-end suite of services across the risk continuum.
Founded in 2006, Lootok integrates military models, cognitive science, design thinking and game theory with industry risk management standards to create new ways of understanding the disciplines of business continuity, crisis management, and enterprise risk management. Lootok helps organizations of all sizes and industries transform their risk programs through risk assessment, program design, self-service technologies, and activity-based learning and engagement.
Consulting at the board and the C-suite levels require more than experience and expertise. Presence matters. Strength of conviction matters. This caliber of consultant is a partner who confronts the thorniest topics head-on and who can speak the language of today’s leaders. Lootok has found such a talent. It is with great enthusiasm and expectation that Lootok announces Brian Collins as Managing Director. Mr. Collins joins Lootok with more than twenty years of risk management experience across industries and sectors. Based in Washington, DC, he will lead the global crisis management practice.
Mr. Collins is a decorated Marine officer with awards for valor in combat and service. He has worked at the highest levels of government with General/Flag Officers, Assistant Cabinet Secretaries, and Ambassadors. He paired his extensive governmental experience with a master’s degree from Georgetown University and graduated from the Senior Executive Fellows program at the Harvard Kennedy School.
Mars Inc. has found that games are an effective way to teach supply chain risk management and resiliency.
When the pet food, candy, and drink company Mars Inc. wants to start a discussion with internal or external supply chain partners about supply chain risk management and resiliency, it basically holds a game night.
Chris de Wolfe, director of risk management, admits that initially he was skeptical that card and board games could help launch a supply chain risk management program. But he has since found that simulation activities are the best way to identify pain points and open people’s eyes to the risks around them.
De Wolfe and Sean S. Murphy, CEO of the business continuity consulting company Lootok Ltd., described two of the games that they use during a breakout session at the Institute for Supply Management (ISM) 2018 Annual Conference. These games have been used both at local Mars sites as well as with the companies’ key vendors.
Over the past several years, psychologists, behavioral scientists and academics have helped to advance our understanding of human psychology and, specifically, how humans respond to high-risk and crisis situations. This research has highlighted how a lack of pre-crisis training and preparation may exacerbate risk and cause unnecessary errors during times of stress and uncertainty.
The good news is that these experts can also help us better understand the best ways for businesses to help individuals prepare and train for such situations so they can contribute positively to the risk management and crisis mitigation process.
But while the need for crisis and business continuity planning is clearly recognized by a wide swath of businesses and many endorse and utilize such programs, the degree to which companies and their risk managers have embraced the findings of what some call “the psychology of risk” is sorely lacking.
New partnership between two industry leaders brings a new level of talent to outsourced risk programs
Lootok, a leading crisis management and business continuity consulting and technology company, and Andersen Steinberg, an executive search and recruitment firm specializing in risk and resilience, announced a new strategic partnership today. The new alliance will give Lootok an even deeper level of expertise and global resources.
Creating a fully outsourced crisis and business continuity program often requires a global team of highly specialized professionals, and Lootok’s hiring process has always adhered to the most rigorous standards. That thoughtful process can sometimes be time-consuming, a necessity that must be balanced with a need for rapid scalability. The new partnership allows Lootok to achieve that scalability while maintaining the highest level of quality.
“To meet the demand for fully outsourced crisis and business continuity programs, Lootok needed a model that allowed us to deploy the right resources in record time,” said Sean Murphy, CEO of Lootok. “Recruiting the best minds in the risk and resiliency industry, supporting local languages and bringing in specialized skillsets is all a part of our business model. With a global network and a reputation for attracting the finest risk talent, our alliance with Andersen Steinberg gives us the ability to achieve that rapid scalability while accessing the finest talent, while bringing world-class service to our clients.”
Both firms have kindred corporate philosophies and a deep understanding of the value that quality talent brings to clients, culture, and profits. “What matters to Lootok, also matters to Andersen Steinberg,” said Murphy. “When companies call on Lootok to manage their crisis and business continuity programs, Lootok becomes their global team, and the right resources are critical to the success of the program.
In managing a program, Lootok brings together management of technology, training, awareness, messaging, reporting, rollout, and support. A diverse group of specialists is essential, and team members may need to be fluent in multiple languages, understand a niche area of supply chain risk, or have deep knowledge of a specific technology. Andersen Steinberg specializes in finding talent that meets those unique criteria.
Together, the partnership gives Andersen Steinberg the opportunity to place the next generation of leaders in global risk, while giving Lootok the ability to scale their innovative services that have transformed the industry over the last ten years.
New technology and devices bring employees together in a global market
Businesses are living in the era of global culture, communication and commerce, greatly increasing the need for multilingual capacity. Little wonder that language learning has become a crucial component of corporate learning programs in the past decade.
Research from Technavio indicates that the corporate language learning market is on the cusp of major expansion. The market research firm released its findings in a press release, showing that corporate online language learning in the U.S. is expected to grow at a compound annual growth rate of 16% between 2017 and 2021.
Is the corporate language learning industry headed for big changes in the next couple of years? Experts seem to think so.
Why all this attention on language learning in the corporate world?
For starters, businesses no longer operate with geographic limits anymore. The internet has made every industry a global one. Because of this, nearly every working adult will at some point encounter language and cultural barriers that can make things challenging. Emerging technologies will have an impact as well.
“Artificial intelligence is now pushing up against human learning of languages,” said Jeremy Stynes, President of Lootok said, “and with it being so much more accurate now, it’s easy to see how this could become scalable.”
Ignore these trends at your own risk. Stynes shared the story of a former employer that spent a great deal of time and money on localizing the language of corporate training content, only to discover that there were tools (like Google translator) that provided a far better solution.
Read the full article with commentary from Jeremy Stynes on HR Dive.
See Sean Murphy speak at OSAC Crisis Management Forum and APTA’s Risk Management Seminar this August
Sean Murphy, CEO of the crisis management and business continuity consulting and technology company Lootok, will share his expertise and insights at two high-profile events this year. On August 7, he will present at the American Public Transportation Association’s (APTA) Risk Management Seminar in San Diego. Immediately following the APTA Seminar, Murphy will be a featured speaker at the U.S. Department of State’s Overseas Security Advisory Council (OSAC)’s Crisis Management Forum in Minneapolis on August 8 and 9.
The APTA Risk Management Seminar is the only risk management seminar dedicated to risk management professionals involved in transit risk management. This year’s agenda features new and creative thinking for risk managers—presenting cutting-edge concepts and challenges. With transportation and public entity risk managers at all levels of experience, the seminar includes several sessions on issues that transit risk managers face on a daily basis. Sean Murphy’s session will explore a modern approach to crisis and business continuity management that allows companies to maneuver in today’s complex world of threats.
The threats impacting businesses today are complex, insidious, and almost always have an up or downstream impact on technology. Cyber attacks are also borderless and can impact core operations as easily as business partner and supply chain operations. Therefore, when companies look to increase their resiliency they must weigh equally their operational and technological vulnerabilities.
One challenge that many organizations face is that there is no single entity governing cybersecurity and crisis management. With different reporting structures, separate budgets, and uncoordinated planning, they struggle to stay in sync. This partnership takes aim at breaking down those silos and helping organizations to get an honest and holistic view of their risk landscape.
Despite the occasional stuffed-shirt boss looking over my shoulder and saying “This isn’t playtime!” some of the best jobs I’ve ever had incorporate a level of playfulness, and the results have always proven to be effective.
A favorite exhortation among fast-food bosses is, “If you’ve got time to lean, you’ve got time to clean!” But a little leaning now and then, and even a little guided playfulness, can go a lot further towards getting employees actively engaged in a corporate goal than will any angry mandate.
Where employers and employees alike go wrong is falling into the trap of believing that work isn’t supposed to be fun. Sean Murphy, CEO and founder of Lootok, a crisis management and business continuity consulting and technology company, went into this business – which is normally as dry as a Prohibition-era liquor cabinet – with the idea of actually transforming it into something people actually want to do.
Read the full article with commentary from Sean Murphy on HUFFPOST.
Corporate training is big business. Last year alone, American organizations spent a whopping $70.65 billion on corporate training and associated administrative costs, based on data from Training magazine’s 2016 Training Industry Report. Most companies are willing to invest in the learning and development of employees because they must compete in ever-changing markets, which requires enhanced skills.
According to a McKinsey Quarterly survey, nearly 90% of organizations indicated that building on the capabilities of employees is a top priority. However, only around a quarter said that they can accurately measure the success of their learning programs in terms of improved performance. There seems to be a disconnect between investing in learning programs and having a direct understanding of the impact on the bottom line.
Read the full article with commentary from Jeremy Stynes on HR Dive.
It’s a well-known fact that a strong corporate learning program is an effective retention tool.
By encouraging employees to actively participate, employees can better understand new concepts practically, rather than just absorbing a slew of information. Participatory learning can increase employee career satisfaction when it’s carried out correctly.
According to the National Institutes for Health, the very process of participating in any change activity can support workforce learning. A 2009 study conducted by E. Rosskam involved teaching employees new health procedures in order to improve safety. By using a shared platform where learners can interact and support one another, employees can perceive learning as something they own.
HR Dive talked with Sean Murphy, CEO of Lootok, a business continuity and crisis management firm with headquarters in New York City, about the concept of participatory learning. When employees buy in to active career development, this participation creates another layer in the experience.
Read the full article with commentary from Sean Murphy on HR Dive.
For more than 10 years Lootok has pushed the boundaries of traditional crisis management and business continuity (BC). “I launched Lootok with the singular vision of doing BC differently,” said Lootok CEO, Sean Murphy. “Global volatility and increased competition have escalated the need for companies to prepare for disruptions. While everybody knows that they should have a BC program, nobody wants to do the work. BC is only important when it’s too late, and when an incident does occur, any data and plans that have been collected typically remain untouched.”
Lootok continually confronts these challenges by offering fresh points of view on industry standards and new ways to transform programs to meet today’s highly networked environment. Sean Murphy explains: “I knew that BC was an essential part of business. The negative returns I so often saw were not the result of BC itself, but rather how it was implemented. At that point, I saw a major opportunity in going beyond the cookie-cutter approach and offering something of lasting value.”
With this goal, Lootok based its services on a deep understanding of industry expertise and interdisciplinary sciences. Why integrate interdisciplinary sciences? It is a simple answer, according to Sean: “We get better results. Through integrating cognitive sciences, gamification, and branding concepts we capture higher-quality data, buy-in at all levels of the organization, and sizable costs savings through self-service and automation.”
2017 marked a reflective period in Lootok’s history, where the company restructured areas of the organization to yield even greater innovation and sharpened its services to Lootok clients. Lootok is excited to announce that there are four changes in its talent pool that set the stage for this evolution.
Learning to either manage the crisis or run the company, but not do both, is a hard lesson for most executives, as they want to do it all. Executives achieve their position through hard work, overcoming extreme obstacles, success, confidence, and leadership. It becomes difficult to let go of the organizational reigns to focus on the crisis. Likewise, it is just as difficult to let others manage a crisis while they focus on the organization. This post is a reflection of a number of executive crisis management trainings I facilitated where the executive (e.g., CEO, business unit president, segment leader) wanted to ‘fly the plane’ and ‘fix the problem.’
Consider the Basics for Crisis Management Program - as with most initiatives and programs, we tend to over think when we design them. The basics reminds me of one of my favorite quotes from Antoine de Saint-Exupéry, “Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away.”
Let’s keep it simple: crisis management
When it comes to crisis management the majority of crisis teams need seven means to make timely and effective decisions based on applying judgment to available information. We need a command and control framework, critical information requirements (identification of gaps in our knowledge), intelligence, situation awareness, common operating picture, common ground, and intent.
Last month, I showed up at a client’s manufacturing site to facilitate an annual tabletop exercise. The company had recently kicked off its crisis management and business continuity initiative, so I wasn’t surprised to walk in and hear several people ask what this meeting was about, and how long it was going to last.
It is commonplace within organizations to have initiative atrophy or program of the month syndrome. People are doing more with less. Everyone is highly skilled at prioritizing work and recognizing false positive initiatives. Crisis management and business continuity can quickly get categorized as a ‘not now’ or ‘postpone as long as possible’ project in this environment. Therefore, it is important for risk and security professionals to allow our stakeholders bring themselves into the program. We need them to want the program and value the work we need them to do.
In my experience, there are usually three different types of people sitting in the room.
First, you have your evangelists, or your program advocates—they’re often the ones leading the initiative or they’ve already experienced some kind of catastrophic event. On the other end of the spectrum are those who have already decided risk management is irrelevant, so they’re checked out and sighing loudly.
But almost everyone in between is a good corporate citizen who has showed up with a printed copy of their plan because they were told to. Other than the occasional email, they’re not used to thinking about risk. You can’t blame them for wanting to just get the meeting over with and get on with their lives.
This mindset, unfortunately, is not uncommon. Whether people are unaware of the program or struggle to understand its value, it’s important to recruit them as active participants. So what are we as risk management professionals to do?
The BCI is proud to introduce our first author interview with Eric Dezenhall on April 11th, 8:30-10:30 am, at the Harvard Club in New York City.
From Tiger Woods to Michael Jackson, Eric Dezenhall has been on the front line of high-profile crisis communications and public relations. Come hear his perspective on Trump vs Clinton, BP vs Goldman, fake news and much more. Eric is a world-renowned crisis management and public relationship expert with frequent appearances on NPR, CNN, FOX, CNBC, and MSNBC. He has written for the New York Times, the Wall Street Journal, Business Week, the Los Angeles Times, and USA Today; is a regular contributor to the Daily Beast, Huffington Post and CNBC.com. Learn more about Eric.
This presentation was presented at the D.C. Analyst Roundtable. I was asked to speak on crisis management, business continuity, and how to run a program like a business. You can download the presentation from SlideShare.
One of the sad realities of the “new normal” is the escalating specter of terrorism-related crises in the workplace. Though not exclusively tethered to data privacy concerns or security incidents, a business executive’s ability to manage unforeseen trauma is an essential (and largely unspoken) part of the modern day job description. This interactive workshop offers timely, practical, scenario-based coaching on how to handle the unforeseen at a moment of supreme hardship. Participants will walk away with a clear understanding of core tenets of business continuity management, as well as key techniques for coping with or better understanding terrorism’s ineffable vicissitudes.
Where: The Metropolitan Club
When: November 16, 2016, 1:45pm to 2:45 pm
Topic: Darkness Descends: The General Counsel’s Role in Business Continuity Management
Join me at the DC Analysts’ Roundtable on November 14th! I will be presenting on Business Continuity & Crisis Management.
The DC Analysts’ Roundtable is a collaborative body of practitioners in the fields of intelligence and risk analysis from the private sector and federal, state, and local agencies. The Analysts’ Roundtable promotes the professionalization of the intelligence and risk analysis communities through the sharing of best practices, information, and analytical training. Sign up by contacting DC.Analysts.Roundtable@gmail.com. Look forward to seeing you there!
While artists, athletes, and performers struggle to make their mark in the public eye with a memorable act or viral moment, a different type of celebrity has been emerging on the scene - the spokesperson for a crisis.
Here’s a quick exercise to highlight the point:
Jeffrey Boyd, Lew Frankfort, and Stephen Hemsley. Do these names sound familiar?
If not, don’t feel bad. They are the CEO’s of Priceline.com, Coach, and UnitedHealth Group, respectively.
Now, how about the names Tim Cook and James Comey?
We can immediately recall them as the CEO of Apple and the FBI Director, respectively, feuding over a locked iPhone involving a federal investigation of the San Bernardino shooting.
The media diligently covered Cook and Comey’s debate for more than three months. During that time, both men emerged as stars in a cast of characters ranging from lawyers, judges, politicians, and even presidential candidates. The media and public tuned in to hear their perspectives on data privacy, security, technology, civil rights, and terrorism.
One of the challenges we have in risk management, crisis management, and security management is striking a balance between customized and standard solutions. Customized solutions and approaches tend to be more expensive now (implementation) and later (maintenance). However, customized solutions resolve specific requirements. Standard solutions tend to be cheaper, but we don’t get exactly what we want. Our challenge is balancing requirements and spend to get the most out of our budgets.
When is good good enough?
Jeremy Stynes, Lootok’s CCO / CTO, has coined a term he calls Snowflake Syndrome. Snowflake syndrome is when someone believes that they are so unique they demand special attention and design - but reality is ... they’re not special. They believe their project/initiative/program is one-of-a-kind, a snowflake. The challenge of the Snowflake Syndrome is rooted in people’s mental models. People can suffer from the syndrome when they confuse their personal uniqueness, or desire to be unique, with the organizational program they are responsible for. It can also come from working in organizational environments that lack standardization and procedures; therefore snowflake solutions are everywhere. It is easy to believe you are a snowflake when everything and everyone around you is a snowflake. Snowflake thinking can lead to overly complex (unique) design and processes. Anytime we see inconsistent design or costly overruns the snowflake syndrome is close by.
“How did you go bankrupt?”
“Two ways. Gradually, then suddenly.”
- Ernest Hemingway, The Sun Also Rises
I was working with a head of risk management—the chief risk officer—at a global organization that does not have a GSOC. One night over dinner, I asked him why his organization didn’t have one, and suggested he spearhead the initiative. His response? “I’m not convinced we need one. The organization has always operated without a GSOC, so why start now?” He also said, “The reality is, we’re already doing it here and there. The system works fine. Let people do their thing.” Something that seemed so obvious to me and so unnecessary to him left me on the defensive and him on offense.
The reality is, if you’re a global organization, you need a GSOC—or some version of it. If you don’t have one, you will need to communicate the severity of the situation and get one. Allow me to illustrate the need for such capabilities so you can justify the business case to your leadership and board…
My colleague Christopher Rivera attended an inter-agency exercise where he had a few heated discussions on the topic. He argued in favor of a decentralize model with centralize support (Lootok’s philosophy), whereas a number of his colleagues at the table argued for dedicated central crisis management team that did everything. His colleagues at the table believe in Power to Center, where Lootok believes in Power to the Edge.
The desire to centralize is our natural predilection to try to simplify things and codify procedures to create predictability and reduce errors. The problem with Power to Center, an autocratic centralized model, is that it requires control, prediction, time, and universal knowledge of everything. Unfortunately, control is not possible in complex adaptive environments where there are many independent actors. Control requires prediction as well adequate levers of manipulation. Both requirements are in little supply in the crisis environment. Time is always working against us in today’s global 24/7 environments. In global organizations, knowledge of the local environment and threat effects are necessary to be able to optimally manage and respond to a spectrum of threats. The centralize desire to take the human element out of everything, which is the most important factor in the equation, is almost irresistible.
In complex environments, orderly processes and centralized decision making are ineffective. We also can’t codify a set of procedures for a nonlinear complex event because we have to take the context into account. Independence and improvisation are essential. Decentralize structure (local, country, regional) works best when the threat is within the leadership command and control accountability and responsibility.