Zona Walton [ADP - Global Business Resiliency] and I spoke at a private conference last month. The title of our session was The Future of Resiliency. We explored the idea that the future of resiliency isn’t resiliency; that is, it will be something else.
In our session, we covered the critical aspects of rolling out and maintaining a global supply chain operational risk – business continuity program. Supply chain leaders are naturally gifted at managing risk, as it is part of their daily lives. But, supply chains are naturally dynamic (i.e., disruptive), which makes many of our traditional operational risk – business continuity techniques ineffective. Supply chain leaders need risk management techniques and tools to help them make decisions, solve problems, and communicate in complex environments.
Learning objectives covered:
Common pitfalls (i.e. too fast, too big) of risk and resiliency supply chain rollouts.
The necessary methodologies, tools, and roadmaps to be successful in today’s complex, nonlinear, supply-chain environments.
When working with the masses [end-users; not experts in risk management, business continuity, crisis management], I find it beneficial to present clear, concise, and concrete packaged solutions. People need guidance and structure to help them think through problems and build effective plans. This is one of the reasons Lootok created the 8Rs™ of Resiliency. The goal the 8Rs is to reduce uncertainty, simplify complexity, structure thinking and dialogue, build common ground, and establish preparatory activities. The 8Rs facilitates planning with a plan as the end deliverable (i.e., plans are the byproduct of planning). The 8Rs are designed to provide people with a set of options they can employ to continue operations under various threats and timelines. The 8Rs™ of Resiliency comprises of the following:
Relocate - physical moving assets (e.g., people, technology, equipment) to another location
Reassign – transferring processes (i.e., work) to another location
Repair / Replace – capabilities in place to fix the problem at time of event
Reinforce – fortify, strengthen, assets to tolerate greater impacts and occurrences
Replicate – simultaneous production (i.e., processes, technology, work) at two locations [duplication]; active-active
Redundancy - extra capacity and inventory
Risk Transfer – shift risk to other entities through insurance, contracts, and risk pooling
Relinquish – do nothing [e.g., too cost prohibitive]; risk acceptance strategy
Since starting Lootok, once a year I go to Rochester, Minnesota, my home State, to take my annual executive physical at the Mayo Clinic. It gives me a good reason to get back to Minnesota to visit family and friends, while maximizing my medical checkups. In just two days, more than fifteen doctors evaluate me. Risk management shares many similarities with the medical field, and it’s where you find the best analogies and metaphors. I wanted to share few of the insights I have gleaned over my time at Mayo.
Risk management is analogous to the immune system. It is not a thing or part. It is a system that co-exists within other systems that must properly function with a larger system called the organization | organism. You cannot just fix the immune system, buy it, or expect miraculous resiliency overnight. The immune system must be earned, strengthened and maintained every day. You need healthy habits, positive attitude and healthy living and work environments, proper planning and long-term vision and dedication, so forth. Risk management works the same way. Risk management also has the same challenges as our immune system: we don’t think much about it until something goes wrong.
I was on the phone last week with a data visualization expert and author discussing visualization problem solving—basically, how to solve problems or at least understand problems with pictures (i.e., drawing pictures). He asked a question about cyber security: “Why is a cyber threat so scary? Isn’t it just another threat?” He was right… in part—cyber is another threat, just like infectious disease, civil unrest, flood, power outage, fire, war, or accident. While we use common frameworks and capabilities for threats such as command and control, situation awareness, threat intelligence, common operating picture, common ground, and so forth, each threat has unique characteristics we need to consider. Why is cyber security on the top of every executive’s mind? It comes down to six (6) characteristics of a cyber threat:
There’s a mnemonic for these six (6) characteristics: “is wild.”
The retail sector faces risk challenges ranging from cyber security threats to active shooter incidents. These threats, coupled with advances in new technologies, social media and public perceptions of risk have required the retail sector to reevaluate the resiliency of their business.
Written by Lootok’s Sweta Chakraborty and Iris Chung.
When it comes to managing risk, one oft-overlooked aspect is risk perception, or how we perceive a threat. What we believe or do not believe about risks has an enormous effect on how well we prepare ourselves for them, and the action we take when they occur. What factors into our fears, and how do they impact our decision-making?
Why all the ruckus about naming a winter storm? Sometimes, the intention behind the names is to draw the public’s attention to severe weather. While winter storms may not have as large of an impact as hurricanes, they can often be erratic; for example, dumping snow in one area while leaving nothing more than rain or fog in another. Now, it’s becoming clear that superstorms have hype cycles of their own.
When it comes to risk perception, we are notoriously prone to misconceptions. Whether fearing planes over bikes or elevators over stairs, we have a tendency to misjudge just how dangerous certain situations are.