Lootok

Menu

What's new?

A Game of Supply Chain Risk

By Susan Lacefield

Mars Inc. has found that games are an effective way to teach supply chain risk management and resiliency.

When the pet food, candy, and drink company Mars Inc. wants to start a discussion with internal or external supply chain partners about supply chain risk management and resiliency, it basically holds a game night.

Chris de Wolfe, director of risk management, admits that initially he was skeptical that card and board games could help launch a supply chain risk management program. But he has since found that simulation activities are the best way to identify pain points and open people’s eyes to the risks around them.

De Wolfe and Sean S. Murphy, CEO of the business continuity consulting company Lootok Ltd., described two of the games that they use during a breakout session at the Institute for Supply Management (ISM) 2018 Annual Conference. These games have been used both at local Mars sites as well as with the companies’ key vendors.

Read Post

Bringing play into the business world

Despite the occasional stuffed-shirt boss looking over my shoulder and saying “This isn’t playtime!” some of the best jobs I’ve ever had incorporate a level of playfulness, and the results have always proven to be effective.

A favorite exhortation among fast-food bosses is, “If you’ve got time to lean, you’ve got time to clean!” But a little leaning now and then, and even a little guided playfulness, can go a lot further towards getting employees actively engaged in a corporate goal than will any angry mandate.

Where employers and employees alike go wrong is falling into the trap of believing that work isn’t supposed to be fun. Sean Murphy, CEO and founder of Lootok, a crisis management and business continuity consulting and technology company, went into this business – which is normally as dry as a Prohibition-era liquor cabinet – with the idea of actually transforming it into something people actually want to do.

HUFFPOST

Read the full article with commentary from Sean Murphy on HUFFPOST.

Read Post

Facilitating an exercise? Find out how to reel people in!

Last month, I showed up at a client’s manufacturing site to facilitate an annual tabletop exercise. The company had recently kicked off its crisis management and business continuity initiative, so I wasn’t surprised to walk in and hear several people ask what this meeting was about, and how long it was going to last.

It is commonplace within organizations to have initiative atrophy or program of the month syndrome. People are doing more with less. Everyone is highly skilled at prioritizing work and recognizing false positive initiatives. Crisis management and business continuity can quickly get categorized as a ‘not now’ or ‘postpone as long as possible’ project in this environment. Therefore, it is important for risk and security professionals to allow our stakeholders bring themselves into the program. We need them to want the program and value the work we need them to do.

In my experience, there are usually three different types of people sitting in the room.

First, you have your evangelists, or your program advocates—they’re often the ones leading the initiative or they’ve already experienced some kind of catastrophic event. On the other end of the spectrum are those who have already decided risk management is irrelevant, so they’re checked out and sighing loudly.

But almost everyone in between is a good corporate citizen who has showed up with a printed copy of their plan because they were told to. Other than the occasional email, they’re not used to thinking about risk. You can’t blame them for wanting to just get the meeting over with and get on with their lives.

This mindset, unfortunately, is not uncommon. Whether people are unaware of the program or struggle to understand its value, it’s important to recruit them as active participants. So what are we as risk management professionals to do?

Lootok facilitate an exercise
Facilitate a successful exercise! Reel people in!

Read Post

Inspiring commitment over compliance: the elusive dream of all risk managers

Why can’t risk management, crisis management, and business continuity be a rewarding experience that people actively desire to be involved with?

Lootok Experience Model

This question led us down a path of evaluating the phenomena of experience. What makes an experience good or bad or great? Why do we love some brands and hate others? Why do we join some groups and not others? Why do we love that cash-only, poor-service, overpriced empanada spot in a run-down building on the Lower East Side, but we would be outraged with the same service and accommodations at another restaurant? Unlocking the answers to these questions begins with understanding your target audience.

  1. Who are they?
  2. What do they care about?
  3. What do they struggle with?
  4. Why should they care about your program?

While the Demand Model® evaluates the engagement level of an audience, the Experience Model™ gives us the tools to increase that demand.

Read Post

What do dog food and risk management have in common? Lootok’s Demand Model®

“Nothing happens until someone sells something to someone.” Thomas J. Watson (1874–1956), Chairman and CEO, IBM

Would a company sell a product or service that no one wanted? It’s an absurd question with a simple answer: absolutely not. You need demand. People have to want what you’re offering. At Lootok, we apply this same basic principle to risk management, business continuity, and crisis management programs.

Of course, most practitioners—people like you and me—see the value and the importance of their role in such services. But if you go outside this tight circle, demand quickly wanes. Rather than march to a linear project plan or industry standard, let demand drive the pace of progress.

Before you rollout, change, or update a global program, begin by assessing demand. Organizations tend to prefer immediate success and tangible artifacts (e.g., risk assessment or business impact analysis), but if you think of your program as a business, assessing demand would be the first thing you would do.

Out of this concept came Lootok’s Demand Model®, developed and refined over the past decade.

Lootok Demand Model

Read Post

How do you create situation awareness—Fresh perspectives with Mica Endsley

I had the privilege of sitting down with Mica Endsley —author of Designing for Situation Awareness: An Approach to User-Centered Design. Mica is the president of SA Technologies. Previously she was the Chief Scientist for U.S. Air Force.

Mica shares with us lessons learned from her book—Designing for Situation Awareness. I asked her nine (9) questions to solicit her thoughts on situation awareness, technology, and mental models.

Mica Endsley
Mica Endsley

Read Post

How do you use Nudge (behavioral science) in risk management?

Interesting presentation by Harvard Law School Professor Cass R. Sunstein on using behavioral science to change behavior:

From Behavioral Economics to Public Policy

He co-authored the book Nudge.

It is becoming increasingly necessary in risk management and business continuity management to be better, faster, and cheaper. We need to better Return on Investment (ROI), better participation, better end-user experience, faster change, greater reach and adoption, and enhanced techniques and concepts. We need people to do more with less and with higher quality and participation.  To accomplish any of this we need behavioral science.

Cass Sustein
Cass Sustein

Read Post

Can a crisis make you a celebrity?

Picture of man speaking to the press
Ready or not.  Say, “Cheese!”

While artists, athletes, and performers struggle to make their mark in the public eye with a memorable act or viral moment, a different type of celebrity has been emerging on the scene - the spokesperson for a crisis.

Here’s a quick exercise to highlight the point:

Jeffrey Boyd, Lew Frankfort, and Stephen Hemsley. Do these names sound familiar?
If not, don’t feel bad. They are the CEO’s of Priceline.com, Coach, and UnitedHealth Group, respectively.

Now, how about the names Tim Cook and James Comey?
We can immediately recall them as the CEO of Apple and the FBI Director, respectively, feuding over a locked iPhone involving a federal investigation of the San Bernardino shooting.

The media diligently covered Cook and Comey’s debate for more than three months. During that time, both men emerged as stars in a cast of characters ranging from lawyers, judges, politicians, and even presidential candidates. The media and public tuned in to hear their perspectives on data privacy, security, technology, civil rights, and terrorism.

Read Post

Should global organizations have a global security operations center (GSOC)?

“How did you go bankrupt?”
“Two ways. Gradually, then suddenly.”

- Ernest Hemingway, The Sun Also Rises

I was working with a head of risk management—the chief risk officer—at a global organization that does not have a GSOC. One night over dinner, I asked him why his organization didn’t have one, and suggested he spearhead the initiative. His response? “I’m not convinced we need one. The organization has always operated without a GSOC, so why start now?” He also said, “The reality is, we’re already doing it here and there. The system works fine. Let people do their thing.” Something that seemed so obvious to me and so unnecessary to him left me on the defensive and him on offense.

The reality is, if you’re a global organization, you need a GSOC—or some version of it. If you don’t have one, you will need to communicate the severity of the situation and get one. Allow me to illustrate the need for such capabilities so you can justify the business case to your leadership and board…

GSOC

Read Post

Serious business play: Lootok to collaborate with Highline Games

Lootok stands apart from other consulting firms—not only in the depth of our experience, but also in our willingness to challenge conventional thinking about business continuity and crisis management practices. This has never been more true than today. We are proud to announce that Lootok is collaborating with Highline Games to explore how games and “gamification” can breathe new life into risk management programs and practices. Highline Games, co-founded by Eli Weissman and Anthony Litton of Grand Theft Auto and W.E.L.D.E.R. fame, will work with Lootok’s consulting and creative teams to bring gaming methodologies to such topics as BIAs, plan data entry, and program engagement.

Lootok | Highline Games | Logos
Lootok & Highline Games

Read Post

How can I raise business continuity awareness?

Business continuity can be a challenging thing to get people to pay attention to, especially when a disruption feels distant or unlikely. However, it’s critical that your staff knows about your company’s business continuity program and is familiar with its recovery strategies and plans—prior to an incident—in order for your planning to be effective. So how can you raise business continuity awareness at your organization?

Read Post

Celebrate business continuity awareness week with these thematic posters

Looking for free resources for Business Continuity Awareness Week (BCAW)? Check out these thematic posters that illustrate this year’s BCAW theme.

posters
Download awareness posters

 

Read Post

How to create behavioral change for your business continuity program

Major change initiatives like business continuity take time, but many programs are often declared failures and abandoned before they are given a chance to succeed. For this reason, it’s crucial to show immediate signs of success, particularly for programs that are newly initiated or being re-launched. New behaviors also take time to become habitual, so in order for a business continuity management program to be self-sustaining, it must be gradually built and adopted as part of the company culture.

In order to accomplish this, people also need what Fogg calls “triggers.” Triggers can be thought of as a cue, prompt, call to action, or request that leads to a chain of desired behaviors. In other words, as Fogg states, “Triggers tell people to ‘do it now!’”

Read Post

What relationship do employees have with risk management, if any?

As risk managers and business continuity management (BCM) practitioners, we obviously see and understand the importance of the programs we help facilitate. But what about employees who are otherwise outside of the BCM/risk management realm? Realistically, how do these employees view the initiatives we help implement?

We posed the question to a group of BCM and risk management professionals on LinkedIn. Here are a few of their responses.

Read Post

Can risk management ever be a revenue generating activity?

It seems like selling risk management projects internally can be like pulling teeth. So what would it take for people to be willing to pay for risk management initiatives? We posed the question to a group of risk management professionals on LinkedIn in preparation for our upcoming Building a BCM Brand webinar. Here’s some of what they had to say.

Read Post