Lootok

Menu

What's new?

A Game of Supply Chain Risk

By Susan Lacefield

Mars Inc. has found that games are an effective way to teach supply chain risk management and resiliency.

When the pet food, candy, and drink company Mars Inc. wants to start a discussion with internal or external supply chain partners about supply chain risk management and resiliency, it basically holds a game night.

Chris de Wolfe, director of risk management, admits that initially he was skeptical that card and board games could help launch a supply chain risk management program. But he has since found that simulation activities are the best way to identify pain points and open people’s eyes to the risks around them.

De Wolfe and Sean S. Murphy, CEO of the business continuity consulting company Lootok Ltd., described two of the games that they use during a breakout session at the Institute for Supply Management (ISM) 2018 Annual Conference. These games have been used both at local Mars sites as well as with the companies’ key vendors.

Read Post

Bringing play into the business world

Despite the occasional stuffed-shirt boss looking over my shoulder and saying “This isn’t playtime!” some of the best jobs I’ve ever had incorporate a level of playfulness, and the results have always proven to be effective.

A favorite exhortation among fast-food bosses is, “If you’ve got time to lean, you’ve got time to clean!” But a little leaning now and then, and even a little guided playfulness, can go a lot further towards getting employees actively engaged in a corporate goal than will any angry mandate.

Where employers and employees alike go wrong is falling into the trap of believing that work isn’t supposed to be fun. Sean Murphy, CEO and founder of Lootok, a crisis management and business continuity consulting and technology company, went into this business – which is normally as dry as a Prohibition-era liquor cabinet – with the idea of actually transforming it into something people actually want to do.

HUFFPOST

Read the full article with commentary from Sean Murphy on HUFFPOST.

Read Post

Can a crisis make you a celebrity?

Picture of man speaking to the press
Ready or not.  Say, “Cheese!”

While artists, athletes, and performers struggle to make their mark in the public eye with a memorable act or viral moment, a different type of celebrity has been emerging on the scene - the spokesperson for a crisis.

Here’s a quick exercise to highlight the point:

Jeffrey Boyd, Lew Frankfort, and Stephen Hemsley. Do these names sound familiar?
If not, don’t feel bad. They are the CEO’s of Priceline.com, Coach, and UnitedHealth Group, respectively.

Now, how about the names Tim Cook and James Comey?
We can immediately recall them as the CEO of Apple and the FBI Director, respectively, feuding over a locked iPhone involving a federal investigation of the San Bernardino shooting.

The media diligently covered Cook and Comey’s debate for more than three months. During that time, both men emerged as stars in a cast of characters ranging from lawyers, judges, politicians, and even presidential candidates. The media and public tuned in to hear their perspectives on data privacy, security, technology, civil rights, and terrorism.

Read Post

Should global organizations have a global security operations center (GSOC)?

“How did you go bankrupt?”
“Two ways. Gradually, then suddenly.”

- Ernest Hemingway, The Sun Also Rises

I was working with a head of risk management—the chief risk officer—at a global organization that does not have a GSOC. One night over dinner, I asked him why his organization didn’t have one, and suggested he spearhead the initiative. His response? “I’m not convinced we need one. The organization has always operated without a GSOC, so why start now?” He also said, “The reality is, we’re already doing it here and there. The system works fine. Let people do their thing.” Something that seemed so obvious to me and so unnecessary to him left me on the defensive and him on offense.

The reality is, if you’re a global organization, you need a GSOC—or some version of it. If you don’t have one, you will need to communicate the severity of the situation and get one. Allow me to illustrate the need for such capabilities so you can justify the business case to your leadership and board…

GSOC

Read Post

Serious business play: Lootok to collaborate with Highline Games

Lootok stands apart from other consulting firms—not only in the depth of our experience, but also in our willingness to challenge conventional thinking about business continuity and crisis management practices. This has never been more true than today. We are proud to announce that Lootok is collaborating with Highline Games to explore how games and “gamification” can breathe new life into risk management programs and practices. Highline Games, co-founded by Eli Weissman and Anthony Litton of Grand Theft Auto and W.E.L.D.E.R. fame, will work with Lootok’s consulting and creative teams to bring gaming methodologies to such topics as BIAs, plan data entry, and program engagement.

Lootok | Highline Games | Logos
Lootok & Highline Games

Read Post

Understanding the risk environment: Sean Murphy discusses nonlinear environment with Gary Klein

I had the pleasure to interview Gary Klein the author of “Seeing What Others Don’t,” “Streetlights and Shadows,” “Working Minds,” and “Sources of Power.” His research and experience is invaluable to anyone in the field of risk management. In this interview, Gary talks about the difference between a well-ordered domain (i.e., normal business environment) and complex domain (i.e., crisis environment). Understanding the characteristics and attributes of each environment is critical to understanding what tools, processes, and capabilities needed to be successful in each environment.

Read Post

Debunking myth #2: You need a business impact analysis (BIA)

Many of us business continuity management (BCM) professionals are convinced that a business impact analysis (BIA) is a “must-have” for any company. On top of that, we often believe the more information we gather, the better. But after the enormous effort to collect mountains of data and conduct endless interviews, we end up with little value to show for it.

Doing a BIA is expected of us, but do companies actually need a BIA? I guarantee that conducting an extensive BIA project is a quick way to exhaust your resources, stall your program agenda, and taint the reputation of your program. But if you’re willing to question why you’re doing a BIA, and then facilitate the process in a practical way for participants, you can maximize your investment. This eBook explores how to do this, and why it matters.

Download You need a business impact analysis (BIA), the second myth in Lootok’s series on the five myths of business continuity management (BCM)!

You need a business impact analysis (BIA)
Myth #2: You need a business impact analysis (BIA)

See Myth #1: The plan is the promised land.
See Myth #3: The risk matrix measures risk.
See Myth #4: It gets cheaper and easier.
See Myth #5: Best-in-class BCM software exists.

Read Post

Debunking myth #1: The plan is the promised land

As BCM professionals, we’ve long believed in the myth that a plan is our key to recovery during a disruption. Often, we hyper-focus on the plan as undeniable proof that the right actions will be taken in an incident. This is the worst possible approach. Learn why in our eBook, The plan is the promised land, the first in Lootok’s series on the five myths of business continuity management (BCM)!

The plan is the promised land
Myth #1: The plan is the promised land

See Myth #2: You need a business impact analysis (BIA).
See Myth #3: The risk matrix measures risk.
See Myth #4: It gets cheaper and easier.
See Myth #5: Best-in-class BCM software exists.

Read Post

Why don’t plans work?

Sean Murphy discusses the limitations of plans with renowned author and research psychologist Gary Klein.

Read Post

What does ISO 22301 look for in a business continuity plan?

An ISO-aligned business continuity plan includes business continuity procedures for managing a disruption and continuing operations, based on recovery objectives identified in its business impact analysis.

Read Post

Why spend time on business continuity? What you get out of planning for failure

In today’s business world, we are all faced with multiple responsibilities. It is easy to let things like business continuity, disaster planning, and crisis management fall to the bottom of the list, especially when there have been no recent crises to remind us of their importance. But planning for failure can contribute to your company’s success. Both in the event of an incident and in improving your current workflow, obstacles to continuity often turn out to be obstacles to success.

Read Post

What a crisis requires, beyond a barebones plan

The fact that Tokyo found the nuclear reactors in a worse state than previously announced underscores the need for honest, factual information for public consumption, and the importance of media in delivering this communication. The age where authorities view the public as a panicky wildcard that needs to be soothed, rather than as an equal partner in mitigating and recovering from a disaster, must come to an end – especially in a world where, thanks to the internet and information networks, information is disseminated to a wider audience at a faster rate than history has ever experienced before.

Was the community immediately surrounding Tepco’s reactor integrated in mitigation efforts prior to the incident? Subsequent actions and the announcement of possibly 30 billion dollars in claims indicate the opposite.

Read Post