Sean Murphy, CEO of the crisis management and business continuity consulting and technology company Lootok, will share his expertise and insights at two high-profile events this year. On August 7, he will present at the American Public Transportation Association’s (APTA) Risk Management Seminar in San Diego. Immediately following the APTA Seminar, Murphy will be a featured speaker at the U.S. Department of State’s Overseas Security Advisory Council (OSAC)’s Crisis Management Forum in Minneapolis on August 8 and 9.
The APTA Risk Management Seminar is the only risk management seminar dedicated to risk management professionals involved in transit risk management. This year’s agenda features new and creative thinking for risk managers—presenting cutting-edge concepts and challenges. With transportation and public entity risk managers at all levels of experience, the seminar includes several sessions on issues that transit risk managers face on a daily basis. Sean Murphy’s session will explore a modern approach to crisis and business continuity management that allows companies to maneuver in today’s complex world of threats.
As you are making plans for the RIMS 2017 Conference in Philadelphia, make sure you don’t miss Lootok’s Sean Murphy and Jeremy Stynes speaking on Monday, April 24th. They will be exploring the psychology of risk, sharing innovative ways to market your program, and breaking down traditional myths of Business Continuity Management. All in our signature, non-conventional Lootok way. We hope you come and join us!
RIMS 2017: April 23-26th, 2017 | the Pennsylvania Convention Center | Philadelphia
Lootok Sessions on Monday, April 24 :
12:00 – 12:25 pm | Market Your Program Like a Product | Jeremy Stynes, President
1:00 – 1:25 pm | Five Myths of Operational Risk and Business Continuity Management | Sean Murphy, CEO
3:00 – 4:00 pm | Risk Shrink: Exploring the Psychology of Risk | Sean Murphy, CEO, Lootok; Hester Shaw, Internal Control Framework Director, GSK
Zona Walton [ADP - Global Business Resiliency] and I spoke at a private conference last month. The title of our session was The Future of Resiliency. We explored the idea that the future of resiliency isn’t resiliency; that is, it will be something else.
The BCI is proud to introduce our first author interview with Eric Dezenhall on April 11th, 8:30-10:30 am, at the Harvard Club in New York City.
From Tiger Woods to Michael Jackson, Eric Dezenhall has been on the front line of high-profile crisis communications and public relations. Come hear his perspective on Trump vs Clinton, BP vs Goldman, fake news and much more. Eric is a world-renowned crisis management and public relationship expert with frequent appearances on NPR, CNN, FOX, CNBC, and MSNBC. He has written for the New York Times, the Wall Street Journal, Business Week, the Los Angeles Times, and USA Today; is a regular contributor to the Daily Beast, Huffington Post and CNBC.com. Learn more about Eric.
Seating limited to 50 seats. Register now!
Join me at the Thomson Reuters: 2nd Annual Corporate Counsel Leadership Forum. I will be moderating a panel on ‘The General Counsel’s Role in Business Continuity Management’. To register, contact 1-800-308-1700. Hope to see you there!
One of the sad realities of the “new normal” is the escalating specter of terrorism-related crises in the workplace. Though not exclusively tethered to data privacy concerns or security incidents, a business executive’s ability to manage unforeseen trauma is an essential (and largely unspoken) part of the modern day job description. This interactive workshop offers timely, practical, scenario-based coaching on how to handle the unforeseen at a moment of supreme hardship. Participants will walk away with a clear understanding of core tenets of business continuity management, as well as key techniques for coping with or better understanding terrorism’s ineffable vicissitudes.
Where: The Metropolitan Club
When: November 16, 2016, 1:45pm to 2:45 pm
Topic: Darkness Descends: The General Counsel’s Role in Business Continuity Management
Join me at the DC Analysts’ Roundtable on November 14th! I will be presenting on Business Continuity & Crisis Management.
The DC Analysts’ Roundtable is a collaborative body of practitioners in the fields of intelligence and risk analysis from the private sector and federal, state, and local agencies. The Analysts’ Roundtable promotes the professionalization of the intelligence and risk analysis communities through the sharing of best practices, information, and analytical training. Sign up by contacting DC.Analysts.Roundtable@gmail.com. Look forward to seeing you there!
Location: Lockheed Martin Global Vision Center Auditorium, 2121 Crystal Drive, Crystal City (Arlington), VA
Date: November 14, 2016, 12:30pm - 5:30pm
See full event details here.
In our session, we covered the critical aspects of rolling out and maintaining a global supply chain operational risk – business continuity program. Supply chain leaders are naturally gifted at managing risk, as it is part of their daily lives. But, supply chains are naturally dynamic (i.e., disruptive), which makes many of our traditional operational risk – business continuity techniques ineffective. Supply chain leaders need risk management techniques and tools to help them make decisions, solve problems, and communicate in complex environments.
Learning objectives covered:
Join me at the Enterprise Risk Management Summit in Las Vegas on November 2, 2016!
I will be speaking with Andrew Miller from ADP about linking reputation management, business continuity and crisis planning to strengthen risk resilience.
Where: Rio All-Suite Hotel & Casino in Las Vegas
When: November 2, 2016, 9:00am
What: Linking reputation management, business continuity and crisis planning to strengthen risk resilience
I had the privilege of sitting down with Mica Endsley —author of Designing for Situation Awareness: An Approach to User-Centered Design. Mica is the president of SA Technologies. Previously she was the Chief Scientist for U.S. Air Force.
Mica shares with us lessons learned from her book—Designing for Situation Awareness. I asked her nine (9) questions to solicit her thoughts on situation awareness, technology, and mental models.
While artists, athletes, and performers struggle to make their mark in the public eye with a memorable act or viral moment, a different type of celebrity has been emerging on the scene - the spokesperson for a crisis.
Here’s a quick exercise to highlight the point:
Jeffrey Boyd, Lew Frankfort, and Stephen Hemsley. Do these names sound familiar?
If not, don’t feel bad. They are the CEO’s of Priceline.com, Coach, and UnitedHealth Group, respectively.
Now, how about the names Tim Cook and James Comey?
We can immediately recall them as the CEO of Apple and the FBI Director, respectively, feuding over a locked iPhone involving a federal investigation of the San Bernardino shooting.
The media diligently covered Cook and Comey’s debate for more than three months. During that time, both men emerged as stars in a cast of characters ranging from lawyers, judges, politicians, and even presidential candidates. The media and public tuned in to hear their perspectives on data privacy, security, technology, civil rights, and terrorism.
One of the challenges we have in risk management, crisis management, and security management is striking a balance between customized and standard solutions. Customized solutions and approaches tend to be more expensive now (implementation) and later (maintenance). However, customized solutions resolve specific requirements. Standard solutions tend to be cheaper, but we don’t get exactly what we want. Our challenge is balancing requirements and spend to get the most out of our budgets.
When is good good enough?
Jeremy Stynes, Lootok’s CCO / CTO, has coined a term he calls Snowflake Syndrome. Snowflake syndrome is when someone believes that they are so unique they demand special attention and design - but reality is ... they’re not special. They believe their project/initiative/program is one-of-a-kind, a snowflake. The challenge of the Snowflake Syndrome is rooted in people’s mental models. People can suffer from the syndrome when they confuse their personal uniqueness, or desire to be unique, with the organizational program they are responsible for. It can also come from working in organizational environments that lack standardization and procedures; therefore snowflake solutions are everywhere. It is easy to believe you are a snowflake when everything and everyone around you is a snowflake. Snowflake thinking can lead to overly complex (unique) design and processes. Anytime we see inconsistent design or costly overruns the snowflake syndrome is close by.
When working with the masses [end-users; not experts in risk management, business continuity, crisis management], I find it beneficial to present clear, concise, and concrete packaged solutions. People need guidance and structure to help them think through problems and build effective plans. This is one of the reasons Lootok created the 8Rs™ of Resiliency. The goal the 8Rs is to reduce uncertainty, simplify complexity, structure thinking and dialogue, build common ground, and establish preparatory activities. The 8Rs facilitates planning with a plan as the end deliverable (i.e., plans are the byproduct of planning). The 8Rs are designed to provide people with a set of options they can employ to continue operations under various threats and timelines. The 8Rs™ of Resiliency comprises of the following:
“How did you go bankrupt?”
“Two ways. Gradually, then suddenly.”
- Ernest Hemingway, The Sun Also Rises
I was working with a head of risk management—the chief risk officer—at a global organization that does not have a GSOC. One night over dinner, I asked him why his organization didn’t have one, and suggested he spearhead the initiative. His response? “I’m not convinced we need one. The organization has always operated without a GSOC, so why start now?” He also said, “The reality is, we’re already doing it here and there. The system works fine. Let people do their thing.” Something that seemed so obvious to me and so unnecessary to him left me on the defensive and him on offense.
The reality is, if you’re a global organization, you need a GSOC—or some version of it. If you don’t have one, you will need to communicate the severity of the situation and get one. Allow me to illustrate the need for such capabilities so you can justify the business case to your leadership and board…
Since starting Lootok, once a year I go to Rochester, Minnesota, my home State, to take my annual executive physical at the Mayo Clinic. It gives me a good reason to get back to Minnesota to visit family and friends, while maximizing my medical checkups. In just two days, more than fifteen doctors evaluate me. Risk management shares many similarities with the medical field, and it’s where you find the best analogies and metaphors. I wanted to share few of the insights I have gleaned over my time at Mayo.
Risk management is analogous to the immune system. It is not a thing or part. It is a system that co-exists within other systems that must properly function with a larger system called the organization | organism. You cannot just fix the immune system, buy it, or expect miraculous resiliency overnight. The immune system must be earned, strengthened and maintained every day. You need healthy habits, positive attitude and healthy living and work environments, proper planning and long-term vision and dedication, so forth. Risk management works the same way. Risk management also has the same challenges as our immune system: we don’t think much about it until something goes wrong.
I appeared on Federal News Radio and shared my thoughts on new approaches to risk management and how to develop an effective approach to business. You can stream the recording for free here: Interview with Sean Murphy
Look forward to hearing your thoughts and comments!
Chris de Wolf (Mars) and I got back together in April at the RIMS’16 conference for an overwhelmingly well-received session where we talked about transforming the risk function from a program to a business.
“Shaking up the Status Quo - Innovations in Risk Management” gave us the opportunity to tell the story of how we reinvented risk management - business continuity. Long story short: We were looking for a better way.
Please join us at RIMS’ annual conference in San Diego, April 10-13, 2016. Lootok’s CEO and President, Sean Murphy, will be speaking at three separate events. The schedule for his sessions is listed below.
You can also get a sneak peak of Sean’s session on “Five Essential Crisis Management Capabilities” live on Twitter through RIMS live tweet chat. Join the conversation by following and using #RIMS16Chat on March 9, 2016 at 2:00pm EST.
What’s the biggest challenge in risk management? If you ask risk analysis expert Yossi Sheffi, it’s the lack of an industry metric. For example, when you choose a supplier, how can you quantify how risky your choice is? When it comes to metrics, Sheffi says, risk still remains an area where gut feelings and opinions play a major role. And the biggest challenge for risk managers? Defuse the responsibility for managing risk throughout the whole company.
Risk analysis expert Yossi Sheffi discusses two fundamental resiliency strategies that organizations can use to recover from an incident: redundancy and flexibility. Using the examples of Intel and Southwest Airlines, Sheffi talks about the role of redundancies, flexibility and interchangeability, and communication and culture to provide risk managers with realistic and practical approaches to consider.
Risk analysis expert Yossi Sheffi explores the capabilities and limits of the traditional risk matrix, and adds another axis called “detectability.” Detectability has to do with time dimensions, or how much time we have to prepare and react to a threat. There are some events, such as a cyberattack or theft of intellectual property, that have no warning; you realize their occurrence only after they hit you. While the standard use of the risk matrix is influenced largely by the past, adding detectability means greater opportunity to tackle impending threats.
What happens when we’re in a crisis we haven’t seen before, and our experience is insufficient? Such a situation requires us to gain “insight,” or develop new patterns that change the way we understand things and consequently, change the actions we consider. Research psychologist Gary Klein investigated the different ways that people form insights, and the factors that prevent us from having them.
There are certain challenges that face a crisis management team in the “Golden Hour,” the moment when team members convene to make critical decisions. Research psychologist Gary Klein discusses the need for team members to size up not only the situation, but also each other’s capabilities, roles, and responsibilities at time of event. That’s why it’s key for a crisis management team to regularly practice and train together.
How do most organizations handle uncertainty? They gather more information. Research psychologist Gary Klein explains why this isn’t always the best course of action. After all, it’s easy to gather information and sit on it; it’s harder to know how to make sense of events, and make a coherent story based on the data we have.
How can leaders make good decisions under the extreme time constraints of a crisis? To find out, research psychologist Gary Klein studied fire fighters to understand their approach to making crucial, complex decisions so quickly. The recognition-primed decision (RPD) process, as he explains, reveals how these professionals assess the situation: they compare familiar patterns and cues to past experiences to know which actions to take.