Sean Murphy, CEO of the crisis management and business continuity consulting and technology company Lootok, will share his expertise and insights at two high-profile events this year. On August 7, he will present at the American Public Transportation Association’s (APTA) Risk Management Seminar in San Diego. Immediately following the APTA Seminar, Murphy will be a featured speaker at the U.S. Department of State’s Overseas Security Advisory Council (OSAC)’s Crisis Management Forum in Minneapolis on August 8 and 9.
The APTA Risk Management Seminar is the only risk management seminar dedicated to risk management professionals involved in transit risk management. This year’s agenda features new and creative thinking for risk managers—presenting cutting-edge concepts and challenges. With transportation and public entity risk managers at all levels of experience, the seminar includes several sessions on issues that transit risk managers face on a daily basis. Sean Murphy’s session will explore a modern approach to crisis and business continuity management that allows companies to maneuver in today’s complex world of threats.
Learning to either manage the crisis or run the company, but not do both, is a hard lesson for most executives, as they want to do it all. Executives achieve their position through hard work, overcoming extreme obstacles, success, confidence, and leadership. It becomes difficult to let go of the organizational reigns to focus on the crisis. Likewise, it is just as difficult to let others manage a crisis while they focus on the organization. This post is a reflection of a number of executive crisis management trainings I facilitated where the executive (e.g., CEO, business unit president, segment leader) wanted to ‘fly the plane’ and ‘fix the problem.’
This is a continuation of my Business Continuity Basics article.
Consider the Basics for Crisis Management Program - as with most initiatives and programs, we tend to over think when we design them. The basics reminds me of one of my favorite quotes from Antoine de Saint-Exupéry, “Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away.”
When it comes to crisis management the majority of crisis teams need seven means to make timely and effective decisions based on applying judgment to available information. We need a command and control framework, critical information requirements (identification of gaps in our knowledge), intelligence, situation awareness, common operating picture, common ground, and intent.
As you are making plans for the RIMS 2017 Conference in Philadelphia, make sure you don’t miss Lootok’s Sean Murphy and Jeremy Stynes speaking on Monday, April 24th. They will be exploring the psychology of risk, sharing innovative ways to market your program, and breaking down traditional myths of Business Continuity Management. All in our signature, non-conventional Lootok way. We hope you come and join us!
RIMS 2017: April 23-26th, 2017 | the Pennsylvania Convention Center | Philadelphia
Lootok Sessions on Monday, April 24 :
12:00 – 12:25 pm | Market Your Program Like a Product | Jeremy Stynes, President
1:00 – 1:25 pm | Five Myths of Operational Risk and Business Continuity Management | Sean Murphy, CEO
3:00 – 4:00 pm | Risk Shrink: Exploring the Psychology of Risk | Sean Murphy, CEO, Lootok; Hester Shaw, Internal Control Framework Director, GSK
Zona Walton [ADP - Global Business Resiliency] and I spoke at a private conference last month. The title of our session was The Future of Resiliency. We explored the idea that the future of resiliency isn’t resiliency; that is, it will be something else.
As business continuity practitioners, it would serve us well to take a cue from writer Antoine de Saint-Exupéry, who stated, “Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away.”
Many risk and resiliency initiatives are more robust and complicated than they need to be. Common signs of an over-engineered program may include: lengthy plans packed with procedures and protocol, a BIA that takes months to complete, lengthy internal audits fixated on industry standards, and just a handful of people who actually know what to do in an incident.
Blessed with “the curse of knowledge,” we as practitioners can easily lose sight of how business continuity is perceived by our stakeholders. We fall prey to assuming that others understand the value of participating in program activities, much less have the expertise to decipher industry jargon (how many times in your career have you had to explain “RTO” and “MTPD”?).
Even Wikipedia’s description of “business continuity planning” is prefaced with the warning: “This article may contain an excessive amount of intricate detail that may only interest a specific audience.”
Put yourself in the shoes of a stakeholder who rarely thinks of contingency planning or has yet to experience an incident, and it’s even more critical that you keep your program simple.
What would happen if we were to boil down business continuity to just the basics? What if we began describing concepts in layman’s terms, and it helped to ease understanding and facilitate program adoption?
The BCI is proud to introduce our first author interview with Eric Dezenhall on April 11th, 8:30-10:30 am, at the Harvard Club in New York City.
From Tiger Woods to Michael Jackson, Eric Dezenhall has been on the front line of high-profile crisis communications and public relations. Come hear his perspective on Trump vs Clinton, BP vs Goldman, fake news and much more. Eric is a world-renowned crisis management and public relationship expert with frequent appearances on NPR, CNN, FOX, CNBC, and MSNBC. He has written for the New York Times, the Wall Street Journal, Business Week, the Los Angeles Times, and USA Today; is a regular contributor to the Daily Beast, Huffington Post and CNBC.com. Learn more about Eric.
Seating limited to 50 seats. Register now!
In our business, we can all identify with the feeling that something bad is looming—the next big power outage, unprecedented snowstorm, or vicious cyber attack is right around the corner. Sometimes it can feel like all we’re doing is getting ready for a negative event.
Many industry activities—things like assessments, plans, exercising, and auditing—help to create this “wait-for-impact culture.” As we evaluate endless industry standards, regulations, and consulting methodologies, there is a hyper-focus on documentation, policies, procedures, steering committees, and audits.
This methodical approach works with well-defined risks, or those threats that are so familiar to us that we’ve integrated them into the way we do business. But what about complex risk? The most procedural checklists and plans don’t account for managing those threats that we’ve yet to figure out. Risks that are still emerging and largely unknown are the ones that could actually leave us vulnerable.
Ten years ago, we developed Lootok’s BCM Model®* because we realized that it wouldn’t ever be enough for leaders to simply respond. For companies to stay competitive, leaders must be more proactive than ever to also consider threats that are on the horizon.
This presentation was presented at the D.C. Analyst Roundtable. I was asked to speak on crisis management, business continuity, and how to run a program like a business. You can download the presentation from SlideShare.
The “on time, on budget, and as promised” motto that dominates our industry is a cliché. It’s the stock answer when asked how to evaluate a project’s success. You may achieve one or maybe two of these measures, but satisfying all three is no easy feat. While project plans can help, you need much more. At Lootok, we deliver projects through two proprietary means: ODWR® and 5Ds®.
Why can’t risk management, crisis management, and business continuity be a rewarding experience that people actively desire to be involved with?
Join me at the Thomson Reuters: 2nd Annual Corporate Counsel Leadership Forum. I will be moderating a panel on ‘The General Counsel’s Role in Business Continuity Management’. To register, contact 1-800-308-1700. Hope to see you there!
One of the sad realities of the “new normal” is the escalating specter of terrorism-related crises in the workplace. Though not exclusively tethered to data privacy concerns or security incidents, a business executive’s ability to manage unforeseen trauma is an essential (and largely unspoken) part of the modern day job description. This interactive workshop offers timely, practical, scenario-based coaching on how to handle the unforeseen at a moment of supreme hardship. Participants will walk away with a clear understanding of core tenets of business continuity management, as well as key techniques for coping with or better understanding terrorism’s ineffable vicissitudes.
Where: The Metropolitan Club
When: November 16, 2016, 1:45pm to 2:45 pm
Topic: Darkness Descends: The General Counsel’s Role in Business Continuity Management
Join me at the DC Analysts’ Roundtable on November 14th! I will be presenting on Business Continuity & Crisis Management.
The DC Analysts’ Roundtable is a collaborative body of practitioners in the fields of intelligence and risk analysis from the private sector and federal, state, and local agencies. The Analysts’ Roundtable promotes the professionalization of the intelligence and risk analysis communities through the sharing of best practices, information, and analytical training. Sign up by contacting DC.Analysts.Roundtable@gmail.com. Look forward to seeing you there!
Location: Lockheed Martin Global Vision Center Auditorium, 2121 Crystal Drive, Crystal City (Arlington), VA
Date: November 14, 2016, 12:30pm - 5:30pm
See full event details here.
In our session, we covered the critical aspects of rolling out and maintaining a global supply chain operational risk – business continuity program. Supply chain leaders are naturally gifted at managing risk, as it is part of their daily lives. But, supply chains are naturally dynamic (i.e., disruptive), which makes many of our traditional operational risk – business continuity techniques ineffective. Supply chain leaders need risk management techniques and tools to help them make decisions, solve problems, and communicate in complex environments.
Learning objectives covered:
Join me at the Enterprise Risk Management Summit in Las Vegas on November 2, 2016!
I will be speaking with Andrew Miller from ADP about linking reputation management, business continuity and crisis planning to strengthen risk resilience.
Where: Rio All-Suite Hotel & Casino in Las Vegas
When: November 2, 2016, 9:00am
What: Linking reputation management, business continuity and crisis planning to strengthen risk resilience
Lootok’s ABdCa®: The best way to collect and analyse data.
We were at our wits’ end. Neither we nor our clients could take another dull meeting or frustrated end-user. Risk management, crisis management, and business continuity were simply too hard for too little. We took a deep breath and sat back. Finally, someone said it.
“There HAS to be a better way!”
We knew she was right, but none of us had any idea how to accomplish that. We started by just trying to have a little fun in our meetings: we played a few games. As we played, we discovered that our activities were not only fun, but engaging and memorable as well. We could use them to facilitate training and awareness. Then it got better. We realized we could collect and analyze data at the same time.
It was an incredible discovery for us. Not only did we change the experience of a meeting, it facilitated a better learning environment with higher adoption rates, while completing our deliverables at the same time. Developed and refined over the last decade, Lootok’s Activity-Based Data Collection and Analysis (ABdCa®) Model takes a fraction of the time and cost of traditional methods while facilitating a more effective process and more rewarding experience.
“Nothing happens until someone sells something to someone.” Thomas J. Watson (1874–1956), Chairman and CEO, IBM
Would a company sell a product or service that no one wanted? It’s an absurd question with a simple answer: absolutely not. You need demand. People have to want what you’re offering. At Lootok, we apply this same basic principle to risk management, business continuity, and crisis management programs.
Of course, most practitioners—people like you and me—see the value and the importance of their role in such services. But if you go outside this tight circle, demand quickly wanes. Rather than march to a linear project plan or industry standard, let demand drive the pace of progress.
Before you rollout, change, or update a global program, begin by assessing demand. Organizations tend to prefer immediate success and tangible artifacts (e.g., risk assessment or business impact analysis), but if you think of your program as a business, assessing demand would be the first thing you would do.
Out of this concept came Lootok’s Demand Model®, developed and refined over the past decade.
Chris de Wolfe, global director of risk management at Mars Inc., shares his challenges of getting the global risk management program at Mars up and running.
“The CRM group had a lot to offer but was severely underutilized, which led to high insurance premiums, a high risk profile, and a significantly reduced resiliency and recovery capability,” Chris said.
Reflecting on how Mars as a business became a major success, de Wolfe decided that he needed to market and promote his own department in the same way. Partnering with Lootok, a risk management consultancy firm, he developed a strategy to engage with the employees in a fun yet educational way. He devised a 5- to 10-year plan, broken into 12- to 18-month strategies and individual project plans by mapping out all of the products and services that risk management offers. He conducted a perception survey and drew up a program based on the ABCs of risk management.
“The ABCs allowed people to understand that risk management not only provides insurance, but it also ensures that the business continues,” said de Wolfe.
Sean Murphy, CEO and founder of Lootok, said of de Wolfe:
“I’ve known Chris for 10 years and what differentiates him is that he treats his program as a business. He had a good program before but he wasn’t satisfied with it so he completely revamped it and is now reaping the benefits.”
The Brit seemed like our perfect partner, and we feared it too good to be true—technical sophistication, strong reporting/metrics, and flexibility? Our self-defense mechanism kicked in, and we couldn’t help but try to dig up some dirt. So, we asked others, “Hey, what’s the Brit really like?”
But despite our best efforts, all we could scrape up were rave reviews from their existing clients. By all accounts, the Brit seemed reliable, stable, and drama-free.
Though it may seem shallow to admit, we also wanted to date someone with a pleasing, modern aesthetic—and the Brit was recognized globally for its good-looking user interface. Having seen so many clunky platforms, we bonded in our mutual love for user-centered design. We spent many a weekend waxing poetic about the need for “simple, unobtrusive, intuitive planning.”
Years ago, we were seduced by software that promised to solve all of our problems. Maybe it was our fault for being too naïve. The software only ended up being way too complicated, and left us feeling so overwhelmed and abandoned that there was no choice but to eventually break up. The whole experience burned us so bad that we swore never to enter into the software market again.
Maybe we’d just been in the BCM scene too long, but we didn’t want anything flashy or something just “good enough.” Perhaps our standards were high, but we vowed to ourselves not to make the same mistake again.
I had the privilege of sitting down with Mica Endsley —author of Designing for Situation Awareness: An Approach to User-Centered Design. Mica is the president of SA Technologies. Previously she was the Chief Scientist for U.S. Air Force.
Mica shares with us lessons learned from her book—Designing for Situation Awareness. I asked her nine (9) questions to solicit her thoughts on situation awareness, technology, and mental models.