When it comes to reporting organisational performance, risks, and compliance, especially in an integrated manner, we have become lazy or opportunistic.
A risk manager once told me how she has put together three arch lever folders of documentation for the upcoming Board meeting in her organisation. And she was so proud of her achievements!
Three things crossed my mind when she said that. Continue reading
In his post Cause of Death: Invalid Assumptions, my colleague Mark Moore observed 
that project risk management often excludes consideration of underlying assumptions on which event probabilities and prospective impacts are based. Obviously, we cannot operate without relying on what we know or we would have to reinvent the wheel every time we had to go somewhere. On the other hand, failing to challenge what we believe we know or to consider the possibility that there are relevant factors about which we have no idea (so-called “unknown unknowns”) can result in vastly underestimating risks or missing opportunities. This article will raise questions more than it will provide answers but it does suggest that some changes in PM discipline can help reduce the risks our assumptions create. Continue reading
My cyber colleague Kiron Bondale posted his original article on his blog, Easy in 
Theory, Difficult in Practice. I encourage you to read it as it’s good advice on its own. With his permission, I’ve created a fusion of his thoughts and my own (a non-Vulcan mind meld, if you will) to challenge the way we think about viewing our project teams for the best chance at success. I wrote something similar on this site a while back. You may want to refer to that as well. Continue reading
turby
It has been a busy year in the U.S. for Cybersecurity. The latest development (as of August 6, 2013) is an announcement from the White House outlining incentives under consideration to encourage Critical Infrastructure companies to implement the Cybersecurity Framework under development by NIST: Continue reading
Volatility is going to be with us for a long while.
This means more risk. The good news for us in operational and technology risk management is lots of work and consulting opportunities. This is from a survey conducted recently by the Society of Actuaries. So, here are a few more data points: Continue reading