GRC Supper Club: Operational Resiliency and the Interconnectedness of Risk
The past two months have been a crazy whirlwind of webinars, phone calls, and video meetings. Organizations the world over have been asking for calls on how to respond to the pandemic from a GRC perspective, and what the world of GRC will look like and how corporate governance, enterprise risk, and compliance and ethics management will change coming out of the pandemic. From 5:00 am to midnight here in Milwaukee, it has been a full sprint. RFPs, shortlists, strategy calls, competitive analysis of solutions, input on strategy, to market sizing and forecasting of GRC segments for solutions and services . . . it is a crazy time. I have done more webinars in two months than I normally do in an entire year.
One of the fun and unique engagements I did was the GRC Supper Club last week! This is an event that is normally done in person in the United Kingdom and led by my friend Lee Edge. With the pandemic it went virtual. So while the amazing host and many of the attendees were enjoying dinner and drinks in their homes in the UK and Europe, myself and a few others were doing lunch here in the United States.
Lee moderated the event, and I was one of three panelists for the virtual GRC Supper Club (you can access the recording for the virtual GRC Supper Club here). While we were speaking, Lee had an artist capturing the conversation and insight and putting it into the graphic you see above. I love how the graphic turned out! It captures so many of the points and analogies I brought up in the virtual GRC Supper Club. These are (working across the top and then clockwise around the bottom):
- The Pandemic is NOT a Black Swan Event. I stated that being unprepared for risk does not make it a black swan. There were plenty of warning signs, history of events, and people and organizations speaking out on the potential for a pandemic. It does not meet the requirements of a black swan event. I blogged on this here: Being Unprepared for the Crisis Does Not Make it a Black Swan.
- A Tale of Two Futures. Playing on the Charles Dickens novel, Tale of Two Cities, I discussed in the GRC Supper Club how we have a tale of two futures: we are headed toward either a Blade Runner dystopia or a Star Trek future. The choices organizations make today on the environment, climate change, and health and safety impacts what future we are headed toward. I blogged on this here: Tale of Two Futures: Blade Runner or Star Trek?
- The Interconnectedness of Risk & Chaos Theory. Looking at the bat stating, “I am no butterfly but I’ve had a big impact” was in reference to my discussion in the Club about the interconnectedness of risk and how small things matter. I referenced Chaos Theory and the Butterfly Effect in which the flutter of a butterfly’s wings in Amsterdam can influence the development and path of a hurricane in the Gulf of Mexico. What started with a bat at a wet market in China has had a worldwide impact that is more than a health and safety risk but cascades into economic risk, strategic risk, supply-chain third party risk, security risk, geopolitical risk, IT security risk, modern slavery and human rights risk, bribery and corruption risk, and even harassment and discrimination risk (I detail all of this in the Supper Club recording). I have blogged on this here: Navigating Chaos.
- Cover Your Behind & IT Risk. This part of the illustration detailed my discussion on how too many enterprise and operational risk management programs have been operating with a myopic and overly focused view on IT security risk. IT security is a huge risk, but there are other significant risks the organization faces that have not got the same level of attention. Look at the world around you and nothing more needs to be said. IT security has been the dominant risk focus in ERM and ORM programs at the cost of other risks like environmental, health and safety, and quality. I make reference to this in this blog: Forrester GRC Wave = Tsunami of Confusion.
- The Titanic of Risk. Next in the GRC Supper Club illustration and discussion, I referenced the illustration of the Titanic. This is an analogy I have been using in presentations for nearly 15 years. It is about all the risk exposures that contributed to the disaster of the Titanic, including environmental, overconfidence, third party risk issues, lack of control, health and safety, oversight, and more. Further illustrating the interconnectedness of risk. I have blogged on this here: The Titanic: An Analogy of Enterprise Risk.
- Right-Brain & Left-Brain Risk Thinking. In the lower right corner of the illustration you can see my dialogue during the GRC Supper Club in which I shared that good risk management involves both right-brain thinking and left-brain thinking. Too often we focus on the left-brain side of risk models and analytics, but good risk management also involves the out of the box creative thinking on risk and scenarios. I have blogged on this here: Managing Risk in Dynamic & Distributed Business.
- Environment, COVID & The World. This part of the illustration was in reference to my comments on the Economist cartoon from a few weeks back in which the world is fighting COVID in the boxing ring but a much bigger opponent of the environment and climate change is about to step into the ring.
- IT Security and the Home Office Blender. At this point in the GRC Supper Club I was discussing the IT security threats in the home office/work from home environment with the Internet of Things (IoT). I detailed how in my home in Milwaukee I have outlets, TVs, and even a blender that is connected to the Internet. If one of these devices has a vulnerability, or worse, a trojan horse, this could compromise organization data and connections.
It was a great event! There are two upcoming VIRTUAL GRC Supper Clubs you can register for, though I am not speaking on these. Hopefully, it will be back to in-person dinners back in the United Kingdom soon . . .