Wednesday, April 2, 2014

Operational risk is real world risk.

UW cherry trees, in bloom during spring break 2014

 I've had a nice break between quarters at the University of Washington, and I'm anxious to get back into the classroom tomorrow.  That's the beauty of teaching different courses.  It's hard to bore yourself or the students.  I find that the real world examples I use in my courses always need to be updated because events move so quickly.

Consider the mudslide here in Washington State.  Or the KOMO-TV news helicopter crash.  Or the unprecedented General Motors recall. Or this afternoon's active shooter at Fort Hood.  Or recent earthquakes in California and Chile. And don't forget the amount of heavy lifting necessary to get to work. They're all grist for the mill.

Over the next ten weeks, we'll examine operational risk in both the public and private sectors.  Is the risk different? Or is it just managed differently?  What are the barriers to implementation of a strong risk management program? Are there ways to implement such programs without large budgets, but with skill and imagination?

I have at least 24 graduate students in the class.  They're still signing up.  I'll keep you posted.

Tuesday, March 25, 2014

Northwest Disasters

NTSB: Helicopter rotated 360 degrees before crash

Slide near Oso

We've had two of them in less than a week.  First, the fiery news helicopter crash last week.  Then last Saturday, a horrific mudslide in Snohomish County, where rescue operations have been too dangerous to be fully undertaken, even though both the president and the governor have now declared it a disaster.

Lots for risk professionals to think about in each event.   Should helicopters be allowed to land and take off in dense urban areas?  What criteria would we set for when it is allowed.  Should people be allowed to build, buy and sell homes in areas where the hazards are well known?  (This latter question is one that applies to many types of geography past that of our region, but in particular to areas where there is privacy and remoteness, but where there are also hazards like wildfires, flooding, mudslides, even earthquakes.

I suspect there will be a significant amount of discussion around this topic on Thursday when a broad-based group of owners, executives, and public servants are convened in City Hall to spend four hours on Seattle's disaster plan.  These two events will certainly cause us to think more carefully on what can go wrong, and where.

Thursday, March 20, 2014


Another form of risk management: learning how to paint watercolors.

I've just come from a terrific ASIS meeting, where Robert Dodge discussed risk management today, and its evolution from a "guns, gates and guards " mentality in the physical security world to a world in which technology touches every part of our physical world.  Many of the areas he covered around enterprise risk management and the protection of corporate intellectual property are, interestingly enough, topics that my graduate students wrote about in the final papers for the "Law, Policy and Ethics in Information Management" course that I teach at the University of Washington.

Add to Robert's remarks the Allianz Risk Barometer report from January of this year, and you see how risk and law and policy and ethics are interwoven in any risk assessment and subsequent management strategy.  (U.S. business leaders found the top risks to be business disruption; supply chain issues; natural disasters; cyber incidents; reputation damage; environmental issues; talent shortages; global pandemic; food/water/energy shortages; and regulation.

This is the second time I've taught this core course to master's degree students.  Here are summaries of the topics of their final papers, which you can line up against assessments by Robert and those that Allianz collected:

Proposal for a New Third Party Doctrine Test
The FAA, Drones and Amazon Air
Academic Misconduct
Innovation & Litigation with Intellectual Property
LinkedIn and Spamming
Electronic Civil Disobedience
Intellectual Property in the Digital Age
Internet Repression by Authoritarian Governments
Digital Rights Management
The Challenge of Cyber-Security
3D Printing & the Future of Intellectual Property
Student Data: Ensuring Privacy

Next Wednesday, I'm speaking at the National Defense Industry Association's conference here in Seattle.  My topic is "How to Identify Insider Threats."  I will be discussing what Robert in his talk called "intelligence driven risk management," including contractors as well as employees.

Carpe diem.

Monday, March 10, 2014

Ready to go?

Here's some great advice on what to have ready in the event of an earthquake, tornado, hurricane, wildfire or even a tsunami from Jim Cantore at The Weather Channel.  Read it all the way through, and then see what you can do about improving your own kit. 

In the trunk of my car.
Some of the items inside our first floor pack.  This is in addition to items kept in the kitchen pantry or basement.
 I know I've got to go back and check batteries and water I stored a couple of years ago in both my car pack, and the kit that I keep on the first floor of the house.

Monday, March 3, 2014

On the brink.

Most parts of the country are confronting unprecedented bad weather that just keeps returning -- or, in the case of California, weather whose compensatory qualities for the three year drought and wildfires have extreme side effects, ranging from mudslides to tornadoes.  Dare anyone suggest that climate change is not upon us?

In other parts of the world, political risk has risen to the top of the charts.  The dangerous brinkmanship game now being played by Vladimir Putin will have repercussions in more places than the gas and  oil pipeline he is so interested in protecting. Take a look at these four maps from the New York TImes. I can only hope that U.S. leadership will not use this as an opportunity to flex their cyber command muscles.

We'll stay tuned to this large stories, as we watch another one play out locally -- the fate of the underground tunnel that Big Bertha was supposed to create.  Is it too late for politicians to sit down again with engineers and risk managers and determine whether this is truly the best solution?

Never stop asking.

Sunday, February 16, 2014

Looking back on the Amsterdam conference

The two day risk conference called OpRiskWorld was an inaugural effort with an unusual format and an extremely diverse group of participants from the banking and regulatory world.  It was the brainchild of a company called RiskBusiness, publisher of the magazine The Risk Universe, for which I write four times a year. 

The magazine is in fact being published late this month so that a report on the conference can be published, and I will try to be sure to post it here when available.  But first, the format:  each session had a topic and up to three panelists, with each session moderated by South Afrikaner Mike Finlay.  Panelists ranged from authors to academics, an industrial psychologist, bankers, modelers and regulators, all focused in their work on the field of operational risk.

No session lasted more than 45 minutes, eliminating the pontification factor.  Each panelist had roughly 5 minutes to speak, then the panel was quizzed by Finlay, before being turned over to the audience for additional questions.It worked amazingly well.  Of course some sessions ran over, but that time was made up in other ways by resizing networking breaks.  No one dozed off, and 1-2 slide power points were used only twice.

From left: Risk Business International CEO Mike Finlay, myself, and Howard Stein.
The other factor that made the conference discussions so invigorating were the countries represented.  There were a few of us from the United States, but other countries well represented included England, Canada, Australia, South Africa, Saudi Arabia, the Netherlands, Singapore, and Switzerland.  The variety of perspectives made the conference especially unique.

I spoke in the last session of the conference, along with Howard Stein, who retired in 2004 as managing direction of operational risk for Citigroup's Global Corporate and Investment Bank, and who continues to work around the world on operational risk banking issues.  Our topics were two:  the "living will" specification for large banks in the

Dodd-Frank legislation; and the "too big to regulate, too big to fail" theme that persists in most extended discussions of the banking industry.  More on that in my next blog post, or the report from the conference if it is covered there.

Tuesday, February 11, 2014

Following your own advice

I have been in Amsterdam nearly two hours now, and so far at least it's been a joy to travel.  What could have been a major disruption in my airline itinerary turned out to be nothing that US Airways could not take care of smoothly. It probably helps that US Airways and American Airlines are merging.  My booking was a considered choice:  in one other bad weather situation, US Airways had anticipated a missed connection and re-booked me on to a later plane without bothering me at all.  Furthermore, when we landed late at the airport, US Air personnel were standing just outside the runway to hand us our newly revised boarding passes and help us make connections.

This time, the plane that was to fly me from Seattle to Philadelphia had a mechanical problem they found the night before.  I got a text alert then phone alert to say that flight was cancelled.   While I was on hold waiting to speak to someone about my fierce need to make the connection in Philadelphia to Amsterdam, their system rebooked me onto an American Airlines flight to Chicago, then picked me back up on US Air in Chicago.  In each case, my seat assignments were upgraded without cost, so that I flew business class at no additional charge.  And since the flight to Amsterdam was only half full, I was able to stretch out across three seats and sleep.

While I wait for my room to be ready, I'm going back over my checklist.  I bought two small plans for handling text messages and phone calls while I'm here.  For mail, I am using the hotel's free wi-fi, and I fetch my messages manually.  I carried my bag and briefcase with me through all the airports rather than check luggage and run the risk that it might not make the three connections that I did.  I carried American money for that portion of the trip.  When I arrived in the airport here, I used an ATM to get euros.  I brought the right adapter for my electronic devices.  If I have forgotten something, I don't yet know it.

After I get into my room and unpack, I am off to downtown Amsterdam to look at some of the most magnificent paintings ever created, most of them by either Vincent Van Gogh or Rembrandt.  I'm using the train system combined with the hotel shuttle, to get me where I need to go.