Foundation & empowerment at the front line.

Keep the foundation strong and empowered....or risk the consequences!

In comprehending the risks that your organization faces, it is important to know where the "front lines" exist between your enterprise and the rest of the world.  Your biggest risks are usually found there.  Often, organizations will appoint individuals or groups to "manage" risk; perhaps through a process of identifying and assessing each risk in kind, along with a "2x2" box chart that posits the likelihood of occurrence against severity or impact.  They may not always consider the people who are "touching" the front line every day.

So this rational approach needs to consider where risky events might actually arrive at your boundaries. Who on your team faces that risk "head on" and must recognize it for what it is?  Often, mapping the front lines involves employees deep in the organization, deep within the "foundations" of your team, yet somehow facing the outside world within their roles.

We can and must not use the term "lower level employees" when thinking about these critical players on the team.

 "Foundational" employees, the bedrock of your enterprise, represent the strengths and functions of your organization. They need to have the passion to look after your interests, worrying about both everyday and novel emerging risks. Lets think about some of the things that can and do happen on the "front lines."

  • A "foundational" technical employee receives an email looking like a secure PDF, and at that moment is one click away from enabling a command-and-control malware to invade your information system.
  • A "foundational" finance employee receives email instructions from a senior leader for processing, using a quick wire transfer, of a supplier bill sitting in your accounts payable system.  It is portrayed as a critical supplier satisfaction issue that must be resolved immediately or there will be consequences for your reputation.   A file attachment contains the wiring instructions to be strictly followed..
  • A "foundational" line operator in your production fab spots a subtle change in process conditions not outlined in the operating procedures.
  • A "foundational" call center employee is asked by a tearful customer to restore log-in privileges to her phone, even though she cannot produce credentials.

Think about what an empowered, motivated  and trained employee might do in each situation. Now, think about what an overly compliant, fearful employee might do; simultaneously eager to please and fearful of reproach.  Criminals understand this behavioral dynamic.

In nature, evolution favors the best mimic, the most effective camouflage and stealth.  The effective use of all senses assures survival or dooms the unwary.  The "senses" of your organization are often right at the perimeter of your business processes, where employees face the rest of the world.  How do your behaviors influence good judgement at the boundary?

  • Imagine that you are a CFO of a $1B company, how would you react to the "audacity" of a $15H/hr finance employee "way down the chain" questioning your personal identity if you ask that something be done via an email directive?  Hint:  If you are not willing to personally thank the employee for doing so, maybe even taking her out to lunch with her team, then you are probably increasing the risk of fraud.
  • If you were a manufacturing engineer being asked to respond to "something different" observed by the night shift manufacturing operators in your line, and you determine nothing is wrong, what to do?  Answer: What did the CFO do in the scenario above?
  • If you are the Chief Legal Officer of the company and an employee calls you to verify that the urgent "secure PDF" document you sent to them is real...?  

You can see the pattern.  "Foundational" employees are often all that separate normal business operations from disaster.  The time that you invest and the culture that you create, as a leader,  can go a long way towards bringing them on-board and working with you against the risks that affect your organization and your assets.  

How well do you care for your foundation employees?  Are they afraid of you? Do they know who you are? Do they view you as a stranger?  How can you reward any employees who has the audacity to discern "real" from "fake" - even at the risk of a few "false positive" events.  

So take a hard look at the intersection between your foundation and your boundaries. Your livelihood depends on it!

John Kent

Garnet Peak Associates:  www.garnetpeakassociates.com

Who's watching your front lines?

Who's watching your front lines?

Mapping Your Risk Profile

It has been an interesting year to start up GPA and we are very fortunate to have assembled an outstanding team of senior professionals.  Corporations are going through a particularly interesting period of risk management at this juncture - significant movements in the M&A space, significant threats from cyber attacks and the move towards the next election cycle in the USA.  The great “wild card” of late has been the relative abundance of energy in the last 12 months, resulting in a strong reduction in energy prices and dislocations in the energy and commodity markets.  Political events in Europe and the Middle East have probably changed some travel and communication behaviors in the short term but they have not changed the fundamental move towards greater interdependence and integration of economies, corporations and organizations.

With all of these things happening, leaders at all major companies must get up each and every day and be prepared to compete and manage in their marketplaces with their unique technologies and services while navigating  interesting and fast moving challenges.  This is a time for courage and with courageous decisions, inevitable opportunities and risks arise and require management.  As we all know, the worst type of risk is the one you don’t anticipate.

At Garnet Peak Associates, we understand this and are ready to work with your leadership team and/or Board of Directors to give you solid, externally focused feedback on your organizational and technology needs.  Check out our “visual domain map” and consider us as a resource as you work through your 2016 Strategic Planning Cycle.

John Kent                           read more at www.garnetpeakassociates.com

 

GPA Domain Offerings - Contact us at info@garnetpeakassociates.com

GPA Domain Offerings - Contact us at info@garnetpeakassociates.com




Hidden risks inside your business

When your organization is moving fast to develop a new idea, technology, application or service, it is incredibly important to keep an eye on emerging business risks that can divert your resources or even stop your efforts.  These risks can come from hidden sources and may arise quickly.  Do you understand your Intellectual Property Portfolio and are you prepared to defend it?  Are your information systems secure?  Do you understand the upstream and downstream liability issues with your products and services?  Are your employees and leaders acting in the best interest of your company?  Do you know all of your compliance requirements?  Are you "leaking money" within your operations and expense structure?    Can any single employee leave and take the whole "story" with them?

Looking at your business; if you are developing a  fantastic idea, product or service that adds significant value compared to the next best alternative, the "competitive clock" starts ticking at the moment your competition realizes what you are doing.  There are many ways your competitors can shorten your lead time, either through aggressive development, recruitment of your key team members, casting aspersion on your solution or even IP and Legal challenges.  When the moment comes that you reveal your offering to the "world", consider the tools you will need in your "toolbox" to maintain your leadership position.

A fresh set of "eyes" can often spot trouble where it may be hidden in plain sight within your organization.  Questions can be posed without organizational repercussions and perspectives can be gathered independent of the standing organizational structure of the team.

Posing the right question can save millions of dollars and keep major programs on track.  This is what we are all about at Garnet Peak Associates.    

John Kent       Read more at www.garnetpeakassociates.com

 

In business, not all risks are clearly marked.

In business, not all risks are clearly marked.

Life at the extreme edge of the Cloud

Not long ago I was visiting a colleague at a ranch along a remote stretch of the Snake River in eastern Idaho.  It's not only a beautiful country, its a place where, despite being a naturally arid environment, agriculture thrives in the many towns and counties along the Snake River.

The Snake is a wonder - the source rises simultaneously out of the western ancient caldera of Yellowstone National Park with another major artery arising from the foot of the Grand Teton Mountains in Wyoming.  That these two rivers should join is a wonder in itself; the river travels across the entire width of Idaho then turns north for hundreds of miles and eventually feeds into the Columbia River in eastern Washington.  In all, this mighty river travels almost 1100 miles until it empties into the Columbia.  

The real treasure of the Snake is, of course, its water.  Due to the unique geology of the region (thousands of square kilometers of porous basalt lava constantly leak cold groundwater into the Snake) the river maintains a high flow rate and cold temperature for many hundreds of miles.  It is a fast, fierce river that cuts gorges so deep that base jumpers use it for parachuting.  This is a national treasure of geology, scenery and of course its water.

So, when I noticed an agricultural canal coming out from the Snake, I was amazed to see an IOT (internet of things) node so far out in the country.   The canal, which had a thundering supply of water running through a large gate valve and into the agricultural network, was fed through a remote control system.  All the parts were there - a motor to open the gate, solar panels and a large power supply to muscle the valve open and closed, a optical state detector (sensor) positioned to read the valve, a controller and a cell tower to receive commands.

This device, and likely dozens more strategically situated along the network, allow water rights to be exercised and seasonal distribution to occur to hundreds of square miles of agricultural land.  The automation of the device replaced a hand-cranked valve, previously chained and locked...which at one time required a person to come and open the valve manually.  

Now, of course, this can all be done from a distance; perhaps a controller in Idaho or perhaps much farther afield.  The network can be exquisitely tuned for optimum use of water in a water starved "West".  One wonders, can it also be co-opted from a distance?  How many security layers and passwords separate this network from ill-doers in far way countries?  How is this network primed to "fail safe" in the event of compromise?  How well documented is this system within the family of power and energy infrastructure grids in the west?

At the edge of the cloud you'll find everything from smart watches to smart rivers.  Regardless of how well or how poorly a given system may be engineered for robustness, security and reliability; it is critical to have perspectives from multiple industries when reviewing and implementing new infrastructure automation systems.

 Thinking differently about technology and its implications is what we are all about at Garnet Peak Associates.                  

John Kent         Read more at www.garnetpeakassociates.com

 

Not your everyday IOT device.   A smart river.

Not your everyday IOT device.   A smart river.


Check your assumptions at the door.

On July 23, 1983, Captain Bob Pearson listened through his cockpit headphones in Montreal as the technician stuck a measuring stick into the tanks of his brand new Boeing 767 and provided data for the flight crew to calculate how much fuel needed to be loaded onto the aircraft before a very long flight across Canada.  He found himself in the situation because the aircraft, a new model at the time, had been having problems with its fuel indicators and the crew resorted to manual means to verify how much fuel was present.  At the time, conversion from English to Metric units was in motion in the aircraft industry which meant that conversion factors for fuel calculation were being changed as well.

Long story short, this aircraft, with many aboard, dubiously ran out of gas at high altitude.  Only exceptional airmanship by Captain Pearson and his crew saved the aircraft and the people aboard when he creatively landed the unpowered aircraft at a remote airfield in the Canadian outback.  

Captain Pearson eventually experienced the "hero/goat" syndrome of most organizations; having taken the blame for actualizing a cascade of dangerous errors caused by a poor chain of custody of information while having been recognized for his heroic recovery of the plane and all aboard.  Demoted by his employer, he was honored by his peers and the Canadian government for his remarkable feat of skill. Eventually he returned to a leadership role and had a fantastic career until his retirement many years later.

In business and technology, we often make base assumptions that, once "assumed", rarely get questioned again.  This may be with customers we believe will not leave, factories we believe will yield ever-improving results or IP that we think we own.

So, how do your assumptions stack up?  Is your organizational culture poised to punish or learn when disaster strikes?

Considering what's at stake, what are the most important assumptions in your business?  How often do you review them? And, do your "pilots" have the skill and sponsorship from the top to safely guide you out of trouble when those assumptions suddenly or drastically change?

Helping you think differently and objectively, at the core of your business, is what we are about at Garnet Peak Associates.

John Kent       Read more at www.garnetpeakassociates.com

 

Inches or Centimeters?  Assumptions matter.

Inches or Centimeters?  Assumptions matter.