Keep the foundation strong and empowered....or risk the consequences!
In comprehending the risks that your organization faces, it is important to know where the "front lines" exist between your enterprise and the rest of the world. Your biggest risks are usually found there. Often, organizations will appoint individuals or groups to "manage" risk; perhaps through a process of identifying and assessing each risk in kind, along with a "2x2" box chart that posits the likelihood of occurrence against severity or impact. They may not always consider the people who are "touching" the front line every day.
So this rational approach needs to consider where risky events might actually arrive at your boundaries. Who on your team faces that risk "head on" and must recognize it for what it is? Often, mapping the front lines involves employees deep in the organization, deep within the "foundations" of your team, yet somehow facing the outside world within their roles.
We can and must not use the term "lower level employees" when thinking about these critical players on the team.
"Foundational" employees, the bedrock of your enterprise, represent the strengths and functions of your organization. They need to have the passion to look after your interests, worrying about both everyday and novel emerging risks. Lets think about some of the things that can and do happen on the "front lines."
- A "foundational" technical employee receives an email looking like a secure PDF, and at that moment is one click away from enabling a command-and-control malware to invade your information system.
- A "foundational" finance employee receives email instructions from a senior leader for processing, using a quick wire transfer, of a supplier bill sitting in your accounts payable system. It is portrayed as a critical supplier satisfaction issue that must be resolved immediately or there will be consequences for your reputation. A file attachment contains the wiring instructions to be strictly followed..
- A "foundational" line operator in your production fab spots a subtle change in process conditions not outlined in the operating procedures.
- A "foundational" call center employee is asked by a tearful customer to restore log-in privileges to her phone, even though she cannot produce credentials.
Think about what an empowered, motivated and trained employee might do in each situation. Now, think about what an overly compliant, fearful employee might do; simultaneously eager to please and fearful of reproach. Criminals understand this behavioral dynamic.
In nature, evolution favors the best mimic, the most effective camouflage and stealth. The effective use of all senses assures survival or dooms the unwary. The "senses" of your organization are often right at the perimeter of your business processes, where employees face the rest of the world. How do your behaviors influence good judgement at the boundary?
- Imagine that you are a CFO of a $1B company, how would you react to the "audacity" of a $15H/hr finance employee "way down the chain" questioning your personal identity if you ask that something be done via an email directive? Hint: If you are not willing to personally thank the employee for doing so, maybe even taking her out to lunch with her team, then you are probably increasing the risk of fraud.
- If you were a manufacturing engineer being asked to respond to "something different" observed by the night shift manufacturing operators in your line, and you determine nothing is wrong, what to do? Answer: What did the CFO do in the scenario above?
- If you are the Chief Legal Officer of the company and an employee calls you to verify that the urgent "secure PDF" document you sent to them is real...?
You can see the pattern. "Foundational" employees are often all that separate normal business operations from disaster. The time that you invest and the culture that you create, as a leader, can go a long way towards bringing them on-board and working with you against the risks that affect your organization and your assets.
How well do you care for your foundation employees? Are they afraid of you? Do they know who you are? Do they view you as a stranger? How can you reward any employees who has the audacity to discern "real" from "fake" - even at the risk of a few "false positive" events.
So take a hard look at the intersection between your foundation and your boundaries. Your livelihood depends on it!
Garnet Peak Associates: www.garnetpeakassociates.com