Needless to say, I fully agreed with the paymaster.
But he was very much on the mark.
Unfortunately, ERM/BC/COOP practitioners rarely (get to) practice "process re-engineering."
That's a loss for both the practitioner and the organization paying for the practitioner's services.
ERM/BC/COOP, properly done is process oriented.
We look at processes.
Granted, the raison d'etre for ERM etc. is to protect existing processes.
But we are looking at the processes anyway.
If you went to your GP - sorry, Family Practitioner as my doctor reminds me - complaining of a stomach ache and the doctor happened to notice in her examination that you had a suspicious growth, would it be appropriate for her to suggest having it checked by a specialist? (Mine would, which is why she's my doctor.)
She could say "I'm a Family Practitioner examining my patient for a stomach ache; the growth is 'out of scope' for this visit and for my specialty."
Would that be acceptable, or would it border on malpractice?
It is our job to look at processes.
Since we already are looking at processes, and since we should be talking to the people who perform and "own" the processes, why don't we consider ways to enhance the process.
I'm not suggesting that we carry clipboards and pretend to be efficiency experts, but if we see a way to improve something it seems appropriate that we document what we see.
There is, unfortunately, a flip side to this.
Some managers look at what we do as strictly a risk "search-and-destroy" mission.
The only recommendations they want to hear are how to avoid or mitigate an identified risk.
It seems to this scrivener, however, that "improving the process without impairing the product" falls within the realm of risk management. What if a competitor "improves the process without impairing the product" and gets the competitor's product to market faster and sells it at a lower cost. The competitor is a "risk," right?
I would "suggest" that "smart" organizations engaging an Enterprise Risk Management - Business Continuity - COOP practitioner would be better served if they would encourage the practitioner to fully practice his or her profession and to report not only risks to processes, but ways to "improve the process without impairing the product."
A small caveat: Anytime someone messes with an in-place process, risk is injected. Before anyone starts tinkering with something that "ain't broke," make certain the modification risks are fully mitigated before making any changes.
John Glenn, MBCI, SRP
Enterprise Risk Management/Business Continuity
Planner @ JohnGlennMBCI.com