Thursday, September 12, 2013



Ever been asked to answer a “few simple question” for a poll?

Back in the day, when Hector was a pup and I was a “print journalist,” I had a once-a-week assignment to go out onto the sidewalks of beautiful downtown Harrisburg PA to ask random people The Question of the Week; always something topical that my boss (“Slim” Milliron) or I contrived.

Never mind if the “feels like” temperature was 0F or that snow was blowing at 30 mph; if it was Thursday afternoon, I had to hit the bricks to find three people willing to (a) answer The Question and (b) allow my tag-along (and equally suffering) photographer to shoot a mug shot of those willing to answer The Question.

The thing that prompts this exercise is a snippet on the Advisen FPN email I receive 5 days-a-week than reads:

PCI Study Finds Americans Support Federal Role in Terrorism Insurance Market

A majority of likely American voters favor a federal role in protecting against losses related to a terrorist attack, representatives of the Property Casualty Insurers Association of America said during a Sept. 11 conference call. The study conducted by GS Strategy Group on behalf of PCI found 90% of respondents supported having the federal government play...

I never found the article on the WWW, but I have to wonder

  • What constitutes a “likely American voter”?
  • How many people participated in the survey?
  • Where was the survey given?
  • How were the questions asked?
  • How were the respondents selected?
  • Were the responders anonymous?

  • How were the questions phrased?

Any pollster worth his or her salt can design a survey/questionnaire to elicit the responses the pollster or the pollster’s client desires.

It’s not WHAT you say, but HOW you say it. Old truth from my junior high days. Are you still beating your spouse?

In the poll cited by Advisen, I wonder if the question was:

    Do you think the government should pay for terrorism insurance?

But consider

    Are you willing to pay extra taxes for government terrorism insurance?

Phrased the first way, the cost of the insurance is borne by “the government,” not by the individual taxpayer, never mind that taxes will fund the insurance.

Phrased the second way, Joe Taxpayer plainly sees that he will pay the cost.

Question: Should the minimum wage be raised?

If you ask someone my age, whose first post-service job paid the minimum wage of $1, the response likely will be “No.”

If you ask a young adult with dreams of family and home, the response probably will be “Yes.”

Rephrase the question to be: Are you willing to pay an extra (??) for a hamburger or for a dozen eggs or a gallon of fuel? Smokers are the only people, as a group, who will, albeit reluctantly, bite the bullet and pay whatever the price for their pleasure.

About the only surveys to which I respond are those asking how I liked the treatment at this place or that.

Part of the problem with surveys/questionnaires is that rarely does the responder have the ability to do more than select a pollster-defined answer (Yes/No, 0 through 10, This vs. That). Reality can’t be captured with pre-defined answers; on the other hand, the pollsters would have a nightmare trying to compile verbose responses.

My bottom line: If you are planning to tell me that n percentage of y group prefer z action/condition, then also give me the details on how the information was gathered and compiled.

Questionnaires/surveys, like statistics, can be manipulated to support any desired position/point of view; the best those of us lacking input into the survey/statistic development is to demand all the information about the questions and the responders.


If I wrote it, you may quote it.

Wednesday, September 11, 2013


Wireless communication
With on-the-road employee
Can lead to legal consequences

CYA with advertised, enforced P&P

Two New Jersey teens were texting while one was driving.

The vehicle driven by the teen on the road struck and injured two people.

The injured parties sued both the teenage driver and his texting partner, the latter on the grounds “that (the partner) had was contributorily negligent in that she ‘aided and abetted’ (the driver’s) unlawful texting while driving and second, that (the partner) had an independent duty to avoid texting a person whom she knew was driving.”

The case made its way to an appellate court that ruled that “We hold that the sender of a text message can potentially be liable if an accident is caused by texting, but only if the sender knew or had a special reason to know that the recipient would view the text while driving and thus be distracted.”

The bottom line according to a Kirsten Thompson article in The Second Opinion titled Sender of a Text Message Can Be Liable for Distracting a Driver is that

  1. Employers, especially those which use wireless communication for their field employees (e.g. dispatch, work order management, etc.), may want to ensure their policies around such communication clearly state that they are not to be used while driving. A robust policy in this regard may assist in establishing that the employer had a reasonable expectation that an employee would not review any communications received while driving. Certain employers, particularly those using communications technologies that are integrated into vehicles, may want to consider installing technologies that disable such communication while the vehicle is in motion.
  2. Similarly, auto manufacturers that have embedded communication technologies may wish to include strong warnings about the use of such technologies while driving or even consider making available the option of a kill switch that disables the technologies while the vehicle is in motion

For the ERM practitioner, the criticality of policies and procedures (P&Ps) once again comes to the fore.

While ERM practitioners normally do not create P&Ps, they should try to work closely with the people who DO crate P&Ps – typically HR and Legal – to make certain the P&Ps are read and understood by all personnel

    (a)  When the P&P is initially published.

    (b) )  When a new hire comes on board.

    (c) )  At an annual review, either near the employee’s hire anniversary or at an “all hands” annual meeting.

The duty of an ERM practitioner is to alert management about potential threats and then to recommend means to avoid or at least mitigate the threat.


If I wrote it, you may quote it

Tuesday, September 3, 2013


Didn’t read
the small print

Aussie court rules that’s OK

A Mondaq article titled We've always done it this way: when does prior conduct result in a term being incorporated into a contract? ( reports that the WA Court of Appeal ruled that reading the fine print isn’t necessary.

The case on which the appeals court ruled involved a long-standing relationship between a vendor and the vendor’s client.

Over the years, the two parties agreed that when the client needed the vendor’s services, the client would pick up the phone and order the service. The vendor would provide the service and then submit an invoice.

The back of the invoice listed the vendor’s terms and conditions and included an exclusion clause.

After one instance, the vendor invoked the exclusion clause. The client claimed it never read the back of the invoice – it was, according to the client, just a bill.

According to the Mondaq report, the appeals court decided that

    (a) there was no evidence that client actually had read the terms, and

    (b) it was reasonable for a person to regard the invoice as simply a request for payment rather than a document containing contractual terms governing the transaction that had already occurred.

Mondaq’s conclusion is that “This case highlights the danger of contracting to provide services without having explicitly agreed the terms and conditions of the contract, especially dangerous when negotiating an oral contract. The fact that a person has contracted with you before does not mean that a term will always be incorporated into a contract because of the prior dealings.”

Take aways

  1. In an on-going client-vendor relationship, make sure everyone has a copy of the relevant terms and conditions
  2. Make certain that both client and vendor have identical copies of the terms and conditions; differences might require a court to sort them out after the fact.
  3. Even though one party prevails, everyone will have legal expenses and lost productivity.
  4. Read both (all) pages of an invoice. If a separate agreement is in place (Item 1) covering terms and conditions, make certain it is superior to anything on an invoice and that the agreement is signed off by both vendor and client.

Although the Australian appeals court ruled in the client’s favor, there is no guarantee that courts elsewhere will come to the same conclusion given a similar set of circumstances.

A little due diligence by both parties could have avoided the expensive court dates.

Granted, reading contacts is generally out of scope for a business continuity planner, but suggesting best practices is in scope. For an ERM practitioner, working with Legal to develop policies and procedures should be Standard Operating Procedure (SOP).


If I wrote it, you may quote it.


Who would'a thought?

Risk management is more than just looking at the organization.

It requires a little - or a lot of - curiosity and a strong look beyond the obvious.

Some examples.

Distant fire endangers san Francisco

As firefighters battle the Rim Fire in Yosemite National Park, the folks in San Francisco, roughly 200 miles to the west of the park, must be concerned with both their water supply and the electricity grid that serves the area.

The Rim fire has got the City's Emergency Management people concerned; they probably were aware of the risks associated with a wild fire in the park.

I would suggest however, that the business continuity folks at the several major banks with headquarters or major operations in the City never gave a thought to threats emanating from the national park.

I lived briefly in San Francisco - long enough to learn not to call it "Frisco" and that the cable cars are more than just a tourist attraction - but I never considered what might be a threat from far away Yosemite. That was OK; I was working as a reporter at the time and such things were not on my radar.

Different perspectives

I preach that practitioners must take into account the mentality of the organization.

Still in California, but not in the City, I took in the movie Tora, Tora, Tora. For those who missed it, Tora*3 is a pseudo-documentary of Japan's attack on Pearl Harbor on December 7, 1941. Good movie; enlightening movie.

But what made it particularly memorable was that a large portion of the audience cheered for the Japanese. I doubt these people were anti-American; they just were proud of their Japanese heritage. (The town, for what it's worth, had hosted a German POW camp and many in the town at the time had pro-German sympathies; the Japanese already had been herded into concentration camps by the U.S. government.)

Desert floods

Phoenix AZ and Los Vegas NV are desert towns. Flooding should never be a concern.

But flooding is a concern for both places.

I never gave flooding in either place a thought until I talked to a fellow with a data warehouse business in Phoenix. Searching for risks to the business I quickly discovered that flooding is a very real concern, both from heavy rain and from spring thaws in the mountains. (Phoenix has an almost unique threat: sand storms. A major chip manufacturer had a Star Trek-like air lock to keep sand outside the manufacturing facility.)

There is some interesting Arizona flood statistics at

Although I lived in Nevada (Ely), I never made it south to Las Vegas. When I was there as editor of the 5-afternoon newspaper, Ely's biggest threats were (a) loss of the town's reason to exist, and (b) isolation. Ely was on a valley floor at 6,000 foot elevation. Weather could close the roads and the airport. The loss of the major employer eventually happened, but by then Ely and I had parted company. For all that, Ely was a great little town in which to live.

Not my fault

When I lived in Norfolk VA and worked for a marine transportation company (container ships, bulk cargo, etc.) I created a plan for the headquarter's operation.

During my research I discovered that California was hardly the only place in the U.S. with fault lines; fault lines mean high probability of earthquakes. The New Madrid fault in the central United States is particularly dangerous. The fault is among the most active in the country, running from St. Louis MO to Memphis TN. Turns out, 39 of the 50 states have fault lines, and therefore the threat of an earthquake.

Norfolk was not on a fault line, but it was close enough to cause minor concern - a 3 on a scale of 10, and that mostly related to moving cargo inland by rail or truck.

USGS illustration

Epicenters of "significant" - felt by people - earthquakes in Virginia (up to 2009, does not show 2011 quake) Source: USGS National Atlas

Any practitioner who limits his or her threat list to the organization is doing a disservice to the organization (unless of course the practitioner is forbidden from doing what needs doing).

Most of the threats listed above fall under the "environmental" umbrella, but unlike the typical umbrella, they are more like a beach umbrella that covers a great deal more territory.

Practitioners need to look beyond the organization and beyond the organization's immediate area. Yosemite National Park is roughly 200 miles from the heart of San Francisco, but the massive Rim fire threatened both the City's water and electrical supplies.

While there is little a practitioner can do to prevent a forest fire hundreds of miles distant, the practitioner should be aware of the threats and arrange to avoid or mitigate the threats exactly as the practitioner would any local threat.

But first, the practitioner needs to identify the threat, and that demands a certain level of curiosity.


If I wrote it you may quote it.

Sunday, September 1, 2013


Futurist SME

You can find things of ERM interest in many different places.

I’m reading a novel* that involves organogenesis and some Wall Streeters who were buying life insurance policies at 15 cents-on-the-dollar from people with diabetes and other life-shortening diseases, people who due to the economy or cost of medical care were unable to continue paying policy premiums.

The ERM connection is that the Wall Streeters thought they had covered all the bases to assure their scheme would be highly profitable - the Wall Streeters would buy the policies, pay the policy premiums for what they expected to be a limited time, and then collect the policy's face value when the former policy owner died. They even hired a company to "run the numbers" based on actuarial statistics to assure the worthiness of their scheme.

Unfortunately, the Wall Streeters and their statistics vendor were putting their eggs into the proverbial basket based on history. They overlooked near-future possibilities such as the development of test-tube organs (organogenesis).

Moneyman: “You guys didn’t see this coming?”

Wall Streeters: “It’s a once-in-a-century breakthrough; you can’t do projections for being hit by an asteroid.”

No one - neither the statisticians nor the Wall Streeters - apparently were aware that growing replacement organs for human transplantation was as advanced as it is; in particular organogenesis of the panaceas, the critical organ for diabetes patients.

It's a good yarn, and for ERM practitioners it offers a lesson, perhaps several.

Most ERM practitioners look at statistics - call it "historical facts" if you will - to try to ascertain what threats are possible and probable for any given organization. What are traffic patterns? What do the neighbors do? What is the MTBF and MTTR for critical hardware; computers, mailers, PBX, etc.? What are the environmental risks: hurricanes, floods, earthquakes, tornados, etc.?

We also are concerned with an endless series of "What ifs." What if a vendor fails? What if a primary client cancels a contract?

What we usually don't consider is where are science and technology going?

The product or service need not be sophisticated or high tech. Consider light bulbs. Who would have guessed that the government would mandate CFLs and effectively ban manufacture and sale of incandescent bulbs?

Shedding light on more bulbs, who predicted that automobile headlights would shrink from large sealed beams to tiny halogens?

For the Wall Streeters in the novel, the advanced stage of organogenesis was a "black swan," but it should not have been a swan of any color. While the Wall Streeters thought they had done "due diligence" by relying on historical information and by engaging a statistics firm to "run the numbers," they overlooked both the current stage of organ growth and the speed at which the process was advancing.

In the novel, there was information available on the status organogenesis. Perhaps not anything useful on the internet, but within medical literature there was sufficient to cause the Wall Streeters to reconsider their scheme before moving forward. Unfortunately for the Wall Streeters, no one thought to read the available litrature.

Why would they seek advice from the medical community? If you are betting a segment of the population (diabetics) will die at a relatively young age, it behooves you to know (a) what is killing these people and (b) what treatments are available to extend life.

Obviously, if the product was headlights, investigating medical issues would be of less importance. The type and depth of research will vary by product or service. (Any organizations ramping up to support CP/M systems? Not likely.)

ERM practitioners need to include futurists - or at least people with a curiosity of what's both possible and probable for all things that could interrupt "business as usual," including new developments by competitors - as well as Legal, HR, Finance, Production, Insurance, and too-many-other internal and external functions to list - to get a total view - yesterday, today, and tomorrow - of the threats facing an organization.

Futurists need to look not only at science and technology, the issue in the novel, but also politics (will the president order an attack and if so, when, how much, with what?), keeping in mind the organization's product (e.g., missiles, ships, MREs) and services (fleet maintenance, fuel, R&R).

Someone, and the ERM practitioner need not be that "someone" but the practitioner should press to assure there is a "someone," needs to look at threats that might be coming from all directions. Prioritizing the threats and implementing means to avoid or mitigate the threat normally remain management functions. However, failing to at least gaze into the crystal ball fails the due diligence test, just as the Wall Streeters failed to investigate issues that could impact their product.

I always stress the importance of keeping up with the news; reading physical and digital newspapers and magazines, particularly trade publications; I'll now add "books from the Local Lending Library" to the list.

A good yarn, with a good lesson for ERM practitioners as a bonus.


* Death Benefit, Dr. Robin Cook, ISBN-13: 978-1-4104-4494-3


If I wrote it, you may quote it.