Friday, January 31, 2014

ERM-BC-COOP:

Why limit risk management
To just Business Continuity?

It's frustrating.

Enterprise Risk Management, ERM, is simple and straight forward.

In plain and simple English, it it management of all risks across the organization that can disrupt "business as usual".

Period.

Unlike Business Continuity (BC) which, as I understand it, is concerned with "the usual suspects" of environmental events, human error, and technology error or malfunction, ERM is concerned with ALL threats, including those not directly under the auspices or control of the organization.

The following graphic is NOT "all-inclusive."

A practitioner should always have input from both internal and external Subject Matter Experts (SMEs) to (a) identify potential threats, (b) provide input to help prioritize the threats, and (c) identify ways to avoid or mitigate the threats.

The "Ubiquitous Other" in the graphic is NOT a "Black Swan"; it simply represents the threats I overlooked while creating this document; threats that SME input would make obvious. As I write this management malfeasance and misfeasance come to mind, also stock values and bond ratings.

Although I've been involved in risk management for more years than I care to count, alone I cannot think of every potential risk or risk management measure. Practitioners MUST have input from as many sources as possible, both internal and external.

For ERM, "no man is an island."

In the Business Continuity world, SMEs typically are the folks working within the organization and, again, "typical," IT and critical process personnel with, perhaps, input from the local police and fire departments.

In the ERM world, SMEs can include historians and librarians, geologists, futurists, economists, lawyers, financiers . . . the list is nearly endless, and the expertise of all should at least be considered if not solicited.

Just as Disaster Recovery (D/R) is part of Business Continuity, so too is Business Continuity part of Enterprise Risk Management.

Separating the various functions of ERM is, to this scrivener, counter-productive.

To be effective, all functions must be integrated into one cohesive process.

To whom should the ERM practitioner report? Assuming the practitioner is less than a vice president, then the best person is any vice president with enterprise fiduciary responsibilities.

Monday, January 27, 2014

Bankers swindle customers,
Customers pay bank's fines


In an LA Times article by by Jim Puzzanghera, Obama appointee Attorney General Eric Holder claims that no bank is "too big to indict," said the Justice Department will be bringing more cases involving "significant financial institutions" as it continues to investigate Wall Street misconduct.

Wonderful.

More financial institutions will be fined thousands or millions and the people who directed the banks when the shenanigans were unfolding get away scot free. Some even get massive performance bonuses!

None goes to jail, not even a federal country club such as Eglin Air Force Base in Florida's panhandle where the temperature at 11 a.m. on January 24, 2014 was a chilly 63F/17C. (By contrast, the temperature at Fort Leavenworth KN where military prisoners are lodged was 12F with a "feels like" of 5F).

Granted, some Ponzi schemers have been deposited into crossbar hotels, but bankers? I know of none, certainly no bank executive is "doing time."

Bank executives set the tone for the bank's dealings. They can, and many did and do, turn a blind eye to questionable practices. The are above examining the organization's policies and procedures to assure that, at least on paper, senior management is telling those reporting to it that the bank's good name depends not on its stockholder but on its customer base; the same people many financial institutions think it's OK to fleece.

If Mr. Holder & cronies were serious about cleaning up the financial institutions, bankers would go to jail.

Federal prisons can be "inconvenient." Executives accustomed to living in mansions and being catered to by a bevy of servants might find the open space dormitory at Lewisburg Penitentiary less than accommodating. (Your scrivener has visited Lewisburg in central Pennsylvania where, as it happens, today's temperature noon is a balmy minus 4F.)

How long should the financial "wizard" stay incarcerated? How about long enough to pay off the institution's losses at the rate of an "average" American's annual compensation: about US$46k/year. If the institution was fined, say, US$500,000, then its chief executive would be behind bars for (500,000 / 46,000 =) 11 years. Not bad. Eleven years during which our executive is fed, clothed, housed, and cared for medically on the dole, but at least the executive is being deprived of his astronomical salary - and bonuses - for the duration.

Maybe making PSA (public service announcements) that the price of swindling customers is uncomfortably high or at least inconvenient.

Financial organizations' executives' greed is behind the current financial doldrums (depression if you are out of a job, recession if your neighbor is out of a job).

Levying fines against financial institutions is not a way to make executives change their ways and their organization's way - the customer pays the tab and the malefactors continue enjoying their ill-gotten gains.

Eric Holder got it wrong. Don't fine the organizations; jail the executives. THAT will end the financial slight-of-hand being played with the customers' money today.

Monday, January 20, 2014

NOT ERM-BC-COOP

Black Holes

I loathe the telephone.

I particularly dislike the telephone when I have to talk to a customer service representative (CSR) about an issue - not necessarily a problem but any issue.

For much of my "professional" life I was a writer: newspaper reporter and technical writer; even when I lacked "writer" in my job title, written communication still was a major component of the job. I am accustomed to setting things forth "by the numbers."

Add that to the fact that contacting a CSR by phone often - usually - means tying up the phone for more than a few minutes listening to music-I-don't-like-on-hold until a CSR finally answers the call. Never mind that I think about the menus I'm forced to navigate or the really aggravating "Press 1 for English." I'm calling from the U.S. to - supposedly - a call center in the U.S.

  1. This is the situation.
  2. This is what I want to do/have done.
  3. This is how I would like you (my correspondent) to respond.

I try to deal with the CSRs via email - either from my own email service or via the CSR's "communicate via the Web form" function.

Usually this proves highly satisfactory.

But lately . . .

I repeatedly sent emails to two organizations and repeatedly failed to get a response.

Humana (Medicare)

I'm new with Humana Medicare. My previous Medicare provider, AvMed, delisted my Primary Care Physician (PCP) forcing me to find a new PCP. I decided to also find a new Medicare provider. (Apparently my AvMed PCP's practice failed to make its required Return on Investment - ROI - to satisfy AvMed so his practice was delisted. Great doctor but an office staff that was sorely lacking.)

When AvMed was my provider, I could, and did, communicate via Web mail; I would send a message via AvMed's Web site and get a response to the site (requiring me to log on to AvMed to access the mail; inconvenient, but "secure").

I naturally - and foolishly - assumed that I would have the same reasonably efficient communications with Humana, my Medicare provider du jour.

I wrote and waited.

I wrote again and waited.

I wrote a third time and noted that if Humana failed to respond this time I was taking the non-responsiveness issue to Medicare.

FINALLY I received an email telling me that Humana answered my query and that I should log on to my Humana account to read the response. I logged on and - no response. I wandered all over Humana's Web site to no avail.

Defeated, I called Humana's call center. A nice sounding CSR heard my complaint - WHERE'S THE EMAIL? - and told me she couldn't help me but she would transfer me to Humana IT. After about 15 minutes of ring-no answer and commercials for Humana I gave up.

I went back and logged on again to Humana's Web site, tried multiple options and finally the elusive response email appeared. "Sorry we didn't answer before; we were busy." In the end my question - asked at least 3 times - was satisfactorily answered.

Painful.

netTalk

Still, Humana's much delayed response was better than netTalk's.

NetTalk is an Internet telephone provider, a VoIP (Voice over Internet Protocol) service.

Based on netTalk's Web site, the service meets all my requirements. I did some additional checking and found that netTalk's customer service was less that five star.

I sent netTalk an email with two questions.

No response.

I resent the email.

No response.

Finally I sent a third and final email to netTalk: "Since you can't respond to a person who wants to buy your product, I don't want to think how you treat people already signed up for your VoIP service."

NetTalk's VoIP service MAY very well be an excellent product; certainly the price was right, but if a potential customer cannot get two simple questions answered, I would be foolish to sign up.

I'm "stuck" with Humana for a year; hopefully our two-way communication will improve, otherwise, despite some financial benefits offered by Humana will be sacrificed for better customer service.

As for netTalk, it lost a customer even before it had the customer's business.

The price was right and it sounded like a perfect product, but lack of customer service was the show stopper.