I saw this article last week and thought it interesting although a slightly different take on risk from our readings. I think his points are well taken and probably provide a useful guide for where to go to look for unrecognized risks. Give it a read and let me know what you think.
https://hbr.org/2016/11/simple-ethics-rules-for-better-risk-management
Nice article. I agree with emphasis on using “maxims” in order to promote Risk awareness. Every employee needs to think a bit about Risks, even if that Risk management is not their primary function. One way to instill this value is by continuing to promote it. My company started a firm-wide initiative where they started to advertise these “Rules”, which are important values to the firm such as Security, Stability, Innovation, etc.. We see advertisements about these “Rules” everywhere: on TV, walls, and on the intranet. At first, many people didn’t really care for it. Now, these rules are always being referred to in whatever we do and many people have them memorized. This strategy has forced employees to at least acknowledge them, if not incorporate them into the work that they do.
Ahmed – a good example of trying to set a “tone.” Do you see leadership walking the walk or just talking the talk?
This is a good article. It not only tell us that now company and country meet many problems about cyber security, but it also tell us that we should not do anything with fear of failure. Today, we can see a lot of terrible news about cyber security. Attacking DNS server, losing user information, and stealing email. More and more people and leaders feel unable for the Internet. On the other hand, we should see that a lot of companies still hold and keep safe their users’ information. “Complex risks are best addressed with simple measures”. Sometimes keeping our company safe just need some simple rules such as do not use private flash card to store companies information.
Therefore, now, technology give us more convenient. It also gives us more risks. What we should do is not fear for them. We should try our best to keep our information safe by using IT risk management. Putting risk on the desk to find real useful way to solve them.
Another view of risk
I found the article interesting because of it’s position on the value and weight of leadership’s voice in risk management. Across the readings, there is consistency with respect to leadership’s role. My exposure to leadership in corporate and public environments has shown me that leadership can have the right rhetoric and behavior and that it’s not for show. Transparency and accountability can be true banners and leadership’s brands. The disconnect is in the interpretation of “doing the right thing” by multiple levels of leadership below senior leadership. I have found that at times, despite the right language and action from the top, others will support top level goals and objectives but not in the same manner that leadership called for. They might create environments that do not promote the right thing (ex. Wells Fargo sales force issues that blew up).
Ivy,
Then isn’t senior management at fault for not identifying bad behavior amongst their reports and holding them accountable for it? Idn’t that what monitoring and performance management is all about?