Greg Hutchins - Thought Leader

ISO 31000:2018 is the world’s foremost risk management standard.  The Standard provides guidelines, principles, framework, and a process for managing risk.

The standard explicitly states that it should NOT be used for certification or registration.  But, it is.

So, what’s going on?  We can only speculate.  But, here goes:

We now live and work in VUCA (Volatility, Uncertainty, Complexity, Ambiguity) time.  More  companies want to be RISK audited and certified by an independent Certification Body (CB).

And, more CB’s are working to use ISO 31000:2018 as a standard for certification. [Read more…]

For the last few months, I’ve been giving talks on the trade war between US and China.  A few of these talks have been in the US.  Others were skyped to China.

The bottom line is that trade between the US and China has been weaponized.

The Wall Street Journal on December 13, 2018 distilled the challenge:

“… it is questionable whether fragile globalized supply chains can thrive at all in an environment where the world’s two largest economies are disinclines to play by the rules, even their own.”

Our response is that risk (threats and opportunities) is the new lens by which end product manufacturers (brand owners) will have to view China off shoring, on shoring, and sourcing in general. [Read more…]

Guest Post by Geary Sikich (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

We hear so much about global warming, climate change and disruptive weather these days.  It is often difficult to understand what is fact, truth and valid from hype, hysteria, and hyperbole.  Should we all be driving electric cars, not eating as much meat, using wind and solar; redefining our lives?  Or, should we forget about it and continue doing what we have been doing since the early days of the industrial revolution?  [Read more…]

Guest Post by Malcolm Peart (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

What is ‘the sum of all fears‘…apart from a Hollywood movie?  During WW2 Winston Churchill knew the risk of failure and he postulated that, even when courageous people amalgamate, they will know fear:

“…take the most gallant sailor, the most intrepid airman or the most audacious soldier, put them at a table together – what do you get? The sum of [all] their fears”. War is a much more serious endeavour than any civilian project but fear is fear.  If a project teeters into trouble the Project Team will fear failure.  They must then deal with this reaction and have the courage to overcome trouble and avoid failure. [Read more…]

Guest Post by Geary Sikich (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

There seem to be a lot of sightings of “Black Swans” lately. Should we be concerned or are we wishfully thinking, caught up in media hype; or are we misinterpreting what a “Black Swan” event really is? The term “Black Swan” has become a popular buzzword for many; including, contingency planners, risk managers and consultants. However, are there really that many occurrences that qualify to meet the requirement of being termed a “Black Swan” or are we just caught up in the popularity of the moment? [Read more…]

Guest Post by Malcolm Peart (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

In a galaxy far-far-away a Jedi Knight said, “Integrated Matrix” and, with a sweeping wave of his hand, the project organisation was immediately taken from the Dark side of chaotic confusion and the Force was with them…

This could be the end to a Star Wars movie about project management (LOL).  However, and with few earthbound Jedi project management practitioners, our project organisations are rarely perfect and not what they would claim to be. [Read more…]

Guest Post by James Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

The term resilience is used in reports and studies by numerous government agencies and international institutions.  For instance, in 20014 the Organization forEconomic Cooperation and Development issued a report entitled “OECD Reviews ofRisk Management Policies: Boosting Resilience Through Innovative Risk Governance”.

In 2015, the Rand Corporation conducted a study to the UnitedStates Department of Energy.  It was entitled: “Measuring the Resilience of Energy Distribution Systems”.  Resilience is considered important by insurance experts. The National Academies of Sciences, Engineering and Medicine note the need for resilience when updating the National Highway System. This piece examines why it is important, what resilience means and its relation toEnterprise Risk Management (ERM). [Read more…]

Guest Post by Joseph Paris (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

I was coaching one of the national oil companies in the Middle East, offering mentorship to the director of their operational excellence program.  He was frustrated because he had invested considerable funds building a team of sixty Lean Six Sigma Black Belts over a nine-month period, and they had not yet worked on—much less completed—any project nor had they realized any benefit to the company.

Even worse, while these newly-minted Black Belts were sitting idle without the opportunity to use their new-found skillsets, some became frustrated themselves and left the company—taking the company’s investment with them. [Read more…]

Guest Post by James Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

ISO 31000 is the International Enterprise Risk Management (ERM) framework developed in 2009 by the International Organization for Standardization (ISO).  Its use in government is increasing.  The reason for the increase is that governments around the world are recognizing that risk events are increasing in frequency and cost.  For instance, Hurricane Harvey impacted the States of Texas, Louisiana, Mississippi, Tennessee and Kentucky.  It flooded 19 water systems, 31 waste water systems and 13 super fund sites spreading toxic waste throughout the region.  It cost Texas $125 billion dollars. (1)   [Read more…]

Guest Post by Malcolm Peart (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

“I told you so…” is so often cried after something has gone wrong.  But was that ‘telling‘ stated clearly and unequivocally before things went wrong or was it merely a passing counterview against a probable likelihood based on an alternative possibility.

When a risk manifests itself and takes a grip on a project it’s amazing how quickly hindsight can kick in.  This comes in the form of free advice as to what could have happened to avoid the risk ‘after the fact’. These latter-day soothsayers were, for some reason or other, unprepared to prove their prophetic ability before the fact preferring, it would seem, to go with the flow as an uninvolved observer but officious bystander when all facts are revealed. [Read more…]

Guest Post by Robert Pojasek (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Why does COSO ERM:2017[i] use the word “enterprise” in the title of their standard and ISO 31000:2018[ii] is a “risk management standard?”  CERM Academy also has a book on this topic[iii]. So, what does the concept of an “enterprise” impart to an organization, if anything, to set apart the COSO standard from the ISO standard?

A search of the definition for enterprise covers the entire gamut of possible uses. There appears to be little difference between business enterprise and the business itself. [Read more…]

Guest Post by James Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Kevin Curry in an opinion piece for The Hill raised several issues which will ultimately impact the adoption of Enterprise Risk Management (ERM) in government. The article entitled “America’s public sector has a problem –

It’s not getting any Millennials”, makes four points.  These are; 1. the federal government is having trouble hiring Millennials, 2. the federal government has old legacy cyber systems, 3. millennials expect up to date cyber systems and 4. the lack of up to date cyber systems is one of the problems keeping Millennials away.

Since the article does not specifically deal with ERM, one might ask: What is the intersection between the four issues and the adoption of ERM in government?  This article looks at the relationship of this problem with ERM in government. [Read more…]

Truth, Lies, and Paltering Leaders – What and Who Can Be Believed?

Guest Post by Malcolm Peart (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

“Lies, damn lies and statistics” is an often-used phrase attributed to the 18th Century British Prime Minister Benjamin Disraeli.  He acknowledged the persuasive power of numbers to bolster weak arguments.

In a statistical moment his contemporary, Abraham Lincoln, said; “You can fool all the people some of the time and some of the people all the time, but you cannot fool all of the people all of the time“.  Politics, persuasion and manipulation (deception) have gone hand in hand for centuries.

Many people have monopolized in the area of Churchill’s “terminological inexactitudes’ or, as it’s now being referred to Stateside of the Pond “False News“.  The term”lie” is an accusatory word and maybe impolite and vulgar and’ politically incorrect’ but do ‘lies’ really help us and why can’t we know the truth? [Read more…]

Guest Post by Joseph Paris (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

As very young children, we had an instinctive need to be very close to our parents – feeling a great deal of anxiety, even a sense of abandonment, if they were not within our sight.  As we grew older – and whether it was geographically, intellectually, or psychologically – we would become more comfortable with greater distances from what we felt were our basic truths, but almost always as stepping stones and rarely great leaps. 

Think of early commanders of sailing ships always keeping sight of land until traveling ever greater distances was more predictable because of maps and navigation techniques and tools. [Read more…]

Guest Post by James Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

The term resilience is used in reports and studies by numerous government agencies and international institutions.  For instance, in 20014 the Organization forEconomic Cooperation and Development issued a report entitled “OECD Reviews ofRisk Management Policies: Boosting Resilience Through Innovative Risk Governance”. [Read more…]