Failing Projects – A Sum of All Fears

Guest Post by Malcolm Peart (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

What is ‘the sum of all fears‘…apart from a Hollywood movie?  During WW2 Winston Churchill knew the risk of failure and he postulated that, even when courageous people amalgamate, they will know fear:

“…take the most gallant sailor, the most intrepid airman or the most audacious soldier, put them at a table together – what do you get? The sum of [all] their fears”. War is a much more serious endeavour than any civilian project but fear is fear.  If a project teeters into trouble the Project Team will fear failure.  They must then deal with this reaction and have the courage to overcome trouble and avoid failure. [Read more…]

Black Swans or Just Wishful Thinking and Misinterpretation

Guest Post by Geary Sikich (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

There seem to be a lot of sightings of “Black Swans” lately. Should we be concerned or are we wishfully thinking, caught up in media hype; or are we misinterpreting what a “Black Swan” event really is? The term “Black Swan” has become a popular buzzword for many; including, contingency planners, risk managers and consultants. However, are there really that many occurrences that qualify to meet the requirement of being termed a “Black Swan” or are we just caught up in the popularity of the moment? [Read more…]

Project Organizations – Harmony or Cacophony

Guest Post by Malcolm Peart (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

In a galaxy far-far-away a Jedi Knight said, “Integrated Matrix” and, with a sweeping wave of his hand, the project organisation was immediately taken from the Dark side of chaotic confusion and the Force was with them…

This could be the end to a Star Wars movie about project management (LOL).  However, and with few earthbound Jedi project management practitioners, our project organisations are rarely perfect and not what they would claim to be. [Read more…]

Resilience and Enterprise Risk Management

Guest Post by James Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

The term resilience is used in reports and studies by numerous government agencies and international institutions.  For instance, in 20014 the Organization forEconomic Cooperation and Development issued a report entitled “OECD Reviews ofRisk Management Policies: Boosting Resilience Through Innovative Risk Governance”.

In 2015, the Rand Corporation conducted a study to the UnitedStates Department of Energy.  It was entitled: “Measuring the Resilience of Energy Distribution Systems”.  Resilience is considered important by insurance experts. The National Academies of Sciences, Engineering and Medicine note the need for resilience when updating the National Highway System. This piece examines why it is important, what resilience means and its relation toEnterprise Risk Management (ERM). [Read more…]

Build Organizational Capacity and Capability for Free

Guest Post by Joseph Paris (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

I was coaching one of the national oil companies in the Middle East, offering mentorship to the director of their operational excellence program.  He was frustrated because he had invested considerable funds building a team of sixty Lean Six Sigma Black Belts over a nine-month period, and they had not yet worked on—much less completed—any project nor had they realized any benefit to the company.

Even worse, while these newly-minted Black Belts were sitting idle without the opportunity to use their new-found skillsets, some became frustrated themselves and left the company—taking the company’s investment with them. [Read more…]

ISO 31000 in Government: A Case Study

Guest Post by James Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

ISO 31000 is the International Enterprise Risk Management (ERM) framework developed in 2009 by the International Organization for Standardization (ISO).  Its use in government is increasing.  The reason for the increase is that governments around the world are recognizing that risk events are increasing in frequency and cost.  For instance, Hurricane Harvey impacted the States of Texas, Louisiana, Mississippi, Tennessee and Kentucky.  It flooded 19 water systems, 31 waste water systems and 13 super fund sites spreading toxic waste throughout the region.  It cost Texas $125 billion dollars. (1)   [Read more…]

Risk Management: Blame Allocation, Biased Opinion, or Objective Reality

Guest Post by Malcolm Peart (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

“I told you so…” is so often cried after something has gone wrong.  But was that ‘telling‘ stated clearly and unequivocally before things went wrong or was it merely a passing counterview against a probable likelihood based on an alternative possibility.

When a risk manifests itself and takes a grip on a project it’s amazing how quickly hindsight can kick in.  This comes in the form of free advice as to what could have happened to avoid the risk ‘after the fact’. These latter-day soothsayers were, for some reason or other, unprepared to prove their prophetic ability before the fact preferring, it would seem, to go with the flow as an uninvolved observer but officious bystander when all facts are revealed. [Read more…]

Focusing on the ‘Enterprise’ in Enterprise Risk Management

Guest Post by Robert Pojasek (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Why does COSO ERM:2017[i] use the word “enterprise” in the title of their standard and ISO 31000:2018[ii] is a “risk management standard?”  CERM Academy also has a book on this topic[iii]. So, what does the concept of an “enterprise” impart to an organization, if anything, to set apart the COSO standard from the ISO standard?

A search of the definition for enterprise covers the entire gamut of possible uses. There appears to be little difference between business enterprise and the business itself. [Read more…]

Enterprise Risk Management, Millennials, and Cyber

Guest Post by James Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Kevin Curry in an opinion piece for The Hill raised several issues which will ultimately impact the adoption of Enterprise Risk Management (ERM) in government. The article entitled “America’s public sector has a problem –

It’s not getting any Millennials”, makes four points.  These are; 1. the federal government is having trouble hiring Millennials, 2. the federal government has old legacy cyber systems, 3. millennials expect up to date cyber systems and 4. the lack of up to date cyber systems is one of the problems keeping Millennials away.

Since the article does not specifically deal with ERM, one might ask: What is the intersection between the four issues and the adoption of ERM in government?  This article looks at the relationship of this problem with ERM in government. [Read more…]

Truth, Lies, and Paltering Leaders – What and Who Can Be Believed?

Guest Post by Malcolm Peart (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

“Lies, damn lies and statistics” is an often-used phrase attributed to the 18th Century British Prime Minister Benjamin Disraeli.  He acknowledged the persuasive power of numbers to bolster weak arguments.

In a statistical moment his contemporary, Abraham Lincoln, said; “You can fool all the people some of the time and some of the people all the time, but you cannot fool all of the people all of the time“.  Politics, persuasion and manipulation (deception) have gone hand in hand for centuries.

Many people have monopolized in the area of Churchill’s “terminological inexactitudes’ or, as it’s now being referred to Stateside of the Pond “False News“.  The term”lie” is an accusatory word and maybe impolite and vulgar and’ politically incorrect’ but do ‘lies’ really help us and why can’t we know the truth? [Read more…]

Stepping Stones in the Lean Journey

Guest Post by Joseph Paris (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

As very young children, we had an instinctive need to be very close to our parents – feeling a great deal of anxiety, even a sense of abandonment, if they were not within our sight.  As we grew older – and whether it was geographically, intellectually, or psychologically – we would become more comfortable with greater distances from what we felt were our basic truths, but almost always as stepping stones and rarely great leaps. 

Think of early commanders of sailing ships always keeping sight of land until traveling ever greater distances was more predictable because of maps and navigation techniques and tools. [Read more…]

Resilience & Enterprise Risk Management

Guest Post by James Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

The term resilience is used in reports and studies by numerous government agencies and international institutions.  For instance, in 20014 the Organization forEconomic Cooperation and Development issued a report entitled “OECD Reviews ofRisk Management Policies: Boosting Resilience Through Innovative Risk Governance”. [Read more…]

Integrating ISO 31000:2018 Risk Management Throughout the Organization

Guest Post by Robert Pojasek (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

In 2012, ISO’s ‘Joint Technical Coordinating Group’ (JTCG) completed work to provide a high-level structure, text, and common terms and definitions for all future and revised management system standards. All Technical Committees developing management system standards were required to follow Annex SL found in the ISO/IEC Directives, Part 1, Annex SL[i].   

As we approach 2019, it is abundantly clear that the high-level structure mandate has been followed by the Technical Committees with mixed results. All the new and revised management systems used the 10-clause structure and all of them include the same definition of risk and risk management.  However, the way risk management was used in the different management system standards varied considerably. What can an organization learn from this exercise? [Read more…]

Less is More – Efficiency in Project Management Plans

Guest Post by Malcolm Peart (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

We’ve all seen it…a filing cabinet full of project management plans and procedures from the last job that people have tried to adapt and modify to meet the current project. Amazing that such a plethora can give the impression of effectiveness and, to a skeptic, surprising if they are relevant, read or assimilated. [Read more…]

Understanding the ‘Risk Management’ Process

Guest Post by Robert Pojasek (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

There are two widely-used risk management standards:

• ISO 31000:2018
• COSO ERM 2017

In my previous blog[i], I presented details on how these risk management standards address the development of a risk-aware culture – a necessary foundation for risk management success. As promised, this blog will address the risk management “process.” This is how the organization addresses specific risks. [Read more…]