Back to basics
It promises to be a busy autumn/fall. The book (provisionally titled “Bootstrapping Ethics”) comes out in late November. A bit before that, a MAJOR upgrade to the Ethics Insight platform – with a (near) freemium option to reach the many SMEs now wrestling with risk.
The platform provides assessments (across multiple risk areas) and supporting content to help address potential gaps – guides, cheat sheets, policies, evaluation and tracking tools, training content, etc.
But something was missing: in-person how-to sessions. For a select few organisations, I provide retained advisory support. That is not (intended to be) scaleable.
Learning from writing a book
When the publisher (Wiley) approached me 9+ months ago, we discussed writing a book aimed at:
👉 People new to managing risk (and integrity risk in particular).
👉 Those taking on new (integrity) risk roles in professionalising organisations.
👉 Leaders in organisations who want to take (integrity) risk seriously.
The common themes in most of these cases are finite resources – time and money. There is no space for wastage. We must make risk relevant.
What I learned, and it’s a sentiment that seems to be echoed by other risk professionals (like James Ritchie FGIA and Bronwyn Smart FGIA CAHRI), is that less is more. When you’ve done anything for a while, you forget how much you assume is common knowledge. The content that most resonates with people is the simpler stuff. For example, the most downloaded resource on the EI platform is an introductory training package on conflicts of interest.
Risk building blocks
The book was a potent reminder of the need for simplicity. The risk universe is expanding. A natural response from those with deep pockets is to build more controls (including hiring huge teams). In those cases, I don’t see improving risk maturity; I see dependency and compliance. Not good. Faced with complexity, we must simplify, not overcomplicate.
So, how? Looking at the building blocks of risk, duh! Proper risk management is the distillation of all that could go wrong into that which might and that which you really don’t want to go wrong. If that’s a bit abstract, think of a time you rented a car (or bike) on vacation. Did they offer myriad insurances – windscreens, breakdown assistance, reducing the excess, fully comprehensive, etc.? Did you take all? Probably not. Why? Because you made an assessment balancing what might happen, your resources, and what you really want to avoid.
Teaching people to fish
If I can help people new to risk or in newly created risk roles to improve relevance, better use resources, AND simplify, we might finally get to a state where risk has a seat at the strategic table. How?
To put a bit more flesh on the bones, we’ll start with an introductory phase – getting on the same page around terminology, relevant regulations and standards, and understanding what you do and your organisation. We’ll also use a few surveying tools to inform our program design for you. We’ll then have a 1:1 call to discuss the results, your aspirations, and questions. This initial diagnostic will inform the following pillars of the program:
- Rightsized risk frameworks – assessing the risk landscape in your organisation (what might +/- impact you). Aligning values and vision with risk, and what to do if there’s a disjoint. Defining risk appetite and tolerance and creating a strategy – intelligent design to avoid issues before they arise.
- 360° threat assessment – understanding sources of potential threats, identifying and assessing the intent and credibility of threat actors. This pillar helps us ensure we’re focusing our risk mitigation resources and controls where they’re most needed.
- Resilient 3D controls – identifying and protecting your organisation’s crown jewels. Considering how our security posture can +/- our potential vulnerability to risk. Reviewing which controls are improving, static, or deteriorating – risk evolves, and we need to do likewise. This pillar concludes with a gap analysis, identifying weak spots using our proprietary tools and software – a 3D risk scan.
- Impact mitigation matrix – now that we know about threats and our potential vulnerability, it’s time to prioritise – not everything needs to be done at once. We’ll cover probability and impact estimation models that actually work, developing a rightsized and comprehensive register and matrix for you. As we look at risk reduction, we’ll also consider social and community issues, stakeholder mapping and engagement, and how to sell risk and make it add revenue to your organisation.
- Strategic risk – this pillar should be the most fun, as it’s about making you the superhero: how to build trust and engage with different audiences. Using better decision-making models to create resilience as a value in your organisation. Creating content that people want – user experience. A dip into behavioural analysis (how we learn, forget, communicate). The goal is to make you the organisation’s trusted advisor – the go-to to make better decisions and create the right opportunities.
What next?
If this sounds like it might be of interest to you or someone you know, pass it on. There is a limited place left in the (heavily discounted) beta program where you’ll get one-on-one guidance.
If you have any questions (including the bonuses and guarantees), message me 😊.