Latest Blog

I’m off to Virginia Beach later this month so it seemed fitting that today’s post has a beach theme. This quote comes from Chapter 7 of Nathan Englander’s book “The Ministry of Special Cases” and you should remember these words whenever someone like me asks you to think about your organization’s risks.

“It’s like standing in the ocean and facing the beach.  It’s up to you to know what’s behind you. There’s always another wave coming, building in force and crashing down.”

In the novel Time and Again by Jack Finney, he writes about Einstein’s theory of time travel this way: “we’re mistaken in our conception of what the past, present, and future really are. We think the past is gone, the future hasn’t happened, and that only the present exists. Because the present is all we can see. It’s only natural. (Einstein) said we’re like people in a boat without oars drifting along a winding river. Around us we see only the present. We can’t see the past, back in the bends and curves behind us. But, it’s there.”

Since risk management is about predicting the impact and likelihood of future events I will borrow Einstein’s river analogy to explain.

As the risk manager drifts forward along the river she knows that there is something around the bend. But what is it? If she is observant enough to see small rocks in the river right now, she can use that knowledge to predict that there may be larger ones around the bend. And if she watched too many cartoons as a kid there is a good chance that a giant waterfall may be around the bend and she will plunge to her death. Or there may be no peril at all. She won’t know until she knows.

Any auditor with a cheap pair of hiking books and some rope can tie up the boat and walk back to a bend in the river to see the past; but to be a great risk manager one needs to be able to imagine the endless possibilities of hazards around the forward bends and ensure one is prepared for all of them.

Pick your risk manager carefully and don’t presume just because someone with boots can walk to the past they are qualified to drift into the imaginable future.



If you’ve ever had the pleasure of putting many people in a room to discuss and assess risks you’d know that not everyone assesses every risk the same way. To some a particular risk is high, while to others it is low or non-existent (“C’mon, that’s not a risk!”)

But why is that?

In a 2011 article by Dan Lovallo and Daniel Kahneman, they explain that executive are “overoptimistic” which can be traced to “cognitive biases – to errors in the way the mind processes information – and to organizational pressures”.

They go on to write that this optimism is “unavoidable” and “it’s unlikely that companies can, or would ever want to, remove the organizational pressures that promote optimism. Still, optimism can, and should, be tempered.”

Finally, on the subject or managing the risks associated with projects, they write:

When forecasting the outcomes of risk projects, executives all too easily fall victim to what psychologists call the planning fallacy. In its grip, managers make decisions based on delusional optimism rather than on a rational weighting of gains, losses, and probabilities. They overestimate benefits and underestimate costs. They spin scenarios of success while overlooking the potential for mistakes and miscalculations. As a result, managers pursue initiatives that are unlikely to come in on budget or on time – or ever deliver the expected returns.

Perhaps the next time you hire someone to perform a risk assessment or to manage a project, you should consider someone with a background in psychology instead of a professional accountant or PMP.

Quotes courtesy: Delusions of Success by Dan Lovallo and Daniel Kahneman. Harvard Business Review on Making Smart Decisions by Harvard Business Review (Apr 12 2011)

With the news this morning that your eHarmony or LinkedIn password was posted on a Russian website, people are frantically changing their passwords today. Or so one hopes.

Why all the urgency?

Should anyone be concerned that some troublemakers are going to hack your LinkedIn profile and change your Harvard MBA to one from Ohio State (oh the humanity) or change your eHarmony preferred mate preference from athletic to BBW (oh the humanity)? What you should really be worried about is that your stolen password can also be used to access your bank accounts or email. (Oh, I hadn’t thought about that!)

In truth, the posting of passwords probably doesn’t matter because according to a 2011 study of passwords, it was revealed that the most common passwords are the following:

1. password
2. 123456
4. qwerty
5. abc123
6. monkey
7. 1234567
8. letmein
9. trustno1
10. dragon

Shocking isn’t it? (I can believe people actually use ‘monkey’ as a password. Huh.)

This article also goes on to list some suggestions for creating and maintaining a secure password:

1. Vary different types of characters in your passwords; include numbers, letters and special characters when possible.
2. Choose passwords of eight characters or more. Separate short words with spaces or underscores.
3. Don’t use the same password and username combination for multiple websites. Use an online password manager to keep track of your different accounts.

I recommend one takes security a step further and also applies the same methodology that author Charles Lutwidge Dodgson employed in selecting his pseudonym Lewis Carroll.

Select a two word password and convert the first word to Latin and then back to English. Next take the second word of your password and convert it to the Latin and then back to Irish. Switch the first and second words and you have a password. Oh ya, and add one of these thingies too: & % $ or @.

Many of us are familiar with Jean Valjean, the protagonist from Victor Hugo’s novel Les Misérables, made more famous in the 80s thanks to the musical of the same name. In the story, Monsieur Valjean is sent to a prison camp for stealing a loaf of bread: 5 years for the crime and 14 more for attempted escapes.

Jump forward 200 years and people are no longer stealing bread but generating losses on a much larger scale for their financial institutions. Last year it was $2 billion and UBS and today it is $2 billion at JPMorgan (which appears to be the Magic Number).

When these things happen someone has to be blamed. Someone has to be fired. The media, the public, the shareholders demand it. Last year we had Oswald Grübel, Maureen Miskovic, Kweku Adoboli and now we have Jamie Dimon, Ina Drew and Bruno “The London Whale” Iksil.

I get it that people make mistakes. I never get mad at my kids when they make a mistake on a test or get a poor grade; I try to help them learn from the mistake, understand what they did wrong so they don’t make the same mistake again.

That said should any of these well paid folks at JPMorgan be fired for their mistake? Probably not because that would be too easy.

But $2 billion is a lot of bread and so is the $30 million that Ina Drew reportedly made over the last two years. If she (or any of the others) is the one responsible I propose JPMorgan pulls a Jean Valjean on her: make her work the next 19 years for free but someplace else in the bank. She’s pretty smart. The bank should benefit from her skills just make it someplace more junior like an accounts payable clerk, a greeter in a branch, or on the help desk resetting passwords.

To someone making $15 million that sort of of role might be as bad as hard labour.


In Stephen King’s novel, Under the Dome, a small town in Maine becomes suddenly cut off from the outside world by “an invisible barrier of unknown origin”. If that sounds a bit too much like the Simpsons Movie or science fiction for you, simply replace the dome with any other sort of hazard (earthquake, avalanche, flood), force good (and bad people) to fend for themselves and watch mayhem ensue. It was an excellent book.

Without getting into the details of the plot and characters it made me think about disaster preparedness: lots of folks had generators but not enough propane to power them and one resident ran out of her OxyContin.

Like all things risk management, we know preparation is important but we rarely make time for it. In my home we have a large stockpile of food in our basement but I must confess this is has less to do with disaster preparation and more to do with excellent sales. While we probably have enough cans of corn and boxes of Quaker Harvest Crunch to feed the family for a week, I am not sure how useful those cans of Hunt’s Manwich or Tuna Helper will be without ground beef and milk respectively.

According to the Government of Canada, in addition to canned goods and 2 litres of water per day per person, other items to have are a manual can opener (duh!), a flashlight and batteries, a wind up radio (I have a wind up radio with a flashlight!), a first aid kit, extra keys and cash.

I highly recommend the cash. As my classmate Anne Marie once said on the first day of B-school: “cash is primordial”. When I think back to August 14, 2003, when the lights went out in the northeast, I stood in the concourse of my office building and took note that the ATMs a few yards away were still running on emergency power. However I went back to my office first (elevator to 3rd floor still running on emergency power) to get my belongings, but when I returned the cash machines were out of juice. Lesson learned.

Next week (May 6-12, 2012) is Emergency Preparedness Week so have a read and get prepared.


If there are two things you have noticed about this blog, I often write about zombies and the Moment of Risk Enlightenment. Today’s post combines both.

(Note: This post contains spoilers about season two of the Walking Dead.)

I was catching up on season two of the “post-apocalyptic” television show The Walking Dead this week. In episode seven the survivors learn that the Greene family barn is full of walkers (zombies). Up to this point the farm represented a safe haven; they had not seen any walkers on the farm since they arrived. Impact and likelihood were low. But was it?

As guests on the Greene farm for some time they were completely unaware that the walkers were locked in a barn 100 yards away, but once they experienced their Moment of Risk Enlightenment they felt: impact catastrophic and likelihood extremely likely.

Inherent risk didn’t actually change, only their perception changed once they became aware that the only thing between them and death were a few padlocks and a fence.

Always try to assess your risks accurately and objectively. Try to keep emotion out of it to ensure they are properly prioritized.

Perhaps one of the most famous movie quotes from my childhood was from the 1980 movie ‘The Elephant Man‘ based on the life of Joseph (John) Merrick, a severely deformed man in 19th century London. At one point in the film Merrick cries out to an angry mob “I am not an animal! I am a human being! I … am … a … man!”

After all, does it really matter what we look like, how much money we make, where we pray or who we cuddle up with at night? No, because we are all just human beings.

Last night I had the pleasure of attending an event by Dave Howlett, RHB. I had met Dave a few times over the last ten years as his wife and I were B-school classmates. I had heard about his lectures before so when the opportunity arose to attend I jumped at the chance.

Dave is not Tony Robbins, Dr. Phil or some other third guy who talks about stuff. Dave promotes the philosophy of Real Human Beings. Dave just wants everyone to be a “good guy”.

This is not new idea but the recent Occupy Wall Street protests suggest it is gaining steam. Ted Coine recently asked “What ever happened to the common good”, and I echoed his sentiments in my December 2011 post.

The premise of being a good guy is pretty simply. While everyone would benefit listening to his presentation, you can literally learn the good guy rules from a t-shirt:

  • Assume everyone is intelligent
  • Have passion for what you do
  • Get over yourself.

After I heard Dave’s good guy philosophy I thought “hey, I am a good guy, I am already doing the good guy things, I am a Real Human Being”.

So when you think about it, if you’re a good guy don’t you only want to work with and for other good guys? I would.


In the series A Song of Ice and Fire which begins with the book A Game of Thrones, by George RR Martin, we are introduced to the Wall and the Night’s Watch.

The Wall is an immense fortification on the northern border of the Seven Kingdoms that defends the realm from “what lies North of the wall”. It was created over 8000 years ago and measures 300 miles in length and 700 feet in height.

The protectors of the Wall are a military order clad in black known as the Night’s Watch and they are as old as the Wall itself. While kings come and go and wars are fought in the Seven Kingdoms, the Night’s Watch’s allegiance is always to the realm.

As I see it, the wildlings and Others which lie North of the wall are risks to Westeros; the wall is the risk management; and, the Night’s Watch are the risk managers.

A couple of other takeaways from this analogy:

1. The Lord Commander, the final authority over the Night’s Watch is like our modern day Chief Risk Officer. What’s interesting is that unlike in the rest of feudal Westeros where only lords and knights rise to positions of authority, the Night’s Watch is a meritocracy. Even a common man can rise as high as Lord Commander. (Read: You can make anyone with strong leadership skills the CRO. The position doesn’t have to be filled by anyone else from the C-suite and they definitely don’t have to be a professional accountant.)

2. Like the Night’s Watch who has an allegiance to the realm, modern day risk mangers should only have an allegiance to the organization and shareholders and never to the CEO, CFO or gods forbid the head of internal audit.  This approach has worked for 8000 years for Night’s Watch so it should work for your organization today.

Finally, when someone joins the Order they take a vow; this is known as “taking the black”.  As you read this, consider how today’s risk managers should also take a vow like this:

“Night gathers, and now my watch begins. It shall not end until my death. I shall take no wife, hold no lands, father no children. I shall wear no crowns and win no glory. I shall live and die at my post. I am the sword in the darkness. I am the watcher on the walls. I am the fire that burns against the cold, the light that brings the dawn, the horn that wakes the sleepers, the shield that guards the realms of men. I pledge my life and honour to the Night’s Watch, for this night and all nights to come.”

Last week Ted Coine asked ‘what ever happened to the Common Good?’ At some point people stopped doing the right thing and started putting their individual selfish interests ahead of those of their organizations, countries or kingdoms: UBS, the nation of Greece, Queen Cersei, etc.

These days we see squabbling in Washington over the budget because no one wants to do the right thing for the country. Everyone talks to the hand about cutting costs so long as it is not in their backyard.

Just read Sen. Tom Coburn’s (R-Oklahoma) new report on wasteful government spending issued this week to learn about the $936,000 spent to stimulate online soap operas or $75,000 to promote awareness about the role Michigan plays in producing Christmas trees & poinsettia. Dr. Coburn writes: “Over the past 12 months, politicians argued, debated and lamented about how to reign in the federal government’s out of control spending. All the while, Washington was on a shopping binge, spending money we do not have on things we do not absolutely need. Instead of cutting wasteful spending, nearly $2.5 billion was added each day in 2011 to our national debt, which now exceeds $15 trillion.”

What happened to spending for the Common Good?

For those of you who believe $75,000 is not material when compared to $2.5 billion I say shame on you. It’s all those small, stupid expenses that add up. When times are tough at home we stop buying $5 lattes and eating out and shift our spending to what we need and make peanut butter sandwiches every day. (See Maslow.)

Finally, in A Game of Thrones, when Ned Stark became the Hand, King Robert wanted to hold a jousting tournament to honour the new Hand. But when Stark met with his council and learned that the kingdom was practically bankrupt Ned insisted that they don’t hold the tournament as they could not afford it. And besides, he didn’t want it.

The point I am trying to make is that anyone can spend money; but it takes a strong, responsible leader like Ned Stark to not spend it and make the tough decisions for the Common Good.