Monthly Archives: December 2017

Enterprise Risk Management – And a bit of Sales

Posted on by
Reply

In my ongoing effort to remember what I read, a few notes about a book on Enterprise Risk Management: Mastering 21st Century Enterprise Risk Management: Firing Dated Practices | The Best Practice of ERM | Implementation Secrets; by Gregory M. Carroll. 

Full Disclosure: Fast Track Founder

Before going any further, the book is written by the founder of an Australian company, Fast Track, which sells ERM and compliance software.  On the one hand there is a bias in the book toward the software.  On the other hand, EXCELLENT!, the company has been thinking about ERM for more than 30 years, who better to comment.

The ERM I Was Expecting

I have been on the periphery of the Risk Management Biz for most of my career and it never impressed me very much.  It seemed like a bolt on activity to compile a ‘telephone book‘ of risks that would never happen.  Worse, risk management takes precious management and organizational time away from operations which ironically increases risks.  This is not to discount the value of risk management though and having mitigation plans for many of the likely scenarios (hacks, robberies, natural disasters, etc.).  Starting with mitigation is why I wrote the blog series on ‘Anitfragile Risk Management (ARM)‘.

This book is short (about 80 pages) and has some good practical advice on ERM.  I would not buy the full version but definitely take a good skim/read via your public libraries online services.  The following 5 items are my key takeaways from the book; there are more but these are ones that I will likely return to a few times.

  1. Risk Management in 30 Seconds.
  2. Acknowledgement that Risk Management is a Dark Art
  3. The Nature of Risks
  4. Risk Management is Really Opportunity Optimization
  5. Ten Rules for a Successful IT Project

Carroll presents a vision or ERM that is much closer to my view of ARM… to a point.  So notes on the great points he makes in his book and the limitations of thinking about risk management when you are in the business of selling ERM systems (these editorial comments are in italics).

Risk Management in 30 Seconds

In ten paragraphs, Carroll runs through what is Risk Management, the summary of the summary is as follows (pp 4-5):

  1. 00:00 Definition: The level of uncertainty in any situation. Risk management is a system that identifies, quantifies and attempts to reduce or eliminate uncertainty.
  2. 00:25 Identification: ERM starts with a set of corporate objectives covering all aspects of the enterprise’s intents. Understand organizational risk appetite: the level of risk that can be tolerated on an on‐going basis.
  3. 01:00 Assessment: A subjective and preventive evaluation of each uncertainty in a specific area of operation by internal subject matter experts. A risk matrix grades the impact of a risk based on likelihood of it happening and the effect (consequences) if it does.
  4. 01:40 Control: A control is an action or measure that can alter an uncertainty.
  5. 02:00 Mitigation: Mitigation is a fancy word for an action that reduces or eliminates a risk.
  6. 02:45 Review: Review is value add and facilitates continual improvement.

This is a good overview and is entirely consistent with ISO 31000.  Carroll’s point in this section is that risk management is not especially difficult and that a simple framework can help you.  The ARM methodology turns the above 3 minute overview on its head however and places review and mitigation first and the other activities subordinate to these value add functions. 

Acknowledgement that Risk Management is a Dark Art

Carroll describes risk management as being 80% Art and 20% science (p. 12).  This is part of his view that organizational change and people management are central to an effective ERM systems.

Carroll is on the right track here but I would change his allocations slightly.  I would put the Art part as being 90%, the Process Changes as being 9% and the ERM system itself as being 1%.  Risk/Opportunity management is primarily a state of mind that is dependent upon trust, adeptness, competence of people.  An ERM without this is doomed to failure, an organization with these attributes already has an ERM system.

The Nature of Risks

Carroll differentiates between the ‘Nature of Risk’ and the ‘Types of Risk’.  Nature is a higher level classification that groups risks conceptually; how the risk presents itself and how it is subsequently managed (p. 13); they are as follows:

  1. Technical Risks are the broad group of risks whose state can be measured discretely and against which quantitative limits can be set and monitored. They are caused by variations that affect the system and are managed through use of mathematical models.
  2. Operational Risks are around the internal operations of a business, predominantly dealing with people, processes and systems and what most people think of in enterprise risk management.  Qualitative by nature, they tend to be caused by changes to organisation or behaviour, and are managed though process management.
  3. Security risks are aggressive actions. They are intentional in nature, as opposed to other categories which are consequential in nature. They are premeditated attacks which are managed proactively through surveillance and defensively though multi‐layered safeguards commonly refer to as “defence‐in‐depth”.
  4. Black Swan events are events in human history that were unprecedented and
    unexpected at the time they occurred. These once‐in‐a‐lifetime events are
    unpredictable, occur abruptly and catastrophic in nature.  Being unpredictable and occurring abruptly, the risk itself cannot be managed in a traditional sense, so we have to manage its effects using such methods as disaster planning and relief strategies.

Carroll acknowledges that the four presented are not meant to be exhaustive.  Nevertheless, this is a much better starting point than an exhaustive ‘type of risk’ listing.  The challenge I have seen with such lists is that very quickly organizations get bogged down into definitional quagmires.  The above list can be thought of as having multiple dimensions, for example internal or external to the organization.  

Risk Management is Really Opportunity Optimization

ISO 31000 focuses not on risks but on uncertainty which may be positive or negative to an organization.  Carroll’s book is generally upbeat about both although most of his examples end up being of negative variety versus positive.

This upbeat note extends into systems implementations.  Obviously his frame of references is for implementing an ERM system but his words of wisdom could be as easily applied to an ERP or other corporate system.  Nothing new here but still a good refresher:

  • People: The employees, managers, customers and other stakeholders.  In particular, what motivates your employees and how can you align a project to these motivations to be most successful.
  • Change Management: A project is not about the technology it is about how people will work once the project team has long gone.
  • The System and the Project: Lastly, how the project and system will be implemented and then used to support the above.

Ten Rules for a Successful IT Project

  1. Don’t outsource requirement planning.
  2. With software vendors, big is not necessarily best (Note, I think there is some bias here on the part of Carroll toward his software and away from the larger systems; this bias may be entirely justified but full disclosure nevertheless).
  3. Choose a ‘people’ project manager.
  4. Have a living risk management protocol.
  5. Ensure all stakeholders have “skin” in the game.
  6. Use an agile implementation technique.
  7. A quick game is a good game.
  8. Plan your testing.
  9. Training – Sell the benefits.
  10. Treat as a change-management issue not an IT project.

https://www.linkedin.com/in/gregorymcarroll

ASK-ACTION Emails

Posted on by
Reply

Have you ever gotten one of those rambling emails in which the request is buried somewhere in a sea of asides? Given that it is from your boss, you press on trying to divine what the &%#@^ she is asking for! (note, all examples are fictional and any resemblence between current and past bosses and this example is purely coincidental).

Alternatively, you receive an email that clearly articulates its purpose in the first two lines and a quick scan tells you what to do or even whether it is applicable to you. If you would rather receive (or send) the second type of email, read on to learn about the ASK/ACTION format.

What are you ASKing of me?

An ASK/ACTION Email looks something like this:

Ask-Action Email Format

The Elements of an ASK

There are four parts to an ASK/ACTION email that help to make it clear:

  1. SUBJECT:  that provides a summary and the deadline.
  2. ASK: What is the context for this email.
  3. ACTION: What do the recipient(s) need to do; a clear statement of what needs to be done, by whom and by when.
  4. BODY: Additional details as applicable.

After the two liner, additional information is provided to flush out the request.  Nevertheless, this is the ASK/ACTION email format.

Bonus Points and Additional Links

Some other thoughts and suggestions when using an ASK/ACTION email:

  • If you are using the Lost Assignment and Task Epidemic methodology, consider using the TASK name in the subject line.
  • Send one email for one ASK/ACTION; apologize though and note if multiple emails are coming through.
  • Personalize your emails if possible.
  • For group emails, consider following up with a short conference call to explain the ask, this allows for more than one channel of communication.
  • Send a meeting invite out as a reminder only, thus the above email would be converted to a meeting with a location of ‘Reminder Only’ for 2099-12-31 at 4pm.
  • Use the BCC to reduce email churn but notify people at the beginning, for example: You have been BCC’d to protect your privacy.
  • If you are including documents but have a shared repository (e.g. network drive, SharePoint, etc) note that there is a courtesy attachment but specify the master version with a link: Master Version: M-Drive:2098-2099\Analysis\HelpMe\.

Some other links and thoughts on this:

Citizen Centeric Experience – PwC Event 2017-11-24

Posted on by
Reply

In my ongoing effort to remember the key notes from events and conferences I have attended, some thoughts on Rethinking the Customer/Citizen Experience; 2017-11-24.  The overview blurb was:

We will look at transformation through the lens of both the ultimate end-user experience, and the internal employee perspective which inherently must be connected to successfully implement change.

Personas and Small Things Create Big Results

Two key themes that came out of the event.  The first was the use of personas to aid in develop a good customer experience.  The second was the importance of implementing big things through a series of small steps.

Personas

Developing a persona is an attempt to understand behaviors of customers/clients.  These are done to help frame development and make changes.  The recommendation is to limit the number of personas to less than six and ideally 3-6.  A single persona is then used to track a collective journey through a process journey.  One description of a persona is as follows (Adapted from Agile Modeling):

A persona defines an archetypical user of a system.  The idea is that if you want to design effective software, then it needs to be designed for a specific person. Personas represent fictitious people which are based on your knowledge of real users. Unlike actors, personas are not roles which people play. In use case modeling actors represent the roles that users, and even other systems, can take with respect to your system. Actors are often documented by a sentence or two describing the role. Personas are different because they describe an archetypical instance of an actor. In a use case model we would have a Customer actor, yet with personas we would instead describe several different types of customers to help bring the idea to life.

It is quite common to see a page or two of documentation written for each persona. The goal is to bring your users to life by developing personas with real names, personalities, motivations, and often even a photo. In other words, a good persona is highly personalized. 

Personas and the Public Sector

According to PwC, personas have been used successfully in various public sector organizations including the Canadian federal government.  My Spidey-risk-senses however went up over two aspects:

  1. The volume of the personas.  Governments do things that no one else wants to do, given the myriad of our product lines; can we realistically develop personas for the breadth of services provided?
  2. Personas as a Cause Celebre. What is the risk of personas becoming a political nightmare? Our society has become increasingly sensitive and intolerant to labels. What are the risks of not having the right personas to meeting a groups demands or having to remove a persona because it does not match an external groups political objectives?

Personas But Tread Carefully

The answer is to use personas but create them through engagement with those they represent. As well, some political mettle is likely required to explain to role of a generic persona that provides a model or analog to society at large (heck, is this not the description of a representative democracy!). Nevertheless, have an emergency risk mitigation plan for either the creation of politically mandated personas or for suppression/modifications of personas for similar political imperatives.

Other than these risks, using a customer experience focused technology methodology can be highly applicable to the public sector. Like most things though, the proof is in the execution and delivery. This leads us to the second part of the morning’s presentation –

Small Steps to Implement Big Change

I am a big fan of the Agile method (e.g. small successes building over a few weeks to a larger objective) versus waterfall.  My observation for governments though is that the larger organization has a hard time with Agile.  It is easier to understand and support a multi-year, multi-million dollar project (e.g. put a man on the moon by the end of a decade) than approve the objective but in a series of short sprints (e.g. what do you mean you plan to have 520 sprints to get a man on the moon!).

Of course I am not being entirely fair to governments in saying this.  After all, it was Apollo ELEVEN that landed on the moon, Apollos ONE through TEN were examples of very LARGE sprints. Nevertheless, here is my thinking about any project:

  1. Large objectives are fine (moon, replacing an aging system, etc.)
  2. The objective must be broken into a series of steps (phases, projects, etc.)
  3. Each step in turn should not exceed the following:
    1. Six months in length
    2. $500,000 in expenditure
    3. 25 people for the entire project team.
    4. Only start upon the successful completion or closure of a prior step.
    5. Turn over is limited but also encouraged, e.g. no more than ~90% of the team is the same project to project but no less than ~50% of the team has changed.
  4. The above measures can be an average for a system, thus
    1. Subsequent phases can get larger but only after smaller projects have successfully concluded
    2. Professional judgement and risk tolerance is encouraged so that the above is a strong guideline and not a set of absolutes.

 

 

 

2017 – Phranks Professional Development

Posted on by
Reply

As an accountant, I am both proud and obligated to report my Continuous Professional Learning and Development (PD).  The following are my calendar year 2017 activities which total more than 300 hours (which does not included are some of my social activities such as cycling and snowshoeing).  I have no problem making these as a public declaration given that accountants serve the public.  Within the comments field I will include the learnings, whether it is verifiable or not (e.g. I have a bit of paper to prove that I was there).

Date Event Time (Hours) Comments
2017 Awards and Nominations 20 Member of CPA Alberta awards and nominations committee.  This included attending meetings (~10 hours), reviewing and managing submissions (~20 hours) and developing future plans to improve public sector participation (see the blog series of the same topic).
2017 FMI – Disruptive Writers 100 Although I am only claiming 100 hours, this was actually about 200 hours of effort.  Nevertheless, some great learnings from this event including:
Sep 19 FMI – Lost Dutchman’s Mine 3 Attended and supported its promotion and planning.
July/ Aug Attended and participated in the GoA ERP planning sessions 5+ days for ~10 hours – Learned best practices of supply chain management.
– Participated in planning sessions for the GoA.
improved facilitation methods.
Jun 22 Forrester Briefing – Digital Transformation: Charting a Digital Strategy in the Age of the Citizen 2 Breakfast meeting with the topic of:Technology has mobilized citizens with information and access power they’ve never had before. That changing expectation compels government agencies and organizations to transform to meet their needs.  Attendees will: – Master digital’s new rules. – Learn how to differentiation through digital innovation. – Identify the technologies to transform your digital experiences and operations.
Jun 6 FMI Planning Session 2 Facilitated a planning session to establish the next year’s programming for the Edmonton Chapter.
May 17 GoA: Management Engagement Sessions 2 Facilitated session on employee engagement, management’s role and the GoA employee engagement program.
May 17 FMI: Building a Healthy Workplace 120
Apr 12 Public Institution Cyber Security Protocols Working Group Session 6 Facilitated and attended this work session between the Ministry of Advanced Education and Alberta’s post secondary institutions.  Focus was on how to harden cyber security.
Mar 30 CPA Alberta – Get Connected 2017 2 Attendance at the CPA Mixer between employers and new and existing CPAs.
Feb 26 Public Sector Certificate Level 1 40 For my thoughts on this program see my blog of the same name.
Feb 14 First Look at Microsoft Dynamics 365 2 Presentation by Sierra Systems providing an overview of Dynamics 365 technology.  Held at the Glenora Club.
Feb 9 The Alberta Economy – Between a Budget and a Hard Place 10
  • Attendance (3 hours).
  • Support the development of the pre-conference notes via my interns (Cox and Kaur).
Jan 31 People Leader Community Network – Info Session 1
  • Internal Advanced Education training session on leadership and sharing common methods among management.
 Jan 24 Field trip to Treasury Board and Finance 2
  • What is the role of TBF-Finance relative to the GoA finance function (e.g. inter-units, leadership, etc.)
  • What are some of the issues TBF has in consolidations, preparation of statements, etc.
  • What would a career look like in a corporate agency such as TBF for a new CPA
  • A demonstration of IBRS and how it helps to keep the TBF GL clean particularly through the RIA Module.
  • What is the role of the TBF budget team relative the ministry.
  • What challenges and advantages does your team have in preparing the Ministry budget relative to AE.
  • Discussion on your career trajectory and how a CPA helps you in your budget role.
  • Demonstration of your coolest Budget thing you are currently using
  • What role does a controller play in the GoA
  • As an overview, how are the GoA Financial statement consolidated and what are the issues and challenges of doing so
  • What projects does the controller office have underway that may affect AE finance/itm
  • What would a career look like in a corporate agency such as the controller’s office for a new CPA
 Jan 18 Blockchain Innovation Session #2 2 The role of block chain currently and in the future within the public service.  Presentations by PwC and current users.
322 Total Hours

2017-12-03 EBTC Highlands-Beverly Walking Tour

Posted on by
Reply

These are some notes from a December 3, 2017 historical walk I did for the Edmonton Bicycle and Touring Club.  This was a combination of a stroll, historical and social notes.  See my sources below if you want to read more.

Context: The Area pre-1914

  • The area was annexed by Edmonton in 1912, and “was named in a contest offering a 50-dollar Gold Bar.” [1]
  • The neighbourhood is bounded on the north by 118 (Alberta) Avenue, on the east by 50 Street, on the west by 67 Street, and on the south by the North Saskatchewan River valley. [2]
  • The community is represented by the Highlands Community League, established in 1921. [2]

The Walk

Points of interest and route

  • 01) Start: Highlands Community Centre, 6112-113 Avenue, Edmonton.
    • What was the area like at different epochs: 10,000 years ago, pre-Hudson Bay Company, HBC era and then in 1900.
  • 02) South to 112 Avenue; be careful crossing 112th street, look both ways for street cars… the last one ran in 1951 but they could start-up any time! [3]  The end of the line was at 112 Avenue x 61 Street [4].
    • The development of the area was predicated on a street trolley being built.
  • 03) Walk to 6229 111 Ave NW; the Carriage House; this is where they stored the carriages! [1, pp. 267-269].
  • 04) Walk to 6240 Ada Blvd; this is the mansion for Magrath, one of the two developers [1, pp. 257-259].
    • Lived with his wife Ada… notice a connection?
    • And their son Adrian.
  • 05) Walk to 6210 Ada Blvd NW, Holgate Mansion [1, pp. 259-260].
  • Walk along Ada Blvd East towards 50th Street.
  • 06) 50th Street, start of the Beverly Heights Neighbourhood.
    • Originally part of the Town of Beverly, amalgamated with Edmonton 1961. [5]
    • Edmonton assumed the town’s debt of $4.16 million debt ($34.0 million today).[6]
    • The neighbourhood is bounded on the south by the North Saskatchewan River valley, on the north by 118 Avenue, on the west by 50 Street, and on the east by 34 Street and 36 Street. [5]
    • Beverly incorporated as a village on March 22, 1913 and became the Town of Beverly on July 13, 1914. [6]
    • Beverly was a coal mining community that overlooked the North Saskatchewan River valley. During the first half of the twentieth century, more than 20 coal mines were active in and around the town. The larger mines provided much of the town’s employment. [6]
    • In 1907, construction began on the Clover Bar Bridge. The Grand Trunk Pacific Railway (GTPR) built its own bridge as it could not use the CPR High Level. [6]
    • The GTPR became the biggest shipper of coal in Alberta, with much of the coal mined in and around Beverly. [6]
    • The Great Depression hit Beverly particularly hard. In 1936, the town defaulted on its debt. [6]
    • A provincial administrator to manage the town from 1937 to 1948.
  • 07) Take Trail to the River
  • 08) Look downstream to the beautiful Rundle Park [7].
    • Named for an early Methodist missionary.
    • This was the site of the Beverly Dump.
    • As the community grew post amalgamation, there were calls to close the dump to reduce the smell, salvage men and the bears that inhabited the site.
    • Futuristic plans were drawn up… a more modest park was built-in its place in the mid-1970’s.
    • Rundle Park: With an area of 117.68 ha, the park was named for Rev. Robert Rundle. He was the first Protestant missionary to serve at Fort Edmonton and in fact the first permanent missionary of any church to settle west of Manitoba. In 1840 he came to Rupert’s Land at the request of the Hudson Bay. [12]
  • 09) The bridge to cross to the South Side of the river is named for Ainsworth Dyer, one of 4 Canadians killed in a friendly fire incident in Afghanistan [8].
  • 10) As you cross the bridge look for Gold Bar stream coming into the river.  Early miners panned for gold in the gravel bars here. [9. p.13]
  • 11) The Gold Bar Waste Water plant [10, p.6]
    • Open in 1956.
    • Waste water is sent to the refineries where it reduces their water needs.
  • 12) Take a moment to look north along 50th Street – yup no bridge yet. [6]
    • Promised a new bridge for vehicular traffic across the North Saskatchewan River at 50 Street, residents of Beverly cast ballots in a referendum regarding amalgamation with Edmonton in which 62% voted in favour. The 50th Street bridge has yet to materialize.
  • 13) Highlands Golf Course [1, pp.254-255] and [11]
    • Built in 1929  surrounding the Premier Coal Mine.
    • The original lease started in 1929 for a 21-year term with a 20-year option to renew (1970).
    • The current lease is for 50 years starting in 1989 with a 10 year extension.
    • occasional sink holes from the coal mine cause some trouble for the course.
    • The Capilano Freeway (now Wayne Gretzky Drive) impacted the golf course when it was constructed in 1969.

The Sources

  1. Historic Walks Of Edmonton, by Kathryn Ivany.
  2. Wikipedia: https://en.wikipedia.org/wiki/Highlands,_Edmonton.
  3. City Museum of Edmonton https://citymuseumedmonton.ca/2015/05/19/when-trolleys-came-to-edmonton/
  4. Street Car lines circa 1944; http://www.tundria.com/trams/CAN/Edmonton-1944.shtml.
  5. Beverly Heights: https://en.wikipedia.org/wiki/Beverly_Heights,_Edmonton.
  6. Beverly, Alberta: https://en.wikipedia.org/wiki/Beverly,_Alberta.
  7. Edmonton: A World Class Dump, Part Three – Salvage Men, Coal Mines, and a Futuristic Weir; https://citymuseumedmonton.ca/2016/12/06/world-class-dump-3.
  8. https://en.wikipedia.org/wiki/Tarnak_Farm_incident
  9. Nature Walks and Sunday Drives ‘Round Edmonton Paperback – Nov 14 2003 by Harry Stelfox (Author),‎ Gary Ross (Illustrator)
  10. Comprehensive valuation report; City of Edmonton – Gold Bar Wastewater Treatment Plant: http://webdocs.edmonton.ca/occtopusdocs/Public/Complete/Reports/CC/CSAM/2009-01-20/2009PW2573%20-%20Attachment%202rev.pdf
  11. Highlands Golf Course: http://www.highlandsgolfclub.com/About-Us.
  12. Wakahegan Trail Guide, 7th Edition.

Other Resources

  1. 1). Edmonton and District Historical Society, http://www.historicedmonton.ca.
  2. Highlands Historical Society Society, facebook.com/highlandshistoricalsociety