Category Archives: OrgBio

MCEFing the Gap – Introduction

Posted on by
1

Organizations are created to achieve objectives of a board of directors or the equivalent.  The challenge has been how to enable an organization but also protect the resources entrusted to it by its owners.  That is, how do you both Control and Enable an organization? The COSO Framework frames the question of Control but does not address the other side of the coin, things like employee-motivation, capitalizing on opportunities, customer service or the outcomes of public policy.  These are examples of what I call ‘Enablement’.

Continue reading

COSO – Mind the Gap

Posted on by
1

The author completed a COSO certification course, appreciating its quality despite previous frustrations with online learning. However, the course fell short in addressing the practical deployment of COSO, leaving gaps in internal-control specifics. Nonetheless, COSO promotes adaptability for organizations, suggesting they can customize the framework to better suit their needs.

Continue reading

COSO Competitors

Posted on by
1

This is the third in a series of the internal control.  The first blog, Internal Control and COSO, introduced this framework including highlighting some of its short comings.  The second blog, A List of Internal Controls, attempted to create the most comprehensive list of controls ever constructed (or that at least I could find). This blog asks the question, “does COSO have competitors or is there a better control framework out there?“.

Continue reading

Neuroplasticity and the manager

Posted on by
Reply

The more we understand about how the brain works the more almost magical it appears.  At one time we had a very mechanical view of the brain in that section A controlled sight and section B over there managed the left thumb. Norman Doidge is a doctor and an author who has helped us realize that the brain and our very understanding of our mind is much more nuanced, complex and wonderful.  In his late (ish) book, The Brain’s Way of Healing [1] he takes us through a series of case studies and current understanding of the brain.

Read My Crib Notes

I thought the subject matter of the book interesting enough to jot down some crib notes which are available in a previous blog, Book: The Brain’s Way of Healing.  If you are not up to reading the whole book, feel free to peak over my shoulder at my crib notes.

How Is a Brain Like Your Organization

In many ways our understanding of organizations and the brain have taken parallel tracks.  Historically we knew that they both accomplished things but their exact roles and processes were complete mysteries.  As science, engineering and society has evolved we have gone through periods of understanding in the context of the time.

In the earliest times it was an absolute mystery.  As western medicine evolved, the brain was seen as a mechanical organ with specializations.  In parallel, organizations were being understood from a mechanical model through the work of such titans as Frederick Taylor (Scientific Management).  During the 1950’s to 1990’s the workings of the brain went from a mechanical view to one of a highly integrated system with the ability of one part taking over the function of a defunct section of the brain – the basis for the science of neuroplasticity.  At the same time organizations evolved from a hierarchical function based structure to adopting a more agile team based one.

Today we have a profound understanding of the workings of the brain.  Among those understandings is the realization that skills, thoughts and memories are not fixed in anyone spot or location but are held collectively within a larger neural system.  Ultimately this distributed model is much more robust and resilient than the strictly mechanical model – although infinitely more complex as well.

A Good Read and Final Lessons for Organizations

So if you enjoy the bio sciences (or even want a better understanding of how your noggin’ works) then take a read of Doidge’s book.  If you want to be a better manager then recognize that how the organization works is likely invisible to you – just like that memory or skill in your own brain.  While you may not have direct control you can also nurture and support this reality be establishing effective structures, resources and then stand back to be amazed what good people can do.

[1] The Brain’s Way of Healing: Remarkable Discoveries and Recoveries from the Frontiers of Neuroplasticity. Norman Doidge (Author)

April 2018 – A Photo a Day

Posted on by
Reply

Based on a promise to ‘Pay Attention‘, this is one of six blogs with the good intention is to publish a photo a day of my six month adventure in Vienna with a caption and thoughts on the image. Note that the publication date and the date when the photos were taken are not the same. Enjoy my (manly) scrap-book for future memories… take that future dementia!

PS… Be patient and wait for the pictures load…

April 30: The last photo of the first full month in Vienna of six months.

Hiking through the vineyards near Bad Vöslau

April 29: More on the theme of nailing into wood. This tree (behind the glass and named Stock im Eisen) is believed to be from the 15th century with numerous legends of its pedigree (including being the last tree of a sacred grove).  Now a seldom notice albeit prominant feature in Stephensplatz.

Stock im Eisen, Stephensplatz

April 28: Wehrmann in Eisen; I came across this unusual sculpture walking home last night.  Underneath about 500,000 nails is an original wooden sculpture create in 1915 in support of the war effort.  The first nails were pounded by the German and Turkish ambassadors, Austria’s allies in that conflict a century ago.  Taken with my phone, I may need to go back and try for a better shot with a better camera.

Wehrmann in Eisen, Vienna

April 27: I have found the perfect pair of conservative accountant’esque shoes.  Near my office which is also home to some fabulously expensive shops selling things the rich do not really need but covet for that exact reason.

April 26: A quiet moment on the inner-city’s ring road.  Of course the reason there is a nice ring road is that it is where the city walls used to stand until a few hundred years ago.

A quiet moment on the ring road

April 25: Vienna is surrounded by woods and working farmland.  To this end, Vienna produces its own wine on the slopes both within and visible from the city centre.  This is looking east toward the Danube and across one of these vineyards.

North Vienna looking across vineyards east to the Danube.

April 24: these two gents retrieve junk from the Danube canal.  They either sell the scrap or they offer tourists a chance to throw the lanyard weighted with a magnet into the canal.  Donations are encouraged.  Note their faces were obscured upon request.

Fishing for metal in the Danube.

April 23: take a break cycling on the Danube north of Vienna.  A couple also enjoying a sunny and bright moment.

The Danube, north of Vienna

April 22: Did you ever have one of those days.  What started out as a brilliant plan to photograph 8 ‘scholosses’ in 8 hours was set asunder by the massive Vienna marathon and bike malfunction.

The fun category of runners turning west by the Opera.

April 21: Unfortunately the video did not turn out.  What is missing from this picture is the cacophony of sound.  Dozens of vegetable sellers singing/yelling about their wares.  You would be forgiven if you thought you were in Istanbul rather than Vienna.

Bauernmarkt Lebinizgasse

April 20: last weekend a huge bike event was in Vienna.  In addition to going around in circles there were also BMX jumps and dozens of displays and vendors.  A cyclist’s Nirvana.

April 17, 18 and 19

The Danube Island

Looking south on the Danube and end of the Danube island.

A cyclist rides past the stadium bridge with a back drop of spring leaves

April 16

The fellow in the reflective vest has responsibility to assign grill spots.

Just one of hundreds of grills along the Danube on a Sunday afternoon. The vast majoring being ‘turkish’ the smells, families and kibitzing was wonderful.

April 8-15

Canada lost 16 active people in horrific traffic accident in Saskatchewan late on April 6. As a form of remembrance (the whole point of this blog series), the next photos are simply of beauty. Enjoy and hug your kids/parents today if you have them close by.

April 7

Sometimes the seemingly easiest things are the hardest. Take finding a shower squeegee. 10 stores later I finally found the last one in all of Vienna (only a slight exaggeration).

April 6

April Budding in the bushes noted en route to work.

April 5

Candle stick holder in one of the chapels of the Heiligenkreuz Monastery

April 4

One of at least 3 grocery stores within easy walking distance from my apartment.

April 3

There is a lot going on in this photo. Firstly my trusty folding bike (thanks Rhonda!) on the Danube River with a barge sailing just out of left side of the picture. It is going under a major roadway containing automobile, metro and pedestrian traffic. In the background you can see the Vienna international centre as well as the office buildings springing up around this complex .

April 2 – Shopping on an Easter Sunday

Walking into the Billa shown below in the Praterstern train station you could be forgiven thinking that a major story was looming for Vienna. Every isle is full of people and there is a frantic sense. Instead, this shop is simply one of the few that is open on Sundays. As a result, it draws people from all over Vienna for forgotten items or even a weekly shop.

One of the few grocery stores open on a Sunday in Vienna. This one is found in the Praterstern train station.

April 1 – Karlskirche

Karlskirche – the Centre piece of Karls Platz.

Six months of paying attention

Posted on by
3

For the next six months I want to try to pay attention. Okay a bit of background, I am living in Vienna for the next six months (see the ‘Why Are You Here‘ blog for more details) so my environment is easy enough to be cognizant of,but there is a wee bit more to paying attention but first Vienna.

A City That  Demands Attention

Vienna is a city that demands attention – looking West toward the Hofburg.

Walk through the inner city of Vienna and you see life. The city has not been hollowed out and shifted to the suburbs such as like many North American cities.  A good social safety net also means that the number of street people are few.  The city itself has been reborn since its levelling seventy+ years ago under Allied bombing.  In other words, no matter where you look, there is something to see.

But this is no Disneyland caricature, Vienna is a living city and is proud of its imperial past but also secure in its current republic.  The public buildings are imposing but used everyday for the business of government.  The public art has been on display for decades or centuries and serves to improve the lives of the current and future generations… well on and on – the point is that Vienna is a cool place to pay attention to!

More than Old Buildings – Avoiding New Technology

There is another reason that I want to consciously pay attention for the next six months, the corrupting influence of technology.  Okay, this is not a ‘Luddites Unite – You Have Nothing to Lose But Your Cat Videos‘ post.  My point is that we need to spend less time seeing the world through the camera lens of our smart phone and more enjoying the world’s splendor/horrors with our own eyes.  By taking at least a few minutes a day to look around, walk on an opposite side of the street from the norm or take a different route to work – we can provide a small challenge to our brain to pay attention.  By doing so we can also train our consciousness to look not in the context of a meme, post or headline but in a way that we were meant to – as part of a series of inter-locking communities.

What Matters Gets Photographed

So, here is my plan to actively look about – I will select a single photo a day and post in a running blog for a particular month.  Okay, I get the irony that I may be using a smart phone and technology to do this, but do so suitably harnesses the machine rather than being enslaved by it.  As a bonus, I will get an electronic scrapbook of sorts.  Heck, it might even delay dementia by going back and saying – ‘I remember that image, it is because I crossed to the other side of the street that one day and saw…’ 

Hopefully you enjoy my ‘scrapbook’ and keep an eye out for blogs such as this one: March 2018 – A Photo A Day.

March 2018 – A Photo A Day

Posted on by
1

Based on a promise to ‘Pay Attention‘, this is one of six blogs with the good intention is to publish a photo a day of my six month adventure in Vienna with a caption and thoughts on the image. Note that the publication date and the date when the photos were taken are not the same. Enjoy my (manly) scrap book for future memories… take that future dementia!

March 31

March 30

March 29

Easter in Vienna, the bunnies are everywhere!

March 28

Traditional clothing is still worn extensively during celebrations. One advantage is that the style is functional. Here you can buy a Dirndl for only a few hundred Euro.

March 27

A train on the U2 line crossing the Danube. Part of the extensive public transit service in Vienna.

March 26

This is the east entrance to the Hofburg, the former imperial residence. Now where I go for meetings.

March 25

Year round bikes are a key transportation means.

March 24

Street Trams (strassebahn) are still a key feature of public transit in Vienna. Most people are aware and accidents appear to be infrequent.

March 23

One of a number of churches in the inner city. This one is Schotten Kirchen. It is so named as it is near the former Shotten Tour/Gate in the old city walls.

March 22

Easter markets are smaller than their Christmas counter parts. Mulled wien, treats and crafts can be purchased in both.

March 21

Not all of the attractions in Vienna are vernable. A ‘social club’ is perhaps an example’

March 20

Detail of statutes gracing the top of the parliment buildings. Framed against an unusual blue Vienna sky.

March 19

Easter Decorations on a balcony of a business in the inner city. Similar decorations are placed on the barren branches of trees.

March 18

Horse drawn carriages are a touristic fixture. Here this one is riding toward the St. Peter Catholic Church in the inner city.

March 17

A detail of a decoration on a building (housing Chanel) showing the excellent public art.

March 16

Practical Risk Management Model

Posted on by
1

Is traditional risk management practical?  If so, why do so many organizations struggle to do it well?  As a quick refresher here are the three steps of virtually all risk management methods:

  1. Establish business objectives.
  2. Identify and quantify some or all of the risks that may prevent the organization from achieving these objectives.
  3. Figure out what you are going to do with the resulting risks (e.g. ignore, manage, transfer, assign owners, etc.).

An Practical Risk Management Method (PRMM)

What makes risk management impractical is that it is often a bolt on and/or a parallel activity.  In addition, risk management often gets bogged down in too many risks and not enough value add (see my blog “Guns, Telephone Books and Risk?” for more on this).  PRMM recommends the following steps:

  1. Planning = Risk Management. Incorporate risk management into existing operational, tactical and strategic planning; don’t separate the two.  Why?  Because planning is how organizations manage uncertainty which is a fancy name for Risk.
  2. Are You Any Good at Change? Evaluate how well your organization responds to change (e.g. when uncertainty becomes certain).  When the unexpected happens, was your response chaotic and uncoordinated or did it go more or less to plan?
  3. How Strong is your ARM? ARM or Antifragile Risk Management is a system that focuses on building robust and resilient organizations.  While step 2 above measures the organization in action, this step anticipates your organization’s uncertainty resiliency.
  4. A Certain Test of Uncertainty.  The organization’s risk/opportunity log is used to stress test the work done above.  Testing measures the robustness of the organization and the scope and reasonableness of the collected risks.  This is the traditional risk management step in PRMM.
  5. Don’t Stop. Modify/improve your plans and keep going.  All of the above activities are meant to be both periodic (e.g. the annual planning process) or continuous.

My next blog are some thoughts on step 1 above, integrating risk management into the planning processes of the organization.

Enterprise Risk Management – And a bit of Sales

Posted on by
Reply

In my ongoing effort to remember what I read, a few notes about a book on Enterprise Risk Management: Mastering 21st Century Enterprise Risk Management: Firing Dated Practices | The Best Practice of ERM | Implementation Secrets; by Gregory M. Carroll. 

Full Disclosure: Fast Track Founder

Before going any further, the book is written by the founder of an Australian company, Fast Track, which sells ERM and compliance software.  On the one hand there is a bias in the book toward the software.  On the other hand, EXCELLENT!, the company has been thinking about ERM for more than 30 years, who better to comment.

The ERM I Was Expecting

I have been on the periphery of the Risk Management Biz for most of my career and it never impressed me very much.  It seemed like a bolt on activity to compile a ‘telephone book‘ of risks that would never happen.  Worse, risk management takes precious management and organizational time away from operations which ironically increases risks.  This is not to discount the value of risk management though and having mitigation plans for many of the likely scenarios (hacks, robberies, natural disasters, etc.).  Starting with mitigation is why I wrote the blog series on ‘Anitfragile Risk Management (ARM)‘.

This book is short (about 80 pages) and has some good practical advice on ERM.  I would not buy the full version but definitely take a good skim/read via your public libraries online services.  The following 5 items are my key takeaways from the book; there are more but these are ones that I will likely return to a few times.

  1. Risk Management in 30 Seconds.
  2. Acknowledgement that Risk Management is a Dark Art
  3. The Nature of Risks
  4. Risk Management is Really Opportunity Optimization
  5. Ten Rules for a Successful IT Project

Carroll presents a vision or ERM that is much closer to my view of ARM… to a point.  So notes on the great points he makes in his book and the limitations of thinking about risk management when you are in the business of selling ERM systems (these editorial comments are in italics).

Risk Management in 30 Seconds

In ten paragraphs, Carroll runs through what is Risk Management, the summary of the summary is as follows (pp 4-5):

  1. 00:00 Definition: The level of uncertainty in any situation. Risk management is a system that identifies, quantifies and attempts to reduce or eliminate uncertainty.
  2. 00:25 Identification: ERM starts with a set of corporate objectives covering all aspects of the enterprise’s intents. Understand organizational risk appetite: the level of risk that can be tolerated on an on‐going basis.
  3. 01:00 Assessment: A subjective and preventive evaluation of each uncertainty in a specific area of operation by internal subject matter experts. A risk matrix grades the impact of a risk based on likelihood of it happening and the effect (consequences) if it does.
  4. 01:40 Control: A control is an action or measure that can alter an uncertainty.
  5. 02:00 Mitigation: Mitigation is a fancy word for an action that reduces or eliminates a risk.
  6. 02:45 Review: Review is value add and facilitates continual improvement.

This is a good overview and is entirely consistent with ISO 31000.  Carroll’s point in this section is that risk management is not especially difficult and that a simple framework can help you.  The ARM methodology turns the above 3 minute overview on its head however and places review and mitigation first and the other activities subordinate to these value add functions. 

Acknowledgement that Risk Management is a Dark Art

Carroll describes risk management as being 80% Art and 20% science (p. 12).  This is part of his view that organizational change and people management are central to an effective ERM systems.

Carroll is on the right track here but I would change his allocations slightly.  I would put the Art part as being 90%, the Process Changes as being 9% and the ERM system itself as being 1%.  Risk/Opportunity management is primarily a state of mind that is dependent upon trust, adeptness, competence of people.  An ERM without this is doomed to failure, an organization with these attributes already has an ERM system.

The Nature of Risks

Carroll differentiates between the ‘Nature of Risk’ and the ‘Types of Risk’.  Nature is a higher level classification that groups risks conceptually; how the risk presents itself and how it is subsequently managed (p. 13); they are as follows:

  1. Technical Risks are the broad group of risks whose state can be measured discretely and against which quantitative limits can be set and monitored. They are caused by variations that affect the system and are managed through use of mathematical models.
  2. Operational Risks are around the internal operations of a business, predominantly dealing with people, processes and systems and what most people think of in enterprise risk management.  Qualitative by nature, they tend to be caused by changes to organisation or behaviour, and are managed though process management.
  3. Security risks are aggressive actions. They are intentional in nature, as opposed to other categories which are consequential in nature. They are premeditated attacks which are managed proactively through surveillance and defensively though multi‐layered safeguards commonly refer to as “defence‐in‐depth”.
  4. Black Swan events are events in human history that were unprecedented and
    unexpected at the time they occurred. These once‐in‐a‐lifetime events are
    unpredictable, occur abruptly and catastrophic in nature.  Being unpredictable and occurring abruptly, the risk itself cannot be managed in a traditional sense, so we have to manage its effects using such methods as disaster planning and relief strategies.

Carroll acknowledges that the four presented are not meant to be exhaustive.  Nevertheless, this is a much better starting point than an exhaustive ‘type of risk’ listing.  The challenge I have seen with such lists is that very quickly organizations get bogged down into definitional quagmires.  The above list can be thought of as having multiple dimensions, for example internal or external to the organization.  

Risk Management is Really Opportunity Optimization

ISO 31000 focuses not on risks but on uncertainty which may be positive or negative to an organization.  Carroll’s book is generally upbeat about both although most of his examples end up being of negative variety versus positive.

This upbeat note extends into systems implementations.  Obviously his frame of references is for implementing an ERM system but his words of wisdom could be as easily applied to an ERP or other corporate system.  Nothing new here but still a good refresher:

  • People: The employees, managers, customers and other stakeholders.  In particular, what motivates your employees and how can you align a project to these motivations to be most successful.
  • Change Management: A project is not about the technology it is about how people will work once the project team has long gone.
  • The System and the Project: Lastly, how the project and system will be implemented and then used to support the above.

Ten Rules for a Successful IT Project

  1. Don’t outsource requirement planning.
  2. With software vendors, big is not necessarily best (Note, I think there is some bias here on the part of Carroll toward his software and away from the larger systems; this bias may be entirely justified but full disclosure nevertheless).
  3. Choose a ‘people’ project manager.
  4. Have a living risk management protocol.
  5. Ensure all stakeholders have “skin” in the game.
  6. Use an agile implementation technique.
  7. A quick game is a good game.
  8. Plan your testing.
  9. Training – Sell the benefits.
  10. Treat as a change-management issue not an IT project.

https://www.linkedin.com/in/gregorymcarroll

ASK-ACTION Emails

Posted on by
Reply

Have you ever gotten one of those rambling emails in which the request is buried somewhere in a sea of asides? Given that it is from your boss, you press on trying to divine what the &%#@^ she is asking for! (note, all examples are fictional and any resemblence between current and past bosses and this example is purely coincidental).

Alternatively, you receive an email that clearly articulates its purpose in the first two lines and a quick scan tells you what to do or even whether it is applicable to you. If you would rather receive (or send) the second type of email, read on to learn about the ASK/ACTION format.

What are you ASKing of me?

An ASK/ACTION Email looks something like this:

Ask-Action Email Format

The Elements of an ASK

There are four parts to an ASK/ACTION email that help to make it clear:

  1. SUBJECT:  that provides a summary and the deadline.
  2. ASK: What is the context for this email.
  3. ACTION: What do the recipient(s) need to do; a clear statement of what needs to be done, by whom and by when.
  4. BODY: Additional details as applicable.

After the two liner, additional information is provided to flush out the request.  Nevertheless, this is the ASK/ACTION email format.

Bonus Points and Additional Links

Some other thoughts and suggestions when using an ASK/ACTION email:

  • If you are using the Lost Assignment and Task Epidemic methodology, consider using the TASK name in the subject line.
  • Send one email for one ASK/ACTION; apologize though and note if multiple emails are coming through.
  • Personalize your emails if possible.
  • For group emails, consider following up with a short conference call to explain the ask, this allows for more than one channel of communication.
  • Send a meeting invite out as a reminder only, thus the above email would be converted to a meeting with a location of ‘Reminder Only’ for 2099-12-31 at 4pm.
  • Use the BCC to reduce email churn but notify people at the beginning, for example: You have been BCC’d to protect your privacy.
  • If you are including documents but have a shared repository (e.g. network drive, SharePoint, etc) note that there is a courtesy attachment but specify the master version with a link: Master Version: M-Drive:2098-2099\Analysis\HelpMe\.

Some other links and thoughts on this: