A 6-Part Tool for Ranking and Assessing Risks

CARVER is a system for assessing and ranking threats and opportunities. Developed during World War II, CARVER (then one letter shorter and known as CARVE) can be both offensive and defensive, meaning it can be used for identifying your competitors’ weaknesses and for internal auditing. In addition, many security experts consider it the definitive assessment tool for protecting critical assets.

Since it draws on both qualitative … [ Read more ]

How to Use Thought Experiments to De-Risk Your Startup

In the early days of building a company, it’s hard to step back and think about the bigger picture when there are always so many fires to fight or opportunities to chase down. That’s a shame, because looking at your business from a 50,000-foot view often reveals areas of misplaced focus or resource misallocation.
 
One technique that can break through the bubble of always being in … [ Read more ]

Julie Goran, Laura LaBerge, Ramesh Srinivasan

The critical question for executives concerned with their organization’s risk appetite is whether they are trusting their employees, at all levels, to make big enough bets without subjecting them to red tape.

Lower Your Startup Risk with this Template

After watching other founders – including myself – flail about, pivoting their way through the darkness, I’ve become obsessed with being more systematic and disciplined about entrepreneurship. So I decided to take Leo Polovets’ lead and standardize risk management into a single spreadsheet, which you can copy, download, or remix.

Sanjay Kalavar, Mihir Mysore

In our experience, it helps to think of a crisis in terms of “primary threats” (the interrelated legal, technical, operational, and financial challenges that form the core of the crisis) and “secondary threats” (reactions by key stakeholders to primary threats). Ultimately, the organization will not begin its recovery until the primary threats are addressed, but addressing the secondary threats early on will help the organization … [ Read more ]

Joseba Eceiza, Piotr Kaminski, Thomas Poppensieker

Nonfinancial risk has typically been addressed by one-off showcase initiatives based on a specific regulation or requirement, and left to experts in each field. What principles exist typically focus on adhering to formal standards and providing evidence that appropriate controls are in place. They are usually not embedded into the business but are instead delegated to risk and compliance departments, which have a limited understanding … [ Read more ]

A Comprehensive Approach to Managing Social Media Risk and Compliance

Traditional risk management policies and procedures were not designed for, quite literally, minute-by-minute monitoring of social media chatter to identify brand, strategy, compliance, legal and market risks.

Those risks are considerable. Financial institutions have had to shut down social media forums due to unanticipated negative feedback; the stock markets have been buffeted by fraudulent social network postings; businesses have had to change or rescind strategies … [ Read more ]

Are You Prepared for a Corporate Crisis?

No one can predict when disaster will strike—but knowing what to expect if it does will buy precious time.

Nonfinancial Risk Today: Getting Risk and the Business Aligned

Risk managers may argue that the basic principles of Risk and Control Management (R&CM) are well established, and indeed enshrined, in industry standards. The concepts may indeed be broadly known, but they are applied in such a scattered fashion that they are not fit for purpose.

The resourcing and costs of the R&CM approach should be aligned with the company’s structure, business model, and risk profile. … [ Read more ]

Chipotle Eats Itself

Fast Company’s most extensive article in eight years, informed by hundreds of hours of interviews from inside and around the company, thousands of pages of documents that were leaked to us, on-site reporting from farms to industrial kitchens, and revealing discussions with Steve Ells, his co-CEO Monty Moran, and other top Chipotle leaders. It is an eye-opening, entertaining, and unvarnished look at a company and … [ Read more ]

Nestlé’s Half-Billion-Dollar Noodle Debacle in India

Nestlé spent three decades building a beloved noodle brand in India. Then the world’s biggest food and beverage company stumbled into a public relations debacle that cost it half a billion dollars. A cautionary tale of mangled crisis management on an epic scale.

Preventing Social Media Armageddon

The accessibility and fluidity of social media leaves organisations open to significant risks. But there are countermeasures organisations can take to prevent reputation disaster.

Tucker Bailey, James M. Kaplan, Chris Rezek

When companies think about cybersecurity […] most ask, “How can we protect ourselves and comply with standards or regulations?” instead of “How do we make confident, intelligent investments given the risks we face?” Many also treat cybersecurity primarily as a technology function rather than integrating it into business operations. As a result, they get the wrong answer about how to construct a cybersecurity program.

What Have the Past 30 Years Taught Us About Managing Risk?

The problem with many catastrophic risks isn’t just that their impacts, when they hit, are so massive. It’s also that their odds of occurring in any given short time frame are very small, so that planning for them has to be handled as a long-term priority while the proverbial sun is shining. And neither companies nor individuals are particularly apt at taking serious, long-term action … [ Read more ]

Pragmatic Risk Management in a Tightly-Coupled World

Globalization has created new opportunities and new threats. As sourcing from around the world made supply chains longer and more complex, the volatility inherent in production significantly increased. The number of supply chain members and the interactions among them has grown, exacerbating the lack of transparency in the operating environment. Company executives have increased profitability through ever-shorter times-to-market and product life-cycles, business processes improvement, just-in-sequence … [ Read more ]

Gerd Gigerenzer

Just imagine, a few centuries ago, who would have thought that everyone will be able to read and write? Now, today, we need risk literacy. I believe if we teach young people, children, the mathematics of uncertainty, statistical thinking, instead of only the mathematics of certainty – trigonometry, geometry, all beautiful things that most of us never need – then we can have a new … [ Read more ]

Gerd Gigerenzer

We need statistical thinking for a world where we can calculate the risk, but in a world of uncertainty, we need more. We need rules of thumb called heuristics, and good intuitions. That distinction is not made in most of economics and most of the other cognitive sciences, and people believe that they can model or reduce all uncertainty to risk.

The Art of Risk Management

Risk management isn’t just a matter of complex financial models and formal risk-management systems. It is an essential value-creating activity that should inform the strategic debate at every level of the organization. Here are ten basic principles that should govern “the art of risk management.”

David Greenberg

The future of risk management lies in an ability to incorporate and inspire more of the behaviors we want, finding new models to map, monitor, intervene, support, and react to the behaviors of individuals and groups—both the behaviors we want to encourage and those we’d like to avoid. Critically, this taking account of behavior means that we need a much sharper comprehensive strategy for corporate … [ Read more ]

From Risk to Resilience: Using Analytics and Visualization to Reduce Supply Chain Vulnerability

Complex supply chains require sophisticated, connected tools to monitor risks, predict disruptions, and support rapid recovery as part of an overall resilience strategy. For leading companies, this line of thinking has led to an increase in adoption of advanced tools grounded in analytics and visualization.