Enterprise Risk Management

 

 

Cinco Acontecimientos que Moldearon la Gestión de Crisishttps://sm.asisonline.org/Pages/Cinco-Acontecimientos-que-Moldearon-la-Gestión-de-Crisis.aspxCinco Acontecimientos que Moldearon la Gestión de CrisisGP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a43444652017-04-12T04:00:00Z<p><strong>1) Deepwater Horizon.</strong> Cuando la plataforma Deepwater Horizon explotó en la costa de Luisiana en 2010, murieron 11 trabajadores y fueron derramados más de 5 millones de barriles de petróleo en el Golfo de México. El empeño de British Petroleum en culpar a otras partes resultó en su propia contra, y las diferentes entidades involucradas se tornaron adversarias. La estrategia de BP fue vista como un intento de escapar de sus responsabilidades. Recuerda: ensaya, practica, entrena; especialmente con tus socios.<br> <br><strong>2) Exxon Valdez.</strong> El derrame de 10 millones de galones de petróleo en el Estrecho del Príncipe Guillermo causado por el buque Exxon Valdez en 1989 continúa siendo fuente de litigios y disputas. ExxonMobil inicialmente rechazó las solicitudes de la prensa, hasta que finalmente su presidente decidió dar una entrevista. Cuando lo hizo, se mostró mediocre y sin preparación. Recuerda: las compañías deben tener un banco de portavoces entrenados y preparados para responder a las inevitables peticiones de la prensa. Rehusarse a hablar con los medios nunca es una opción.<br><strong> </strong><br><strong>3) Piper Alpha. </strong>En Julio de 1988, una explosión en la plataforma Piper Alpha, en el Mar del Norte, les quitó la vida a 167 hombres. Occidental Petroleum Corporation no tenía  un equipo local de respuesta, por lo que la policía asumió el rol de informar las fatalidades, así como las lesiones acontecidas (aún cuando la legislación del Reino Unido sólo demanda que la policía notifique las muertes, no las lesiones). La lentitud del proceso causó que Occidental sea acusada de no preocuparse por sus empleados y sus familias. Recuerda: los grandes incidentes requieren una respuesta coordinada.<br> <br><strong>4) Pan Am</strong><strong>.</strong> El bombardeo del Vuelo 103 de Pan American World Airways sobre la ciudad de Lockerbie, en Escocia, mató en 1988 a 243 pasajeros, 16 miembros de tripulación, y 11 personas en tierra. Como se trataba de un ​​​ataque terrorista, Pan Am tomó la decisión deliberada de que no comunicaría el desastre, porque se consideraba la víctima y no “el villano.” Los medios acudieron a los parientes afligidos en reemplazo de la compañía, cuyo silencio garantizó que finalmente se convertiría en el villano. Recuerda: sin importar la causa del incidente, las instituciones debe participar en todos los intentos de rescate y respuesta. Las organizaciones no pueden ser víctimas.<br></p><p><strong>5) Milagro en el Hudson.</strong> ​En 2009, el Vuelo 1549 de US Airways realizó un aterrizaje de emergencia en el Río Hudson, permitiendo que 150 pasajeros y 5 tripulantes pudieran ser evacuados de forma segura. La aerolínea eligió hacer foco en las heroicas acciones de su tripulación y tomó ventaja del suceso al elogiar públicamente sus “cinco destacados profesionales de la aviación.” Aunque la historia podría haber sido diferente de haber existido fatalidades, el incidente realzó la reputación de la organización. Recuerda: tú puedes establecer la narrativa de tu crisis.​​</p><p><em>Andrew Griffin, CEO, es el director ejecutivo de la consultora global de gestión de crisis Regester Larkin. ​</em><br></p>

Enterprise Risk Management

 

 

https://sm.asisonline.org/Pages/Cinco-Acontecimientos-que-Moldearon-la-Gestión-de-Crisis.aspx2017-04-12T04:00:00ZCinco Acontecimientos que Moldearon la Gestión de Crisis
https://sm.asisonline.org/Pages/ERM-Best-Practices.aspx2017-04-01T04:00:00ZERM Best Practices
https://sm.asisonline.org/Pages/Book-Review---Enterprise-Risk-Management.aspx2017-03-29T04:00:00ZBook Review: Enterprise Risk Management
https://sm.asisonline.org/Pages/Lessons-in-Liability.aspx2017-03-01T05:00:00ZLessons in Liability
https://sm.asisonline.org/Pages/SM-Online-February-2017.aspx2017-02-01T05:00:00ZSM Online February 2017
https://sm.asisonline.org/Pages/Trade-Secrets-2.0.aspx2017-02-01T05:00:00ZTrade Secrets 2.0
https://sm.asisonline.org/Pages/Book-Review---Secrets.aspx2017-01-01T05:00:00ZBook Review: Secrets
https://sm.asisonline.org/Pages/December-2016-Industry-White-Papers.aspx2016-12-01T05:00:00ZDecember 2016 Industry White Papers
https://sm.asisonline.org/Pages/Book-Review---Security-Matters.aspx2016-12-01T05:00:00ZBook Review: Security Matters
https://sm.asisonline.org/Pages/Metrics-and-the-Maturity-Mindset.aspx2016-12-01T05:00:00ZMetrics and the Maturity Mindset
https://sm.asisonline.org/Pages/What-If-It’s-Real.aspx2016-11-01T04:00:00ZWhat If It’s Real?
https://sm.asisonline.org/Pages/Book-Review---COSO-ERM.aspx2016-11-01T04:00:00ZBook Review: COSO ERM
https://sm.asisonline.org/Pages/Bringing-Clarity-to-Chaos.aspx2016-10-01T04:00:00ZBringing Clarity to Chaos
https://sm.asisonline.org/Pages/CSO-Center’s-Petri-Ponders-a-Matter-of-Trust.aspx2016-09-13T04:00:00ZCSO Center’s Petri Ponders a Matter of Trust
https://sm.asisonline.org/Pages/Compliance-Trends.aspx2016-09-01T04:00:00ZCompliance Trends
https://sm.asisonline.org/Pages/Insights-on-Asia.aspx2016-08-01T04:00:00ZInsights on Asia
https://sm.asisonline.org/Pages/A-Strategic-Response.aspx2016-08-01T04:00:00ZA Strategic Response
https://sm.asisonline.org/Pages/Book-Review---Risk-Analysis-and-Security-Countermeasure-Selection.aspx2016-07-29T04:00:00ZBook Review: Risk Analysis and Security Countermeasure Selection
https://sm.asisonline.org/Pages/Book-Review---Biological-Laboratory-Applied-Biosecurity-and-Biorisk-Management-Guide.aspx2016-07-29T04:00:00ZBook Review: Biological Laboratory Applied Biosecurity and Biorisk Management Guide
https://sm.asisonline.org/Pages/Book-Review---Kidnap-Face-to-Face-with-Death.aspx2016-07-29T04:00:00ZBook Review: Kidnap: Face to Face with Death

 You May Also Like...

 

 

https://sm.asisonline.org/Pages/Maturity--Model-101.aspxMaturity Model 101<div><p>​</p><p><img src="/ASIS%20SM%20Documents/1216%20Sidebar%20Graphic%202a.jpg" class="ms-rtePosition-2" alt="" style="margin:5px;width:356px;" /><br></p><p>Maturity models are a tool used a range of business sectors, including​ manufacturing, software engineering, operations, and logistics. The model is often used to help set process improvement objectives and priorities, and it can provide a method for appraising the state of an organization’s current practices. </p></div><p>Researchers at Carnegie Mellon University (CMU) have been developing early maturity model prototypes since the 1980s. In 2002, CMU released the first version of the Capability Maturity Model Integration (CMMI) tool, which was developed by a group of experts from industry, govern­ment, and CMU’s Software Engineering Institute. Updated versions of the tool were released in 2006 and 2010. </p><p>The Ernst & Young (EY) physical security maturity model developed with Caterpillar is based on this CMMI tool, and also on EY’s cybersecurity maturity model.</p><p>This tool uses a level 1 through 5 rating scale to define maturity levels: (1) Initial, (2) Repeatable, (3) Defined, (4) Managed, and (5) Optimized. For a hypothetical example, take the compliance component of a security department. In the Initial stage of a maturity model, processes are unpredictable, poorly controlled, and reactive. Thus, in that initial stage, the security department is conducting its compliance activities in a haphazard way—putting out fires when they flare, with no real established process for doing so. ​</p><p>When compliance reaches level 3, Defined, the compliance process is established and proactive—perhaps with guidelines enforced by a compliance officer. At level 5, Optimized, the process is so well-established, managed, and defined, that the focus is now on process improvements.  </p><p>​​</p>GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://sm.asisonline.org/Pages/Five-Post-Incident-Concerns.aspxFive Post-Incident Concerns<p>​<span style="line-height:1.5em;">On June 12, 2016, a gunman shot 102 people in an Orlando, Florida, nightclub, killing 49. Agencies, both government and private, must be prepared to recover from such major incidents. Following are five issues that should be considered when crafting post-incident plans.</span></p><p><strong>1. COUNSELING.</strong> Identify a list of counselors for the living victims, family members of the deceased, and other persons who were directly or indirectly involved with the incident. This includes first responders. (In this case, where the gay community was targeted, special emphasis was placed on their needs.) Counselors can include certified therapy animals and their trained handlers. Providing privacy and personal time for the families and friends of the victims in their time of grief is crucial. It is also important to shield those who ask for privacy from the media.  </p><p><strong>2. BUSINESSES. </strong>Access must be granted to the area surrounding the incident so that local businesses can resume operation as soon as possible. The crime scene should be processed in a timely manner to allow the community to return to a feeling of normalcy and business as usual.</p><p><strong>3. COMMUNITY AWARENESS.</strong> The use of the friendly and concerned media can help keep the community informed and involved. Holding frequent press conferences and meetings with the community and its leaders conveys that agencies plan to be open about the incident and the follow-up.</p><p><strong> 4. DEBRIEFING.</strong> Ensure that all victims, witnesses, and responders are fully interviewed in a humane and caring way. This will assist the lead agency in trying to reconstruct the incident and come to a fuller understanding of its causes and outcomes.</p><p><strong>5. PLANNING.</strong> Continue to work within the community to plan for possible future incidents, identify possible soft targets, educate the public on the appropriate response to such an attack, work with the public on developing strategic response plans, and communicate openly with all involved.</p><p>--<br></p><p><em><strong>H.R. "Hank" Nolin, CPP,</strong> is a retired U.S. Army Master Sergeant who has owned various security agencies in Central Florida. He is an active member of the ASIS Military Liaison Council.</em></p>GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://sm.asisonline.org/Pages/The-Road-to-Resilience.aspxThe Road to Resilience<p>Of course, 100RC had neither the resources nor staff to partner with 10,000 cities. But organization leaders argued that its 100 member cities could be models for institutionalizing resilience—that is, embedding resilience thinking into all the decisions city leaders make on a day-to-day basis, so that resilience is mainstreamed into the city government's policies and practices. Other cities could then adapt the model to fit their own parameters, and institutionalized resilience would spread throughout the world. </p><p>Toward this aim, 100RC recently released a report that discusses three case studies of institutionalizing resilience in New Orleans, Louisiana; Melbourne, Australia; and Semarang, Indonesia. </p><p>For all cities that 100RC works with, the organization provides funding to hire a new executive, the chief resilience officer (CRO). The group also advocates that member cities take the "10% Resilience Pledge," under which 10 percent of the city's annual budget goes toward resilience-building goals and projects. So far, nearly 30 member cities have taken the pledge, which has focused more than $5 billion toward resilience projects.</p><p>Of the three case study cities, New Orleans may be most known as a jurisdiction that has had to recover from repeated recent disasters, including Hurricanes Katrina and Isaac and the Deepwater Horizon oil spill. Given these experiences, New Orleans was one of the first cities to release a holistic resilience strategy, which connected resilience practices to almost all sectors of the city, including equity, energy, education, and emergency planning.</p><p>The strategy, Resilient New Orleans, has three underlying goals: strengthen the city's infrastructure, embrace the changing environment instead of resisting it, and create equal opportunities for all residents. </p><p>To better implement the strategy, New Orleans CRO Jeff Hebert was promoted to the level of first deputy mayor, and departments were joined to unite resilience planning with key sectors like water management, energy, transportation, coastal protection, and climate change.</p><p>Once this reconfiguration was complete, the city took several actions. It created the Gentilly Resilience District, which is aimed at reducing flood risk, slowing land subsidence, and encouraging neighborhood revitalization. The resilience district combines various approaches to water and land management to move forward on projects that will make the area more resilient. The city will also train some underemployed residents to work on the projects. </p><p>In addition, New Orleans leaders are developing and implementing new resilience design standards for public works and infrastructure, so that efforts to improve management of storm water and multi-modal transit systems will be included as standard design components.</p><p>Melbourne has its own challenges. Situated on the boundary of a hot inland area and a cool Southern Ocean, it can be subject to severe weather, such as gales, thunderstorms and hail, and large temperature drops. Governmentally, it is a "city of cities" made up of 32 local councils from around the region, so critical issues such as transportation, energy, and water systems are managed by various bodies, complicating decision making.</p><p>City leaders created the Resilient Melbourne Delivery Office, which will be hosted by the City of Melbourne for five years, jointly funded by both local and state governments. The office—an interdisciplinary team of at least 12 people, led by the CRO Toby Kent—is responsible for overseeing the delivery of the resilience strategy.</p><p>The strategy has four main goals: empower communities to take active responsibility for their own well-being; create sustainable infrastructure that will also promote social cohesion; provide diverse local employment opportunities to support an adaptable workforce; and ensure support for strong natural assets.</p><p>For Semarang, a coastal city in an archipelago, water is the main focus of sustainability. Factors like a rise in sea levels and coastal erosion have increased the negative impact of floods.</p><p>These impacts can challenge the city in many ways. Thus, for its resilience strategy, Semarang leaders focused on building capacities, including more economic opportunity, disaster risk management, integrated mobility, and sustainable water strategies.</p><p>In Indonesia, like many other Asian countries, the national government sets the goals and parameters for much of the development that takes place at the local level. Thus, Semarang leaders worked with members of the Indonesian Parliament to educate them on the city's existing resilience strategy, and to integrate the city's findings and insights into Indonesia's National Development Plan.</p><p>These coordination efforts bore fruit in the establishment of projects like a bus rapid transit system, which had strong support from the national government. The system has already been implemented in several main corridors and will be expanded. It is expected to offer insight and experience in cross-boundary resilience-related travel.</p><p>As 100RC cities look to institutionalize resiliency, the organization is also helping members improve their emergency management programs. The group is partnering with the Intermedix Corporation, which will help some member cities assess their current emergency management programs, and develop a blueprint for addressing gaps in the program and meeting resiliency goals.</p><p>"As new and complex problems and challenges arise, it's becoming more and more important for cities to look outside of their own organizations for the expertise and solutions required to meet and overcome these challenges," says Michael Berkowitz, president of 100RC. ​​</p>GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465