Column: Risk Management

Know Your Weakest Links

By: | July 27, 2017 • 2 min read
Joanna Makomaski is a specialist in innovative enterprise risk management methods and implementation techniques. She can be reached at [email protected]

I worked in the oil and gas pipeline industry as a chief engineer. Prior to placing any pipeline system into the ground, we hydrostatically tested the pipe for 24 hours at increased pressures. We would fill the pipe system with water, hike up the pressure and watch for leaks or weaknesses in the pipe, joints or welds. This was an assurance test.

Advertisement




It warranted that the system, once operational, could take unexpected pressure. It highlighted in advance what weaknesses to expect so we could prepare to take appropriate action.

Fast forward to my days now in risk management. I again find myself conducting similar stress tests with financial institutions.

Instead of using water, we pressure up the organization using risk scenarios and test the effect on business processes and strategies and see if there exists adequate capital to support unexpected perils. We look to see where the organization springs leaks and we plug them.

For non-financial organizations, I think of airlines. Great benefits are derived from stress testing crew scheduling procedures for example.

What happens if you don’t get to stress test in time and your critical system functions and strategic controls come under severe or unexpected pressure?

We can simulate severe weather events and examine the effect on the potential cancellation or delay of thousands of flights.

Individual weather events don’t need to be overly extreme to cripple a crew-scheduling system. It’s good practice to model concurrent and multiple weather events to highlight more probable level of stress on, say, a staffing system.

Important questions to ask to start a stress test are:

  • What are our key business processes that support our strategy?
  • Do we have any new organizational norms or values?
  • What key strategy controls do we have in place?
  • How strong are these controls?

But what happens if you don’t get to stress test in time and your critical system functions and strategic controls come under severe or unexpected pressure?

As of late, one very large organization whose systems seem to be feeling such strategic pressures appears to be the U.S. government. The U.S. Constitution’s checks and balances act as democracy controls intended to tyrant-proof the whole operation.

But have these controls been stress tested knowing that the founding norms and beliefs are changing?

Advertisement




As such, are the Justice Department, law enforcement and regulatory systems still appropriate safeguards? Is the system abuse-proof? Is the system poised to spring a leak?

I am not a political scientist. I am a pipeline engineer who now does risk management. But the rules of good management and stress testing still apply.

Operating in an environment where systems and processes are under risky pressure can be perilous.  When the system starts sprouting leaks, is the plan to simply to put a finger in every hole? And what happens when we run out of fingers?

Risk lives in our weakest links and no matter what organization, it is best to be better prepared. &

More from Risk & Insurance

More from Risk & Insurance

The Risk List: Presented by Travelers

6 Evolving Cyber Threats

Drag and drop the tiles below to arrange them in your prefered order of most concerning risk (#1) to least concerning risk (#6). Then press "Submit Rankings" to see the summary results.

1
Ransomware
2
Cloud Services
3
Rogue Employees
4
Hackers
5
Mobile Threats
6
Social Engineering