Showing posts with label risk management. Show all posts
Showing posts with label risk management. Show all posts
Monday, February 9, 2015
Wednesday, January 28, 2015
ROLE OF AN ADVISORY BOARD - BDC Study
ROLE
OF AN ADVISORY BOARD ACCORDING TO AN SME BUSINESS LEADER
It is not unusual for the CEO of an
SME to be a “one-man band,” personally seeing to every detail and micromanaging
his business. Isolated, he tends to manage everything himself. According to
Jean-Yves Sarazin, CEO of the Delom Group, an advisory board allows
entrepreneurs to break free from their isolation and to have a sounding board
to validate their strategies. An advisory board allows business leaders to
question themselves and forces them to reflect. The mission of an advisory
board is to ask the most relevant questions and delve deeper into underlying
issues. It can also help compensate for weaknesses. An entrepreneur who lacks
financial expertise can benefit from the recommendations of an advisoryboard
member who has financial expertise. Moreover, an advisory board forces
theleader to be prepared, triggering the thinking process: [Translation] “When
preparing, one often self-corrects one’s strategy. Having an advisory board
builds discipline.”
BENEFITS
ACCORDING TO LEADERS
As a governance tool, advisory
boards are not common among Canadian SMEs. However, according to business
leaders who have set them up, they yield tangible benefits. When asked to rate
the advantages on a scale of one to 10, they responded that the advisory board:
·
is an essential tool 8.2
·
is like having a sounding board 8.1
·
is a support for the
owner/management team 8.1
·
allows you to develop a broader
vision 8.0
·
strengthens the management team’s
convictions 8.0
·
forces management to look at the
company 7.5
·
challenges the company’s management
team 7.5
·
brings rigour in to the company 7.2
·
is a driving force for the growth of
the company 7.1
In
particular, the existence of an advisory board allowed them to:
·
improve strategic business choices 8.0
·
broaden the universe of knowledge
and skills 7.8
·
develop new ideas 7.8
·
put in place a better management
structure 7.4
·
improve company reputation and image 7.3
·
reassure shareholders and investors 7.2
·
avoid costly mistakes 6.7
·
break down the isolation of company
executives 6.4
·
ensure succession of the company 6.1
IMPACT
OF ADVISORY BOARDS
Most (86%) respondents who have
benefited from the advice of their advisory board believe it has had a
significant impact on their company. In particular, respondents note that
advisory boards had a direct, positive impact on:
·
company vision 7.7
·
innovation within the company 6.9
·
risk management 6.8
·
company profitability 6.8
·
company survival 6.6
·
sales growth 6.6
·
labour relations 6.5
·
hiring the best emp 6.2
These results clearly show that an
advisory board improves the company’s vision and enables better strategic
decisions. Moreover, an advisory board encourages entrepreneurs to think long term
and define a direction for their company.
Wednesday, June 5, 2013
Four Things the Private Sector Must Demand on Cyber Security
by Steven Weber
On Friday, May 31 at the Shangri-La Security Dialogue in Singapore, US Defense Secretary Chuck Hagel said that cyber threats posed a "quiet, stealthy, insidious" danger to the United States and other nations.
Wait a minute. What exactly is quiet and stealthy about a security issue that Hagel's colleague General Keith B. Alexander, the Director of the National Security Agency, labeled just a few weeks earlier the source of the "greatest transfer of wealth in history" from US companies to foreign hackers?
For companies and organizations that allocate vast sums of money and some of their best technical talent to the challenge of trying to protect their networks from thousands of cyberattacks daily, there's nothing quiet or merely insidious about what's going on. Remember the summer of 2001 when CIA Director George Tenet said of the Al-Qaeda threat "the system was blinking red" but few around him seemed to grasp the urgency? I believe the cyber threat right now has much the same character. You don't have to be a master of the extraordinarily complicated and highly technical details of the issue to recognize this important signal: almost universally, you will find that the more an organization's technical people know about the nature of the threat-response dynamic, the more worried they are about who is going to win that race.
How did we ever let things get this bad? The first answer to this question is usually either an engineering or an economic one. Engineers point to the problems inherent in Internet protocols that were designed, from the beginning, to be more about interoperability and connectivity than security per se. Economists point to problems of collective action and misaligned liability rules that actually reduce the incentives for firms to invest sufficiently and efficiently in protecting the network. And then there's politics: every politician wants to champion the "innovation" and growth aspects of the Internet, and there's little to gain from highlighting what a dangerous place it really can be.
What seems harder to talk about, but ultimately more fundamental, is culture. Let's face it: as a society, the culture of the Internet is much more about open-ness and experimentation than about safety and security. This has deep roots in the libertarian ideologies of the personal computer movement (it really was a movement) and the techno-utopian, anti-authority mindset that made the Internet what it is — and is partly responsible for what makes it as great as it is.
But the Internet has now grown up. Our financial, military, healthcare, utilities, communications, commerce, supply chain, and just about every other essential life and business infrastructure system now depends on it. Internet culture, however, has grown up less. Consider this: You can't get on an airplane or walk into an office building in New York or buy a car without proving that you are who you say you are; but anyone can enter the Internet anonymously from almost anywhere they are on the planet and walk through the virtual equivalent of almost all the same systems.
Sometimes you need hacking tools that are easily accessible for purchase on the web; sometimes you need significant technical expertise. And much of the time you don't need anything at all other than malicious, or even just curious, intent.
On Friday of this week President Obama and Chinese president Xi Jinping will spend a good chunk of their time together talking about the cybersecurity problem. Neither was anxious to do so for political reasons, but the spate of recent media reports and public leaks have left Obama, at least, with no real choice. They may very well agree in principle on a shared interest in what governments care about the most: critical national infrastructure protection. Over time, the two governments will (hopefully) land on shared rules of the road that step away from the doomsday threat of massive cyberwar much like the Russians and the Americans found ways during the Cold War to reduce the likelihood of the thermonuclear doomsday scenario from which neither side could possibly benefit.
But they won't agree on what to do about "lesser" levels of threat, any more than the Cold War adversaries were able to during their time. That's because when it comes to things like commercial espionage and intellectual property theft — the things that matter to individual companies — the two big nation-state cyber-players are in quite different positions and have meaningfully different interests. It's a little oversimplified but basically correct to recognize that the US has much more to protect and the Chinese have much more to attack.
Here's the real insidious threat that companies need to worry about. What if Washington and Beijing do reach a common understanding on the really big stuff — the massive security risks to sovereign interests — and take steps to reduce the threat of mutually assured cyberdestruction? What will all the hackers and cybercriminals — officially sponsored and otherwise — then do with their excess time and expertise? A reasonable career move would be to specialize in "lower level" attacks like, well, corporate espionage and intellectual property theft.
For governments, most of this is a nuisance, a trade issue, and at large scale potentially a competitiveness issue, but it's not the same as a massive attack on the national power grid and it won't drive the same kind of government response.
If you wait for governments to define and solve this problem for you, you might just get thrown under the bus.
Here are four things that the private sector — and I mean CEOs, not CTOs — should be loudly and persistently demanding of Washington right now:
On Friday, May 31 at the Shangri-La Security Dialogue in Singapore, US Defense Secretary Chuck Hagel said that cyber threats posed a "quiet, stealthy, insidious" danger to the United States and other nations.
Wait a minute. What exactly is quiet and stealthy about a security issue that Hagel's colleague General Keith B. Alexander, the Director of the National Security Agency, labeled just a few weeks earlier the source of the "greatest transfer of wealth in history" from US companies to foreign hackers?
For companies and organizations that allocate vast sums of money and some of their best technical talent to the challenge of trying to protect their networks from thousands of cyberattacks daily, there's nothing quiet or merely insidious about what's going on. Remember the summer of 2001 when CIA Director George Tenet said of the Al-Qaeda threat "the system was blinking red" but few around him seemed to grasp the urgency? I believe the cyber threat right now has much the same character. You don't have to be a master of the extraordinarily complicated and highly technical details of the issue to recognize this important signal: almost universally, you will find that the more an organization's technical people know about the nature of the threat-response dynamic, the more worried they are about who is going to win that race.
How did we ever let things get this bad? The first answer to this question is usually either an engineering or an economic one. Engineers point to the problems inherent in Internet protocols that were designed, from the beginning, to be more about interoperability and connectivity than security per se. Economists point to problems of collective action and misaligned liability rules that actually reduce the incentives for firms to invest sufficiently and efficiently in protecting the network. And then there's politics: every politician wants to champion the "innovation" and growth aspects of the Internet, and there's little to gain from highlighting what a dangerous place it really can be.
What seems harder to talk about, but ultimately more fundamental, is culture. Let's face it: as a society, the culture of the Internet is much more about open-ness and experimentation than about safety and security. This has deep roots in the libertarian ideologies of the personal computer movement (it really was a movement) and the techno-utopian, anti-authority mindset that made the Internet what it is — and is partly responsible for what makes it as great as it is.
But the Internet has now grown up. Our financial, military, healthcare, utilities, communications, commerce, supply chain, and just about every other essential life and business infrastructure system now depends on it. Internet culture, however, has grown up less. Consider this: You can't get on an airplane or walk into an office building in New York or buy a car without proving that you are who you say you are; but anyone can enter the Internet anonymously from almost anywhere they are on the planet and walk through the virtual equivalent of almost all the same systems.
Sometimes you need hacking tools that are easily accessible for purchase on the web; sometimes you need significant technical expertise. And much of the time you don't need anything at all other than malicious, or even just curious, intent.
On Friday of this week President Obama and Chinese president Xi Jinping will spend a good chunk of their time together talking about the cybersecurity problem. Neither was anxious to do so for political reasons, but the spate of recent media reports and public leaks have left Obama, at least, with no real choice. They may very well agree in principle on a shared interest in what governments care about the most: critical national infrastructure protection. Over time, the two governments will (hopefully) land on shared rules of the road that step away from the doomsday threat of massive cyberwar much like the Russians and the Americans found ways during the Cold War to reduce the likelihood of the thermonuclear doomsday scenario from which neither side could possibly benefit.
But they won't agree on what to do about "lesser" levels of threat, any more than the Cold War adversaries were able to during their time. That's because when it comes to things like commercial espionage and intellectual property theft — the things that matter to individual companies — the two big nation-state cyber-players are in quite different positions and have meaningfully different interests. It's a little oversimplified but basically correct to recognize that the US has much more to protect and the Chinese have much more to attack.
Here's the real insidious threat that companies need to worry about. What if Washington and Beijing do reach a common understanding on the really big stuff — the massive security risks to sovereign interests — and take steps to reduce the threat of mutually assured cyberdestruction? What will all the hackers and cybercriminals — officially sponsored and otherwise — then do with their excess time and expertise? A reasonable career move would be to specialize in "lower level" attacks like, well, corporate espionage and intellectual property theft.
For governments, most of this is a nuisance, a trade issue, and at large scale potentially a competitiveness issue, but it's not the same as a massive attack on the national power grid and it won't drive the same kind of government response.
If you wait for governments to define and solve this problem for you, you might just get thrown under the bus.
Here are four things that the private sector — and I mean CEOs, not CTOs — should be loudly and persistently demanding of Washington right now:
- A Government funded FFRDC-type institution, to pay for basic research and early risk phase investment in commercial security systems.
- A support system, financial and legal, for smaller and startup companies that can't afford to spend their money and time worrying about the security of their networks.
- A national cyber-guard or cyber Peace Corps equivalent, that would spread software and practices first around the US, and then around willing allies and friends abroad.
- A major national effort to educate the public and market a new "culture of security" for Internet behavior. It's the human link that is and almost certainly always will be the weakest link in any security system. So we need constant messaging about the basic blocking-and-tackling of online behavior to get individuals to recognize their own risky actions and their personal responsibility for security. How did Stuxnet first get into Iranian computers? Likely through a thumb drive that some unthinking Iranian engineer brought into a nuclear centrifuge control center. We don't like to admit it, but the same kind of sloppiness happens all the time in America. As long as Internet culture allows or even supports that kind of "freedom" (as, for example, a culturally acceptable extension of BYOD policies), companies are in real danger.
Steven Weber
Steven Weber is a professor of the School of Information at UC Berkeley, where he works at the intersection of technology markets, intellectual property, and international relations.Friday, March 22, 2013
Leadership Teams: Why Two Are Better Than One
The concept of "two-in-a-box" leadership has been examined
extensively over the past few years. One of the most thorough
discussions is in the HBR article The Leadership Team: Complementary Strengths or Conflicting Agendas.
CEO/COO teams or "Office of the President" arrangements can offer great
strengths, but may also introduce some sizeable risks, as Stephen A.
Miles and Michael D. Watkins conclude.
In our own company, Fishbowl, we took the approach to a new level 2 ½ years ago. We create leadership teams not only for our top jobs, but for every management position in the company.
A bit of background: Fishbowl is the result of a somewhat rocky beginning. We became involved with the company, which produces inventory software, in 2004 when one of us (David) was sent by the prior majority investor to shut the fledgling company down. Instead, seeing the potential in the product and commitment of employees, we came up with financing to buy out the investor and keep the company operating. By the end of 2006 we had created the #1 most requested inventory software for use with QuickBooks and were solidly profitable.
After several years of solid operations, in January of 2010 we decided to put together pairs of people for all management jobs. We did this for several reasons: We knew that maintaining our exceptionally high growth rate would be increasingly difficult and wanted to prepare leaders from within to address those new challenges. We wanted to put our highest focus on the development of our people, and to cultivate their highest creativity and thinking, in addition to our focus on the development of our product and sales.
A lot of people thought we were crazy. Soon after we made the move, the economy was deep into the recession, and most companies had to reduce headcount to cut costs. Instead, we were adding managers and creating intentional redundancies. How could we justify it?
In fact, in our experience, the benefits of our approach have exceeded the not inconsequential costs. Here are just a few of the upsides:
•No hierarchy. We've flattened everything out. Every person is a leader, paired with another and supported by a team.
•Personal growth. We've allowed twice as many people to have leadership opportunities - an inherent succession plan that has resulted in strong employee growth in addition to company and revenue growth.
•More creative outcomes. We've chosen our pairs carefully - we align paired leaders for maximum contrast in thinking and analytical styles. For example, our product management leads include one partner who is "left brained" and one who is "right brain" dominant. One is linear in his style; the other creative. The result is a manifestation of true synergy.
Are there disadvantages to paired leadership? In the initial stages, yes:
•Tapping two people to fulfill one role requires a lot of resources. There's no question our payroll is higher because of our paired leadership strategy. However, in our experience the creativity and testing that goes into every program or key decision creates a net savings over the longer term.
•Some of the individuals who get paired don't particularly like each other. We had an instance like this. We have a culture where people are very open (though not disrespectful). Two of the key individuals we partnered cornered us with persistent questions. What if we can't agree? Who arbitrates? What if one partner is holding the other one back? Ultimately, they adapted. At present, it's fair to say that if we changed the model, the majority of our team would be extremely disappointed, because they've come to appreciate the shared responsibility model.
•What about succession when the time comes that one of the teamed partners is promoted and the other is not, or one of the team members is gone? In our own company we have created a culture that is vastly different than the typical corporate environment. Our turnover is near zero. But when a leader does find his or her place elsewhere, we still have a leader in place. We can develop and assign a new partner and we generally don't miss a beat.
One of the greatest benefits of paired leadership that Fishbowl enjoys is that a trusted partner can provide essential feedback that helps to keep egos and guesswork in check.
We also believe that what we call the The Five Non-Negotiables must be present for a paired leadership program to work: Respect, belief, trust, loyalty, and commitment. We test all decisions against these characteristics. Paired leadership is so fundamental to our management style we would never consider going back. Two really good leaders - together - produce great outcomes consistently. Our company is thriving, and we have personally fulfilled employees who produce out-of-the-box initiatives every month. Perhaps it could work for your business as well. We welcome your thoughts.
In our own company, Fishbowl, we took the approach to a new level 2 ½ years ago. We create leadership teams not only for our top jobs, but for every management position in the company.
A bit of background: Fishbowl is the result of a somewhat rocky beginning. We became involved with the company, which produces inventory software, in 2004 when one of us (David) was sent by the prior majority investor to shut the fledgling company down. Instead, seeing the potential in the product and commitment of employees, we came up with financing to buy out the investor and keep the company operating. By the end of 2006 we had created the #1 most requested inventory software for use with QuickBooks and were solidly profitable.
After several years of solid operations, in January of 2010 we decided to put together pairs of people for all management jobs. We did this for several reasons: We knew that maintaining our exceptionally high growth rate would be increasingly difficult and wanted to prepare leaders from within to address those new challenges. We wanted to put our highest focus on the development of our people, and to cultivate their highest creativity and thinking, in addition to our focus on the development of our product and sales.
A lot of people thought we were crazy. Soon after we made the move, the economy was deep into the recession, and most companies had to reduce headcount to cut costs. Instead, we were adding managers and creating intentional redundancies. How could we justify it?
In fact, in our experience, the benefits of our approach have exceeded the not inconsequential costs. Here are just a few of the upsides:
•No hierarchy. We've flattened everything out. Every person is a leader, paired with another and supported by a team.
•Personal growth. We've allowed twice as many people to have leadership opportunities - an inherent succession plan that has resulted in strong employee growth in addition to company and revenue growth.
•More creative outcomes. We've chosen our pairs carefully - we align paired leaders for maximum contrast in thinking and analytical styles. For example, our product management leads include one partner who is "left brained" and one who is "right brain" dominant. One is linear in his style; the other creative. The result is a manifestation of true synergy.
Are there disadvantages to paired leadership? In the initial stages, yes:
•Tapping two people to fulfill one role requires a lot of resources. There's no question our payroll is higher because of our paired leadership strategy. However, in our experience the creativity and testing that goes into every program or key decision creates a net savings over the longer term.
•Some of the individuals who get paired don't particularly like each other. We had an instance like this. We have a culture where people are very open (though not disrespectful). Two of the key individuals we partnered cornered us with persistent questions. What if we can't agree? Who arbitrates? What if one partner is holding the other one back? Ultimately, they adapted. At present, it's fair to say that if we changed the model, the majority of our team would be extremely disappointed, because they've come to appreciate the shared responsibility model.
•What about succession when the time comes that one of the teamed partners is promoted and the other is not, or one of the team members is gone? In our own company we have created a culture that is vastly different than the typical corporate environment. Our turnover is near zero. But when a leader does find his or her place elsewhere, we still have a leader in place. We can develop and assign a new partner and we generally don't miss a beat.
One of the greatest benefits of paired leadership that Fishbowl enjoys is that a trusted partner can provide essential feedback that helps to keep egos and guesswork in check.
We also believe that what we call the The Five Non-Negotiables must be present for a paired leadership program to work: Respect, belief, trust, loyalty, and commitment. We test all decisions against these characteristics. Paired leadership is so fundamental to our management style we would never consider going back. Two really good leaders - together - produce great outcomes consistently. Our company is thriving, and we have personally fulfilled employees who produce out-of-the-box initiatives every month. Perhaps it could work for your business as well. We welcome your thoughts.
David K. Williams and Mary Michelle Scott
David K. Williams and Mary Michelle Scott are CEO and President, respectively, the paired leadership team of Fishbowl, provider of Fishbowl Inventory Software, and one of Utah’s and America’s fastest growing companies. Fishbowl is based in Orem, Utah.
Subscribe to:
Posts (Atom)