February 2018
« Aug    

Of Course You Can Trust Me

Probability vs. Vulnerability or “What if I trust you, but shouldn’t have?

Danish Amagerbanken went bust on Sunday, which is a drag. Their shareholders feel betrayed, as do their customers, and given that the regulators said it was stable, so should the rest of us. After all, if you can’t trust a Scandinavian bank regulator, who can you trust?

Personally, I have two reasons to be upset. One is that Amagerbanken has a large sign on the roof of my apartment building that helps pay our rent. The second is that I was silly enough to believe the regulators.

Your intuition needs analysis, not ignoring
Looking back, there were two things that should have given me pause. One is that everyone knew that Amagerbanken made a lot of risky property loans in a market that has yet to recover.

The second is that the clock on the sign on my roof has been broken on and off ever since 2008. If you don’t care that tens of thousands of people pass a non-functioning sign advertising your bank every day, it’s probably because you’ve got bigger things to worry about.

Probability vs. Vulnerability
The focus of almost every discussion of Amagerbanken was the probability of their survival – never the consequences of a possible bust. The story was the rescue packages, the executives fired, and the man in charge while the bad loans were made, who died of a heart attack. The potential fall out didn’t register.

Now thousands of firms are stuck with cash they cannot access and face bills they cannot pay. The same goes for local authorities and private account holders. The vast sums invested to save the bank are gone. The damage has only started.
Regulators and personal responsibility
The people you owe money don’t care that the regulators should have done a better job. The investments you planned on making with the money now stuck in a busted bank’s bankruptcy resolution process are not going to wait for you. Nobody cares that it’s not your fault.

Given the potential damage, might it not be worth your while to review your vulnerability instead of relying on the word of someone else – even if they are a government “expert”?

Back Up? What Back Up?

It can be hard to face up to the obviously stupid things we do

The story goes that Saint Patrick was partway through baptizing an Irish king, when he looked down and noticed he had put the metal tip of his bishop’s staff through the poor fellow’s foot. When he apologized, the king replied that he had thought it was part of the ceremony, which just goes to show what we’ll put up with without complaining.

Collective stupidity is still stupid

Once upon a time, I worked for a tech savvy firm. Our office was littered with cool gizmos and everyone was super smart. Our collective wisdom, however, was low. Together, we did lots of stupid things – like putting our servers in the basement.

The inevitable happened as it invariably does. Our building was at the bottom of a hill and one weekend a heavy rain fell. The basement flooded.

“What’s the big deal?”

On Monday, the flood was the talk of the office. We had backup servers at our regional headquarters, but if you put servers in the basement, you probably also reassign backup servers without warning. At least we did. Our servers were backing up other people’s data.

Risk people like a good mess and I definitely enjoyed this one. Hours and dollars lost piled up in my head until a colleague stopped me.

“It’s no big deal. No one lost anything”, he said, “we have our own backups”.

Ignoring stupidity is not smart either

It turned out everyone was copying everything every day. Backups are fine, but we had way too much of a good thing. Uploading and downloading took forever. Rebooting took forever. The crowd at the espresso machine wasn’t slacking. They were waiting.

It was an obvious problem with an obvious fix. Put the servers somewhere sensible, back them up off site, and get the developers to trust the system enough to stop overcompensating.

Instead, the servers stayed in the basement where it was cool and they didn’t complain about not having windows. No one found it odd. We accepted our inability to secure the data.

Stupidity costs money

Intelligent people can be stupid. We certainly were. A good place to start managing your risks is with the perfectly obvious, but utterly stupid things you do without questioning.

What Do You Need to Know?

Tool: How the military makes sure everyone knows what the boss wants to know

Soldiers love their acronyms and the more convoluted, the better. ”Commanders Critical Information Requirements”, or CCIR, is a mouthful, but still decipherable as “What the Boss wants to know”. It’s one of those military ideas worth copying.

Everyone serving in the first Gulf War knew that Norman Schwarzkopf wanted to know the moment they found anything that had anything to do with either Scud missiles or chemical weapons.

It is a perfect example of an entire organization knowing management’s information needs. Many civilian organizations manage to communicate their general priorities, but few achieve military clarity in collective information-seeking.

What do you need to know – and who is helping you find the answers?

Ask yourself a few questions about how you gather critical information.

Who are your seekers?

  • How many people do you use to gather the information you need?
  • Are you using a handful of people or everyone?

What are they looking for?

  • How many different pieces of information are you seeking?
  • Is the search prioritized?
  • Do your staff know your priorities?

A quick place to start

Norman Schwarzkopf knew that his people were busy, so he kept the list short. Military doctrine says keep the list down to a handful so that people can remember them. This seems remarkably good common sense.

What are the three most important things you want to know?

Your list can include anything you want to know. What would your list of three things look like? Five things? Your people see and hear more than you might think. The results may surprise you.

Hvilket billede tegner dine risici?

Uddrag fra 3. opdatering 2010 af Børsens Ledelseshåndbog Krise- og risikostyring

Hvordan dine risici udvikler sig er vigtigt – og ofte overset

Det er som bekendt svært at spå om fremtiden, men vi er nødt til at gætte. Forudsigelse har altid været en svær kunst, og det er ofte vanskeligt at anvende resultatet. Som målmand er det én ting at vide, at der muligvis vil blive scoret imod én i første halvleg og noget helt andet at vide af hvem, hvornår, og især hvordan. Det første kan man være bekymret over. Det andet kan man forberede sig på.  

Den analyse, der danner grundlag for vores risikostyring, fokuserer oftest mere på udfald end på processer. Det fleste af vores værktøjer fortæller os mere om, hvad konsekvenserne bliver, end de fortæller os om, hvordan de opstår. Hvordan og hvorfor er ofte lige så vigtigt som hvad. Det er godt at vide at et marked vil falde, men endnu bedre at vide, hvornår den vil falde – og hvorfor.

Scenarier kan være et stærkt værktøj

Militæret har længe anerkendt nødvendigheden af at udvikle en forståelse for de sidste to spørgsmål og har i den henseende udviklet nogle relative enkle, men stærke værktøjer. Disse værktøjer kan vise, trin for trin, hvordan en fare udvikler sig til en trussel.

Den amerikanske hærs feltmanual FM-101-5 ”Staff Organization and Operations” beskriver nøgternt den amerikanske hærs proces for at træffe beslutninger: ”Military Decision-Making Process” også kendt som MDMP. Manualen dækker processen, samt de delprocesser og værktøjer, der skal understøtte den, fra analyse til den færdige plan. Denne artikel fokuserer på deres brug af scenarier, eller det de kalder ”SITTEMP” eller ”situational template”.

Scenarier er billeder, der viser hvem, hvad, hvor, hvornår, og hvorfor. De er tegnet, så de viser, hvordan begivenheder udvikler sig over tid. Scenarier viser, hvordan risici opstår og kan derfor give indblik i, hvorfor de opstår. De viser sammenhængene mellem aktør og hændelse, samt forløbene for deres udvikling, og hvad de opnår.

Turn the Map Around

Tool: Like “measure twice, cut once”, good advice can be deceptively simple.

A long time ago, in a galaxy far far away, I was an army officer. Films emphasize action, but most soldiering is “hurry up and wait” and, for officers, endless planning. Armies like organization and our planning was very structured. One of my tasks was to analyze terrain.
I was taught that there were many ways to look at where we would operate – and  seeing it through the enemy’s eyes was essential. One of the simplest tools was to turn the map around and look at our positions from the enemy’s point of view
Simple, but effective

The method is as simple as it sounds. You turn the map 180 degrees and look at the terrain from the other direction. The results can be startlingly obvious – and quite revealing.
The simplicity of the method makes it easy to learn and easy to incorporate into your risk analysis processes. Its effectiveness is usually self-explanatory, which makes it easy to justify adopting. The drawback, if any, is that it is so simple that it can be easy to overlook.
Opportunities, threats, and the “surprisingly obvious”

The technique often answered a lot of questions for us very quickly. The enemy’s “most likely avenue of approach” was usually clear once you looked at the ground from their side. Our weaknesses were likewise usually obvious.
The big competitor that you always worry about may envy how your small size enables you to be nimble and sieze opportunities for which their organization is too cumbersome. The market you find confusing may seem simple viewed from the customer’s perspective.

Change your perspective and things may look very different.

The way something looks depends on where you stand. Shopkeepers always walk outside to look at their window displays from the passersby’s point of view. Maybe you should too.

Let’s say the Euro does crack up… what’s in it for me?

What would a potential or even worst case scenario look like for the PIIGS?

There is no shortage of people willing to speculate on whether or not the Euro will survive or the fates of various indebted member countries, but surprisingly little talk of what a break up or default would look like. Adjectives like “bad” and “ugly” do not provide much material for contingency planners. How vulnerable would you be if it happened?

There are lots of options

Beware whenever anyone tells you something is impossible. Be doubly so when politicians say something is unthinkable and not up for discussion. When politicians tell you they are not talking about something, they are usually talking about little else.

There has been plenty of speculation about one or more countries leaving the Euro, ranging from the heavily indebted countries to the main engine, Germany. Unfortunately, the speculation has ended there.

What would a default look like?

The question is a good one and there are plenty of examples. Argentina, for example, defaults about as often as their neighbors Brazil win the World Cup. The exercise usually involves lots of negotiations and these are not usually about if the investors will lose money, but how much. Therefore, one of the first questions is to ask who lent the PIIGS (Portugal, Ireland, Italy, Greece, and Spain) the money that they cannot pay back?

The Germans are on the hook for a lot of it, but so are lots of other people. What effect will losing lots of money have on them? Judging by how often people line up to lend money to Argentina, despite its history of not paying back, it would be tempting to say not very much. The difference here is that the amount of money seems to be much larger.

Usually the banks only lose some of their money, and the rest of it gets adjusted, just like a renegotiated mortgage. The pertinent question might be:

  • What effect would it have on you if your bank lost lots of money in these countries?
  • Will it affect your financing?
  • Will it affect your customers?

Much of this depends on those negotiations.

What if the PIIGS get kicked out of the Euro?

This is another question few people seem to want to answer. The countries would have to decide if they wanted to keep the Euro or resurrect their old currency. The practical side of this is not that difficult. New cash and coins can be printed rather quickly by specialty companies that do this sort of thing. The Third World gets their currency from these companies and they could probably manage a rush job, even if it was a big one.

The central banks could force conversions from the old currency to the new and have no doubt, it would probably be ugly, but it has been done before. Following World War Two, the new German national bank introduced a new currency overnight, erasing all bank accounts and their contents, creating new ones with 500 marks in them for everyone. There were probably harsh words, but the decision was not reversed.

What if the PIIGS left the Euro, but kept the Euro as their currency?

Confused? Don’t be. El Salvador is just one of several countries that uses US dollars as their currency. While they use US paper money and coins, El Salvador does not print US dollars, though they do issue dollar-denominated debt. Basically, their currency and exchange rates are out-sourced. Ben Bernanke does most of their central banking for them.

What will it mean for me?

This is a question worth trying to answer.

  • How would you protect cash in local bank accounts? Move it overseas? Convert it into assets?
  • How would you protect physical assets?
  • How might contracts be affected? Have you asked your legal advisors?
  • How might you labor contracts be affected?
  • How might your suppliers be affected?
  • How might your bank be affected?
  • How might your investors be affected?

Think ahead

Instead of wondering whether or not it is going to happen, try to assess how it might unfold and what the potential consequences would be. Know your exposure, identify key warning indicators, and be ready to act, if necessary. Most important of all, know your potential vulnerability.



Raspberries Happen

How much do you enjoy the finger-pointing and recriminations?

I’ve been busy and I’m probably not the only one. It’s the time of year where a lot of us are busy. Things pile up and blogs get neglected. The unexpected happens and it sometimes takes odd forms – like raspberries.

Raspberries are perfectly pleasant. My stepmother makes an outstanding raspberry jam, a taste of which I enjoyed not two hours ago on a scone. I do not enjoy them quite as much on the front page of my website. Until a few moments ago, however, my former logo had been replaced by that perfectly pleasant berry so perfectly suited for jam-making.

Predictable processes

It was a quick reminder of all the phases of a disaster. Surprise, anger, confusion, combined with a scramble to solve the problem and find its source. So agreeing to a template upgrade can erase some files. Who knew? Who cares? Solve the problem.

It’s amazing how much you can fit into such a small amount of time when you don’t have anyone to distract you. The finger-pointing portions of the process were quick, but effective. Blame was assigned, denied, confirmed, and accepted without the usual time wasted actually discussing the matter.

Further recriminations, one of my favorite phases, was initiated in this case by the discovery that the former logo was nowhere to be found. This particular iteration followed the initial round of accusations in a fraction of the time that it normally would take to get the initial round fully operational.

The inevitable compromise

The grumpy compromise stage arrived tight on the heels of the last round of recriminations. The advantages of being alone appeared again. A fluent bout of swearing had to stand in for the search for a decent photo-editing program. A lumpy replacement appeared on MS Paint.

A couple of quick attempts at a stop-gap solution were uploaded and rejected in less time that it would normally take to decide who to assign to creating a solution. The project management phases were being ticked off faster than the cursor could move through a checklist. The site was tested, the new logo appeared and the raspberry did not.

Is the lumpy stop-gap logo a permanent solution? No. Does a perfect solution need to be created tonight? No. Dinner needs to be made tonight. The Christmas tree needs to be decorated tonight. For now, the perfect logo can wait.

What are you going to do?

Raspberries happen. What you do about them is up to you. You can spend a long time fixing a problem or you can do it quickly and effectively. Your choice often depends on how much you enjoy the finger-pointing and recriminations portion of the process.

Patents, IP, and Protecting the Recipe for Your Secret Sauce

No matter what you do, know that protecting your IP is an active process. 

It is surprising how many people actually believe that a patent will protect their intellectual property. A patent is a perfectly good tool, but it does no good all by itself. There is no ever vigilant force of superheroes standing guard over the intellectual property of the world, but people seem to act as if such an organization exists. The reality is that nobody cares whether your IP is being stolen until you do.

So you want to protect your intellectual property?

Your first question ought to be ‘why?’. The answer might not be immediately obvious. Sometimes we like our ideas so much that we fall in love with them. This passion can be good, if it helps you convince customers to buy your product. It can be bad if the effort you devote to protecting it from being copied distracts you from other potentially more profitable tasks like getting it to market or correctly analyzing its strengths and its weaknesses.

A few reasons for protecting your IP

Thomas Mathiasen of Danish Intellectual Capital Management points out that, “if something is of value, it’s worth protecting”, and patents have great potential value. It may indeed be of paramount importance for you to secure your rights and ensure that they are not infringed upon by others.

In short, patents can:

  • provide the means of getting a legal monopoly,
  • demonstrate the competence or knowledge of the company, or
  • target competitors.

But whether they are the right tool for you depends on several things.

Where does IP protection fit in your strategy?

Remember that protecting your IP means much more than keeping other people from copying it. The best technology in the world is not going to make you any money if no one is using it. Allowing other firms to copy the technology was key to helping VHS beat Betamax.

Perhaps all you want to do is register that you had the idea first, so that no one can make you pay for using it. Perhaps a monopoly strategy is exactly what you need. Be explicit about what you need IP protection to enable you to do.

What does the threat look like?

Direct competitors might be interested in your intellectual property, but others might have an interest as well. Talk to all of your staff to see where the threat might come from. The answer to who might steal your IP can be unexpected. How you go about making your special sauce may be just as interesting as the sauce itself.

How can your IP be stolen?

Your IP can walk out the door any number of ways. Former employees and contractors can walk away with copies. Poor IT-security can leave the door open for intruders. Others may reverse engineer your product – or simply read your patent application.

Where will the most likely threat come from?

Too many people fail to think this question through, but it is vital, because working out how your IP can be stolen allows you to focus the task of protecting it. As mentioned, involving your whole staff can help. IP does not walk away by itself, someone takes it. Usually you can figure how they do it. If you are proactive, you can do it before your IP gets stolen.

How do you protect your IP?

The answer can be complicated, but your first task is to analyze your own needs and the threat to your IP. Answering these key questions can get you started:

  • Why do you want to protect your IP?
  • Where does IP protection fit in your strategy?
  • What does the threat look like?
  • How can your IP be stolen?
  • Where will the most likely threat come from?

There’s More to Protecting Your IP than Getting a Patent

Fear not! The issue can be complicated, but there are experts like Thomas Mathiasen who can help you. Help with how to answer some of these questions is also on the way here. Watch this space.

The Yoko Ono Factor

Tool: Dealing with the fact that nothing lasts forever

Two weeks ago, I spoke with a start up team that had just lost a team member and was in the dumps. Starting a business is tough and having someone leave was hard on those that stayed. They are not the first firm to experience it and they won’t be the last. It is completely normal. The question is what to do about it.

Fight, flight, freeze or…

Absurd as it may sound there are still people who see any attempt to leave as treason and fight anyone trying to go. Others deny that it has any effect, believing that one person is good as the next. Others freeze, doing nothing as people walk away. All three have their flaws and fortunately there is an alternative. Accept that people come and go – and think through how to deal with it.

People come and people go. What are you going to do about it?

Break ups can get complicated – especially if you’re not prepared. Like marriages, nobody goes in expecting to quit, but committing to a job, especially in a start up does not mean you have to accept all the risks unaltered. Going in, most of the discussion about expectations is focused on the positive, the things everyone wants to happen. It is worth thinking about what your expectations are if things do not go as hoped – and specifically if someone wants to leave.

Think ahead

Here are a few steps that can help:

  • Accept the possibility that someone may want to leave – and that they might have a perfectly acceptable reason to do so.
  • Talk through how you would like that process to go. Should there be a handover of roles and responsibilities or should they pack their things in a cardboard box and leave immediately?
  • What are the rights of both sides? Who gets to keep what? Intellectual property? Customers? Colleagues? Suppliers?
  • How will you agree on what you have agreed ? A handshake? A document?

(Note: if you’re in a big firm, don’t make the mistake of thinking HR has taken care of this. They may have the legal aspects covered, but everything else is on you. Do you want to know someone is thinking of leaving – or wave as they walk out the door? What relationship do you want to former colleagues?)

How to do it right – and not so right

Some bands, like the Rolling Stones and the Beach Boys, go on forever. The former seems to have come to terms with each other – and remained on good enough terms – to stay together. The latter are an example of another option. They replace band members one at a time and will probably play forever. Most bands, like the Beatles, however, do not.

Plenty of Beatles fans rue the day John Lennon met Yoko Ono, but meet her he did and the rest is history. When Lennon left, it was over. Given how many lead singers have gone solo and drummers have died of drug overdoses, the modern band without a plan for what to do if someone leaves is ignoring a very obvious risk.

Be prepared for the Yoko Ono Factor

Yoko Ono happened. The band should have been expecting it – and so should you. Think through what you will do if someone decides to leave the team. What if your superstar CEO gets a better offer? What if your techlead gets lured away by Google? Saying it isn’t going to happen won’t protect you – and their departure does not have to hurt.

Time heals…

Yesterday a tweet came in from a VC announcing that the startup had been added to their portfolio. Time heals all wounds, the saying goes, and perhaps it has taken some of the sting of losing their fourth team member. Your team may be vulnerable, especially if you have not discussed the issue. Whether you think you’ll last as long as U2 or you don’t, start talking now. Yoko Ono is out there somewhere. Count on it.

Capturing Lessons Learned

Tool: Avoid the finger-pointing and capture the knowledge

The ability to learn from from mistakes is a key function. It is central to risk management, a main focus of rapid prototyping and central to effective iterative planning and development. One of the biggest obstacles to learning from mistakes is assigning blame. There is a simple way to avoid one and achieve the other – effective learning reviews.

The “Why Wesabe lost to Mint” story making its rounds is an interesting case for several reasons. First, it tells the inside story of what when wrong and, two, the former head of Wesabe, Marc Hedlund, is taking responsibility.

The first point is remarkable, because avoidance and denial are the standard responses to failure. The second is remarkable because the other standard responses to failure are  finger-pointing and dodging blame.

Why look back instead of focusing on the future?

Sometimes failure can teach us more than success – and sometimes we lose sight of what we do well. Failing on purpose, as in stress-testing, for example, can show us thelimits of a product or process. Either way, if we can move beyond the avoidance, denial, finger-pointing, and blame-dodging, then there is a real opportunity to learn.

Sounds good, but how do you do it?

Whether you call it a post mortem, an after action review, or just do it without labeling it, the focus needs to be on the lessons learned. Briefly, the format consists of:

  • a restating the task and purpose
  • a short review of what occurred
  • finally, listing three things which went well that should be sustained and three things which did not that can be improved.

The facilitator’s role

This requires a facilitator who is not going to point fingers – and that requires a lot of discipline.

The facilitator needs to create an atmosphere where people are willing to share what they learned instead of defending their actions. It can be done like this:

Participant A: We did X, because we thought it would help achieve Y. Unfortunately Z occurred because of Q and S. This showed us that a better approach would have been T.

Participant A did not attempt to justify why they thought X was the right decision and instead explains what happened – and what they learned.


The place to correct subordinates for their mistakes is not in front of their peers. Focus on getting your list of three things to sustain and three things to improve. If you need to improve a single team member’s performance, do it one on one. Embarrassing them in front of their colleagues might feel satisfying, but there are more effective ways to correct performance. Worse, it will not create the freedom to look at what happened and find the solutions that you hopefully seek to achieve.

“Three Ups & Three Downs”

One of the benefits of this format is its focus on capturing the lessons learned instead of the blow by blow replay of what happened when and why. The question asked of the review subsequently becomes, “what were the ‘ups and downs’?”, and not “who got blamed?”

This tool does not protect potential guilty parties, but instead helps avoid mixing apples and oranges. If there are people to reward, reward them at a separate event – and in front of their peers. If you need to find a head to put on a stake, then by all means do so – but do it separately as well. Don’t let assigning blame get in the way of lessons to be learned from the event.