1
S EC U R I T Y A N D R ES I L I E N C E M A N AG E M E N T - M I T I G AT I N G R I S K
FO R YO U R O RG A N I ZAT I O N
2
S P E A K E R S
• Dennis Blass, CPP – Children’s of Alabama
• Lisa DuBrock, CPA – Radian Compliance, LLC
• Jim Leflar, CPP, CBCP, MBCI – Zantech IT Services
• Marc Siegel, Ph.D. – San Diego State University and M Siegel Associates LLC
2
3
S E S S I O N O V E R V I E W A N D O B J E C T I V E S
• Panel Discussion – Perspectives on Resilience
➢ What is organizational resilience or what is a resilient organization?
➢ When does an organization move from an ad-hoc approach to a formal structured approach?
➢ What is the advantage of breaking down siloes?
• Change Management – Issues/Recommendations
• New Security and Resilience Standard – The recipe book
• Questions
3
4
W H AT I S O R G A N I Z AT I O N A L R E S I L I E N C E O R W H AT I S A R E S I L I E N T O R G A N I Z AT I O N ?
• Resilience is an aspirational objective – there is no endpoint nor is there one-size-fits-all.
• Organizations become more resilient by fully integrating proactive management of risk into their system of management.
• Everyone is seen as a risk maker and risk taker, therefore, a risk manager.
• Emphasis is placed on security and risk awareness throughout the organization.
• The management of risk is viewed through the front windscreen, not out the rear-view mirror.
• Risk is considered at the strategical, tactical, operational, and reputational levels.
• Organizations are not viewed as islands but as part of a value chain.
• It is an iterative process where you learn from mistakes.4
5
W H AT I S O R G A N I Z AT I O N A L R E S I L I E N C E O R W H AT I S A R E S I L I E N T O R G A N I Z AT I O N ? CON ’ T.
• Organizational resilience is a strategic approach to enhancing the unfettered system-wide interactions (risk, communications, cooperative relations, and social capital) in the holistic organizational environment (internal and external – includes supply chain).
5
6
W H E N D O E S A N O R G A N I Z AT I O N M O V E F R O M A N A D - H O C A P P R O A C H T O A F O R M A L
S T R U C T U R E D A P P R O A C H ?
• The focus of any formal structured approach should be enhanced risk and business management. The move to a formal approach may be driven by:
• Contractual requirements and client demands;
• The need to demonstrate reliability in a supply chain;
• The need to improve business performance and support future market development including market expansion;
• Legal and liability protection; and
• The need for data- and information-based business decision making.
• Certification to a standard should not be a driver – rather it is a distraction. Let it be the gravy at the end of successful implementation.
• Implementation should be tailored to the organization’s system of management, not just the standard.
6
7
W H E N D O E S A N O R G A N I Z AT I O N M O V E F R O M A N A D - H O C A P P R O A C H T O A F O R M A L
S T R U C T U R E D A P P R O A C H ? CON ’ T.
• OR becomes a formal approach when management begins to organize and recognizes the OR outcomes.
• Groups and org. culture can have informal elements.
• Communication channels are both formal and informal.
• The processes that make up the organizational system(s) can be both formal and informal – both are powerful/influential.
7
8
W H AT I S T H E A D VA N TA G E O F B R E A K I N G D O W N S I L O E S ?
• Increase communication effectiveness
• Share resources – more effective
• Risk is risk – entire organizational issue
• Increase the opportunity for social capital
8
9
W H AT I S T H E A D VA N TA G E O F B R E A K I N G D O W N S I L O E S ? CON ’ T.
• An efficiently run organization will have a single risk-based, information-based system of management focused on outcomes and opportunities.
• Objectives need to be considered on the strategic, operational, tactical, and reputational level enterprise-wide, division-wide, and locally.
• Security and risk management support the creation of value – they are part of the operating system.
• Security and risk awareness, communication, and training promote a culture of resilience by incorporating them in all aspects of the business.
• An integrated and holistic approach maximizes precious resources and minimizes duplication of efforts.
• Breaking down silos enhances the collaborative effort needed to address complex multi-disciplinary issues that organizations and their supply chains must address in the global market.
9
10
C H A N G E M A N A G E M E N T I S S U E S
• Resistance to Change:
• General uncertainty about the change (Kennedy, 2011);
• cynicism, dubious trust of leadership, and employee’s lacking confidence in each other;
• Institutional resistance to change (Agocs, 1997);
• Organization is slow to change;
• Poor implementation by manager (Gilley, Gilley & McMillan, 2009);
• Poor planning and preparation;
• Senior leadership avoiding unknown risk (Lane, McCormack & Richardson, 2013);
• Avoiding initiative is better than creating risk problem.
• Change failures caused by human actions, not technical.10
11
C H A N G E M A N A G E M E N T R E C O M M E N D AT I O N S
• Gain firm, personal approval from the CEO;
• Ensure CEO will continue to support the change initiative;
• Develop a marketing strategy for the change initiative;
• Communicate the personal importance of the initiative to the employees as well as the organizational importance;
• All employees must understand the value of the change.
11
12
C H A N G E M A N A G E M E N T R E C O M M E N D AT I O N S
• Multi-methods of distribution (e.g., multimedia displays, newsletter, intranet messages, and team meetings);
• Seek and recruit employee involvement in the change;
• Ensure employees see involvement is necessary for success;
• Active participation increases the likelihood of personal association with the initiative.
• Pace change to the local culture and to promote success breeding success.
12
13
C H A N G E M A N A G E M E N T R E C O M M E N D AT I O N S
• Implement a formal repeatable process consistent with organization’s culture;
• Routine status updates and reinforce the value, importance, and personal benefits to all participants;
• Top leader must be involved in the routine meetings or marketing messages;
• Leader must be seen showing absolute, sincere involvement and commitment to the initiative;
• Provide symbols of recognition from top leadership - helps maintain motivation, commitment, & personal recognition with the initiative.
13
14
S TA N D A R D : S E C U R I T Y A N D R E S I L I E N C E I N O R G A N I Z AT I O N S A N D T H E I R S U P P LY
C H A I N S• ANSI/ASIS Standard - ORM.1 which combines 3 previous ASIS Standards
• SPC.1, PAP.1 and BCM.1
• Provides a risk based systematic, country-neutral approach to identify, assess, and manage risks related to an organization's operations and its supply chain.
• Places an increased emphasis on an organization’s supply chain
• Uses enterprise risk management perspective, emphasizing:
➢ Proactive risk and business management to support a process of prevention, protection, preparedness, readiness, mitigation, response, continuity, and recovery from undesirable and disruptive events;
14
15
O R M . 1
• ORM.1 is a holistic framework which takes into account:
• Context of the organization and its supply chains;
• Legal, regulatory, and contractual obligations and voluntary commitments;
• Needs of internal and external stakeholders;
• Uncertainties in achieving its objectives;
• Protection of human, tangible and intangible assets, and
• Continual improvement.
15
16
W H Y O R M . 1 ?
• ORM.1 enables an organization to:
• Develop an ORMS policy;
• Establish objectives, procedures, and processes to achieve the policy commitments;
• Develop processes to assure competency, awareness, and training;
• Set metrics to measure performance and demonstrate success;
• Take action as needed to improve performance;
• Demonstrate conformity of the system to the requirements of this Standard;
• Establish and apply a process for continual improvement.
• ORM.1 and CPP - Either the new standard or the legacy standards may be used to study for the CPP exam
16
17
C H A N G E M A N A G E M E N T R E F E R E N C E S
Agócs, C. (1997). Institutionalized resistance to organizational change: Denial, inaction and repression. Journal of Business Ethics, 16(9), 917-931.
Avey, J. B., Wernsing, T. S., & Luthans, F. (2008). Can positive employees help positive organizational change? Impact of psychological capital and emotions on relevant attitudes and behaviors. The Journal of Applied Behavioral Science, 44(1), 48-70.
Blank, R. E. (1990). Gaining acceptance: The effective presentation of new ideas. Total Quality Management, 1(1), 69-73.
Coch, L. & French, J. R. P. (2011). Overcoming resistance to change. In W. E. Natemeyer and P. Hersey (Eds.), Classics of organizational behavior, 4th Edition (pp. 41-62). Long Grove, Illinois: Waveland Press.
17
18
C H A N G E M A N A G E M E N T R E F E R E N C E S
Diamond, M. A. (1992). Hobbesian and rousseauian identities: The psychodynamics of organizational leadership and change. Administration & Society, 24(3), 267-289.
Gilley, A., Gilley, J. W., & McMillan, H. S. (2009). Organizational change: motivation, communication, and leadership effectiveness. Performance Improvement Quarterly, 21(4), 75-94.
Holt, D. T., Dorey, E. L., Bailey, L. C., & Low, B. R. (2009). Recovering when a change initiative stalls. OD Practitioner, 41(1), 20-24.
Kennedy, D. (2011). Moving beyond uncertainty: Overcoming our resistance to change. Leader to Leader, (62),: 17-21. 18
19
C H A N G E M A N A G E M E N T R E F E R E N C E S
Lane, K. E., McCormack, T. J., & Richardson, M. D. (2013). Resilient leaders: Essential for organizational innovation. International Journal of Organizational Innovation, 6(2), 7-25.
Neck, C. P. (1996). Thought self-leadership: A self-regulatory approach towards overcoming resistance to organizational change. International Journal of Organizational Analysis (1993 - 2002,) 4(2), 202.
Nord, W. R., Jermier, J. M. (1994). Overcoming resistance to resistance: Insights from a study of the shadows. Public Administration Quarterly, 17(4), 396.
Palmer, B. (2004). Overcoming resistance to change. Quality Progress, 37(4), 35-39.
19
20
C H A N G E M A N A G E M E N T R E F E R E N C E S
Rochet, C., Keramidas, O., & Bout, L. (2008). Crisis as change strategy in public organizations. International Review of Administrative Sciences, 74(1), 65-77.
Rudes, D. (2007, January). Tied response to organizational change. Paper presented at the meeting of American Sociological Association, New York, NY.
Stanley, D. J., Meyer, J. P., & Topolnytsky, L. (2005). Employee cynicism and resistance to organizational change. Journal of Business & Psychology, 19(4), 429-459.
Wart, M. (2004). A comprehensive model of organizational leadership: The leadership action cycle. International Journal of Organization Theory and Behavior, 7(2), 173-208.
20
21
HOW TO REACH US• Dennis Blass –
• Email address - [email protected]
• Lisa DuBrock – 847-997-2032
• Jim Leflar – 267-300-1139
• Marc Siegel – 858-405-9855
21
22
Questions?
Top Related