Risk Management – Page 17 – Maverisk / Étoiles du Nord

The Risk of Human Existence

Where Risk should be in the ‘first’ line of any defense, and subsequent lines are mere (subsumed …!) support, as in the line of reasoning where Risk or rather Uncertainty [don’t start me on the semantics pure kindergarten discussions per definitional differences] is essential to do business; nay is essential to any organisation’s ‘business’ even when as non-exposed to market conditions as e.g., government departments.
Which, and this is the title reference, of course hinges on: all human endeavour seeks to eliminate uncertainty as uncertainty in the state of bare survival that humankind still is (sic; on average, and in the near future thanks to global warming [no thanks, global warming!]), would mean deterioration i.e. extinction.

Against which we (well, I; uncertain about you dear reader) have developed these whimsy precious things called brains (i.e., including the prefrontal cortex) to enable us to not only cope with the most complex of things including paradoxes, infinity et al., but also with uncertainty. Through induction and Big Data-like pattern extraction, sometimes taken to the levels at which most current Big Data analysis stands (turning spurious correlations however weak, into causation theorillets and/or rites), sometimes actually achieving something — models that ‘work’ to sufficiently accurately predict some aspects of the future (i.e., behaviour of predators) to enhance survival by staying away from the most unsurvivable situations.
Now that a precious few (??) have managed to ward off the evils of existential threats, such death scare of death has turned into a death scare of anything that doesn’t go according to our plan of doing the least possible to do nothing but eat ourselves into obesity.

Meaning, not accepting that now all reasonable threats, uncertainty, has been reduced by extreme CYA everywhere, at the same time we (not I) accept less and less that bad things just happen, and will ever more fanatically look for someone(s) to blame.

Solve the latter by ‘solving’ the former. Fight CYA!

And:

[What’s our love … but the Art of Glass; Blondie for no apparent reason, Dordrecht]

When it comes to Risk, Appetite is Tolerance

Previously, with many others I believed that Risk Appetite would have to be the starting point of discussion for anything Risk within organisatons. The appetite, following from discussions on Strategy being the choices of directions and subsequent steps that would need to be taken to achieve strategic objectives, i.e., where one sees the organisation ending up in the future. Very clearly elucidated here. Backtracking, one will find the risks associated with these possibly multiple directions and steps — in qualitative terms, as NO valid data exists (logically necessarily, since these concern the future and hence are determined by all information in the universe which, logically, cannot be captured in any model since then, the model would have to be part of itself, incurring circularities ad infinitum and already, the organisational actions will impact the context and vice versa, in as yet (for the same reason) unpredictable ways.
And then … This risk appetite, automatically equated with the risk tolerance by the Board for risks incurred bottom-up by the mundane actions of all the underlings (i.e., including ‘managers’, see yesterday’s post), then suddenly would have to be in quantitative terms… [Yes, bypassing tolerance-as-organisational-resilience-capacity]
As all that goes around in organisations, through the first 99.9% of Operational / Operations Risk, and then some 10% industry-specific risks (e.g., market- and credit- for the finanical industry), not measured but guesstimated by hitherto outstandingly some that have least clue and experience [otherwise, they would have been much better employed in the first line of business themselves… The picture changes favorably (!) where we see some organisations shift to first-line do-it-yourself risk management… finally!] with what the chance and impact figures would be. As if those were the two only quantities to be estimated per ‘event’… As if any data from anywhere would be sufficiently reliable benchmarking material — If you believe that nevertheless, you should be locked up in a treatment facility… Yes sometimes it’s taken to be this moronic… No need to flame bigger here, as that was already done here.

But wait where was I. Oh, yeah, with the bypassing of tolerance defined as what the organisation could bear. The bare fact being, that no-one can establish a reliable figure for that. What the Board can and want to bear … Considering that the Board would have to be all-in, i.e., not only all of their bonuses since ever under clawback threat, but also all of their earned income incl salaries and personal wealth — if any of the Board would not want to risk all they ever had and have, bugger off this is what you signed up to. Considering also that strategic decisions are about wagering the existence of the company on choosing right or else, this wagering the well-being and wealth of all employees however unable to bear loss by mere fact of never had the ability to create some reserves, the previous consideration isn’t exaggerated. You wager others’ very existence, you wager your own ‘first’.

Summa summarum:
Risk Appetite is what the Board lets happen as Risk Tolerated Already.

Plus:

[And away goes your grand hallway down the drain; [non-related] Haarzuilens, Utrecht]

Positive Performance Plans — Done That, part I

Regarding the latest spat on dumping personal performance plans, P-KPIs et al.

Which one shouldn’t. Even at the most negative end of What Gets Measured Gets Done, there is some truth like, some grains. Where no measurement and reward (sic I) for performance, may not entice too many to be worth their salt (sic II). In today’s total-information society, it’s the free riders, the freeloaders, that escape unharmed with their booty. ‘Hedge fund manager’ like. Possibly to be villified by history as the worst atrocities of humanity ever, but that remains to be seen as history commnly is written by the winners and forward-looking one is not (can not be) sure who that will be.

But change is in the wngs, and is needed indeed. Too many are still driven by assembly line (i.e., geriatric) target setting and (micro)management. Don’t get me started on the latter or I spam you into oblivion with bold 80 point [Expletive starting with an F] You’s.

From the Other Side, there’s renewed talk of personal development through not To Do lists but Have Done lists.

Now, can these be deployed to structure human activities’ objectives ..? Having biweekly open discussions about ‘production’ even when the employee is somewhat free to decide what to work on as long as it’s slightly related to a long-term organisational goal that everyone shares — the Original idea why people banded together in companies, taking that label from the military where already it denoted comradeship and protection towards a common achievement.
Even where proxies are needed, as e.g., project-style work with deliverables only after some time, at milestones and deadlines. Even where managers’ understanding needs to be raised through the (their) roof to capture the content innovation and disruption of the Knowledge Workers doing the creation of work/deliverables/-content and actually understanding how that ties into the total achievement – / required. Even when those ‘managers’ need to grasp the idea that much time is spent very maybe not being worth the salt, to in a blink of an eye arrive at some final nugget worth all the salary previously invested (‘thrown overboard on useless loafing’ which is required for the nugget to materialise). Enabling work at home for many; much more efficiently and with the very same productivity if not much more in the end (when all have become accustomed to the idea(s as here before)).

Yes, this leaves overall performance to ‘managers’, to integrate and achieve, and to report, and to translate downwards to personalised (individualised and adapted to individuals’ personal capabilities and development goals) general work directions. No more forty hours sitting in a cubicle — brains dying of boredom all around but “you don’t get paid for not being bodily present less than forty hours (plus/plusplus) even if you aren’t in the least productive overall”. Such is life. The organisation doesn’t give a [expletive starting with an s] about how you get [same] done, as long as your group delivers… Managers are of the work force, not above it ..!

I’ll work on this topic later, to develop the organisational structures to support this…
Oh, and:

[Where Museum is splendid form and function; Teylers’ Haarlem]

The legacy of TDoS

So, we have the first little probes of TDoS attacks (DoS-by-IoT). ‘Refrigereddon’.
As if that wasn’t predictable, very much predictable, and predicted.
[Edited to add: And analysed correctly, as here.]

Predicted it was. What now? Because if we don’t change course, we’ll achieve ever worse infra. Yes, security can be baked into new products — that will be somewhat even more expensive so will not swarm the market — but for backward compatibility in all the chains out there already, cannot be relied upon plus there’s tons of legacy equipment out there already (see: Healthcare, and: Utilities). Even when introducing new, fully securable stuff, we’re heading into a future where the Legacy issue will grow for a long time and much worse than it already is, before (need to be) huge pressure will bring the problem down.

So… What to do ..? Well, at least get the fundamentals right, which so far we haven’t. Like this, and this and this and here plus here (after the intermission) and there…

Would anyone have an idea how to get this right, starting today, and all-in all-out..?

Plus:

[IRL art will Always trump online stuff… (?); at home]

Really Bad Life

The recent spat on (team, in particular) sports not being the character building they’re supposed to be, has a pendant in other realms of game as well. The former, here; the latter, here.

Where, similar to other areas of enticement (link and other posts on this blog), the idea of a level paying field not through the starting positions but through procedural justice, seems to want to jump over the weaving errors of our societies being the unevenness and inequality of the starting positions. Also eloquently explained (with a moral take-home) here. Typical in the RBC article above-linked, in the base (sic) of the great game of golf with its handicap system. But still; this doesn’t diminish the feelings of inequity, either on the non-compensated-for-bad-luck-starting-points side, or on the feeling-bad-for-having-lost-the-advantages-of-an-advantaged-starting-point side.

Wouldn’t wars be over and world peace break out when the problem that eluded some of the most eminent (economics- and others) thinkers, as here and certainly here and here, be solved ..? What transformation away from a bad one, would that require of the world society ..?

I’m seriously interested to hear any pointers and partial work already …

[On the edges of Nature and Appolonian order…, and perfection (in horizon balance) is boring; Ancy-le-Franc]

Peak Gulden

I’ve been dabbling in this pure-fiat money (sic) Gulden that is an attempt to indeed bring back the Dutch florin wink.
So far, I only put a toe into that water, and ’twas a profitable ride indeed. Should’ve moved all-in and retire…

Yes there’s all sorts of payment functionality but haven’t found a place to put that to use yet. Which made me think: Is there some sort of metric by which one can determine how ‘mature’ respective blockchain currencies are ..?

Like, some ratio that includes available volume, traded volume (exchange for (much longer) pre-existing traditional currencies), actual payments made for goods/services transactions, et al.
Or would anyone already have some (pointers to sufficiently secure-not-clickbait) sites that have such info and mdash; surely better factors and ratios than the above…?

TIA. And:

[Here, another mix of (not ‘chain but brick-‘n-mortar) architecture and finance; Troyes]

Wells Fargo very happy with all well-wishes

Customers send flowers and baskets to sick bank
October 14, 2016 by George Greenspan

Wells Fargo CEO Timothy Sloan feels support from all the heartwarming cards, fruit baskets, teddy-bears and drawings he has received.

“Thank you so much, dear ‘people’,” he lets us know with a large Minions balloon in hand.

Wells Fargo had not been feeling well for a long time already. “We still sometimes feel an ache from all the junk mortgages we doled out, and the billion-dollar fines didn’t help much, either,” says Sloan while showing a huge card on which a taxpayer wrote “Get Wells Soon” in giant letters. “But hopefully, we’ll soon have recovered soon enough to fetch me some ridiculous bonuses again.”

Many of the 8 million private customers have sent fruit baskets to their bank. Among them, Hank Dinger from Farmburg. He lost his job in the previous economic crisis and only now, years later, gets sporadic invitations for job interviews again. “But do take care of yourselves, will you?”, the sender card says, on which a pencil drawn tangerine gives a thumbs-up.

Biting an apple, CEO Sloan recognises that Wells Fargo had not been feeling too well already for a longer time in its capital position. “Due to the stock market slump we were more prone to be infected by sick speculators and hedge funds and all sorts of other external factors but us,” he explains. “From now on, we’ll pursue a more healthy strategy; promise!”

According to financial doctors, the bank is in worse health than Sloan would want to admit: “Chances are that Well Fargo will not have much time and the problems may spread to the North-Western economy. The only true remedy at this stage, is a double dose of lay-offs, and a financial injection by the government.”

FED Chair Janet Yellen does not want to give that injection just yet. She has scolded management because it had neglected its health, but also showed tender concern and care by providing a pan of home-made chicken soup. She gave Timothy a kiss on the forehead. “Better!”

[Original, in Dutch, on the Speld; translated with permission]

All Your Data Are Belong To Us

Or, in the form of a question: When
a. One has to notify authorities of any (possible!) data leak, per law, in Europe and soon maybe also in the USofA,
b. Even BIOSses aren’t secure anymore, baked in from the word Go and onwards,
Shouldn’t all organisations declare all of their infrastructure and hence all their data, possibly compromised ..?

Just asking.

[Edited to add this. Also relevant; this one deeper (?)]

And:

[Calm, not private; Museumplein Amsterdam]

Classic plusquote: Progress

You can watch it, but you can’t stop it. As you’re only a looker-on, unable to halt progress.
Like, this here classic from 1987 already.
[Explains the less than stellar graphics quality but hey, from analog to digital vid…]

And:

[In the church of inevitable Dutch waterworks; Lijnden]

New Normal Hacking

Errm, anyone still surprised about (not) new news on data being stolen, ransomware striking, or democracy perverted, anywhere, all the time ..?

Got a bit worried, and wondered whether there would be others the same, about the current Mehh impression of everyone in the loop, about even political parties [now openly], voting machines, etc., getting cracked and data stolen which combined with at last, at very last finally, the hackability of voting machines not, against all sane arguments, being tamper-resistant — which leads to the vulnerability and class broken-ness of fundamental human values.

And still, there’s hardly more than Mehhh.

Would anyone have a reason not to worry …?

Ah:

How you know that you are old in infosec: you remember when you were trying to get the world to care about improving security.

— Dino A. Dai Zovi (@dinodaizovi) October 6, 2016

Oh well, blue pills everywhere …? Plus:

[Sorry to say lads and lassies of the Royal Academy of Arts, but the Gemeentemuseum did beat you, on this one]
[Edited to add: No, this post was written before the NIST October 7 ‘news’ came out that (‘end’?) users are tired of hack-warnings (security fatigue), if that were a thing. Which is also not quite what I meant above, which is worse…]