All posts by Menken

snowbird

Leaning into risk to stay in control

leaning into risk

It was a lovely Saturday in Snowbird, and I was so excited to spend the next couple of hours with my friends exploring the trails going down a mountain I’d never been on before. Based on my experience with downhill skiing in Europe, and the fact that I am very risk adverse, I made it clear in the chair lift during our trip up that I am happy to do any colour trail as long as they are prepared.

“Sure, no problem.. no moguls, promise” was my friend’s response.

And with that said, we set off on our very first run down. From the top of the lift, we turned right and the 2 boys dropped down a trail that started about after a few hundred meters on the right, and I followed onto what I now know is called “Gad Gully” a black narrow slope with (you guessed it!) moguls. My heart was in my throat as this run was steep, with lots of moguls and the worst bit is, it’s also quite narrow so there isn’t a lot of room for mistakes.

I slowed down after a couple of near accidents (involving other people and a some trees) and had to remind myself of the basics of skiing. Lean towards the valley and keep your weight on the tips of your skis. Man, it was difficult and it took all my mental strength to do it but I knew it was the only way I would make it down that mountain alive and in one piece.

I made it down and the adrenaline rush was amazing! That was definitely outside of my comfort zone. I was scared and elated at the same time. And also extremely proud because I didn’t give up – I worked my way through it and lived to tell the tale.

Why did I want to share this experience with you? Because this week we were talking about risk leadership and how this is more than simply analysing, recording, and managing risks. A true risk leader shows vulnerability to share where there are unknown threats to the businesses. Or where there are vulnerabilities internally due to unclear or immature processes. A true risk leader also knows it’s alright to stop and consider the best course of action. To pause and think about the best way forward to make sure you get out of the situation alive and improved.

You know when to push through and when to stop and think.

Experience and skill

As risk leaders we need to be confident in our skill level to approach the vulnerabilities and threats. We have past experiences to draw from, and if this is not the case, we need to find people around us that we trust so that we can draw important learnings from their experiences.

The team you have around you must also have the skills to understand the situation they are in and to be able to assess the situation correctly.

Back to my ski trip – it’s because of my decades of experience and many hours of private lessons in the snow that I had the skill set to assess the situation correctly and had the ability to chart a course down the hill.

My question to you is: What training do you need to commit to for you and your team to navigate your business through the potential risks coming your way in the next 3 – 5 years? What do you need to know to be compliant to industry and legal regulations? How can you support your team to perform to the best of their abilities?

Are you leaning into the risks ahead of you? Do you have a proactive approach to external and internal threats? Or are you defensive and trying to avoid all the risks?

I know from my ski experience, that being defensive would have put me on the backfoot and I would have ended up in a place I didn’t want to be. It’s only because I was literally on the front foot and tackling the situation head on, but with a calm perspective and attitude, that I managed to make it through a potential dangerous situation alive and learn a lot of lessons from it.

Some questions to ask to become a better risk leader:

  • Who should be included to cover the entire organizations security and business needs?
  • Who has responsibility and accountability for treating and managing the risk?
  • What information security risks exist in the environment in which your business operates?
  • Do processes monitor your organizations ability to re evaluate risks and adjust controls effectively in response to changes in its objectives, its business and its external environment?
  • Do you believe that additional, specific regulatory guidance on cloud risk management is warranted?
  • What are your information and process requirements when completing the third party risk management process?
  • Are supply chain vulnerabilities protected from threats initiated against organizations, people, information, and resources that provide products or services to your organization?

How to get clarity within your business and avoid costly assumptions

How confident are you?

As a Project Manager or Risk Manager we are quite comfortable with the concept of risk. You are trained to identify risks, discuss them, and address them based on their impact and priority.

However, the risk that is often misunderstood or even neglected, is the risk of assumptions. Especially when a team is growing, you need to spend time documenting the way you make decisions. What is the basis of your analysis? Where do you go for the definitive answers?

Why is that?

Look at this picture, this is a ‘team’ with only 7 people. The lines are a representation of internal communication showing no form of hierarchy.

The more people you have in your team, the more information is going to be lost in translation. This is why the quality standards place such emphasis and importance on documented policies and procedures. Not just setting them up, but the team adhering to them and using the information from a single source.

Everybody is guilty of setting up their own systems, storing their own documents and keeping their research methodologies private. You may not do this on purpose, but it happens. The downside of this is that different team members start basing their decisions off different information sources.

During my quality management training, it was often said that a decision made on wrong information has more risk potential than not making a decision at all.

That’s one of the reasons why our Self Assessment Toolkits are based on the principle of the power of questions.

If you don’t ask the question, you will never find out whether everybody has a different answer. In your head you may assume that each person has the same answer, or you assume that it is clear and obvious. But it isn’t until you actually ask the question that you find out this was never the case.

Asking your team members where they store their analysis documentation offers great insight into the discrepancies. Some store on their local computer, others in a file management system, and others use cloud based solutions. While this seems like a silly and overly simplistic example, it may actually have major risk impacts.

Some industries (financial or government) have legal requirements that all their data is stored onshore. If found that data is stored on an international server because of the use of cloud storage, the company may be fined.
Or maybe first party personal data is stored on a local drive, which is against GDPR regulations, this could pose a risk for the company. And saying ‘I didn’t know’ is not a good enough answer. You should know, and that’s why you have to ask these questions.

How to make people follow the rules?

Everybody in your team needs to be fully aware of the way your business works. Obviously this is a skill building opportunity and you can organise a workshop or training to bring everybody on the same level.

Deeper than that – ongoing discussions on your company culture and core values is an important basis for the alignment of the individual team members. Start with creating clarity on your company core values before you build the understanding of the risk and compliance requirements.

Once that is clear – create a single source of information and make using this system the most intuitive and easy way to work.

When people have to use multiple systems with manual copy-paste actions, it’s a recipe for disaster as there are too many manual steps that just scream error rates! And when it’s too hard, people will come up with their own processes to follow.

So I guess you don’t just ask the questions, but also listen to the answers… and I mean really listen. Check in with the people in your team on how they use the systems, data sources and information to make decisions and translate their lack of clarity into better processes, procedures and systems.

What is the Service Management System in ISO 20000?

Why do we need the ISO/IEC 20000 standard?

Getting your ISO 20000 certification is all about showing (with documented evidence) that you have control over the processes, policies and procedures to deliver services as per the agreed needs and demands of your customers.

Do not confuse this with your professional development certification – ISO certification is for your business, or at least a contained portion of your business determined by the scope of the project. (This is important, more about that later).

ITSM – Implementing IT Service Management, or the management of your IT Services has been tricky for many organisations in the past few decades.

There are so many different frameworks and methodologies – there is DevOps, Cobit, Lean IT , Microsoft Operations Framework and of course ITIL.

What is IT Service Management?

IT Service Management is the management of all processes that cooperate to ensure the quality of live services, according to the levels of service agreed with the customer.

It addresses the initiation, design, organization, control, provision, support and improvement of IT services, tailored to the needs of the customer organization.

The term IT Service Management (ITSM) is used in many ways by different management frameworks and organizations seeking governance and increased maturity of their IT organization.

Standard elements for most definitions of ITSM include:

  • Description of the processes required to deliver and support IT Services for customers
  • The purpose primarily being to deliver and support the products or technology needed by the business to meet key organizational objectives or goals
  • Definition of roles and responsibilities for the people involved including IT staff, customers, and other stakeholders • The management of external suppliers (partners) involved in the delivery and support of the technology and products being delivered and supported by IT. The combination of these elements provides the capabilities required for an IT organization to deliver and support quality IT Services that meet specific business needs and requirements. IT Service Management gives the following benefits to the customer:
  • Provision of IT services becomes more customer-focused and the relationship between the service provider and the customer is improved through agreements about service quality.
  • The services are better described in customer language and in more appropriate detail.
  • The availability, reliability, cost, and other quality aspects of the service are better managed.
  • Communication with the IT organization is improved by agreeing on points of contact.

What is a Service?

Means of delivering value for the customer by facilitating outcomes the customer wants to achieve

It is important to note that a service is generally intangible.

The term service as used in the standards document means the service or services in the scope of the Service Management System (SMS for short) .

What is a Process?

A process is a set of interrelated or interacting activities that use inputs to deliver an intended result

The construction of a process is rather simplistic and involves detailed documentation of the following components:

  • Inputs – what the process must have in order to begin, such as information, tools, and triggers.
  • Triggers – an event that invokes the process or an activity within the process.
  • Outputs – what the process must deliver in order to achieve the desired outcomes. Outputs are always tangible.
  • Activities – the process steps necessary to transform the inputs into outputs. • Roles – the people, systems, or tools used to execute the process.

Words are important in the ISO/IEC 20,000 standard – especially the words SHALL vs. SHOULD

Part 1 = system requirements

The current edition was  of ISO 20000:1 was published in 2018 (which means that the 2011 version has been withdrawn)

The requirements specified in this document include the planning, design, transition, delivery and improvement of services to meet the service requirements and deliver value.

Part 2 = Guidance on application and implementation (should statements) – published in 2019. It’s all about how to interpret and implement the standard.

First things first… when talking about standards, we need to talk about SCOPE. Listen to the video on the description of the scope in the standard and why this is so important.

 

Some questions to ask when discussing ISO 20000 internally

  • How does a software provider ensure that users understand how to use systems?
  • Which interfaces exist between systems?
  • How robust are the processes in place to identify and make efficiency improvements?
  • Have policies, procedures and processes been revised or developed to support the new way of work?

** These questions appear in the ISO20000 Self Assessment Toolkit

Helping C-Level Executives Worldwide gain a competitive Advantage via Question-Based Self Assessments

The Art of Service is helping more than 100,000 clients in over 100 countries stay ahead of the game with Self Assessment Toolkits covering a range of topics. The company is on a mission to help C-level executives identify blinds spots in their businesses while properly vetting third-party consultants, or eliminating them entirely. And, because consultants need consultants, too, The Art of Service recently released its first certified consultant program based on decades of in-house experience.

When husband and wife Ivanka Menken and Gerard Blokdijk first founded The Art of Service in 2000, their primary goal as consultants was to help businesses grow by breaking down IT silos.

Over the years, the entrepreneurial pair saw the rise of conflicting trends: one toward rapid, agile development and another centered on compliance and risk aversion. At the same time, budgets were shrinking, and leaders were asked to do more with less.

Could businesses have their cake and eat it — affordably? Ivanka and Gerard thought so.


This is the start of an article HostingAdvice.com wrote about The Art of Service and our Self Assessment Toolkits.

To read the complete article, please go here: www.hostingadvice.com/blog/the-art-of-service-delivers-valuable-self-assessments/

Why do we care about C-level executives?

If only we knew then what we know now – The Art of Service was founded to solve the issues we encountered in our roles as C-level executive and organizational change management experts.

That’s why we focus on question based consultancy – to help you find the questions you need to ask to achieve your organizational goals and personal targets.

Because you don’t know what you don’t know – we can help you to identify the gaps in your knowledge and understanding of the business processes in your organization.

Knowing what we know about the technology industry from our years of experience, we offer clients technology leadership opportunities as a way to hone their skills and increase their wealth of knowledge.

Our pledge is to empower and enlighten technology leaders to truly gain a competitive advantage within their field.

By offering continuous avenues for self-improvement, we impart knowledge and experience to those willing to harness it and, in turn, can help them to influence their industry.