Business Resilience and COVID-19: Webinar Recap

Ohio State’s Risk Institute at the Fisher College of Business continues to adapt and find creative ways of leading the pack and maintaining connections with innovative industry leaders and partners within the community. On June 23, over 100 nationwide businesses collaborated via Zoom for a virtual webinar to discuss Business Resilience.

This topic, which historically has been of paramount importance – in the current climate of the global COVID-19 pandemic – has taken on new meaning and necessitates conversation with a sense of urgency. The disruption, coupled with the expansion of digital commerce and the increasing complexity of supply chains, forces the industry to innovate, consider new tools and processes, and alternative approaches to build resiliency.

In this conversation, industry experts discussed supply chain vulnerabilities and identified ways to build internal and external collaboration to reinforce the enterprise resilience ecosystem.

Speakers included Keely Croxton, OSU Professor of Logistics and Co-Director of Full Time MBA Program and Joseph Fiksel, OSU Professor Emeritus, Integrated Systems Engineering, Former Executive Director, Center for Resilience, and facilitator Philip Renaud, Executive Director of the Risk Institute.

Resilience is seen as the capacity to survive, adapt, and prosper through unpredictable and turbulent times. Business resilience can be seen as an opportunity, during disruption, to bounce forward and find solutions to stabilize communities, supply chains, and resources.

“The increasing volatility, complexity, and ambiguity of the world … calls for a resilience imperative – an urgent necessity to find new opportunities to mitigate, adapt, and build resilience against global risks through collaboration among diverse stakeholders.” – WEF Global Risk Report, 2016

The World Economic Forum’s (WEF) top cascading forces for challenging business resiliency are as follows: Ecological/Environmental, Political, Economic, and Societal. In 2020, specifically, the top-ranked long-term global risk focus was on environmental threats (from storms and tsunamis to wildfires); Pandemics were not only receding as a perceived threat but also were identified as being one of the least likely to occur.

COVID-19 is perceived as a “black swan” event, blindsiding the industry, and serving to highlight the limitations of traditional Risk Management, which has historically followed a more systematic, linear trajectory. This approach illustrates that one can’t necessarily anticipate what risks will arise nor which ones will cause the most harm.

Armed with this information, it’s apparent that adaptation to a changing risk environment needs to be at the forefront of the conversation for risk professionals. Risks cannot always be anticipated, they may be hard to quantify, and adaptations may be needed to remain competitive. We are urged to ask, how can we be proactive, is there a more effective response, what can we do differently and, in turn, leverage our competitive edge?

In an age of global turbulence, resilience is a key competency for corporations. How can a company improve the resilience of its supply chain processes so that it can recover rapidly from unexpected disruptions, assure business continuity, and adapt effectively to changing external conditions?

Croxton identified vulnerability factors exposed by a disruption such as the COVID-19 pandemic. These include turbulence, deliberate threats, external pressures, resource limits, connectivity, and overall sensitivity. In turn, she identifies the concept of capabilities, which act to balance out or diffuse the vulnerability factors.

Let’s take turbulence, for example, COVID-19 would fit into this category, along with natural disasters, political disruptions, currency fluctuations, demand volatility, and/or technology failures. Capabilities that counteract turbulence might include Collaboration (such as risk-sharing with suppliers), Organization (such as creating a problem-solving culture or utilizing a diverse skill repertoire), Market position (for example using existing ties within a community and/or having loyal customers that support the brand).

According to Fiksel and Croxton, a company’s goal is to be in the “zone of balanced resilience”.

The audience is introduced to an innovative purpose-built tool that companies can utilize in their pursuit of reaching this zone of balanced resilience. SCRAM™, developed by researchers at The Ohio State University in collaboration with the U.S. Air force, Dow Chemical, and L Brands, among others, is a facilitated process supported by a computer-based toolkit, that provides a diagnostic assessment of an organization’s preparedness and fitness for coping with turbulent change.

The process offers businesses a unique, comprehensive approach to understand the pattern of their potential vulnerabilities and to design a portfolio of supply chain capabilities that will offset those vulnerabilities. This not only creates shareholder value, but strengthens a company’s capacity to survive, adapt, and flourish – this opposed to the more conventional risk management approach of “steer and adjust.”

The Chinese word for “crisis” (simplified Chinese: 危机) is composed of two Chinese characters signifying “danger” and “opportunity” respectively. Fiksel takes this opportunity to remind attendees that every disruption, no matter how damaging, provides a learning opportunity and a chance to bounce forward.

The Risk Institute will be sponsoring more virtual webinars in the coming months on topics pertinent to the industry, Institute members, and the community at large.

September 22-23 is The Risk Institute’s Annual Conference, featuring two sessions per day from 10:00-12:00 and 2:00-4:00 EST. Registration will be opening soon.

Written by Jack Delahunty in partnership with The Risk Institute at Ohio State’s Fisher College of Business

Webinar Recap: Cyber Risk in Today’s Changing Environment

Speakers: Helen Patton (Chief Information Security Officer, The Ohio State University), Emre Koksal (Founder, DAtAnchor, Professor, The Ohio State University), and Dakota Rudesill (Assistant Professor of Law, The Ohio State University, Moritz College of Law).

In response to what seems to be evolving as the new normal, Ohio State’s Risk Institute at the Fisher College of Business, in partnership with representatives from the insurance industry, found an innovative way of discussing some of the pertinent questions surrounding COVID-19’s impact on business with over 300 listeners through a virtual webinar on Zoom, June 10, 2020.

When asked what keeps them up at night, many risk professionals place cybersecurity near the top of their lists. With the changes in how we work amidst the COVID-19 pandemic, this discussion around cyber risk – particularly the protection of data – becomes even more relevant.

Previous to the outbreak, it was not unusual for a portion of the workforce to work from home, at Starbucks, or the airport. For years security teams have had to work across multiple clouds, with multi-national companies, and with workers in differing locations and on a variety of platforms and devices. This in itself is not new, but the degree of which is. The first speaker of the afternoon, Helen Patton, views the current changes as not necessarily an acceleration or drastic change in risk profile, but more a change in the risk flavor.

Every time an employee works remotely, an organization’s security team has to monitor and secure that user’s endpoint. When thousands of employees are at different locations, this becomes a near-impossible task. Furthermore, when working with associates outside an organization, companies have to find ways to verify that vendors are doing what is expected to maintain security and processes are in place to leverage the relationships to protect both parties.

In this new normal of distributed workers, it’s harder to rely on technology to control the work environment. Risk is the human element. It’s now “easier” for employees to make “bad” risk choices, therefore training and processes are more important than ever to guide them to make “good” risk choices.

Accompanying this problem is the fact that data is ever-growing, and it all needs to be stored, replicated, and shared accurately. Each step heightens the risk. There are an average of 25 data breaches every day, varying in scope, frequency, targets, and attackers. According to a report from IBM, in 2019 the average data breach cost $3.92 million, with the healthcare industry experiencing the most expensive and damaging losses, at an average of $6.45 million per breach and an average loss of 25,575 records.

In early-March, during the first weeks of the COVID-19 shutdowns, some sectors saw a doubling of attacks. According to research undertaken by Barracuda Networks and Cloudflare, phishing emails have increased 667% since the end of February, while general cybercrime activities increased by 37%.

To protect themselves and their organization from data breaches or cyberattacks, people working from home are advised to keep their personal online activities separate from work and to ensure their systems remain updated as the first line of defense, as home computers are often non-secured and operating on a home WIFI network. Tools like Virtual Private Networks (VPNs) can help protect data and online connections, but workers may need to adapt in other ways.

This is where the second speaker, Emre Koksal, and his discussion around data security – in particular a security model called “Zero Trust” – comes into play.

 Zero Trust Security, a Data-Centric Approach

Koksal began his discussion by pointing out that many network security protocols don’t offer adequate protection against today’s cyber criminals. Currently, most organizations have a network-centric approach, where data is confined to and accessed via a protected network. This data is created and stored outside the network, so organizations rely on 3rd parties for fully distributed generation and storage that permits full access for its remote workers. He reminds us that almost any organization’s data is worth stealing and with a large majority of people working from home, this valuable data is being consumed over shared, potentially vulnerable infrastructures.

Because of these complexities, there’s no way to track openings or vulnerabilities in a network. In this new normal, this network-centric security approach is not enough, the reason being that it’s not sufficient to focus solely on protecting the network. The focus needs to be on protecting the data itself through a data-centric approach. Enter Zero Trust, an information security model that does not implicitly trust anything inside or outside its network perimeter. Instead, it requires authentication or verification before granting access to sensitive data or protected resources.

The philosophy behind it is this: anytime a user is connecting to a website or application they are given
“zero trust” until they can prove they are secure. This is particularly important for remote work, as workers often change locations or internet networks. Each time a user tries to access data, it must be clear they are abiding by rules of organization and that they have permission to access it. This way, from a security standpoint, it doesn’t matter where the data is accessed.

With Zero Trust there is no notion of securing a network boundary (the network-centric approach), rather, data is its own security boundary – so the security travels with the data. Zero Trust also utilizes multi-level encryption, which translates data into another form, or code, so that only people with access to the keys can access it. With this approach, boundaries are built around the data and the keys, not around the network itself.

This security model helps eliminate data loss and maintain control of files even when employees are connected to personal networks, on personal devices. Zero Trust’s data-centric security solution also enables access and data sharing without an organization having to fully give up ownership of the data.

State of the Art in Zero Trust:

  • Military-grade encryption made simple (can be applied for all data everywhere)
  • Fully transparent to the legitimate user (they won’t even know that there’s something between them and the data)
  • Geofencing and location tracking (for employee accountability)
  • Real-time audit logs (who accessed what and when)
  • Governance rules baked into key manager (leading to dynamic revocation if rules are broken)

Impact on Business:

  • Retain control of sensitive data, even outside office walls
  • Simplified compliance (HIPAA, GDPR, NIST, CCPA)
  • Secure and frictionless data sharing
  • Monitoring and real-time audit logs
  • Secure workflow for remote workforce
  • Low IT overhead

Balancing Liberty and Security in the New Normal

The new normal of increasing numbers of remote workers has prompted changes in regulation. Organizations falling under the scope of data protection regulations and standards like PCI DSS, HIPAA or GLBA, have now been forced to reconsider their stance on remote work and have begun adopting it as a strategy across the board.

Some compliance measures for confidentiality have already been suspended to help sectors such as telemedicine be more accessible and improve their ease of use. Business processes are being altered. Changes are being considered to allow for an easier digital transmission of data and digital signatures.

The Risk Institute’s third speaker, Dakota Rudesill, talked briefly about privacy, or more specifically the balance between liberty and security, as a potential obstacle in this new normal. Most workers – and certainly customers – don’t want to be tracked.

Consider the opposition of some to COVID-19 contact tracing. To let Apple or Google track where you go is a risk choice for yourself but also for the community around you. People are more likely to be comfortable being tracked, driven by a focus on public health, but less likely if the information could be used for marketing or purposes that might be considered an invasion of privacy.

Moving forward, this balance between liberty and security is only going to get tougher, especially as the Internet of Things (IoT) continues to exponentially infiltrate our homes and offices. As of now a clear end to the COVID-19 pandemic is impossible to determine, but when that happens, the question is will these current changes in-the-making become the new standard or will things snap back to the way they were before?

 

Written by: Jack Delahunty, in partnership with The Risk Institute at The Ohio State University

2018 Year in Review

The Risk Institute at The Ohio State University Fisher College of Business operates at the intersection of risk research and risk management practice. Focused on an integrated, interdisciplinary approach to risk management.

In 2017 we focused on building connections — across the university, across industries and across the nation.

In 2018 our focus was on time and change — we wanted get the word out about the future of enterprise risk management, the fourth industrial revolution and how to leverage a dramatically changing landscape to create value.

2018 By the Numbers

  • Hosted more than 550 people at Risk Institute event
  • Collaborated with 120+ organizations
  • Garnered more than 200 million media impressions from publications like The Washington Post, Financial Times, Bloomberg Businessweek, Columbus Business First and the Columbus Dispatch
  • Funded nearly $160,000 in research in the form of six research projects, eight class projects, and representing four countries
  • Time & Change 5th Annual Conference welcomed more than 150 C-Suite executives and world-renowned speakers for an enlightening two-day event

We continued our national initiative to predict and curb distracted driving behaviors through our Distracted Driving Initiative.

Distracted Driving Initiative

This past year was full of action, changes and learning. To our members, thank you for your continued support and vision for the future of risk management. We couldn’t do any of this without you.

Looking forward to 2019 expect to see even more research on integrated risk management, distracted driving, and weather and climate. We’d also love to see you at one of our upcoming events like AI, Predictive Metrics and Modeling on January 24th or at the Economic Nationalism & Trade Conference on February 8th.

Onward!

Philip S. Renaud, II
Executive Director
The Risk Institute

Isil Erel
Academic Director
The Risk Institute

6 Tips to Be a Better Winter Driver

With the holidays upon us, here are six quick tips to be being a safer driver this winter.

1. Put your phone down and place hands on the wheel at 9 and 3 for the most control of your vehicle.
As learned from driving instructors at Mid-Ohio School hosted by Maria’s Message Safe Driving Day, it’s impossible to overcorrect when your hands are in the proper position.

2. Drive slowly, do not tailgate, even when roads look clear, black ice has the potential to loom when you least suspect it.
Black ice forms just about the freezing point, the heat of tires and cold air are a dangerous combination

3. Wear your seatbelt
Being uncomfortable is no excuse. Plus it’s way more uncomfortable being dead. If you won’t wear it for your own safety, wear it for the safety of others riding with you.
But seriously, your loved ones don’t want to hear you weren’t wearing your seatbelt because it was uncomfortable. Protect yourself and protect others. This is what an unrestrained body looks like in a crash.

4. If you hit ice, take your feet off the brake and gas; steer the car to an open space. Allow the car to stop/slow on its own before using the gas.
In a recent class I took, the instructors spoke about an open field and one tree, and the spinning vehicle inevitably will hit the tree, the driver is so focused on the tree that the car and energy propel towards the object instead of away from it. In times of panic, focus on wide open spaces away from others, and allow the car to come to a stop.

5. Before heading out on the winter road
Take your vehicle to your mechanic to ensure it’s up to date on its winter car car.

6. Always have an emergency kit
For those unexpected circumstances, you can pick up one various store or make your own with extra items you already have. Runners, next time you’re in a race hold on to those shiny silver thermal blankets. Toss it in the emergency kit; they take up virtually no room and will allow warmth in case of emergency.

Have a safe and happy holiday season from all of us at The Risk Institute!

Keep Your Little Goblins Safe This Halloween

Fall celebrations like Halloween, Dia de Los Muertos, and Harvest Day bring lots of fun for kids and adults, but they also mean extra caution is required to keep everyone safe on the road.

Drivers, here are some important tips to follow:

  • Drive slower than normal, and don’t pass stopped vehicles that may be unloading trick-or-treaters.
  • Enter and exit driveways and alleys carefully.
  • Always use your turn signals and communicate with eye contact with pedestrians and other drivers if possible.
  • Yield to kids in all cases—they may dart in the road because they don’t see you or don’t know how to cross the street.
  • Put away your mobile phone so you can concentrate on the road and your surroundings. Only use it when safely parked.
  • Party-goers: Drive sober or get pulled over! Always designate a sober driver and plan a way to safely get home at the end of the night if you plan on celebrating with alcohol.

Parents, here are some ways to keep your kids safe:

  • Ensure that goblins under the age of 12 have adult supervision.
  • Put on your hazards when dropping off or picking up your kids.
  • Stick to familiar areas that are well lit and trick-or-treat in groups.
  • Choose face-paint when possible instead of masks, which can obstruct a child’s vision.
  • Brighten them up! Decorate costumes with reflective tape and have kids carry glow sticks or flashlights.
  • Set a good example: Don’t J-walk, and look left, right and left again at crosswalks.
  • Stay inside: Consider an indoor or vehicle-free outdoor community event to enjoy a stress-free holiday.

Source: US National Highway Traffic Safety Administration and Mentor

Fisher team selected for national risk case competition

A team of four undergraduate students from The Ohio State University Fisher College of Business has been selected to participate in the national Spencer-RIMS Risk Management Challenge — a national case competition sponsored by Spencer and the Risk Management Society (RIMS).

Twenty-seven teams are selected to participate in the national contest. In a typical year, more than 100 colleges submit team applications. The contest, which takes place over several months, culminates in the winning team presenting at the RIMS national conference in April.

This is the second year in a row that a team from Ohio State has been selected. According to team advisor and Executive Director at The Risk Institute Phil Renaud, this year’s team is uniquely qualified to advance in the competition saying, “We’ve got a great group this year. They’re dedicated students with a passion for Risk. I think they’ve got a great shot.”

This year’s team consists of Megan Reardon, a fourth-year in Finance and Economics; Jessica Roth, a fourth-year in Actuarial Science and Economics; Benjamin Jessberger, a fourth-year in Finance; and Christopher Hull, a third-year in Actuarial Science and Economics.

The case will center on Sage and the Sage Foundation. The team expects to receive the case late next week.

The first round of work is due in December; teams will find out if they’ve advanced to the next round in early 2018.

The Risk Institute is proud to enable students to engage in the leading edge thought around risk practice.

About the Risk Institute

The Risk Institute is a collection of forward-thinking companies and academics that understand effective risk management strategies not only protect firms, but position firms to create growth and value. Housed at The Ohio State University Fisher College of Business, The Risk Institute is dedicated to bridging the gap between academia and risk practitioners. For more on the Risk Institute visit us at fisher.osu.edu/risk

About The Spencer Educational Foundation

Spencer Educational Foundation is the premier organization awarding scholarships and grants in risk management and insurance industry. Since its founding in 1979, it has awarded approximately $6 million in student and part-time master’s scholarships and $3.25 million in grants to universities, corporations and professional institutions for educational programs, internships and conferences. Spencer is a registered 501(c)(3) charitable organization whose purpose is to fund the education of tomorrow’s risk management and insurance industry leaders.

About RIMS Annual Conference & Exhibition

Launched in 1963, RIMS Annual Conference & Exhibition attracts some 10,000 risk and insurance professionals at all experience levels, business executives with risk management interests, brokers, insurers and service providers for the ultimate educational and networking experience. The four-day event offers more than 160 educational sessions, keynote presentations, special events and an expansive Marketplace Exhibit Hall with nearly 400 exhibitors. Following Philadelphia, the event will be hosted in San Antonio in 2018. For more information, visit www.RIMS.org/RIMS2017.

The difference between Bitcoin and blockchain for business

Are Bitcoin and blockchain the same thing? No, they aren’t. However, they are closely related. When Bitcoin was released as open source code, blockchain was wrapped up together with it in the same solution. And since Bitcoin was the first application of blockchain, people often inadvertently used “Bitcoin” to mean blockchain. That’s how the misunderstanding started. Blockchain technology has since been extrapolated for use in other industries, but there is still some lingering confusion.

The Risk Institute’s 2017 Annual Conference: The Digital Revolution and Risk Evolution will feature Paul Brody, a blockchain expert from EY.

How are Bitcoin and blockchain different?

Bitcoin is a type of unregulated digital currency that was first created by Satoshi Nakamoto in 2008. Also known as a “cryptocurrency,” it was launched with the intention to bypass government currency controls and simplify online transactions by getting rid of third-party payment processing intermediaries. Of course, accomplishing this required more than just the money itself. There had to be a secure way to make transactions with the cryptocurrency.

Bitcoin transactions are stored and transferred using a distributed ledger on a peer-to-peer network that is open, public and anonymous. Blockchain is the underpinning technology that maintains the Bitcoin transaction ledger. Check out this infographic and watch the video below for an overview:

How does the Bitcoin blockchain work?

The Bitcoin blockchain in its simplest form is a database or ledger comprised of Bitcoin transaction records. However, because this database is distributed across a peer-to-peer network and is without a central authority, network participants must agree on the validity of transactions before they can be recorded. This agreement, which is known as “consensus,” is achieved through a process called “mining.”

After someone uses Bitcoins, miners engage in complex, resource-intense computational equations to verify the legitimacy of the transaction. Through mining, a “proof of work” that meets certain requirements is created. The proof of work is a piece of data that is costly and time-consuming to produce but can easily be verified by others. To be considered a valid transaction on the blockchain, an individual record must have a proof of work to show that consensus was achieved. By this design, transaction records cannot be tampered with or changed after they have been added to the blockchain.

How is blockchain for business different?

The blockchain that supports Bitcoin was developed specifically for the cryptocurrency. That’s one of the reasons it took a while for people to realize the technology could be adapted for use in other areas. The technology also had to be modified quite a bit to meet the rigorous standards that businesses require. There are three main characteristics that separate the Bitcoin blockchain from a blockchain designed for business.

Assets over cryptocurrency

There is an ongoing discussion about whether there is value in a token-free shared ledger, which is essentially a blockchain without cryptocurrency. I won’t weigh in on this debate, but I will say this: blockchain can be used for a much broader range of assets than just cryptocurrency. Tangible assets such as cars, real estate and food products, as well as intangible assets such as bonds, private equity and securities are all fair game. In one business use case, Everledger is using blockchain to track the provenance of luxury goods to minimize fraud, document tampering and double financing. Now, over one million diamonds are secured on blockchain.

Identity over anonymity

Bitcoin thrives due to anonymity. Anyone can look at the Bitcoin ledger and see every transaction that happened, but the account information is a meaningless sequence of numbers. On the other hand, businesses have KYC (know your customer) and AML (anti-money laundering) compliance requirements that require them to know exactly who they are dealing with. Participants in business networks require the polar opposite of anonymity: privacy. For example, in an asset custody system like the one being developed by Postal Savings Bank of China, multiple parties, including financial institutions, clients, asset custodians, asset managers, investment advisors and auditors are involved. They need to know who they are dealing with but one client or advisor doesn’t necessarily need to be able to see all transactions that have ever occurred (especially when those transactions relate to different clients).

Selective endorsement over proof of work

Consensus in a blockchain for business is not achieved through mining but through a process called “selective endorsement.” It is about being able to control exactly who verifies transactions, much in the same way that business happens today. If I transfer money to a third party, then my bank, the recipient’s bank and possibly a payments provider would verify the transaction. This is different from Bitcoin, where the whole network has to work to verify transactions.

Why will blockchain transform the global economy?

Similar to how the internet changed the world by providing greater access to information, blockchain is poised to change how people do business by offering trust. By design, anything recorded on a blockchain cannot be altered, and there are records of where each asset has been. So, while participants in a business network might not be able to trust each other, they can trust the blockchain. The benefits of blockchain for business are numerous, including reduced time (for finding information, settling disputes and verifying transactions), decreased costs (for overhead and intermediaries) and alleviated risk (of collusion, tampering and fraud).

 

A version of this article originally published on May 9, 2017 on Blockchain Unleashed: IBM Blockchain Blog.

Written By:

Global Blockchain Labs Enablement, CTO Europe Office, IBM Industry Platform

The Risk Institute Creates a Distinctive Student Experience

Luis Garcia-Fuentes (Left)

My name is Luis Garcia-Fuentes, alumnus of The Ohio State University Fisher College of Business. I now work for PwC in New York helping banks navigate financial reporting requirements. During my time at Ohio State, one of the organizations that furthered my education the most was The Risk Institute. The Risk Institute compliments Fisher’s academic programs by providing insights into the art and science of risk management, a theme that any business student must be familiar with in order to succeed in this ever-changing world. The Institute achieved this by providing networking sessions with risk professionals from multiple industries and by providing first-hand experiences through business simulations. I was able to participate in two of these simulations. The first was co-hosted by DHL professionals, and for the second I was a team member of the prestigious RIMS national case competition, which allowed me to better understand the risk environment of the Fintech sector.

My experience at the RIMS case competition was unique, as I worked within a group of five talented business and actuary science students to understand the risk environment of PayPal. Unlike any other case competition, where a problem is presented to be solved, the RIMS case competition asked a broader question; what PayPal risks are and what the best way to mitigate them is. This forced our team to spend weeks of research getting to know PayPal’s business environment, leveraging our findings with the guidance of our project mentor Philip Renaud, Executive Director of The Risk Institute. Our experience during that semester long project closely mirrored the profession of a risk consultant. We even had the opportunity to spend an hour in a conference call with one of PayPal’s C-suite executives.

To say that the Risk Institute creates value to the university by co-organizing case competitions and hosting networking events is an understatement. The Risk Institute serves as a host for ideas across different business disciplines, where all students can learn how to think about risk and how to act during a business crisis. Furthermore, The Risk Institute not only focuses on enhancing the education of Ohio State students, but they also host executive courses for professionals and share their industry expertise with the community of Columbus. The Risk Institute, through the active engagement of all its members, has made of my education at Ohio State a distinctive experience.

 

Growing in My Risk Perspective: SMF Graduate’s Story with The Risk Institute

We often associate risk with something that has a negative connotation, while missing out on the fact that risk is faced with any unexpected outcome, whether good or bad. Before starting my master’s degree, I worked in a bank where for us, the word “risk” meant that there was a fair chance of events going awry.

When I started the SMF program at The Ohio State Fisher College of Business, The Risk Institute’s Monday evening sessions caught my eye and I soon realized that risk meant so much more. There were different aspects of risk such as financial, political, operational and cyber, to name a few. Risk management teams would work to ensure that the risks faced by an organization were mitigated/reduced.

The Risk Institute hosted educational sessions with an array of speakers to give insight into the diverse risks that their companies anticipated, faced and tackled. All these sessions were immensely informative and interesting. What I had anticipated being a subject with a negative connotation, turned out to be a whole new world of meanings. In addition to the guest speakers, Phil and Denita at The Risk Institute guided us in the scope of risk in this day and age, which led me to take on coursework for enterprise risk management.

As a part of the Enterprise Risk Management course, I worked on one of the risk projects for Abbott Nutrition at their Columbus Plant. The project seemed fairly simple on paper, however, as our team began working we soon realized its complexities. The scope of the project was a bit broad and we were still in the process of getting acquainted with the risks that Abbott Nutrition’s plant faced vis-à-vis other technical risks that we had studied in classrooms. We decided it would be best to seek out The Risk Institute’s advice on how to go about our project. Phil was more than happy to help us formulate a plan of action and to advise us on how such projects were done by The Risk Institute. Throughout the short term of our project, Phil, Denita and our sponsors at Abbott Nutrition were involved and continually provided feedback. This helped us in delivering a product that was ultimately appreciated by Abbott Nutrition.

In addition to the curriculum, the members of The Risk Institute have also helped me with my job search. They suggested prospective employers, networking events and connected me with professionals who have considerable expertise in the field of risk management.

To sum up my experience, it was wonderful working with the members of the Risk Institute and I plan to give back to The Risk Institute in whatever way possible in the future. I graduated in spring of 2017 from Fisher College of Business after completing my SMF degree. I am currently on the lookout for roles and opportunities.

Resilient By Design

In our interconnected, 21st century global economy, unexpected— black swan— events in one corner of the globe can have a ripple effect through global supply chains and impact customers like we have not seen in the history of global trade. In a January 24 session on supply chain resilience, we explored how companies who are prepared for such events can come out stronger and thrive, while others who may be less prepared or not at all, risk significant impact to revenue, brand and at the extreme, the very viability of the underlying business.

Session presenters included:

  • Joseph Fiksel, Executive Director of the Sustainable and Resilient Economy program at The Ohio State University and a faculty member in Integrated Systems Engineering. Dr. Fiksel is an international expert in sustainability and resilience with over 25 years experience in the space.
  • Keely Croxton, Associate Professor of Logistics at The Ohio State University. Dr. Croxton has a developed expertise in supply chain resilience, focused on helping companies balance their inherent vulnerabilities with their management capabilities in order to effectively mitigate disruptions in the supply chain.
  • Darrell Zavitz, Vice President (Retired) Shared Services/Supply Chain, The Dow Chemical Company. During his tenure with Dow, Darrell drove best practices into each of Dow’s businesses including Resilience, Six Sigma/Lean, and Network Design.

Between 1900 and 2010 global natural disasters have grown exponentially, arguably impacted by climate, global crowding and connectivity. With the frequency of black swan events accelerating, the traditional COSO Framework for Enterprise Risk Management (Objective Setting, Event Identification, Risk Assessment, Risk Response and Control Activities) is no longer a sufficient means to view the world.

Today, more than ever, risks cannot always be anticipated. The risks may be very hard to quantify and adaptation may be needed to remain competitive. Resilience strategies in turbulent times would suggest that a more comprehensive strategy to the abruptness of change and the magnitude of change is warranted.

Introducing SCRAM™

The SCRAM (Supply Chain Resilience Assessment & Management) Tool™ is based on more than a decade of research at The Ohio State University and was highlighted as an alternative framework allowing companies to focus on balancing vulnerabilities with capabilities. With this balance, a business will achieve balanced resilience and improved performance over time.

An ability to assess vulnerabilities and capabilities, look for gaps and build capabilities is at its basic level the key to building supply chain resilience. The more resilient a firm is, the less likely the firm will see swings in performance.

SCRAM™ in Action

The Dow Chemical Company began SCRAM implementation several years ago. Their focus on supply chain resilience and being agile drove a strategy shift. The project was in three phases:

  • Phase 1:   “Get Fit” | Manage the Cycle
  • Phase 2: “Change the Rules” | Dampen the Cycle
  • Phase 3: “Change the Game” | Break the Cycle.

The approach taken by Dow in its SCRAM implementation began with a rapid qualitative assessment. This included an electronic survey involving 30-40 business resources devoting an hour or so to the assessment. The SCRAM methodology was then used as a filter to prioritize and sequence business urgency (opportunity and commitment). Model those results and follow with and audit to value delivery.

Session Takeaways

  • Risk tolerance and resilience capabilities tend to change as companies grow.
  • Companies need to develop the right portfolio of capabilities to match the vulnerabilities they face.
  • Every disruption presents a learning opportunity.
  • A critical leadership requirement is to develop a culture of resilience in the organization.
  • To maximize return on investment, companies should design for inherent resilience.
  • Measuring and managing enterprise resilience is still an emerging field, ripe for collaboration between industry and academia.