More than 1.4 billion tourists went somewhere last year, and that number is due to grow by 3-4 % by the end of 20191), making tourism one of the fastest growing economic sectors in the world.
That’s great for the tourism industry, but it also puts pressure on our planet’s resources. Well managed tourism, however, can help preserve the natural and cultural highlights of any destination, and make a positive impact on the community. Below are just a few of the many ISO standards that can help.
The Anti-Fraud Technology Benchmarking Report assessed data from more than 1000 ACFE members regarding their organizations’ use of tech to fight fraud, discovering that while only 13% of businesses currently use AI and machine learning to detect/deter fraudulent activity, another 25% plan to do so in the next year or two.
Other key findings discovered that 26% of organizations are using biometrics as part of their anti-fraud programs, with another 16% expecting to deploy biometrics by 2021, while more than half of respondents (55%) plan to increase their anti-fraud tech budgets over the next two years.
“As criminals find new ways to exploit technology to commit schemes and target victims, anti-fraud professionals must likewise adopt more advanced technologies to stop them,” said Bruce Dorris, JD, CFE, CPA, president and CEO of the ACFE.
Who among us is not getting that whiff of dread… a giddy feeling, like we’re all riding a giant beer truck careening downhill toward the flashing red lights of a railroad crossing? Could it be that you are sensing our ultra-modern society on a collision course with a range of catastrophic threats?
In his most recent book, The Fifth Risk (1), bestselling author Michael Lewis dumps gasoline on the bonfire of this paranoia. The super-journalist spends some quality time with key leaders from the outgoing Obama administration in their last days in office. When he asks the question “What keeps you up at night?” there is no shortage of answers
For better or worse, we are all in the disaster business
Lewis takes us on a tour of that massive dysfunctional bureaucracy we call the executive branch of the federal government. He learns that a lot of what it does is try to prevent things from going very badly, from a cyber 9/11 that could send us back to the Dark Ages to a pathogenic virus that could wipe out half the population (2). The federal government employs over two million people, three-quarters of whom are in one way or another involved in national security.
The federal government employs over two million people, three-quarters of whom are in one way or another involved in national security
The Department of Energy is perhaps the best example. In his failed bid for the White House, the current Secretary of Energy promised to eliminate DOE. But then Rick Perry was briefed about all of the things his agency does to prevent unimaginable devastation,from countering the North Korea threat to shoring up our fragile electrical grid. He changed his mind (3).
DOE spends over two billion dollars a year scouring the world to make sure loose nukes don’t fall into the wrong hands. In the Obama years alone, it collected enough weapons-grade plutonium and uranium to make a hundred and sixty nuclear bombs.
But that is just the tip of the iceberg!
The worst risk-management organization imaginable
Our federal bureaucracy is a Frankenstein’s monster of cabinet-level departments, boards, commissions and agencies, more than two thousand in all, stitched together by successive generations of elected and appointed officials over some 250 years of history. The result is an immensely complex landscape of blinkered silos, with overlapping specializations and responsibilities. Congress tries to influence the work of this beast with its hundreds of different voices and ever-changing funding streams. But the White House and Congress rarely agree about all the things the agencies should be working on, or even know what they are.
With respect to the preventing things from going very badly part, Lewis describes it as kindergarten soccer: “everyone is on the ball, but no one is at their positions”(4). Hang on, because it gets worse…
Our government gets collective amnesia every eight years
Most of what we rely on government for is practical stuff that has little to do with politics. Especially the stuff that would keep you up at night if you knew about it. Every incoming administration has to take all of this on; figure out what it is and how to do it. But almost as soon as it gets over the learning curve, it’s time for a new handoff. Our government gets collective amnesia every eight years.
“It’s Groundhog Day” said one good government expert (5), “The new people come in and think that the previous administration and the civil service are lazy or stupid. Then they actually get to know the place they are managing. And when they leave they say, ‘this was a really hard job’. This happens over and over.”(6)
According to Lewis, the Obama team created detailed training courses about its inner workings in preparation for a handoff to the next administration. But after the 2016 election, there was only “radio silence”; the Trump people were nowhere to be found.
The hard truth sinks in as we stare up the steep slope of our risk curve and try to think of an organization that is less-suited to deal with it. Our dysfunctional bureaucracy, our legacy government, cannot coordinate a coherent response to the threats we face.
At this point, a mere bonfire seems inadequate to our paranoia.
Yet it is our only hope; there is no other mechanism.
The internet and globalization have increased the pace and complexity of our lives and created a tangled web of relationships and highly interconnected systems that comprise our critical infrastructure: power, telecommunications, the financial system, supply chains, transportation, healthcare, you name it. Regardless what their caretakers say, disaster professionals know that every one of these ‘smart’ systems contains the seeds of its own destruction; each is moving toward the precipice of catastrophe rather than away from it, by its very nature. Not even a tiny, random tremor is needed to trigger a major collapse—unexpectedly and resoundingly.
When accidents occur in high-risk systems, such as those dealing with toxic chemicals, artificial intelligence, or nuclear weapons, the consequences can be catastrophic. We call these kinds of low-probability, high-impact events black swans. No entity, private-sector or otherwise, comes close to being willing or able to take these on.
Ownership of the black swan must fall to government.
We can’t bring a bag of rocks to a gunfight
There is an urgent need to take aim at our 21 st century demons. The good news is that we have the technology and the tools we need to do this. We can bring modern risk management practices to bear to create order out of the chaos. We can look across the whole of the government and create a coherent approach that aligns the risk landscape with our risk appetites.
But we need a big army, with every sophisticated weapon available, imbued with executive authority and unleashed into this government, to flush out and capture the biggest portfolio of such risks ever managed by a single institution in the history of the world.
In the best case outcome, we could make the very bad things happen less frequently
This new team, the enterprise risk team, would be charged with systematically breaking through those silo walls, one by one, to unearth the white-hot risks buried deep within those two thousand agencies. Among the revelations in The Fifth Risk is the enormous amount of data collected, analyzed, and disseminated by these agencies.
The enterprise risk team would have access to all of that data. It would bring leadership from all over the government (and beyond) together to gauge and calibrate the shock resistance of the nation. It would be empowered to identify, assess, measure and monitor all of our risks.
This approach will minimize surprises and, more importantly, shorten the timelines of our responses to them. In the best case outcome, we could make the very bad things happen less frequently.
Give these big guns to FEMA
Disaster professionals call this process-coordinating across organizations to make sure we are prioritizing the right things and not missing anything-enterprise risk management, or ERM. Only ERM can create a permanent framework to manage our full range of risks and respond to new risks, and opportunities, as they arise.
But this kind of bold solution requires leadership of a special kind.
The kind of leadership that breaks down silo walls to create a commonality of purpose among people and agencies doing very different work. Some call that meta-leadership but we know it to be merely emergency management.
The Federal Emergency Management Agency can do this work because it is doing it now, from disaster planning to response operations and on and on, breaking down silo walls and getting everybody on the same page. With its mission to “ensure that as a nation we work together to prepare for and protect against all hazards”, FEMA must assume its role as the risk manager for the national enterprise.
The antidote to the flavor of the month
The mind is a terrible thing to understand risk. People just naturally imagine that the crisis that just happened is the one that is most likely to happen again (aka the “flavor of the month”). They are less good at imagining a crisis before it happens – and taking action to prevent it. This is the job of the emergency manager.
People just naturally imagine that the crisis that just happened is the one that is most likely to happen again
FEMA can establish the processes to systematically counter our human biases, and the political winds. It can force our government to imagine the disasters that have never happened. The sort of disasters that a Hollywood screenwriter might imagine: vivid, dramatic events. Along with these it can examine our systemic risks, what Lewis calls the Fifth Risk, such as contagion to the financial system or a tidal wave of severely ill patients into our hospitals.
The black swan is not a political animal
The day that the black swan comes is a Groundhog Day of a uniquely dark and chaotic variety. It brings with it a painful insight—about the mistakes we made and the actions we did or did not take that would have increased our options, or maybe even saved our country.
This is not a treatise on the appropriate size of government because, believe it or not, the black swan couldn’t care less about politics. Whether we take government for granted or imagine it to be a pernicious force in our lives over which we have no control, the Groundhog Day the black swan brings will remind us that the basic role of government is to keep us safe (7). Because on that day, government will be the only thing that stands between us and the things that will kill us.
(1) Lewis, Michael (2018). The Fifth Risk. New York: W. W. Norton & Company. ISBN 978-1-324-00264-2
(2) Ibid, page 25
(3) Rick Perry Regrets Call to Close Energy Department, By Coral Davenport, 19 January 2017, The New York Times,
The concept of taking an outside-in perspective to leadership and management first started gaining traction around 2010. At that time, George Day and Christine Moorman published their book “Strategy from the Outside In”, explaining the value of strategy development based on market insights and customer value. The book gained massive success for its insights into how companies such as P&G ride out the storms of multiple market down cycles and somehow remain profitable.
The concept of taking an outside-in perspective to leadership and management first started gaining traction around 2010
In 2011, renowned psychologist Daniel Kahnemann published his bestseller “Thinking, Fast and Slow”. In the book, he told a story about a group he had previously worked with, which had made some errors in forecasting due to an inward-looking approach.
Kahnemann’s story made a compelling case for collecting as much external information as possible to aid the process of making decisions. Not just strategy-level decisions as in the 2010 book, but as Kahnemann himself said: “the argument for the outside view should be made on general grounds”.
Recently, I’ve been considering how learning the value of the outside-in perspective has guided my career journey from the corporate world to full-fledged entrepreneurship.
Breaking Silos for Better Decision Making
During my corporate career, I had the opportunity to create and facilitate a discussion forum for peers in the risk management area, many of whom were working in large Swiss companies. The forum was very well received among the colleagues who attended, with many people asking for repeat events or organizing separate meetups. The main reason the event was so successful was down to people from different organizations, and across different sectors, finding common threads in the discussions.
The opportunity to talk to people who had a different perspective gave participants fresh ideas about how to approach their own particular challenges. In some cases, understanding that others share the same issues gave participants some reassurance that their problems weren’t unique, echoing Kahneman’s advice about collecting external metrics in order to define your own yardsticks.
The reactions from the forum participants gave me a deeper understanding of the value of developing connections across boundaries. The experience gave me a more profound realization that working without silos isn’t a nice-to-have — it’s a key enabler of effective risk management.
Leveraging the Entrepreneurial Mindset
When I left the corporate world to start my own consultancy business, an inevitable part of the journey to becoming an entrepreneur involved changing my mindset. A corporate entity operates on rules, policies, procedures and fixed governance processes that are (to a greater or lesser extent) documented, known and followed by everyone. While these rules are necessary to running a company, they can also have the unfortunate side effect of limiting creative thinking.
As an entrepreneur, there are no rules, no policies or procedures or instruction manuals
As an entrepreneur, there are no rules, no policies or procedures or instruction manuals. I had to navigate my own way through all the new and unfamiliar activities involved with setting up a business from scratch. While it can be daunting at times, it’s also exciting. I found that with total freedom to operate, I could think more creatively. I developed the mindset that nothing is impossible and became more proactive in bringing my ideas to fruition.
With this shift of mindset, I decided that I wanted to funnel my energy and experience into some kind of a platform for risk professionals to share knowledge and expertise. Recalling my experience with the discussion forum and throughout my professional life, I’ve always enjoyed and found value in developing networks, connecting other people and creating a sense of community between peers.
Connecting people across boundaries
So, the idea for Risk-!n came about, thanks also in part to my associate Antoine Lacombe who persuaded me to step out on a limb and start this new adventure.
At the time we were very open-minded about the direction Risk-!n might have taken. Thankfully and to my delight, the first event was a resounding success. We had close to 200 participants from three continents representing multiple industry sectors. 98% of participants said they would attend again, and 98% also said they would recommend the event to a friend. Suffice to say, I’m very much looking forward to opening the doors on the second Risk-!n conference just two months from now.
Seeing through the eyes of others
Over the last decade, the value of the outside-in perspective is better understood and accepted, and not just on the macro level. Collaboration is more powerful when individuals and teams within an organization take an outside-in view of their own work.
Building connections, talking to those outside of your regular circles and finding common threads all help us as individuals to gain an outside-in perspective. Seeing through the eyes of others enables us to find new ways of solving problems, driving decisions and taking action.
This is the guiding principle of the Risk-!n event – breaking down silos to better manage risks. Across two days, participants from different disciplines and organizations will have the opportunity to share experiences and learnings in the areas of risk, resilience, insurance and, security. Registration for the 2019 Risk-!n conference is now open and spaces are selling out fast. Make sure you register today to secure your spot!
Have you ever met someone who’s never ridden a bike, heard a song on the radio, received a piece of mail, pet a cat, eaten an apple, caught a cold or seen an ice cube? That’s because you’ve never been to North Sentinel Island, nor should you ever go.
A missionary recently learned, as many others had before him, that visitors here are greeted with spear tips. As one of the most isolated people in the world, the Sentinelese have honed an unyielding reflex for self-preservation, which is buttressed by the Indian government’s effort to benevolently quarantine the tiny island from the invasive cultures and diseases that traditionally drive traditional cultures to extinction.
On one of humanity’s darkest days, this endangered tribe emerged unscathed
But there are forces against which Sentinelese spears and Indian ships offer no protection. On December 26th, 2004 at 7:58am, a 9.1M earthquake off the coast of Banda Aceh, Indonesia triggered a tsunami that took 230,000 lives in countries throughout the Indian Ocean. The first massive wave would have struck North Sentinel Island at approximately 8:33am.
As a fishing population numbering in the dozens on an island that peeks at 400 feet, the Sentinelese’ survival seemed impossible in a disaster where casualties were rounded to the nearest thousand. Yet, on one of humanity’s darkest days, this endangered tribe emerged unscathed, and with vigor enough to fire arrows at the Indian helicopter sent to check on them. The Great Andamanese, Onge, Jarawa and Shompen tribes similarly thrived where “civilizations” buckled.
“The Knowledge Myth: If we have knowledge, we will act in our best interests based on that knowledge. Therefore, the distribution of knowledge will save us.”
As one of the few feel good stories to emerge from the Boxing Day tragedy, the triumph of these tribes over nature’s wrath made headlines: “Traditional knowledge saved ancient tribes from tsunami.” Headlines like that, which we typically swallow without hesitation, reflect what I call the Knowledge Myth. The Knowledge Myth goes something like this: If we have knowledge, we will act in our best interests based on that knowledge. Therefore, the distribution of knowledge will save us.
What saved the Sentinelese? “Knowledge did”, said the Knowledge Myth, as we nodded in agreement, missing half the story.
The Knowledge Myth
The Knowledge Myth is pervasive in the arena of public safety. Let’s take it for a test drive to see how it holds up. The first Model T was manufactured in 1908, the summer of which saw 30 auto fatalities in Detroit alone. I’d argue that we had a working knowledge of auto hazards almost from day one. Even so, seatbelts only became standard in 1958, and only in 1998 did the actual usage of seatbelts by people like you and me become practice among 70% of Americans, heralding a precipitous and overdue drop in needless fatalities. Knowledge Myth: busted. Why did it take 90 years to address an undisputed and universally acknowledged risk?
I’m guessing you said stupidity. They were stupid and I am not stupid, therefor past mistakes do not apply to me. The Stupidity Myth is a convenient culprit when the Knowledge Myth fails. I get that the Stupidity Myth is comforting. I hear it often and call upon it myself when I’m feeling pissy and disappointed in our collective failings. But it’s a BS answer. Stupidity is not what kept us from buckling our seatbelts in the 70s and knowledge is not what saved the Sentinelese in 2004. Culture is the answer in both cases. And culture, simply put, is the product of what we expect of one another. I concern myself with one type of culture in particular: preparedness culture.
As FEMA has confessed, you can shower the public with resources, slogans and warnings over two decades without yielding results.
One year ago, I spoke to a packed auditorium in Portland, Oregon, where I provided a well-resourced and educated audience a vivid and irrefutable picture of the massive earthquake that will one day befall the Pacific Northwest. When asked if we should individually prepare for the event of a Cascadia Subduction Zone earthquake, 3,000 hands shot up. When asked if they expected one another to prepare for this same earthquake, four hands timidly rose. When there’s incongruity between individual commonsense and actual societal behavior, culture is the most likely culprit. History has proven countless times that culture determines which ideas, knowledge and practices are discarded and which become our salvation.
As FEMA has confessed, you can shower the public with resources, slogans and warnings over two decades without yielding results. If the soil isn’t there, the seeds won’t grow.
What can we learn from the Sentinelese – an isolated, spear-wielding, pre-industrial tribe whose way of life is utterly divorced from our own experience?
1. The messenger of knowledge is at least as important as the knowledge itself:
Everything the Sentinelese knew about tsunamis they learned from someone they knew and trusted, a community member with a shared experience. Like the Sentinelese, you are influenced most by those whom you know, love and trust, and you have the most influence over those who know, love and trust you.
2. Culture isn’t found in what we know, it’s found in what we expect of one another:
The Sentinelese clearly expected one another to run for high ground when they saw signs of the tsunami’s approach. I doubt they were mocking anyone’s paranoia. This is particularly remarkable as none of them would have personally witnessed those signs before 8:30am on that fateful day.
3. Culture is a survival mechanism:
“Preparedness” is too small a word for the Sentinelese – they are living in a state of adaptation, like gills to a fish. Their adherence to their culture and its transmission from generation to generation – even through the generations that never saw a tsunami – has allowed them to continuously inhabit this remote corner of the world for 70,000 years.
Many of us are waiting for a disaster event that we have never personally experienced
Like the Sentinelese before the Boxing Day Tsunami, many of us are waiting for a disaster event that we have never personally experienced. Unlike the Sentinelese, we have not taken ownership of the cultural practices that might save us. Fortunately, our culture is not locked and isolated in time. Culture can and does change quickly when regular people make a conscious and courageous effort to stand as counter-cultural ambassadors of commonsense.
Those ambassadors influence those who know, love and trust them best, who themselves can become examples for others, and so forth. As the dominoes of social influence tumble, our perceptions evolve. Weird becomes normal, normal becomes expected, and somewhere along the way a tipping point is reach when the expected becomes cultural. Preparedness is too small a word for us.
This is about adaptation. It’s time for us to grow our own set of gills.
The government had recently endorsed the integrated working procedure to avail disaster victims with subsidised loan from banks and financial institutions.
The NRA will send one social mobiliser to each local level and one engineer to each district to help victims get loans to uplift their social and economic condition.
NRA Chief Executive Officer Sushil Gyewali said his office was trying to get assistance from the World Bank to send social mobilisers to each local level and engineers to each district. Social mobilisers will provide social and technical support to disaster victims and engineers will refer the victims to the concerned agencies for subsidised loan. The government came up with this policy as the previous plan to provide loan did not work properly.
The Camp Fire started with a spark — and, thanks to the wind, it turned into a terrifying blaze in a matter of hours. The fire burned so fast that evacuation orders sometimes couldn’t keep up.
With thousands of structures destroyed and a growing death toll, the Camp Fire is the deadliest blaze in California history — and in addition to human victims, it’s claimed a number of animals, as well.
Among those who survived, some are safely sheltering with their people or settled into foster homes, but thousands more are being picked up and cared for by rescue groups. The process of reuniting pets and humans may take weeks or months, and it will involve an extended sheltering and rescue effort. In Santa Rosa, California, where a massive wildfire tore through the city last October, rescuers are still trapping “fire cats” and helping them get home to their people.
Unit pricing – or comparative pricing – is a way for retailers to show the price of a commodity in relation to a standard unit of measure, such as the kilogramme or litre. For example, for a 500 ml carton of milk offered at USD 1.95, the unit price would be USD 3.90 per litre.
However, this is not always consistent across retailers or products, creating an added layer of perplexity for shoppers and doing little for consumer trust. ISO 21041, Guidance on unit pricing, aims to clear up the confusion by defining unit pricing systems and enhancing transparency of pricing information.
Price transparency is one way of gaining consumer trust by making purchasing choices easierIn a recent study conducted by the Queensland University of Technology, Australia, consumers reported a significantly greater ability to process price information and higher confidence in their price judgements when unit prices are presented consistently within stores.
Additionally, the research indicated that standardized unit price presentation was associated with more favourable attitudes toward retailers.
What then to make of a new project financed by the Canadian government to try to divert people from extremist content online by a UK firm called Moonshot? It is clearly not an attempt to land a craft on the moon but is it ‘ground-breaking’ and devoid of risks and benefits?
NB I used to work for Public Safety Canada before the awfully named CCCEPEV was launched so I have some experience in this fieldI like it, in principle, with caveats. Any initiative that seeks to redirect the young (and not so young) and curious away from violent material has to be a good thing. Redirect Canada will “work with the logic of the internet and help to direct people who are looking for extremist content toward content that doesn’t necessarily contradict, but brings into question, what they’re looking for” according to the project director for Moonshot Micah Clark (full disclosure: he is a friend of mine).
There are, as always, limitations to what Moonshot is trying to achieve. There is a vast difference between the mildly adventurous and the committed extremist and I am doubtful the program will work for the latter (in fairness, Moonshot says it can differentiate between the two and will focus on the former). There are also probably privacy and freedom of expression issues (do extremists have the right to post material online and do citizens have the right to consume it? What is ‘extremism’ after all?). And then there is the evaluation aspect, i.e. how does Moonshot know that what it is doing is working and how does one measure how many individuals, if any, do not go down the pathway to violent extremism because Redirect eased them into a new direction? Actually, evaluation is the Holy Grail of all CVE and PVE projects and I have been assured that all those who seek and receive public funds to do this work have metrics at the top of their to-do lists.
This approach is novel in that it moves away from what we have been doing – or trying to do is a better term – for years: remove content from the Internet and social media. This is a thankless task imposed on companies such as Google, Facebook, Twitter and others, sometimes with the threat of hefty fines in cases of non-compliance. Taking down material is fraught with difficulties: the aforementioned free speech issue, timeliness, and the fact that objectionable material is usually re-posted within minutes, resulting in a never ending game of Whack-a-Mole. At least Moonshot is not going down familiar, well-worn and yet not very efficient pathways.
Taking down material is fraught with difficulties: the free speech issue, timeliness, and the fact that material is usually re-posted within minutes, resulting in a never ending game of Whack-a-Mole.I have been called critical of anything that smacks of CVE or PVE. That is a bit unfair as I am trying to take a comprehensive look at what is being proposed, what its strengths and weaknesses are, and what challenges it will face. I also cannot shake off my intelligence and security hat – that is what 30+ years in the business will do to you. CSIS and its partners cannot and should not rely on any CVE or PVE effort to help determine risk level since any mistake or misdiagnosis that results in a successful terrorist attack reverberates back on government agencies, not on the organisations who ‘do’ CVE and PVE.
There is also the uncomfortable reality that spies and cops need to see who is reading and reacting to violent material online to help them understand the extremist environment and build possible court cases.
In the end as I noted above I like the idea and think it is an interesting concept. I look forward to hearing about its successes (and failures) but will wait before issuing any final evaluation. After all, the proof of the CVE pudding is in the eating.
Hackers are taking full advantage of the upcoming holiday season to prey on people looking to buy gifts online.
This was confirmed by Kaspersky Lab, who said people looking to buy gifts online should be extra careful, especially people in Italy, Germany, the US, Russia who seem to be ‘particularly at risk’.
Hackers are using well known e-commerce brands, spoofing their websites as they try to steal people’s credentials and other vital information.
They are mostly using Betabot, Panda, Gozi, Zeus, Chthonic, TinyNuke, Gootkit2, IcedID and SpyEye. Kaspersky Lab says so far it has spotted 9.2 million attempted attacks by the end of Q3, 2018, compared to 11.2 for the whole of 2017.