Monday, April 19, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Calendar
    • On-Demand Webinars
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Calendar
    • On-Demand Webinars
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

Intentional Control Design: Pillar 2 of the CRF for Cybersecurity and ERM

Minimizing Risk Through Design

by James Bone
October 29, 2019
in Featured, Risk
blue print image of bridge with five supports

Cognitive governance is the first of five pillars making up the cognitive risk framework; the second is intentional control design. James Bone discusses chief considerations around intentional design.

The five pillars of a cognitive risk framework are designed to provide a three-dimensional view of enterprise risks. In the last installment, cognitive governance (CogGov) was introduced as the first pillar. Its five disciplines reimagine risk governance as a path toward enhanced assurance through a more rigorous view of the dual roles of risk assessment and risk management.

Cognitive governance is the driver of the other four pillars through a continuous process of exploration of risk behavior and uncertainty. Think of CogGov as a formalized Kaizen approach to improving risk governance:

  1. CogGov is structured to clarify the roles of risk governance and recognize that new processes are needed to reconcile inherently different perceptions of risk.
  2. The new insights that emerge from this approach inform the other four pillars in ways that are dynamic, simple and based around the human element.
  3. CogGov is responsible for developing templates for sustainable solutions to complexity in operations, people and technology risks using a multidisciplinary lens on blind spots that lead to errors in judgment.

The next four pillars are additional levers of risk governance.

<<CRF pillars image>>

The worst kept secret in many organizations is the lack of forward-looking investment in back office operations. Legacy infrastructure, manual risk processes, layers of confusing policies and procedures and changing demands from management make operations less nimble and resilient over time, requiring a series of “break-fix” maintenance actions simply to maintain the status quo.

Unfortunately, organizations become accustomed to workarounds, building them into operational preparedness as opposed to evaluating the net impact to long-term performance. Intentional control design (ICD) is a cognitive risk governance lever to build nimble and resilient operational excellence into risk management.

A Fundamental Approach to Reduce Risk

Intentional design (ID) is not a branch of design research, which originated out of a need for new methodologies to solve increasingly complex problems in organizational design. Intentional design is a more fundamental approach that involves reducing risks by relieving cognitive load, streamlining processes and enhancing situational awareness in business performance.

Emerging research in design highlights the opportunity as summarized by Bruce Archer, “the most fundamental challenge to conventional ideas on design has been the growing advocacy of systematic methods of problem-solving, borrowed from computer techniques and management theory, for the assessment of design problems and the development of design solutions.[i]

Archer’s challenge is no less daunting today. As organizations seek to integrate competing mandates that streamline security, enhance human decision-making and reduce operational complexity, good design becomes critical. The good news is, advanced technology is evolving to achieve breakthroughs in smart design to empower employees with situational awareness, risk management tools and straight-through processing workflows.

Intentional design, like any creative process, requires a clear vision of strategic objectives, which will be different for all organizations. Why position strategic objectives as key outcomes? Because when organizations fail to direct the right level of energy to achieving strategic objectives, outcomes become less certain over time.

The purpose of this paper is to provide a multidimensional approach to risk management and move away from one-dimensional solutions driven purely either by data analytics or qualitative evaluations of risk. Combining the two views of risk assessment is not sufficient. Risk professionals must become designers of risk solutions that facilitate risk awareness in each layer of the organization. Designing situational awareness into business operations reduces risk through insights into data with tools that anticipate and respond to emerging and present threats.

I offer an example of resiliency not as a standard, but to present a model for thinking about defining outcomes. Resiliency is one of many attributes used in considering intentional design.

Achieving Resiliency

Resiliency is developed through a consistent focus on the following elements:

(Quo Vadis)

  1. Clear goals and objectives that optimize performance
  2. Investment in people
  3. Nimble operations
  4. Financial agility
  5. Smart IT/cybersecurity
  6. Appropriate and balanced risk-taking/management
  7. Risk management tools
  8. Stable and robust relationships (customers/stakeholders)
  9. Strategic analysis
  10. Ethical behavior

The design of elements in an intentional design model should be formed through a rigorous process of collaboration within the organization. Each element is a design project and will require scope development. In the process of developing a scope strategy the following steps should be considered:

  • What are the synergies among all elements?
  • What are the bottlenecks to building synergy among elements?
  • What conflicts exist among or between the elements?
  • Which element(s) impact resiliency – positively or negatively?
  • What are the considerations around a full or partial implementation of each element?
  • Which element depends on support from one or more other elements?

Pay attention to and leverage each intersection between the key elements.

Intentional design represents a range of solutions designed to manage risks writ large and small.  Intentional design begins with a clear set of strategic objectives, leverages empirical risk-based data, then clarifies optimal outcomes. Simplicity in design is the guiding principle in intentional design.

I earlier referred to cognitive load and situational awareness as outcomes to intentional design. Very few will be familiar with the term cognitive load, but if I mentioned the impact of stress on performance, you would understand the concept that developed out of a study of problem-solving (Sweller, J June 1988).

Stress is created by situations requiring task completion under tight or shortened timelines in which the consequences are significant, resulting in either peak performance or failure. Stress factors increase the risk of failure when normal operating procedures must be discarded and improvisation is required. However, lessons can be learned – from design solutions to situational stress – to improve performance when the real thing occurs. In other words, performance is a product of good design.

More current research is needed on the impact of job performance and the design of the work environment. Studies have, however, found correlations between job performance and satisfaction and poor design of work processes. Most of these studies have focused on workplace ergonomics, health impacts and insurance costs, yet missed opportunities to evaluate how good workplace design contributes to better efficiency and work performance overall.

The synergy between the five principles of cognitive governance and intentional design become even more powerful when taking work design into account. A simple example may help clarify the point. For the first time in history, the medical industry is transforming to a digital environment. Medical data is revolutionizing how doctors diagnose patient care and monitor patients remotely. Patients are also benefiting by being empowered with medical devices, reducing visits to the doctor for routine checkups.

As data continues to be democratized across industries, workers will be empowered to manage risks in real time with access to a range of data to support better decision-making about risks and performance. Collectively, these processes improve situational awareness of risks and responses to risks much more proactively. The synergies must, however, be designed specifically to address risks that matter by creating tools to respond in kind.

The same types of models can and should be deployed to provide stakeholders – from front-line managers to the board of directors – with the same level of situational awareness to address threats in organizational fields of operation.


Tags: ERM
Previous Post

NAVEX Global Announces Upgrade to Lockpath Risk Management Platform

Next Post

AI and HR: Will AI Chatbots Replace the Employee Handbook?

James Bone

James Bone’s career has spanned 29 years of management, financial services and regulatory compliance risk experience with Frito-Lay, Inc., Abbot Labs, Merrill Lynch, and Fidelity Investments. James founded Global Compliance Associates, LLC and TheGRCBlueBook in 2009 to consult with global professional services firms, private equity investors, and risk and compliance professionals seeking insights in governance, risk and compliance (“GRC”) leading practices and best in class vendors.
James is a frequent speaker at industry conferences and contributing writer for Compliance Week and Corporate Compliance Insights and serves as faculty presenter and independent consultant for several global consulting firms specializing in governance, risk and compliance, IT compliance and the GRC vendor market. James created TheGRCBlueBook.com to provide risk and compliance professionals with transparency into the GRC vendor marketplace by creating a forum for writing reviews on GRC products and sharing success stories on the risk practices that are most effective. James is currently attending Harvard Extension School for a Master of Arts in Management with an emphasis in accounting and finance. James received an honorary PhD in Letters from Drury University in Springfield, Missouri and is a member of the Breech Business School Hall of Fame as well as the Missouri Sports Hall of Fame. Having graduated from the Boston University Graduate School of Education, James received his M.Ed. in Management and Organizational Design in 1997 and a Bachelor of Arts in Business Administration from Drury University in 1980.  

Related Posts

Business professionals stand in silhouette in a conference room.

How Far Will You Go?

April 16, 2021
allustration of a man looking at a moon through a telescope

Periodic Reporting for Public Companies in 2021: What Lies Ahead

April 14, 2021
A view of the Veriff mobile app

Estonian Identity Verification Service Veriff Raises $69M in Series B Led by IVP and Accel

April 13, 2021
President Joe Biden.

The Biden Administration Is Ramping Up Numerous Cross-Border Enforcements. Compliance Teams Should Take Note.

April 13, 2021
Next Post
AI and HR: Will AI Chatbots Replace the Employee Handbook?

AI and HR: Will AI Chatbots Replace the Employee Handbook?

2Behavox and CCI webinar: Power of Ai in F
OneTrust offers download to demonstrate privacy management leadership
Top 10 Risk and Compliance Trends

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management culture of ethics cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence ESG fcpa enforcement actions financial crime GDPR GRC HIPAA information security KYC machine learning monitoring regtech reputation risk risk assessment Sanctions SEC social media risk technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2021 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Calendar
    • On-Demand Webinars
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe

© 2021 Corporate Compliance Insights