Risk Management and the art of Motorcycle Riding

Risk-based management is an under-developed capability within many managers armoury, but if leaders ignore it businesses are exposing themselves to failure in both minor and major ways. Indeed, a lack of risk-based management is one of the reasons why the world is now in deep recession.

When I talk to people about risk-based management, I use motorcycle riding as a good way to describe what needs to happen. I ride motorbikes, I have done for the past 10 years or so. Bikers survive by having risk management at the heart of everything they do both prior to riding and during the ride and this is the lesson that leaders need to learn.

Today’s car drivers are highly protected and insulated from the world they drive through. This can be seen by the activities other than driving that drivers undertake: eating, drinking, talking on the mobile, reading, doing make-up, etc. I remember riding past a car once going 60mph and seeing the driver reading a magazine as they drove, I was gob-smacked. If drivers felt at all at risk, these activities would be shunned in order to ensure full concentration in the task at hand. This is how bikers feel, the world is highly visceral and the risks are there to be seen, heard or felt. It’s in your face, and at every moment there’s a chance that something horrible might occur, but a biker’s risk management strategy is the coping mechanism that enables them to enjoy the experience.

Most people in business are like the car driver, insulated from risk. The company will be here tomorrow like it is today; they’ll still have a job tomorrow as they do today. They feel insulated and isolated from risk and that is why panic ensues when an incident does occur – unlike the biker they have no coping mechanism. Thus risk management is deprioritised and in extreme cases we end up with the type of scenario the world finds itself in today. So, business leaders need to get out of their car and on their bike, heightening their awareness of risk and managing it sensibly on an on-going basis.

There are two types of risk that bikers are aware of, and again this is the same for business. There are risks that are ever present and then there are transitory ones. Systems to mitigate ever present risks need to be implemented whilst strategies need to be developed to manage the transitory ones so there is readiness should they appear.

From the biker’s perspective having a well maintained bike mitigates the risk of mechanical failure whilst a biker will deal with the transitory risk of a blind bend by using a pre-practised strategy, for instance looking for the vanishing point, slowing down and going wider. Businesses should have a similar coping mechanisms. For those ever present risks systems should be implemented that mitigate the risk. For transitory risks implement specific, well-understood and practiced activities that either deal with the actual risk or can be used to determine the risk, it’s impact and develop the coping mechanism there and then. Once these strategies are in place, the next step is practice. Practice, practice, practice. For both bikers and businesses practice helps perfect the coping mechanism and makes risk management automatic, just what both bikers and businesses need.

Unfortunately however many mitigating strategies are at hand, there will always be a circumstance where nothing helps and the risk becomes an issue. For the biker, this is the part where they have usually parted company with the bike and know something painful is about to happen. At this stage, it’s a bikers preparation that will have ensured the impending pain is minimised – a helmet to reduce head injury, decent armoured clothing to help protect arms, legs and chest, crash bars and mushrooms help protect expensive fairings. Businesses should be looking to protect themselves in a similar manner, by implementing standard process, policy and putting in place other business tools such as regular auditing, critical reviews of proposals, clear lines of responsibility, financial transparency and responsibility, etc, etc.

So, if you want a business that will exist in a few years time, get out of the car and ride the motorbike. Risk management needs to be central to the business and thinking like a biker is the only way to ensure that it becomes a core value. Oh, and riding a bike is far more fun, fast paced and thrilling than driving a car, and I think the same experience will be found when running a business in the same way.

Sourcing and the Helpdesk

In a previous post I wrote that CEOs don’t think technology is value for money and generally they don’t understand it. As a consequence the CEO will view technology as the obvious candidate for outsourcing. Outsourcing happens most frequently to things that are thought to be expensive, lack value for business or are not core to the business. It’s not surprising therefore that frequently the CEO sees technology ticking all three of these boxes.

Most CTOs would be mortified if they knew the CEO thought the technology function was not value for money or core to the business. Unfortunately CTOs are often stuck at the coal face and don’t have time to get that helicopter view because there’s always something that needs fixing. So what, if anything should a CTO do about it?

Outsourcers prefer to speak to CEOs rather than CTOs because they can talk about bottom lines and cost savings rather than quality and effectiveness. There's good reason for this, is impossible to do it all, reduce costs and make a margin. Therefore it's important for CTOs to be aware of the wolves prowling round outside. The CTO needs to either get in bed with the outsourcers before the CEO does and make good decisions based on quality and effectiveness rather than on costs or keep the wolves at bay by ensuring the CEO understands how reliant the business is on technology and how cost effective it is already for the company.


One of the "easy" targets for outsourcers is the Helpdesk. A traditional candidate for outsourcing where the outsourcer can demonstrate cost savings whilst allegedly improving service and throughput. However, these are incompatible and this wonderful picture demonstrates just how incompatible they really are.

So, with the outsources telling the CEO that they can achieve the impossible, what can be done about it?

Outsourcers would have you believe that the Helpdesk is all about statistics, processes and procedures, ITIL, service levels and first time fix rates, and they’d be right, but they will most likely forget to mention that the main reason why a Helpdesk is successful is not because of its stats, but because of the people on the Helpdesk. Their experience, wisdom, knowledge of the business and most importantly the relationships they build with customers are what makes a Helpdesk successful.

Now for the shock. The Helpdesk is where every individual within a business forms their opinion of the technology function. The technology function will only be as good as the last call somebody made to the Helpdesk and how that call was handled.

Outsourcing the Helpdesk is a bit like outsourcing your own character. People form an opinon of you through what you do, how you do it and what you say. To give away control of the single source of opinion for technology, how the service is being provided or what is being said to your customers is unforgiveable.

Given that the Helpdesk is the character of technology, how should it be staffed? Again traditionally, the Helpdesk has been the nursery where fresh-faced newbies get introduced to the technology function, spend 6-12months answering the phone and then rush off to something allegedly more exciting or technically challenging. Giving responsibility for technology's customer satisfaction to the most junior employees is madness. Instead, utilising experienced, technical people with very good telephone skills and a passion for helping people who love working in a stressful environment makes sense. It costs more, but again, what price do you put on technology being held in high regard?

Outsource the Helpdesk and the face and character of technology is lost, someone else is in control of the technology function's destiny. Technology's value to the company rises and falls on public opinion, not service level attainment or cold hard facts. This opinion inevitably bubbles up to CEO level who will naturally be asking what people think of technology so the CEO can also form an opinion. When asked, people won't remember the recent successful infrastructure project or resolved data issue, it'll be whether their desktop PC is fast enough and what happened last time they spoke to the Helpdesk. If a CTO is to deliver value, start with an insourced, highly competent Helpdesk, it will also ensure the right person is in charge of the future direction of technology sourcing - the CTO!

Snow enforces Working from Home

When Britain suffers extremes of weather, we reveal our infrastructure to be unprepared. This doesn't surprise me, but today with snow being dumped all over the capital it brings the whole thing to a grinding hault. Even in the recession, London is still one of the main financial centres of the world and yet our buses, trains and underground have failed to cope. My normal mode of commute was out, motorbikes are never good in ice & snow and yet the Metropolitan line was also shut, I couldn't get in to the office even if I wanted. So I'm in a similar situation to hundreds of thousands of other people, unable to get in to their offices, but should this bring business itself to a halt? No, absolutely not, in today's technological world we should be able to work anywhere and yet how many businesses have invested in the infrastructure to enable such flexible working? Surprisingly few and I'm sure we'll have lots of articles in tomorrow's press about how much the snow has cost businesses*, but it shouldn't, it really shouldn't.

Out of my fifty strong team, four managed to get in to the London office. Did this lack of presence matter? No, not at all. Why? Well, we have the systems in place that enable any employee to work from anywhere and have whatever level of functionality they require. Fundamentally, we have a Remote Access Server which gives full access for anyone with a corporate laptop. For those without such mobile technology we have Webmail, Instant Messenging, remote file access, mobile phones and we can stand up voice, video and web conferences whenever required either on mobile phones or on the internet. All our systems can be administered remotely and our data-centre never needs to be visited. All in all, the team is independant of the office if needs be and today, with the conditions meaning very few people managed to get in to the office, the systems and services function as normal with a full support capability, meaning the majority of staff can continue as normal as long as they've got broadband and a computer.

This isn't rocket science, yet for many it seems to be. It doesn't take a lot to achieve, it isn't even very expensive, it just requires a bit of fore-thought and a small implementation project. RAS is the expensive bit, particularly if SecurIDs are used, but to enable a business to continue to function in the sort of conditions we see today, it's got to be worth it. When London's infrastructure recovers from the snow and ice, my company won't have lost any productivity, in fact we might have been a bit more productive than normal because people weren't having to undertake the daily grind of getting in to the office.

This forced interruption in public transport should be an object lesson in enabling flexible working and the ability to work from home, improving productivity and generally hauling the working environment in to the 21st century. Office-based working is so last century!

*UPDATE: As predicted, business groups have predicted the snow costing £1bn!!

UPDATE2: Silicon.com picked up on this and a re-worked version of this piece is now up on Silicon.com