Insights & News

Electronic Discovery and Content Management Discussions and Issues

When Black Swans Return

I was brought into a client site to help develop with Disaster Recovery for a content management system. My clients offices where in New York City, in lower Manhattan. The 9/11/2001 attacks prevented communications from their data center and their corporate offices. After a few days the communication channels were open and business was allowed to be conducted. 
This was considered a Black Swan type of risk and highly unlikely to reoccur. A Black Swan event as described by Nassim Nicholas Taleb is based on three criteria
  1. The event is a surprise (to the observer).
  2. The event has a major effect.
  3. After the first recorded instance of the event, it is rationalized by hindsight, as if it could have been expected; that is, the relevant data were available but unaccounted for in risk mitigation programs. The same is true for the personal perception by individuals.
The Swan reared its ugly head again in August 14th 2003 when New York City experienced a blackout. Again, the data center was unreachable. 
I was involved with the design of their enterprise content management system’s architecture. The system needed to accommodate 2.7 million workflows a day with 16 million documents. Therefore building two systems, production and backup, to manage the traffic and the workflow was a very expensive endeavor. 
The DR site chosen was in Jersey City, New Jersey, across the river from my client’s offices. Taking advantage of the close proximity of the DR site and the need for a large and powerful system, I suggested that we use the DR site in the design to process the workflows. The data would reside in NYC with failover to the New Jersey site in an active-passive configuration. We did discuss active-active, yet the costs were too much to overcome.

The workflows were going to be hardest part to design. Only one thousand concurrent workflows could be processed per Application server. I created five application service processes per physical server and replicated the same configuration at the DR site. Therefore the system could accommodate six thousand concurrent workflows. As designed the system was designed for 3 million workflows over a twenty-four hour period
Therefore turning Black Swans white.
Continue reading
1366 Hits

Business Risk Model

Business Risk Model-eDiscovery


Environment Risk

Environment risk arises when there are external forces that could significantly change the fundamentals that drive a company’s overall objectives and strategies and, in the extreme, put a company out of business

Competitor Risk
Major competitors or new entrants to the market take actions to establish and sustain competitive advantage over the company or even threaten its ability to survive. These actions include issuance of new products to market, improving product quality, increasing productivity and reducing costs, and reconfiguring the value chain in the eyes of the customer.

Sensitivity Risk
Sensitivity risk results when management commits the company's resources and expected cash flows from future operations to such an extent that it reduces the company's tolerance for (or ability to withstand) changes in environmental forces that are totally beyond its control

Shareholder Relations Risk
A decline in investor confidence which impairs a company's ability to efficiently raise capital. Current and prospective investors do not understand the company and its core messages and strategies. As a result, they do not have the necessary confidence in the company's potential to provide sufficient returns on their investment. The consequences can be severe -- the company will not have the same efficient access as competitors to the capital it needs to fuel its growth, execute its strategies, and generate future financial returns.

Capital Availability Risk
The company does not have efficient access to the capital it needs to fuel its growth, execute its strategies, and generate future financial returns. This can result in a competitive disadvantage if the company is highly leveraged or its major competitors have larger cash reserves, a lower cost structure, greater market share, or access to capital through strategic alliances.

Catastrophic Loss Risk
The inability to sustain operations, provide essential products and services, or recover operating costs as a result of a major disaster. The inability to recover from such events in a world class manner could damage the company’s reputation, ability to obtain capital, and investor relationships.

Sovereign/Political Risk
The risk of adverse consequences through political actions in a country in which a company has made significant investments, is dependent on a significant volume of business, or has entered into an agreement with a counterparty subject to the laws of that country

Legal Risk
The risk that a company's transactions, contractual agreements and specific strategies and activities are not enforceable under applicable law. Changes in laws and litigation claims and assessments can also result in increased competitive pressures and significantly affect a company's ability to efficiently conduct business.

Regulatory Risk
Changes in regulations and actions by national or local regulators can result in increased competitive pressures and significantly affect a company's ability to efficiently conduct business.

Industry Risk
Industry risk is the risk that the industry will lose its attractiveness due to changes in the capabilities of competitors, company's strengths and weaknesses relative to competitors, and key factors for success within a given industry.

Financial Markets Risk
Financial markets risk is defined as exposure to changes in the earnings capacity or economic value of the firm as a result of changes in financial market variables (e.g., currency rates) which affect income, expense or balance sheet values.

Yield Risk
Exposure to changes in earnings as a result of fluctuations of market factors (e.g., interest rate changes, currency fluctuations, etc.) which affect income from unhedged assets or the cost of unhedged liabilities (including executory contracts and other contingent exposures).

Price Risk
Exposure to changes in earnings or net worth as a result of price level changes.

Credit Risk
The exposure to actual loss or opportunity losses as a result of deterioration in a counterparty’s ability to honor its obligations.

Liquidity Risk
Exposure to loss resulting from the inability to convert assets (e.g., investment securities, receivables, inventories) to an equivalent cash value, or to raise unsecured funding, in a timely and cost-effective manner.

Systemic Risk
Exposure to loss as a result of a major market disruption which adversely affects all participants in that market (e.g., the inability to repatriate funds held in a foreign country due to the failure of its financial markets and/or banking system).

Legislative/Regulatory Risk
Exposure to actions by legislators and regulators which affect the market value of a financial instrument (e.g., changes in tax or accounting treatment of financial instruments).

Complexity Risk
Exposure to loss resulting from entering into complex transactions, the structure and pricing of which are not completely understood.

Process Risk

Process risk is the risk that business processes:

Are not clearly defined

Are poorly aligned with business strategies

Do not perform effectively and efficiently in satisfying customer needs

Do not add to shareholder wealth

Expose significant financial, physical and intellectual assets to unacceptable losses, risk taking, misappropriation or misuse.

Process risks consist of the following sub-categories and risk types:

Operations Risk

Operations risk is the risk that operations are inefficient and ineffective in satisfying customers and achieving the company's quality, cost and time objectives. Operations risks consist of the following:

Customer Satisfaction Risk
The company's processes do not consistently meet or exceed customer expectations because a lack of focus on the customer.

Human Resources Risk
The personnel responsible for managing and controlling an organization or a business process do not possess the requisite knowledge, skills and experience needed to ensure that critical business objectives are achieved and significant business risks are reduced to an acceptable level.

Product Development Risk
The productivity of the product development process is significantly less than more innovative competitors who are able to achieve higher productivity through a stronger customer focus, concentrating focused resources and faster cycle time.

Efficiency Risk
The process is inefficient in satisfying valid customer requirements resulting in higher than competitive costs.

Capacity Risk
· The effective productive capacity of the plant is not fully utilized or is not adequate to fulfill customer needs and demands, resulting in lost business.

Performance Gap Risk
When compared to competitors or best of class performers, there is an unfavorable performance gap because of lower quality, higher costs, or longer cycle times.

Cycle Time Risk
Elapsed time between the start and completion of a business process (or activity within a process) is too long because of redundant, unnecessary and irrelevant steps.

Sourcing Risk
The fewer the alternative sources of the energy, metals and other key commodities and raw materials used in a company's operations, the greater the risks of shortages and higher costs. These risks can significantly affect the company's capability to provide competitively priced products and services to customers at the time they are wanted.

Obsolescence/Shrinkage Risk
The risk of excess, obsolete, or lost (theft, shrinkage or spoilage) inventory and other physical assets used by or consumed in a business process, resulting in significant loss to the company or adjustments to operating results.

Compliance Risk
As a result of a flaw in design or operation or due to human error, oversight or indifference, the company's processes do not meet customer requirements the first time or do not comply with prescribed procedures and policies.

Business Interruption Risk
Business interruption can arise from accidents, weather, work stoppages and sabotage, and results in dissatisfied customers and loss of sales, profits and competitive position. Business interruption attributable to a loss of critical information systems is described as “Availability Risk” under “Information Processing/Technology Risk.”

Product/Service Failure Risk
The company's operations create risk of customers receiving faulty or nonperforming products or services. These failures usually occur as customer complaints, warranty claims, field repairs, returns, recalls, replacements, special discounts (because of product/service defects), product liability claims, and litigation. They can significantly affect a company's reputation, future sales and market share.

Environmental Risk
Environmental risks expose companies to potentially enormous liabilities. The exposure may include liability to third parties for bodily injury or property damage caused by the pollution, and liability to governments or third parties for the cost of removing pollutants plus severe punitive damages.

Health and Safety Risk
Worker health and safety risks are significant if not controlled because they expose a company to potentially significant workers' compensation liabilities. Workers' compensation laws, which vary from country to country, can result in severe financial losses if company operations do not strictly comply with them.

Trademark/Brand Name Erosion Risk
The risk that a trademark will lose its value over time to a business in building and retaining demand for its products and services. A trademark is a word, symbol or device -- or any combination of these -- that identifies a product or service and distinguishes that product or service from the products or services of competitors.

Empowerment Risk

Empowerment risk is the risk that managers and employees either do not know what to do, are not properly lead, exceed the boundaries of their defined authorities, or do not have the training, resources, or tools necessary to do their jobs. Empowerment risks consist of the following:

Leadership Risk
The risk that the people responsible for the important business processes do not or cannot provide the leadership, vision, and support necessary to help employees be effective and successful in their jobs.

Authority/Limit Risk
The risk that people either make decisions or take actions that are not within their explicit responsibility or control or fail to take responsibility for those things for which they are accountable.

Outsourcing Risk
There are two elements of outsourcing risk. First there is the risk that outside service providers (i.e., Third Party Administrators (TPAs), overseas and domestic manufacturing partners and agents) do not act within their defined limits of authority and do not perform in a manner consistent with the values, strategies and objectives of the company. Second, there is the risk that strategic business processes outsourced ultimately create competition for the outsourcing organization.

Performance Incentives Risk
Performance incentives risk occurs when managers and employees are monitored using performance measures that create incentives to act in a manner that is inconsistent with the company's business objectives, strategies, ethical standards, and prudent business practice. In these cases, managers and employees do not buy into the performance measures used by the company because they are not realistic, understandable, objectively determinable, or actionable.

The risk also occurs when performance indicators do not accurately measure the skills or characteristics that are predictive of success in a given position. Such performance measures ultimately prove to be irrelevant.

Change Readiness Risk
The people within the organization are unable to implement process and product/service improvements quickly enough to keep pace with changes in the marketplace (i.e., changes arising from competitor acts, regulatory changes, consumer demands, mergers, etc.).

Communications Risk
Communications vertically (top-down and bottom-up) or horizontally (cross-functional) within the organization are ineffective and result in messages that are inconsistent with authorized responsibilities or established measures. Information does not flow in a timely manner to the people who need it for decision-making.

Information Processing/Technology Risk

Information Processing/Technology risk is the risk that the information technologies used in the business are not efficiently and effectively supporting the current and future needs of the business, are not operating as intended, are compromising the integrity and reliability of data and information, are exposing significant assets to potential loss or misuse, or threaten the company’s ability to sustain the operation of critical business processes. Information Processing/Technology Risks include the following:

Relevance Risk
Relevance risk is the risk that information is not relevant to the purposes for which it is collected, maintained or distributed. This risk relates to the usability and timeliness of information that is either created or summarized by an application system.

Integrity Risk
This risk encompasses all of the risks associated with the authorization, completeness, and accuracy of transactions as they are entered into, processed by, summarized by and reported on by the various application systems deployed by an organization. These risks pervasively apply to each and every aspect of an application system used to support a business process and are present in multiple places and at multiple times throughout the application systems.

Access Risk
Access risk includes the risk that access to information (data or programs) will be inappropriately granted or refused. Inappropriate people may be able to access confidential information. Appropriate personnel may be denied access.

Availability Risk
The risk that information will not be available when needed. Includes risks such as loss of communications (e.g., cut cables, telephone system outage, and satellite loss), loss of basic processing capability (e.g., fire, flood, electrical outage) and operational difficulties (e.g., disk drive breakdown, operator errors). Business interruption can also arise from natural disasters, vandalism, sabotage, and accidents.

Infrastructure Risk
The risk that the organization does not have an effective information technology infrastructure (e.g., hardware, networks, software, people and processes) to effectively support the current and future needs of the business in an efficient, cost-effective and well-controlled fashion.

Integrity Risk

Integrity Risk is the risk of management fraud, employee fraud, and illegal and unauthorized acts, any or all of which could lead to reputation degradation in the marketplace or even financial loss. Integrity risks include the following:

Management Fraud Risk
Management issues misleading financial statements with intent to deceive the investing public and the external auditor or engages in bribes, kickbacks, influence payments and other schemes for the benefit of the company.

Employee Fraud Risk
Employees, customers or suppliers individually or in collusion perpetrate fraud against the company, resulting in financial loss or unauthorized use of physical, financial or information assets.

Illegal Acts Risk
Managers and employees individually or in collusion commit illegal acts, placing the company, its directors and officers at risk to the consequences of their actions.

Unauthorized Use Risk
This risk results when the company's physical and financial assets are used for unauthorized or unethical purposes, or information and proprietary assets are compromised (e.g., industrial espionage).

Reputation Risk
The risk that a company may lose customers, key employees, or its ability to compete, due to perceptions that it does not deal fairly with customers, suppliers and stakeholders, or that it does not know how to manage its business.

Financial Risk

Financial risk is the risk that cash flows and financial risks are not managed cost-effectively. Its severity depends on a number of factors which include the firm’s size, industry, financial position (e.g. public/private, leverage, free cash flow to equity, etc.), and the direction of the market as a whole. Financial risks are broken down into three categories: Price, Liquidity, and Credit.

Price risks include the following:

Interest Rate Risk
In a corporate context, interest rate risk is the potential for interest rates to deviate from their expected value. In aggregate, it includes the risk that a future spot interest rates will deviate from an expected value.

Currency Risk
Currency risk is the exposure to fluctuations in exchange rates.

Equity Risk
Equity risk is the exposure to fluctuations in the income stream from and/or value of equity ownership in an incorporated entity.

Commodity Risk
Commodity risk is the exposure to fluctuations in prices of commodity-based materials or products (e.g., gold, energy, copper, coffee).

Financial Instrument Risk
Financial market risk can vary depending upon the particular segment of the market to which the holder of a financial instrument is exposed, or the way in which the exposure is structured. These risks can arise from exposure to such things as changes in the price/yield differential between two financial markets, changes in cash flows or income as a result of option-type contracts, changes in the general level of interest rates, or exposure to an adverse change in the yields/prices available in a given market at a given moment in time.

Liquidity Risks include the following:

Cash Flow Risk
Actual losses incurred as a result of the inability to fund the operational or financial obligations of the business. In the extreme, poor liquidity management can lead to default or loss of production.

Opportunity Cost Risk
The use of funds in a manner that leads to the loss of economic value.

Concentration Risk
Exposure to loss as a result of the inability to access cash in a timely manner.

Credit Risks include the following:

Default Risk
This is the risk that a counterparty will be unable to fulfill its obligations (e.g., an entity which has taken delivery of goods or services defaults on the payment or goes into bankruptcy ).

      Concentration Risk
Exposure to excessive loss as a result of inappropriate emphasis of sales volume or revenues on a single customer, industry, or other economic segment.

Settlement Risk
This risk arises when financial counterparties effect their payments to each other at different times or in different locations. The first paying party is exposed to the risk that the later paying party will fail to perform, due to delay, system failure or default.

Collateral Risk
This is the risk that the value of an asset provided as collateral for a loan, receivable, or commitment to perform may be partially or totally lost.

Information for Decision Making Risk

Information for Decision Making risk is the risk that information used to support strategic, operational and financial decisions is not relevant or reliable. If measures have not been aligned with business strategies or are not realistic, understandable and actionable, they will not focus people on the right things and will provide incentives for decisions that are inconsistent with the strategies. If the measures and other business information used in decision making are not reliable or relevant, they either will be ignored or will drive the wrong behavior. Information for Decision Making risks include the following:


Pricing Risk
There are many forms of pricing risk. For example, the company's price may be more than customers are willing to pay or the company's pricing may not cover production costs.

Contract Commitment Risk
The company does not have information that effectively tracks contractual commitments outstanding at a point in time, so that the financial implications of decisions to enter into incremental commitments can be appropriately considered by decision makers.

Performance Measurement Risk
Process performance measures do not provide a reliable portrayal of business performance and do not accurately reflect reality (i.e., they are not reliable information about reality because they do not “tell the story” as to what is really happening within the processes of the business).

Alignment Risk
The objectives and performance measures of the company's business processes are not aligned with its overall business objectives and strategies. The objectives and measures do not focus people on the right things and lead to conflicting, uncoordinated activities.

Regulatory Reporting Risk

Reports of operating information required by regulatory agencies are incomplete, inaccurate, or untimely, exposing the company to fines, penalties and sanctions.


Budget and Planning Risk
Budgets and business plans are not realistic, based on appropriate assumptions, based on cost drivers and performance measures, accepted by key managers, or useful as a monitoring tool.

Accounting Information Risk
Financial accounting information is used to manage business processes and is not properly integrated with nonfinancial information focused on customer satisfaction, measuring quality, reducing cycle time and increasing efficiency.

Financial Reporting Evaluation Risk
Financial reports issued to existing and prospective investors and lenders include material misstatements or omit material facts, making them misleading.

Taxation Risk

Significant transactions of the company have adverse tax consequences that could have been avoided had they been structured differently.

Pension Fund Risk
Pension funds are not actuarially sound, e.g., they are insufficient to satisfy benefit obligations defined by the plan.

Investment Evaluation Risk
Management does not have sufficient financial information to make informed short-term and long-term investment decisions and link the risks accepted to the capital at risk.

Regulatory Reporting Risk
Reports of financial information required by regulatory agencies are incomplete, inaccurate, or untimely, exposing the company to fines, penalties and sanctions.


Environmental Scan Risk
Environmental scan risk arises when: the company does not have an effective process to obtain relevant information about the external environment, or key assumptions about the external environment are inconsistent with reality or are not being monitored by the company.

Business Portfolio Risk
Business portfolio risk is the risk that the firm will not maximize business performance by effectively prioritizing its products or balancing its businesses in a strategic context.

Valuation Risk
Management and key decision-makers are unable to reliably measure the value of a specific business or any of its significant segments in a strategic context.

Performance Measurement Risk
Overall organizational performance measures are not sufficiently balanced, or they are not consistent with, and do not support business strategies.

Organization Structure Risk
The company's organizational structure does not support change or the company's business strategies. An organization's values and culture, its infrastructure and how it defines responsibility, authorities and boundaries and limits has a significant effect on its ability to govern and achieve its objectives.

Resource Allocation Risk
The company's resource allocation process does not establish and sustain competitive advantage or maximize returns for shareholders.

Planning Risk
The company's business strategies are not driven by creative input, effectively programmed, consistently communicated, or responsive to environmental change and organizational learning.

Life Cycle Risk
An organization's approach to managing the movement of its product lines and evolution of its industry along the life cycle (e.g., start-up, growth, maturity and decline) has a significant effect on the ultimate success or failure of its business strategies.

Continue reading
2869 Hits
1 Comment