What are Blind Spots
Anyone who learned to drive as a teenager was warned to be aware of the blind spots between what you see in the rear view mirror and the side view mirror. As adults we hear about blind spots but in a much different context. Merriam-Webster defines one type of blind spot as the tendency to ignore something especially because it is difficult or unpleasant. No one is immune from blind spots; we all have them to some degree or another. Even experienced business leaders have them.
Recognizing that we have blind spots and are open and sensitive to inputs from others can help overcome them. In my line of work I’ve seen these blind spots manifest themselves when it comes to operational risk in an organization. The Global Association of Risk Professionals (GARP) defines operational risk as the “risk of loss resulting from inadequate or failed processes, people and systems, or from external events”. These risks are not deliberately ignored but they remain in that foggy world of “unknown unknowns”.
Impact on the Business
It may be a new start-up, a growing small-cap, or a Fortune 500 company, but all have operational risks that may remain unseen or in their blind spot. Much of the enterprise risk focus is on strategic, financial, and market risk; but operational risk often times remains off the radar screen of many business leaders. Instead of being strategic they are tactical. They are not cognizant of these risks or how they may put their people and assets at risk; and they don’t recognize how operational risk may negatively impact the resiliency of their organization.
I recognized this early in my private sector career. Hired to develop a security program from scratch because of increased product theft and diversion in the supply chain, I recognized we did not have a program to proactively address the potential for violence in the organization. Repeated efforts to champion this in the organizations fell on deaf ears. Sadly, it was only after we experienced a workplace homicide that more proactive steps developed traction.
Consider these Blind Spots
Overconfidence Bias – The organization has not experienced a significant, adverse event and is overconfident in their ability to respond. They don’t know what they don’t know, and they are insensitive or naïve to the consequences of these events.
Cultural Ambivalence – The organization may have a culture that does not embrace such discussions because they are difficult or unpleasant. Some business leaders may be reluctant to address issues outside their comfort zone. If they are not acknowledged and addressed, they remain a risk to the organization.
Organizational Void – The absence of an enterprise risk management (ERM) process, risk council, or safety/security committee inhibits discussion of operational and corporate security risk. There is no advocate to champion these discussions. Risks and threats remain in silos waiting to explode.
Cost Concerns – There is a lack of understanding of the attendant losses in failing to mitigate operational and security risks. This failure ignores how the reduction of risk can actually reduce costs while protecting employees, assets and grow the business. The financial risk and exposure from premise liability, negligent hiring, or negligent retention are ignored.
If you are in a leadership position in your organization begin or continue the dialogue with your employees, managers, and other leaders to identify those areas of operational risk where the organization is vulnerable. Don’t let them remain in those dreaded blind spots, but bring them out of the dark by illuminating and addressing them in a focused and strategic way. All will benefit.
About the Author
Jim Dale is the owner and principal of Seven Citadels Consulting. Jim brings to clients more than 30 years of security and risk experience in both the private and public sectors. Formerly the Chief Security Officer (CSO) for three Fortune 500 companies, Jim is a graduate of the University of Nebraska at Omaha and was a career officer, commander, and special agent with the Air Force Office of Special Investigations. He is a certified threat manager (CTM) and board certified in security management as a Certified Protection Professional (CPP). Jim is a member of the Association of Threat Assessment Professionals (ATAP), the International Association of Professional Security Consultants (IAPSC) and ASIS International.