24 April 2016

Is Risk Management a Profession?

Is Risk Management a Profession?

So once again I have been invited to attend the ISO 31000 training programme. And at the end the 3 days I will, of course, pass my certification exam, and will be able to call myself a C31000 Professional. Wow am I excited, or not.

When I look at a range of "professions" I see a few things in common; years of experience and study, a professional body or association  (or bodies) that determine a set of standards for professionals, certification, and a set of disciplines. I also see regulatory bodies (even if self-regulating within the profession) that protect the name of the profession, and strike off those that fail to uphold the standards of the profession. I also see the profession seeking to protect itself from charlatans who do damage to the profession, and by pointing out clearly the standards required by the profession, to protect companies that employ such professionals.

So how does "The Google" define a Professional Association?


Somewhat limited I think, but for our purposes we can use this. What seems to be missing is protecting the integrity of the profession and professionals, but that might be included in furthering "the interests of individuals engaged in that profession" through protecting the name of the profession from charlatans.

Would the ACCA, ICAEW, IMA, AICPA, or the CICA stand by quietly as an organization or individual offered to create certified accountants in less than a week? The Medical Council would not allow someone to practice medicine without proper training and certification. Yet that is exactly what the Risk Management professional bodies do when someone offers three-day courses with a "professional" certification at the end. Where are the IRM, RIMS, GARP, PREMIA in protecting the reputation of the Risk Management profession and professionals?

So is Risk Management a profession? I'm sure that others have their definitions and expectation of what makes a profession and an professional. For me, as someone engaged in the profession, I like the definition from Google:



Considering this definition, I consider myself to be a Risk Management Professional. I have been advising companies on Risk Management, developed and ERM application from the concept to implementation, and I am a Risk Manager in a business. I am a member of a professional body, and have contributed to thought leadership published by that body, ranging from Risk Appetite and Tolerance, to Cyber Threats, and Risk in the Extended Enterprise.

Which apparently means that I should be "certified". Or at least, someone thinks that this will make me a professional.

So let us look at this kind invitation from Alex Dali again, the one that will, in three days, make me a Certified ISO 31000 Risk Management Professional.

The message from Alex Dali says:

I am pleased to inform you about the next training and certification session in London next month in May for you to become a Certified ISO 31000 Risk Management Professional with the official label C31000 certification.

It then gives the details of the course in London, for a very reasonable £1900, which includes the fee for the exam and certification.

It goes on to say:

Given your profile, I am sure that you will benefit a great deal from being a “Certified ISO 31000 Risk Management Professional” with in depth knowledge on the international ISO 31000 risk management standard. This session is also dedicated to those interested to become Certified ISO 31000 Lead Trainer.

Nice to see that my LinkedIn profile indicates that I would benefit from being such a certified professional. Or not.

So where am I going with this?

I expect my professional body to protect "the interests of individuals engaged in that profession" through protecting the name of the profession from charlatans. And that includes calling out examples like this, where people can claim to be a Risk Manager simply by paying for a three-day course.

To be very clear, any programme that offers a professional certification after a three day course and an exam (I wonder what the failure rate is, after paying £1900) is a joke. To be completely honest, I would have a difficult time taking someone seriously if they actually put C31000 or any other notification that they have receive this certification on their profile. I would then question every other certification that they claim, and I would wonder if that MBA or any other degree was from a mail-order "Institute" or "Institution" or just a postbox.

We as a Profession should be calling out specific examples like this, where someone sells certifications. We should be making it clear that we, individually and as professionals, will not accept bogus credentials.

For my part let me be very clear:

If you send me a CV with the C31000 certification on it, or if you have the C31000 certification on your LinkedIn profile, I will NOT be engaging with you. You are not a Risk Management Professional. You are the second definition of a Profession above: "an open but often false claim".

Just so there is not mistaking what I've just said:


To the professional bodies I ask, why are the Risk Management professional bodies and association such as the IRM, GARP, PRIMIA, RIMS and others not calling out the charlatans. Why are the professional bodies not protecting the interests of their members?

If my professional body will not openly state that this type of certification is a sham, then I need to do so, if for no other reason than to state categorically that I want my Profession to stand for something. When I say that I am a Risk Manager, I want it to be clear that this means I have years of experience, that I can back that up with evidence. That I am a professional.






07 April 2016

Panama Papers: Proceeds of Crime?

Drug dealer has a pile of cash. Drug dealer buys mother a house. Mother is pretty certain that the money is not clean, but it was from her son. Sweet boy. Time goes by. Drug dealer is caught. Assets are confiscated. Mother loses house. Proceeds of crime, after all.

And that is the way it is supposed to work. While mother is a nice woman and loves her son, she did knowingly accept assets that were the direct result of criminal activity. Apparently this standard does not apply to journalists. Journalists get Pulitzer prizes instead.

The "Panama Papers", while shining a bright light on the world of offshore companies and diversion management of assets, more importantly highlights the very grey line between the ethical hacker and the crooks, including the users of the information that was stolen. We still do not know how the information was released, although Mossack Fonseca is stating that the document were stolen in an external hack of their systems.

Basically there are two options; and insider copied the documents and made them available to the Süddeutsche Zeitung, or an external individual or group of individuals hacked Mossack Fonseca's systems and copied the files, providing them to Süddeutsche Zeitung.  We are told that the person (singular) who provided the document has not asked for money, only protection of identify. It is worth noting of course that an internal party could have been the hacker, to help obscure the source of the information.

As there was too much information for one news agency to fully explore, the data was distributed to a number of news agencies and papers, using the ICIJ (International Consortium of Investigative Journalists) as the network for distribution.

What is disturbing is the wide dissemination of the information for a long period of time, and teh ability of the journalists brought in to keep their silence. Almost mafia-like. While journalists as individuals have, in liberal western countries, a theoretical legal protection for use of sources (and in some case protection from releasing their sources), the information used in this case was sourced illegally. Once sourced however;

A network of about 400 journalists in 80 countries put together by the consortium spent months researching the documents. The media partners included the Guardian and BBC in the U.K., El Confidencial in Spain, Le Monde in France, Falter and ORF in Austria, Sonntagszeitung in Switzerland, and L’Espresso in Italy.

We are also told that newspapers and journalists have had access to the documents for many months, with the various reports saying anything from six months to a year. It is interesting that in that six months to a year, the story was kept secret from all, until Sunday April 3rd, when the bombshell exploded onto newspapers (online of course) and the TV news.

And what an explosion. 12 heads of state, 120 senior politicians or close associates of politicians, family members, etc. The first scalp has been taken, with the Prime Minister of Iceland stepping down. Score one for the "Revenge of the Sith Bankers". Personally I would not be surprised to find that the IMF, Troika, and individual banks that lost big in Iceland, are rubbing their hands in spiteful glee, but I digress.

In total, something like 214,000 companies were established by MF, with these companies spread around the world. Strangely, there are few American companies or individuals reported thus far - the current number seems to be 3072, with a total of 441 clients, but we're told to expect more. 3072 out of 214,000? Really?

Putin is just missed, but some around him are having their affairs aired in public. All, according to the Kremlin, part of a campaign of Putinphobia. Whose to know, but the Panama Papers are highlighting goings on that seem a little unsavory. In fact, a lot unsavory, by a huge range of people, from football stars to royalty, to criminals and (not criminal) individuals and companies.

And yet, all the information is not being released, raising questions about the political motives of those that released the information. Wikileaks climbed into the fray by stating categorically that one of the organisations involved in the dissemination of the information is effectively a front for Soros and his anti-Russia pro-democracy agenda.

And it is to that background that the relatively low number of Americans identified raises questions. If there is a dearth of Americans, is this because the information has been massaged? Is the number so low because the United States already has significant tax havens in Arizona and Delaware, and therefore there is less "need" for Americans to create international vehicles? Really?

At the core of my concerns then, is the question of whether the release of information, stolen information, was a crime, and not a "whistle blowing" action. And if it was a criminal activity (which hacking resulting in the theft of company information clearly is) then while there may be an argument that the thief was a whistle-blower, it does not absolve organisations from their use of the information for gain.

In this case, Süddeutsche Zeitung, the Guardian and other news organisations, instead of being legitimate news gathering and reporting organisations, are in fact the recipients and exploiters of illegally gains assets (the data). The drug data dealer has given then a home, and they know it came from criminal activity.

This makes their activities effectively the exploitation of the proceeds of crime.

I would expect that the vast majority of the companies formed will have been for perfectly valid business or personal reasons, legally using mechanisms to manage business activities and assets while also managing tax exposure - legally. None of that matters of course. Panama and anyone who does business with a Panama legal firm is now assumed to be a crook, while the real criminals, the Hacker(s) and the news outlets that has used the proceeds of that crime, will wear a mantel of purity of spirit.

If anything, I wonder if there will not be legal actions taken against the organisations that used and reported the data. Proceeds of crime indeed.


06 March 2016

Suggestions for those who will leave if X wins the Presidency

It all goes back to that dark November night in 2004, when eventually a winner was called. I stayed up late to watch all the way through. It was a long day. At 6:15am as I approached the polling station, an advocate for one of the candidates rushed toward me - staying just outside the mandated boundary. I put my palm toward them, and said "Forget it, I'm here to overthrow the government".

So late that November night, well actually about 3am the following morning, I stumbled to bed. My wife woke enough to ask "What is the result"?

I responded "We're moving to France".

"Okay" she said, and went back to sleep.

Well, it is that time again, the US election cycle is heating up, and like good brewing beer, the scum is rising to the top. Unlike good beer brewing, the scum is not being scraped off and discarded, hosed away into the metaphorical gutters of history. The problem is that whoever wins, almost half of the US (and much of the rest of the world) will think that the scum won.

So as we lead up to the election, we are hearing again and again, "If (fill in the blank) wins, I'm leaving the country". Okay, good for you, but as someone who said that, and then did it, I have a few suggestions.

First, if it had been that easy. There was work to manage, property to find and (rent or buy), and attempting to find a way to economically survive post a move. And of course, the move needed to be legal, or there would be no difference between us and an economic migrant trying to sneak into Europe by boat.
So for those of you who really mean it, let me give just a few suggestions based on having actually said it, and then done it.

1. Make the personal commitment. Talk to yourself, you spouse, family. Make sure that everyone is, if not supportive, then understanding. But also test yourself - am I just saying this, or do I really, really mean it?

2. Plan. Long in advance. Get as much ready and thought out as you can. Depending on who wins, you may find yourself at the back of a very long queue of people who feel the same way. There may not be a million economic or political refugees streaming north and south across American borders into countries with makeshift refugee camps, but there will be a queue to speak to someone at a consulate or embassy, delays for passports and visas, and limited jobs already being taken by those in front of you.

3. Where? Not such an easy question. Canada; well maybe. But the real question is; where in the world will I feel at home, has what I need in infrastructure, and is politically acceptable to me (after all, you will be leaving because of a politically unacceptable outcome. One rule-of-thumb, you are NOT going on holiday, so if you've been somewhere on holiday and said "I could live here", you probably either cannot, or would not want to year round.

So what are your criteria? May I suggest the following:

a. Language: how important is language to you, or do you speak a second language, which will certainly help narrow down your choices. Learning a language is not easy, but is possible and can be huge fun. It can also be a huge hindrance to getting things done and enjoying yourself.

b. Political System: Are you happy with a totalitarian regime as long as they don't bother the foreigners, or do you demand a democratically elected government? Some very nice places are ruled by dictators or monarchs, yet are full of opportunity and fabulous people. Remember that you have NO say in that country, so be ready to leave your political opinions in the US when you leave.

c. Economy: If you are going to "retire" then the choices are much wider, but if you will need to work, you might want to consider developed economies. Associated with this is your ability to get a work visa or other authorization to earn a living in the country. Of course some countries are more "open" than others, and it does help to have a second citizenship.

d. Civil stability: Some countries have a higher potential (or current) for civil war, social unrest, or outright war with a neighbor. How safe do you want to feel? In some countries the overt oppression of minorities creates an environment of almost continual latent violence,  covered over by a patina of civility and culture.

e. Population density: Hey, we all want to be in the country, right? But realistically, most people live in cities, and some very attractive countries are effectively city-states. Remember also that Islands are wonderful, with beaches (most) and sunshine (many) but they are islands, and if you will suffer from "island fever". That applies to almost all islands, from the UK down to Singapore.

f. Weather: After all, if you want to ski and like winter, then Dubai probably isn't for you. Likewise, escaping winter seems to be a huge draw. Florida isn't full because New Yorkers can't get enough snow. I like some seasons, but not too much hot or too much cold. More important, my wife loathes the cold, so that is a major factor.

g. Distance: Never forget the tyranny of distance. If you need to be close to family and friends, then consider just how far you are willing to be, and how long it will take you to get "home" if that is what you will still call it. New Zealand may be heaven on earth, but it is 24 - 36 elapsed hours of travel from North America or Europe, meaning visitors effectively need to dedicate two weeks to make the trip worthwhile, and so will you going "home" for a visit.

You may have additional criteria of your own. Food, wine, sunshine, opportunities to work in IT, Risk, Accounting, Oil & Gas, etc.

4. Meet the Natives. Well, at least people from that country. Hear from them the pluses and minuses, and ask them why they do not live there. Your assumptions about a place will be reinforced or corrected by getting to know people - the kind of people that will be around you every day. These people will also provide you with great pointers on how to settle in, and with good contact in-country. Their networks will be invaluable to you.

5. Visit. So you've picked a few places (or only one), met and talked with people from there, now it is time to make your knowledge a bit more real; go there. Spend a week, or two or more. Do not look at it as a tourist, look at it as a resident. What do the supermarkets look like. Talk to local headhunters (if you are in an easily transportable profession).

You are now about as ready as you ever will be, and all that remains is for you to watch the November night results.

Of course there is the risk, that after doing all your prep, you may reach the conclusion that it doesn't really matter who wins, it is time to go.



16 February 2016

Stop talking about Austerity as you have no idea what that means

It is disgusting to hear the British and French bleat on about the horrors of Austerity, as if they actually had any idea of what they are talking about.

My friend Andrew Brice in Wellington, New Zealand has produced some simple but effective graphs that showing GDP growth across the world from 1994 to 2014. Looking at the graphs for somewhere like Greece, and you quickly see what Austerity really means.He is graphing World Bank data since 1994 on a range of economic data points for all countries. While not setting out to show "Austerity", the graphical presentation does provide some interesting information. His site can be found here.

I've selected four countries for the chart below: France, Greece, Spain and the United Kingdom.

Notice how the GDP points expand fairly uniformly for France and the UK. Each point on the spider diagram, for the three reference years, shows growth, indicating and reasonably balanced growing of the various key elements of GDP.

Not Greece, in which that growth virtually implodes for 4 of the five factors between 2004 and 2014. Only 'X' - Exports, continues to grow, and that at a slower rate than the previous decade. Household consumption, General government, Gross capital formation and Imports all collapsed. Gross Capital Formation is less than it was in 1994.

Spain looks only marginally better.

Yet for the UK and France, all five indicators continue to expand through the crisis and into the second decade of this century.

GDP growth graphs for http://zyaneconomics.appspot.com/#/finmodel/

In the UK and France, governments have attempted to bring spending under control, and in large measure have failed miserably.

Oxfam's report on Austerity in the UK is a wonderful example of not understanding reality. "Since 2010, austerity – primarily in the form of deep spending cuts with comparatively small increases in tax – has been the UK government’s dominant fiscal policy, with far fewer measures to stimulate the economy. The stated aim of austerity was to reduce the deficit in the UK to give confidence to the markets and therefore deliver growth to the economy. While austerity measures have had some impact on reducing the deficit, they have delivered little growth, and public debt has risen from 56.6 per cent of GDP in July 2009 to 90 per cent of GDP (£1.39 trillion) in 2013."

It is almost as if "Austerity" actually only means "we cannot have everything that we want". Economies just balance what is required to keep the lights on, tax rates that do not disincentive investment, balanced against social programmes that effectively avoid rioting and revolution. In which case Austerity has become the a rejection of a "give me mine" mentality.

Yet contrast that with 10 things the Greeks cannot do (from July 2015 at the height of the crisis). If you want to see real austerity, look at Greece. Could the UK or French governments survive cutting pensions by greater than 50%. Or unemployment higher than 25% (and 50% for under 26 year olds)? What would Oxfam say to 45% of pensioners living below the poverty level, and food consumption dropping by almost 30%?

United Kingdom

Looking at the GPD growth chart for the UK it is almost easy to see the source of discontent. Yet it needs to be remembered that the economy has continued to grow (once over the Global Financial Crisis - GFC - induced great recession) and is now larger then it was in 2008.

UK GDP Growth, 1994 - 2014
Note the continued expansion of all five elements

 
Personal income has (as of 2015) grown to exceed personal income, inflation adjusted, pre-GFC. It took a long to time recover, and certainly the average POME (Prisoner of Mother England, or is that short for Pomme de Terre?) has had a rough ride. But pensions have continued to be paid, the health service has continued to treat patients, and to expand the range of coverage and care provided. The economic effectiveness of that service may be up to question, but that is a factor of quality of provision, not total expenditure in GDP terms.

France

France is not significantly different, with growth across all five data points through the years. Yet France (and the French) are mired in a psychological paradigm that says that they are suffering, oh so horribly, from massive austerity. Each new president is elected on a promise of change, or in the case of Sarkozy, "rupture" with the past. Yet for twenty years, each new president has been met by strikes at the mere hint of market reform legislation, strikes lasting weeks and covering the entire country sometimes. Each president has caved. Even the French military has a better (much) record of refusing to surrender.

France GDP Growth, 1994 - 2014
Not bad for coming through the GFC


Yet looking at the image above, you would think that France has had fairly steady growth, especially when you consider that between 2004 and 2014 there was the GFC knocking their economy into deep recession, and their being in a Europe that has seen lackluster growth at best over the past half decade.

Greece

Turning to Greece, we see a very different graph, in which the only growth has been in exports. The years between 1994 and 2004 showed good growth, in line with the UK and France. Yet with the GFC and their debt crisis, loss of sovereignty and destruction of the social welfare system, the years 2004 and 2014 we can see what austerity really means.

Greek GDP Growth, 1994 - 2014


The collapse in Greek GDP growth has been across the board, with only exports growing past 2004 levels, and that only marginally. The other four indicators have all collapsed, with Gross capital formation falling to below 1994 levels.

Compare that to the GDP performance of Greece's four land-border neighbours; Albania, Bulgaria, Macedonia (well, okay, the Former Yugoslav Republic of Macedoia to give it the official name) and Turkey. All four have experienced consistent and continual GDP growth.


 These countries have come through revolutions, civil wars and military dictatorships, but have then spent 20 years growing. And growing. Meanwhile their Eurozone neighbour has suffered at the hands of creditors and "friendly" governments. "But it's all the Greeks fault, they are perfidious and profligate, and they borrowed the money". All true (well, except the perfidious). Yet looking at the rouges gallery of neighbours, can we really say that the Greeks are any worse?

Greek is in austerity. And this is real austerity; the kind that results from the markets losing faith, and the bankers engaging in as much Moral Hazard as the Greek government itself. Yet when the bill came due, the banks (as effectively representatives of other governments or the ECB and IMF) decided that only one side of the perfidious (and here I mean it) cabal would pay.

Summary

The United Kingdom and France should, to use the English colloquialism, "shut their pie-holes". They are not in austerity, and do not actually know that it means. They are living *slightly* above above their means, but continuing to borrow like drunken sailors.

True Austerity is Greece, and this is in their futures when the markets say "enough". Then we will see real austerity in those two countries, as government debt becomes unavoidable and unsustainable. Greece saw:

– 25%: Fall of gross domestic product
– 28%: Reduction in public sector employees
– 28.5%: Drop in food consumption
– 61%: Drop in average pension (833 euro)
– 45%: Number of pensioners living below the poverty line
– 26%: unemployment (50% at ages under 25)

This is the real face of austerity, and something the UK and France should really fear. Today's weak attempts to controls spending are only a start, and a poor one at that.