ISACA Now Blog

Knowledge & Insights > ISACA Now > Posts > Football, risk management style

Football, risk management style

| Posted at 3:01 PM by ISACA News | Category: Risk Management | Permalink | Email this Post | Comments (0)

Brian Barnier1 February is a big day for American football. When the football takes flight in the big game on Sunday, where will you be? Will any of your office teammates or ISACA friends be with you?

To liven up a post-game office or chapter meeting, you can play a football game ISACA-style.

The game is simple; you earn points two ways:

    ●  First, by describing memorable football plays with five steps of the 5+2 Step Cycle used in managing IT risk. This is like the radio play-by-play the commentator does when the video can’t tell the story.
    ●  Second, by describing memorable plays with all the 5+2 steps. This is like a color-commentator, providing more backstory for a play. This requires a panel of judges:
  • Each person in the role of color-commentator tells a story to judges.
  • Judges could be a panel of three (to break ties) or all the other attendees—a bit like talent audition competitions.
  • Judges confer. If all seven steps are covered, the judges award points, depending on how robust and colorful the story is.

A review of the 5+2 Step Cycle:

    ●  Evaluating risk
  • Understand the environment and enterprise capabilities
  • Seek Scenarios—asking “What if?”
  • Watch for warning signs
    ●  Responding—quick response
  • React—taking the right action at the right time
  • Recover—reposition back into “ready” condition of evaluation
    ●  Responding to risk—continual improvement
  • Prioritize—based on evaluation, select actions to improve readiness to take advantage of opportunity and respond to threats
  • Improve position in the environment and strengthen enterprise capabilities—implement prioritization decisions

This is a constant cycle. In quick response, only existing capabilities are available. In continual improvement, time is available to add resources.

5+2 Step Cycle in Football:

    ●  Evaluating risk
  • Understand the environment and enterprise capabilities
    • Includes: coaching styles, playbook, player health and the physical field (temperature, turf, altitude). This includes mostly color commentary and then play-by-play when field conditions or player health changes.
  • Seek Scenarios—asking “What if?”
    • Constantly ask what you and your competitors could do. Think differently and think ahead. This is the stuff of which sports movies and documentaries are made, color commentary and play-by-play.
  • Watch for warnings
    • Includes: opponent actions on the field (especially players who can play multiple positions), play calls, substitutions and fakes(play-by-play)
    ●  Responding
  • React
    • Includes: high agility, running plays that give you options and foreclose opponent options, not falling for fakes, protecting the quarterback’s blindside and intercepting opponents
  • Recover
    • Applies capability to shake off bad plays and focus on the next, use of options (see above) to position for the next play, and tactics to manage the game clock
    ●  Responding to risk—continual improvement is about actions in view of risk evaluation during the year(s) leading up to the big game (color commentary.)
  • Prioritize
    • Includes: decisions made in coaching styles, playbook, player selection, training and medical care.
  • Improve position in the environment and strengthen enterprise capabilities
    • Includes: good implementations such as a new training style or developing draft-picks, and bad implementations such as sending an injured player onto the field too quickly.

Practicing the 5+2 like a football star can help you bring a winning game to your organization, chapter and career. Take the field!

Brian Barnier
Principal Analyst & Advisor, ValueBridge Advisors, USA


There are no comments yet for this post.
You must be logged in and a member to post a comment to this blog.