PR4P: How did you get into risk management?
Annie Searle: I’ve been doing risk management since I spent summers as a lifeguard in Buffalo Center, Iowa. I worked on the night shift in a university psychopathic hospital in graduate school. My career has included stints in public television, the visual arts, technology and banking. I co-founded a computer hardware company in the early 1980s, and there were elements of risk management I mastered running the company, but also in solving problems and creating solutions for customers over 15 years. At Washington Mutual Bank, working with great teams, I took on progressively more responsibility, ultimately reporting to both the Chief Information Officer (CIO) and the Chief Risk Officer (CRO), gaining a reputation as a fixer of complex but troubled programs that regulators paid a lot of attention to – research, planning and architecture, business continuity, disaster recovery, the crisis management, technology change management, regulatory and audit assurance and some elements of the bank’s information security program. The bank loaned me for several national projects that integrated perspectives from the public and private sector as well as academia. In 2009, I started my own risk advisory firm, Annie Searle & Associates (ASA). The firm has a consulting practice, but also publishes regularly through the ASA Institute for Risk and Innovation. Teaching about risk has broadened my research as I find both historic and current events to illustrate the true costs of risk failures.
PR4P: What are the three most common types of risk in business?
Annie Searle: Annie Searle & Associates (ASA) focuses on six specific sectors that are part of the critical infrastructure of this country -- banking and finance, energy, communications, information technology, public health and emergency services. Most people don’t realize that over 80% of the organizations in these sectors are on the private sector side rather than on the government side. For these businesses, these days, the greatest threat comes from loss of their proprietary data, whether through human error or from external cyber-attack. The next greatest risk comes from the third parties that such companies contract with – ranging from vendors who provide onsite services, to those who provide software or other vital services. A third very large risk I have recently written on is what we call conduct risk, which is unethical or illegal behavior by certain employees. A good example of that would be recent misconduct at Wells Fargo, where the customer ends up being at the short end of the stick.
PR4P: What are the three most common types of risk in government?
Annie Searle: Until recently, I would have said that the same three types of risk I discussed for business also apply for government, though not necessarily in that order. That’s about to change with the new
Interview with Annie Searle
Recently, we interviewed Annie Searle,
exclusively for The Connector.