Operational risk management today takes me to Dayton, Ohio. I'm there to give a presentation on eProduct risk management as well as to make personal acquiantance with a number of people I usually only correspond with via email.
The last couple of days have been mostly taken up with sorting out the implementation of our new online risk assessment software. The new version is up and running but as with any new custom-built solution there is going to be a "bedding-in" period. Anyway, I take my hat off to the developer at Aldex Software who has been dealing with the bulk of my many requests for change, and for the great solution that they have delivered to us.
Sitting in my in-box this morning is an interesting email thread regarding one of our data vendors who accidentally sent an email to one of my colleagues. My colleague picked up on the carelessness of this fact and has suggested we take a closer look at their security processes. We have a very indepth and diligent process in place for assessing our vendors - I'll discuss it here sometime.
Accidental emails can sometimes cost vendors business. One well remembered incident here involved a vendor commenting by email to one of his colleagues on the lack of hair follicles of a senior manager within my organisation. Unfortunately he hit the send button a bit too hastily and before he'd realized said hairless-person's address was auto-filled in. Needless to say, the vendor wasn't considered for further consideration. It's a lesson I think we have all learnt the hard way in the past. I mitigate this particular risk by putting all my email into the outbox first and then having to manually send it. Some might say I mitigate the risk by never replying to email but I couldn't possibly comment on that....