Using Donald Rumsfeld’s famous quote “There are known knowns. These are things we know that we know. There are known unknowns. That is to say, there are things that we know we don't know. But there are also unknown unknowns. There are things we don't know we don't know.”
In risk, “Known knowns” represent incidents that we experience within our own organisations. We are therefore well aware of them and can learn from the mistake to improve processes and get stronger. “Known Unknowns” represent incidents that other organisations have experienced. These are not well known outside of the affected organisation as often the knowledge is not broadcast, not least for confidentiality and potential reputation impacts. However, these are the best incidents for us to learn from as we have not suffered any loss ourselves but can strengthen our processes from the knowledge of what happened.
Serious value by way of knowledge sharing and learning from others can be realised if the sharing of these incidents among peers can be achieved. In the global banking industry, the major banks already do this primarily using two shared sources being:
- Algo FIRST database. This is a database of operational risk events sourced from publicly available information.
- ORX database. This is a shared incident database between a syndicate of around 70 world-wide banks.
There is a substantial cost and stringent membership requirements to subscribe to these databases which may make them unavailable and / or expensive for other industries and organisations.
Protecht’s Risk Incident Database
In order to address this gap, Protecht has launched its low cost “Protecht.RID” service (RID = Risk Incident Database). It is a shared service which enables subscribers to enter and share:
- Incidents that occur internally
- Incidents that occur externally and have been identified in the media
- Risk articles and related information that a subscriber believes would be of benefit.
The service ensures anonymity of each subscriber and their entries while allowing anonymous “blog” communication between participants based on any incident or article that is posted.
At present, we have launched it across the Mutual ADI (Building Societies, Mutual Banks and Credit Unions) in Australia.
The success of this knowledge sharing initiative depends on the number of subscribers and the level of sharing. We are looking for:
- More Mutual ADI subscribers. If you are a Building Society, Mutual Bank or Credit Union and wish to obtain more details of the current roll out, please contact us.
- Industry segments or groups where the sharing of risk incident and information amongst the group would be valuable. For example, this may include:
a. Security managers sharing security breaches
b. Fraud managers sharing fraud cases
c. WHS managers sharing WHS incidents
d. An industry group sharing incidents between peers.
If this interests you, please email firstname.lastname@example.org or phone +61 2 8003 7079 for a chat and to obtain more information.