Skip to main content
Scottish Continuity
Our Blog
Tuesday, February 16 2021


The board and I would like to wish all our members a Happy New Year and hope that 2021 brings good luck and optimism for all.

Rather than a Continuity Matters bulletin for you this month, I want to take the time to discuss three things with you all ahead of what is shaping up to be another year full of unique challenges:

  • An update on the Resilient Scotland 2021 conference.
  • Our membership offer to you all, and;
  • Looking ahead at our events in the coming months.


This time last year, we were tying a bow around our most successful conference to date. Celebrating our 25th year of supporting organisations like yours in Scotland and beyond, Resilient Scotland 2020 was a sold-out event that we’re immensely proud of. It’s a stark contrast to this year, where we continue to share the challenges that this current level of uncertainty and restriction provides. While progress is being made against COVID-19 with enhanced lockdown measures and a large-scale vaccination programme, there is no definitive end date which we can use to plan this year’s conference or other in-person events.

It comes then with the difficult decision to postpone all physical events in 2021, including the Resilient Scotland conference. While we have several virtual events planned for this year, including seminars, workshops and large-scale exercises, the safety and wellbeing of our exhibitors, our sponsors, our team and – most importantly – our membership, comes first.

We recognise this will be disappointing for you, as many view our conference as a great, local opportunity to meet with your peers, learn from industry leading professionals and interact with our incredible sponsors and exhibitors. We share that disappointment with you and will miss seeing you all in person.
Your feedback and continued support ensure that when our conference returns, it will surpass that success and be an event worth the wait.

Our Membership Offer

It’s that continued support that keeps this organisation going, enabling its board members and wider colleagues to support organisations through uncertain times.

As a token of our gratitude, we’re offering an additional year of membership for all current members of Scottish Continuity, free of charge. Those who have already renewed their membership for 2021 will find that 2022’s fee is on us. Anyone yet to renew can do so before their membership expires this year and enjoy that same benefit. It’s the least we can do.

If anyone has any queries about how this offer will work, please reach out to Tommy Lynch, our Treasurer, who will happily walk anyone through the process -

Looking Forwards - Upcoming Events

So, what can we see from Scottish Continuity this year? Our board members are passionate and committed to delivering a high standard of events for you and your teams. Here’s what you can look forward to in the next few months:

February 2021 - Wellbeing, Mental Health and Mindfulness For Our Resilience Community. I’m delighted to announce our session in collaboration with Lindsay & Lang aimed at sharing best practice and practical guidance on maintaining our mental health and wellbeing. This session is open to all members and the wider community and will be held on Friday, February 26th 2021, 12:30 - 13:30hrs. Further details will be shared with our members on our website and in direct contact with you shortly.

March 2021 - A free Technical DR discussion in March 2021, featuring some of our experienced board members and members, is open to you and the wider community.

April 2021 - A free Learning Event will be delivered by PlanB Consulting, discussing exercise programme development and how to get the best out of a limited budget.

May 2021 - An interactive, half-day virtual exercise will be delivered by Inverroy Crisis Management. We're currently exploring official CPD accreditation for several of the largest awarding bodies within resilience, but if you want to add an exercise to your continuity programme, this session is not to be missed.

June 2021 - Annual General Meeting. A virtual AGM is scheduled for June 2021, with an exact date to be communicated shortly. If you want to get directly involved with helping us at Scottish Continuity in the coming months and years, this is a great place to start!

Finally, if anyone reading this email has any feedback for us at Scottish Continuity, my inbox or that of our Secretary, Roger Broomfield, is always open – We’d love to hear from all of you about what we can do to support you in our 26th year and beyond.

To your collective good health and happiness this year,

Sandra Riddell
Chair, Scottish Continuity.

Posted by: Sandra AT 03:11 pm   |  Permalink   |  0 Comments  |  Email
Tuesday, July 09 2019
Welcome from the new Chair..

Welcome from the new Chair…..

I was thrilled to be elected as Scottish Continuity Group’s new Chair last month at our AGM, held for the first time at the George Hotel in Edinburgh. Thanks to everyone who came along. It was really great to meet both old and new members and discuss our plans for the future. And what a future lies ahead, not least of which is to celebrate our Group’s 25th anniversary next year.  Our AGM also saw the arrival of new Board Members Michelle French-Fraser from Standard Life, Justyna Weckowska who is studying at Glasgow Caledonian University and Ray DeSouza from the Scottish Government. Welcome aboard!

I’d like to take a moment to say thank you to previous Board Officers. Our past Chair, Chris Tunnah, past Treasurer Gordon Mackie and past Vice Chair Alan Dawson. A massive thank you to you all. Look at what we have achieved together! Record attendance at both the 2019 conference and 2018/2019 learning events and fantastic feedback from our members and sponsors. Chris stays on the Board as a Board Member. Gordon Mackie and Alan Dawson have both chosen to step down from the Board. Gordon, however, is still keen to be involved in our events and has become an associate Board member on the Events sub-group. Brilliant!

Since the AGM, where we shared our plan to build on the success of the Events sub-group, by creating sub-groups for ‘Membership & Finance’ and ‘Technical’, I am delighted to tell you that those plans were ratified at the last Board Meeting and sub-group leads have been appointed. Thank you to Tommy Lynch, Richard MacLennan and Michelle French-Fraser our new Membership & Finance, Technical and Events Sub-group Leads (and all Board Members) respectively. A new role, Operations Lead, has also been created to help standardise reporting from the sub-groups into the quarterly Board meetings. The Operations Lead role has been incorporated into the Vice Chair’s responsibilities. Thank you Matthew Wardner! The Operations Lead and Sub-Group leads are now working on roles and responsibilities and defining and managing operational activities across the sub-groups. Succession is key to another 25+ years of our group, so defining roles, responsibilities and our operations is a big priority this year.

But why are we all here? Our raison d'être are the Education & Learning events, including the Annual Conference, small learning events and breakfast surgeries. These events are at the core of our group with the next breakfast event in Edinburgh taking place on Tuesday 16th July and the next Glasgow breakfast event on Wednesday 14th August. More details on our events from the Events sub-group soon.

As Chair, I am excited to work with the Board and leadership (Operations Lead and sub-group leads) to develop a plan that will help us build on our achievements and mature our sustainable, growing, and thriving group. Achieving a good balance between our full-time work/study/family commitments and our roles on the Scottish Continuity Group, which is of course a non-profit membership association run by volunteers, is key. Your participation as a member is crucial. Whether it is attending events, providing feedback or getting involved in running events (whether as a Board Member or as an Associate Member on a sub-group). Feedback helps us pitch events at the right level with the right speakers and topics. Who do you want to hear from? What excites you about resilience, continuity and crisis? What are your gaps in knowledge? Let us help you and our collective group get to grips with new and ‘not-so-new’ hot topics. Alternatively, do you have a topic that you could teach others? You can contact us by emailing us at Alternatively, come say hello at the next learning event. We really like hearing from you!

We will be sending regular updates on the Board’s progress and generally letting you know what is coming up in the next quarter. Also, please follow us on Twitter and LinkedIn for all the latest news.

Thank you for taking the time to read this welcome message, we hope to hear from you soon and that we get together at the next learning event.

Very best wishes,

Sandra Riddell

Posted by: Sandra Riddell AT 09:40 am   |  Permalink   |  0 Comments  |  Email
Tuesday, June 04 2019
It's been a pleasure....

It truly has been s pleasure, these last two years! My time as Chair is now over - but I leave you in remarkably capable hands! Sandra, my successor, will be no stranger to many of you. She has been a regular supporter and attendee of Scottish Continuity events, and served on the Board for a number of years. In that time she has been very pro-active and organised a number of key events, the Education & Learning events especially, as well as taking on supporting roles in many other activities. All this in spite of a busy and hectic worklife!

I know she has a great many ideas, and the energy and enthusiasm to see them through. It's going to be an exciting future for Scottish Continuity!!

Posted by: Chris Tunnah AT 11:30 am   |  Permalink   |  1 Comment  |  Email
Tuesday, May 14 2019
Are you involved?

After the success of our annual conference, now it is YOUR turn to perform! As well as the usual Breakfast Briefings (see here for details!), our Annual General Meeting is being held on Tuesday 4th June in Edinburgh, hosted at The Law Society on Morrison Street. Now it's YOUR turn to tell us what you want! What you want more of, and what you want less of. Maybe YOU could do it better than we are - so why not apply for a post on the board? We'd love to see you there, so why not register here and get the date in your diary. 

We hope to see you there!

Posted by: Chris AT 09:52 am   |  Permalink   |  0 Comments  |  Email
Monday, March 11 2019
Resilient Scotland Conference - 2019

I hope you made it to our conference this year - maybe you did and were lucky enough to walk away with an iPad!! We had more attendees than ever at the conference, this year at Dynamic Earth in Edinburgh, and the feed back has been that it was one of the best so far in our 24 year history. The venue was good, the speakers were better, and the crowd that attended was engaging and interacted with each other, the speakers, and the exhibitors! It was a great day, I learned a lot, and I'm looking forward to the next one already! See you there!

Posted by: Chris AT 06:03 pm   |  Permalink   |  0 Comments  |  Email
Friday, November 23 2018

So often we focus on major incident scenarios that will rarely occur, for example a fire.  However, every year there is a major risk of business disruption as a result of the severe weather we experience - witnessed by the "Beast from the East" in 2017.  As snow has fallen in the UK this week please find below some BC considerations to aid you in your preparations.


  • Is everyone accounted for? (at work or traveling)
  • What is the potential impact on key skilled personnel?
  • Is there sufficient gritting/snow clearing to keep paths clear – can staff be asked to help?
  • Do staff working outside have appropriate clothing for the conditions?
  • For staff working from home, do they have suitable work environment, and can they access the server?
  • For those travelling to work, are their vehicles suitable and do they have spare / warm clothing, blankets, sleeping bags, thermos flask etc.  Given that Line Managers might also be unavailable, is there a central work number to call in case of a major delay?
  • Does a Department rely on another Department for an activity? If so, is the other Department still able to deliver it?
  • If there was an emergency during this severe weather period, eg cyber-attack through to burst pipe or chemical leak, can sufficient responders mobilise to deal with it?


  • Are valuable assets suitably heated/protected.
  • Suitable protection from frozen pipes.
  • Supply of fuel
  • Resupply of raw materials, food, consumables etc.
  • Gritting/snow clearing of paths, loading bays and car-parking areas.
  • Potential risk from falling icicles/snow from buildings.
  • Are there any areas of “suspicious” brickwork or masonry that might become lose and a risk as a result of the freezing conditions?
  • Consideration of potential flooding following a rise in temperature.
  • Potential loss of electricity due to power lines being brought down.


  • Recommend that, where possible, key staff take IT home with them in case they can’t get to work the following day, and whatever paperwork might be required (within security limits).
  • If not already practised, recommend that everyone tests their ability to log on from home and access folders.
  • From experience, when the “Home Working” option is maximised, data speed and connectivity reduces.  Is there an IT help-desk available for home workers?
  • If there is an issue with IT during this period, can sufficient IT personnel be activated to make the repair?

Supply Chain

  • Are there critical supplies that could be delayed – including mail, water, food?
  • Is there potential for distribution disruption that may impact on your contractual obligations?
  • Grit and salt supplies will be a premium.  Consider when to re-order so that your stocks are maintained.
  • Could your waste management be disrupted, if so how long before becomes critical?
Posted by: Inverroy Crisis Management Ltd AT 08:23 am   |  Permalink   |  1 Comment  |  Email
Monday, November 19 2018

When sending out membership renewal invoices (in my role as Treasurer), a few people have asked what we do. This has highlighted the fact that members (and even board members) do not visit the website, read these blogs or visit our Facebook page. On checking, I discovered that some members do not receive invites to events as their company email systems block our Mail Chimp bulk email management system as they filter out all such emails as "spam candidates".

I did also have to apologise for the fact that some of our past events still had the future tense in the website events page - so I have started a tidy up as we need to get the small details right and keep our content relevant, up to date and accurate.

So - as an experiment - if you read this blog, let me know by adding a comment to let me know. 

Communication is everything!

We do have a lot in the pipeline and have held some fantastic events - we just need to ensure that our paths of information are open and well visted

Posted by: Gordon Mackie AT 01:08 pm   |  Permalink   |  3 Comments  |  Email
Wednesday, November 14 2018

And so the clocks have gone back - nights are darker, and from a personal standpoint thoughts of Road Safety loom large (if you drive the drizzly M8 corridor, you'll know what I mean!).

So what would happen if an essential staff/project member did have an accident, and was unavailable for days or weeks? I'm sure that contingencies were made months or years ago.... but are they still valid? Are the same people involved? Has access to information been maintained, or have valued documents been locked securely away, looked at once or twice, and then no more - only for locations or passwords to be forgotten?

When was the last time Business Continuity Plans were reviewed - are they still current? Would they still stand up?

Or has all the focus on Cyber threat removed the focus from the other areas of threat?

Time to dust off those plans and schedule a test!

Posted by: Chris AT 08:03 am   |  Permalink   |  2 Comments  |  Email
Friday, October 12 2018

An interesting article that was copied straight from Financial Risk Management for Dummies - Gordon Mackie



Financial Risk Management For Dummies

By  Aaron Brown 

One of the fun parts of being a risk manager is that you never have to make dull presentations. Your job is to disrupt thinking and force broader consideration of potential future events, and you never do that by putting people to sleep.

Whether you’re arguing for people to take more risk or to take more care, to go boldly or to dig defensive trenches, to discard stale canards or to adhere to traditional wisdom, you can find dramatic illustrations to make your case on the Internet.

To help with that, here are ten favourites. Even stable sites change links, but even if they do, you should have no trouble finding information about any of these ten events using a search engine.


At first glance, the Boston Molasses Flood story, seems like a routine urban industrial disaster. A 50-foot molasses storage tank at the Purity-Distilling Company exploded, probably due to the build-up of carbon dioxide as the molasses fermented. (If the fermentation had progressed longer, the molasses would have converted into rum, and the story would be the Boston Rum Party instead of the Boston Molasses Flood.) The ensuing molasses flood killed 21 people, injured 150, levelled two square blocks and an elevated train station.

Three lessons illustrate important risk management principles:

  • Heed warning signs: When people complained about molasses leaking out from the seams of the tank, the company took swift action. It repainted the tank brown so the leaks weren’t as noticeable.

Disasters usually have warning signs beforehand. Sometimes the best strategy is to heed the warnings, investigate the problem and deal with it before the bad things happen. Often, the best strategy, and in any event the second-best strategy, is to do nothing until things get worse and the problem is clear or the problem goes away on its own. The most common strategy is the worst – cure the symptom without attempting to diagnose the disease.

  • Anticipate unconventional dangers: Molasses isn’t usually considered to be dangerous. When you read about a munitions factory explosion, or toxic spill from a chemical plant or environmentally damaging leak from an offshore oil rig, you’re not surprised. But molasses seems safe and friendly. No one ever proposed a disaster movie, Deadly Sweet, about killer molasses. Before the disaster, there were no inspection requirements for molasses tanks, although there were all kinds of regulations for things considered dangerous.

The moral? When you’re thinking about risk, don’t focus solely on the dangerous stuff. In fact, the dangerous stuff is usually the least of your worries because everyone focuses on it. Your portfolio may tank due to losses on supposedly safe AAA bonds and the speculative growth stocks bring great returns.

  • Don’t assume normalcy: Molasses is a non-Newtonian fluid, which is just a fancy way of saying that its viscosity (its thickness and stickiness) changes under different conditions. When people say, ‘as slow as molasses’, they’re thinking of unstressed molasses. But if molasses is squeezed or shaken enough, as in an explosion, it can flow almost as easily as water. The Boston Molasses Flood travelled at 23 miles per hour and inundated two city blocks in less than 20 seconds.

That would have been bad enough if the molasses had remained in that thin fluid state. It would have knocked things over and moved them around and maybe some people would have drowned. But the terrifying thing is that when the expansion pressure eased, the molasses reverted to its normal thick, sticky state, and literally ripped apart the people, animals and things (including buildings and sections of rail track) caught up in it.

The message for risk management is you can’t rely on your intuition about how things work under normal conditions. You may have been prepared for a water flood, and a molasses flood, but only sophisticated calculations would lead you to prepare for a flood that could move as fast as water but stick as tightly as molasses.

For more information, take a look at Stephen Puleo’s book, Dark Tide: The Great Molasses Flood of 1919 (Beacon Press).


If you ask people to list the main causes of airplane crashes, controlled flight into terrain (CFIT) is seldom high on the list. Shockingly, however, it accounts for 25 per cent of crashes, which makes it common enough to need a name. It means the aircraft flew into the side of a mountain or into the ground without mechanical malfunction or crew incapacity – just a plane in good condition piloted by a competent person in good condition that flies into the ground.

One of the most famous examples of CFIT is Air New Zealand Flight TE901. This craft was on an Antarctic sightseeing flight under the command of an experienced crew. The airplane and all systems were in good order, and the weather was clear. Yet on 28 November 1979, the craft flew into the side of Mount Erebus on Ross Island, Antarctica, killing all 257 people on board.

Without going into the complicated and still-controversial details of the accident, here is one aspect highlighted: The plane’s autopilot was programmed with a route, but the programmed flight path was changed without informing the crew. So when the pilot took manual control, the plane was 30 miles east of where he thought it was. Although the mountain should have been plainly visible to the crew, the brain finds it easier to manufacture what it expects.

The risk management lesson is that CFIT is common. If an expert pilot, with his life and the life of his passengers and crew at stake, can fly straight into a mountain in good visibility, anyone in your organisation can do incomprehensible things that cause disaster. Never assume that no one would ever do X. However crazy or dangerous X is, someone may do it sometime. Don’t assume everyone can see the looming disaster just because the disaster is plainly visible.


This comedy sketch satirising the reaction of British Petroleum executives to the 2010 Deepwater Horizon oil spill in the Gulf of Mexico illustrates some important risk management points. Look at this parody skit at and ask people what mistakes were made. The most common answer, by far, is that the actors ignore the simple, obvious solution to the problem. Of course that’s what drives the humour in the piece. Watchers feel superior, saying to themselves, ‘Of course we would never act like that.’

In fact, people often do act like that and you won’t find it as funny when the damage is real. Three less obvious mistakes demonstrated in the video are applicable to risk management:

  • Panic: This is also part of the joke, because the worst downside to a coffee spill isn’t that bad. But in the face of a real danger, panic can destroy any chance to salvage the situation and can make it far worse. No situation is so bad that you can’t make it worse by panicking.
  • The imperative to do something: Even when the actors elect to do nothing, doing so is a decision to observe for three hours followed by despair at having wasted the time. Doing nothing is always an option and often the best option. A lot of problems go away or get worse, but in getting worse, they make the appropriate solution clear. Doing nothing can also clear the field for someone else with better ideas to try to make things better. At least doing nothing doesn’t make things worse.
  • Tunnel vision: Don’t focus exclusively on solving the problem to the exclusion of making contingency plans in case it cannot be solved. The actors don’t inform others about the issue, consider what the consequences may be or take actions to alleviate the potential harm. All their efforts are devoted to the spilled coffee on the table, they forget that an entire world is outside. This kind of tunnel vision is very common in crises.

So laugh at the skit, but don’t consider that you may look just as silly in a real crisis unless you remember the following: Don’t panic, doing nothing is an option and make contingency plans in case you can’t solve the problem.


The tunnel under the English Channel, known as the Chunnel, which connects Folkestone, Kent, in the United Kingdom, with Coquelles, Pas-de-Calais, in northern France, is one of the great engineering achievements of the 20th century.

When the Chunnel was designed and built, there was a lot of controversy in the engineering profession about several aspects of the design, especially the plans for dealing with fires in the tunnel.

One particularly widely cited piece of information was a calculation that a serious fire in the Chunnel would occur on average only once every 840 years, and a fire with fatalities or an extended closure of the Chunnel less than once in 10,000 years. Depending on how you count, there have been from three to six serious fires in the 20-year operating history of the Chunnel, two of which closed the Chunnel for six months each. Although fatalities have been avoided, there have been numerous injuries, mainly from smoke inhalation.

The ‘1 in 840 years’ statistic came from a calculation listing all the things that would have to go wrong to have a serious fire – the fire would have to start, it would have to escape detection by smoke and fire detectors as well as human observers until it got out of control, and so on. The report estimated probabilities for all these things and multiplied them together to get a very low probability of a serious fire.

Everything listed in the calculation did in fact happen in the 1996 Chunnel fire. The fire broke out in France before the train entered the Chunnel. Both smoke and flame detectors on board the train failed. Guards noticed the smoke and called the operations booth, but no one was manning the booth. Eventually the guards contacted the train engineer directly, but by that time the train was in the Chunnel. The instructions were for the train to continue through to the UK where the fire could be extinguished. However, the engineer instead elected to stop the train and evacuate the passengers. Once the train was stopped, the fire was concentrated in one place, and it destroyed the Chunnel electrical and ventilation systems, which frustrated the remaining detection and mitigation features.

There weren’t 20 independent events that all happened to go wrong at the same time due to an extreme run of bad luck; all these things were connected. The lesson is that you’re only correct to multiply probabilities together if they’re independent.

Here are two risk management lessons from this experience:

  • Whenever someone argues a disaster is unlikely because of a long list of things that would have to go wrong first, ignore all but the two least likely items on the list. For one reason, when two unlikely things happen at once, you’re likely in a scenario you failed to anticipate, so you can’t trust any of the other items. For another, the existence of multiple levels of safety precautions nearly always leads to people neglecting some of them because they never matter. Why should a sentry bother to stay awake when an automated proximity alarm is present? Why bother to make sure that the fire extinguishers are charged when you have a sprinkler system? A few high-performance, high-risk organisations can maintain multiple levels of high security, but such an organisation is the exception, not the rule.
  • Figure out how to salvage a sitution when your fail-safes fail. The Chunnel was much more prone to fires than its designers thought, but those disasters haven’t killed anyone due to the robust contingency and rescue systems built into the project, as well as the high level of performance of emergency crews. Predicting and monitoring dangers is good, preventing them is better; but however well you do those things, make sure to spend some effort thinking about how to rescue the situation after all else fails.


At the beginning of March 1980, geologists started to see signs that Mount St Helens in Washington state might be preparing to erupt. As the evidence mounted over the next two months, people living on or near the mountain were evacuated. But 84-year-old World War I veteran Harry Randall Truman became a folk hero for refusing to leave his home of 52 years where he lived with 16 cats beside Spirit Lake. Among other memorable quotes he claimed, ‘The mountain ain’t gonna hurt me, boy.’

Harry’s unflappable courage was celebrated in song, poem and story. He was a favourite interview subject. Everyone loved Harry. Except, as it turned out, the mountain. On 18 May 1980, the mountain did hurt Harry, and his 16 cats, and his home, and 56 other people and hundreds of square miles of land and billions of dollars worth of property.

Inspiring-sounding bravado delivered in folksy terms will always be popular. It works in movies but not in real life. Bravado is the opposite of risk management. Even after Harry was killed, people continued to celebrate his stubbornness rather than mourn his foolish denial of reality.

Whenever you hear someone downplaying a risk based on romantic nonsense, remember that Harry Randall Truman died that way.


Jon Corzine had an illustrious career. He was head of Goldman Sachs, a US senator and the governor of New Jersey before taking over the commodity brokerage firm MF Global. The firm collapsed on 31 October 2011 due to losses from bets on European sovereign debt. Shockingly, $1.5 billion of customer funds appeared to be missing, and six weeks later Corzine appeared before Congress to answer questions about the shortfall.

MF Global’s basic business was simple. It was a futures commission merchant(FCM) meaning that it held accounts for individuals and institutions that wanted to place bets in the futures markets. If the bets win, the profits are placed in the customer’s account with the FCM; if the bets lose, the losses are taken out of the customer’s account with the FCM. The important point is that the money in the customer accounts belongs to the customer, not to the FCM. The FCM is legally required to keep those funds segregated from its own funds. Of course, as a practical matter, the location of the funds can get complicated.

MF Global had tens of thousands of customers trading futures contracts around the world, some of them making hundreds of trades per day. So you can easily understand why there may be a dispute about the amounts in individual accounts. You can also understand someone saying something like, ‘The customer accounts in the UK and Canada were seized by bankruptcy administrators who want to use them to pay off other creditors.’ But what’s difficult to understand is Corzine saying that he has no idea where the money is or who was responsible for it. He couldn’t even remember whether or not he signed required documents certifying that the money was segregated properly. Again and again he was asked simple questions that should have simple answers, and he never knew or couldn’t remember, but he did know that everything is complicated.

Every risk manager should watch this video. You cannot predict or prevent disaster and pretending that you can is misleading to others and stressful to yourself. A reasonable goal is to be able to answer simple questions about what happened and to have asked the questions beforehand that Congress is likely to be asking afterwards.

To be fair, Corzine may have been playing dumb in part based on legal advice. However, forget that and, while you’re watching him, think about the answers you would like to give if it were you on the hot seat. You’d want to know where the money was or to name the person you trusted with it and what that person did. You’d want to describe the controls preventing people from misusing the money, not in technical detail, but in simple terms anyone can understand. If the controls are too complicated to explain to Congress, they’re too complicated to be robust.

The next step is to think about your risk management responsibilities. Imagine that a disaster has occurred, and that you’re being grilled by Congress. If you can think of any question they may ask you that you’d be embarrassed if you didn’t know, go out and ask it now, before the disaster.


In August of 2007, before the great financial meltdown of 2007–2009, David Viniar, the chief financial officer (CFO) of Goldman Sachs, famously said, ‘We were seeing things that were 25 standard deviation moves several days in a row.’ The quotation was ridiculed by people who know only a little statistics. Its true meaning is worth heeding for a risk manager.

This computer simulation of a quincunx is a device that demonstrates how random bounces can produce a neat bell-shaped curve. In the simulation on the website, one standard deviation is two bins wide, so the bins on the far left and the far right are four standard deviations (eight bins) away from the centre. Only one in 16,384 balls lands in one of these bins, and if you watch for a few minutes, you can get a feel for how unusual a four standard deviation move is.

To get a 25 standard deviation move, you’d have to watch 7 followed by 187 zeros balls to see one land 25 standard deviations (50 bins) away from the centre. So on a quincunx, a 25 standard deviation event is essentially impossible. Under a normal distribution, 25 standard deviation events are a little more common, but the probability is still 7 followed by 137 zeros.

But not all 25 standard deviation events are anywhere near that unlikely. One way to translate a statement about an N standard deviation event into something intuitive is flipping a fair coin N2 times in a row and getting all heads in an N standard deviation event. So a one standard deviation event, flipping a coin once and getting heads is common. A two standard deviation event, flipping four heads in a row, is rarer, but it certainly happens. Flipping three standard deviations, or nine heads in a row, is getting decidedly unusual and as you go to four, five and six standard deviation events, you really don’t expect to see many, even if you flip coins every day for a living. A 25 standard deviation event is like flipping 625 heads in a row, which just doesn’t happen.

Another kind of N standard deviation event is to have one coin with heads on both sides, and N2 coins with tails on both sides. Pick one coin at random and flip is repeatedly. It is an N standard deviation event to get any number of heads in a row. Now the chance of a 25 standard deviation event is 1 in 626 (252 + 1), which is rare, but entirely plausible.

Other types of 25 standard deviations events also exist with different probabilities. So whenever someone tells you about an N standard deviation event, remember that the probability may be as high as 1 in N2 + 1, or as low as flipping N2 heads in a row (or even lower).


In 1938, construction began on a bridge to connect the town of Tacoma on the eastern side of Puget Sound in Washington state to the Kitsap Penninsula on the western side. The Tacoma Narrows bridge opened on 1 July 1940, and collapsed spectacularly three months later. The disaster is particularly famous because it was captured on film.

Building the Tacoma Narrows bridge presented unusual challenges, which were met in innovative ways. The bridge was the third-longest suspension bridge in the world during its brief lifespan, but it was only two lanes wide instead of the typical six or eight lanes. During construction of the bridge, workers nicknamed it Galloping Gertie because it had a strong transverse vibration (meaning the east end of the road would rise while the west end would decline, and vice versa, so drivers were always driving uphill or downhill). A lot of effort was devoted to controlling this vibration and making sure that it didn’t endanger the bridge or travellers. In the end, it wasn’t the transverse vibration, but the torsional, or side-to-side, vibration that broke the bridge and brought it down.

A couple of details to the story are worth a risk manager’s consideration:

  • False explanations often stick. In the aftermath of the bridge collapse, engineers knew immediately that torsional, or side-to-side, vibration was the cause. But the myth somehow arose that the Tacoma Narrows bridge collapsed due to resonance of transverse, or lengthwise, vibrations. This erroneous explanation can be found in physics books and popular accounts today.

Typically, glib but false explanations elucidate a valid principle (in this case, resonance) that just doesn’t happen to be the most relevant principle for explaining the disaster. Nevertheless, the dramatic pictures and simple story become beloved examples for people (physicists in this case) who care about the principle more than the actual disaster. Although the faulty explanation may lead to more entertaining physics texts, it subverts the important risk management lessons.

  • Not all disasters are bad. No one was killed in the Tacoma Narrows collapse, and the economic loss and disruption was small. The bridge engineer Othmar Ammann wrote: ‘The Tacoma Narrows bridge failure has given us invaluable information. It has shown that every new structure that projects into new fields of magnitude involves new problems for the solution of which neither theory nor practical experience furnish an adequate guide. This point is when we must rely largely on judgement and if, as a result, errors, or failures occur, we must accept them as a price for human progress.’

The new ideas and techniques used to build the bridge revealed a new type of bridge problem. This problem of torsional vibrations destroyed the Tacoma Narrows bridge but led to improvements in all bridges. Civil engineer Henry Petroski wrote, ‘No one wants to learn from failure, but we don’t learn enough from success to advance the state of the art.’ The alternative to disasters like the Tacoma Narrows bridge is to never try new things.


Although the fire drill from the television show The Office is intended as comedy, it by no means exaggerates the irrational and uncoordinated behaviour that characterises reactions to crisis. In calm times, you can easily assume that everyone reacts sensibly to unusual or unexpected events. Risk managers know differently.

The way to avoid dysfunction is to think through common situations in advance. You can then come up with useful precautions to take ahead of time and decide the appropriate procedures ahead of time then train and drill people in them. Don’t just hand out instruction sheets or make people click through an online tutorial; you need to engage people in realistic training.

Everyone pays lip service to the information in the preceding paragraph, but most people don’t really do it. You may worry that you won’t think of every disaster that may befall your firm, but that’s not the important part. Preparing for the things you can foresee gives you the tools and discipline to react to what actually happens. Preparing for a fire, or a stock market crash, or a bank failure or a liquidity shock gives you general capabilities that can help in different types of trouble.

Another excuse for neglecting drills is that you don’t know any good procedures to deal with crises. How do you write instructions for a terrorist bomb, or a high-ranking embezzler or a cyber-attack? Such things can happen so many ways, and what can you do? That’s when you watch this video and realise that you don’t need a great plan, or even a good plan, all you need to do find a plan that’s better than what the characters in The Office did. That’s your alternative, and is an easy benchmark to beat.


At 6 feet 5 inches tall and weighing 412 pounds, American wrestler Chris Taylor was the largest person to compete in the 1972 Olympics. He was not only large, but phenomenally strong and quick and a gifted wrestler to boot. He was a heavy (pun intended) favourite to win the Greco-Roman wrestling gold medal at the 1972 Olympics in Munich. It was even suggested that he be awarded the medal without competing so as to prevent injury to the other wrestlers.

In the match, Taylor faced Wilfried Dietrich, a 6-foot tall, 260-pound German wrestler. Dietrich won five Olympic wrestling medals, more than anyone else but at 38 years old was nearing the end of his 17-year athletic career.

The video of their match can be used to illustrate a lot of lessons: the race is not to the swift, nor the battle to the strong; it’s not the size of the dog in the fight, but the size of the fight in the dog; the bigger they come, the harder they fall. Unexpected results and daring tactics have a big place in risk management.

However, focus on another aspect of this story, unfortunately missing from the video. Before the match, Dietrich went over to Taylor and gave him a hug, something that’s not usual in wrestling. Why? Dietrich had to be sure that he could get his arms around Taylor to execute the belly-to-belly overhead move he used to win the match.

Posted by: Gordon Mackie AT 03:13 am   |  Permalink   |  0 Comments  |  Email
Friday, September 21 2018

Hello again!

We've been a bit quiet on the Blog front, so it's time to spice it up a little!

I'm proud and honoured to be Chair again for the 2018/19 period, and even in my short span in the chair I've seen a lot of changes - all for the better!

Our Learning & Education sessions are going from strength to strength, and getting rave reviews in the process.

We would like to encourage all our members to check out our upcoming events here and come along. You'll meet like minded people and have a great half day learning and networking!

You'll soon see more entries in the blog from other board members - feel free to use the 'comments' to ask us questions or suggest topics for us to cover.

Hopefully see you at one of our events soon!


Posted by: Chris AT 11:07 am   |  Permalink   |  1 Comment  |  Email

Add to favorites
Wednesday, 01 September 2021
Dind out what you could do for us, and what we could do for you if you join the Board of Scottish Continuity
Tuesday, 16 February 2021
An overview of upcoming events hosted by Scottish Continuity through 2021, and news about membership fees.
Tuesday, 09 July 2019
A welcome from the new Chair
Tuesday, 04 June 2019
Tuesday, 14 May 2019
Scottish Continuity Group AGM Find out where and when
Sustaining a Resilient Community

Scottish Continuity

Site Powered By
    WebKeeper WebSite Builder
    Online web site design