The best articles from around the web and R&I, handpicked by R&I editors.
Workers' Comp news and insights as well as columns and features from R&I.
Update on new scenarios as well as upcoming Risk Scenarios Live! events.

Joanna Makomaski

Joanna Makomaski is a specialist in innovative enterprise risk management methods and implementations techniques. She can be reached at

Column: Risk Management

Rumor Control

By: | June 2, 2014 • 3 min read
Joanna Makomaski is a specialist in innovative enterprise risk management methods and implementations techniques. She can be reached at

We all played the game as children — we called it “Broken Telephone.” Children would sit in a circle and someone would whisper a phrase into their neighbor’s ear as quietly as possible. Each neighbor would pass on what they heard until the phrase returned to the message originator.

There were no winners. The game was for sheer amusement when you heard the final, usually unrecognizable message. This game was to teach us how easily information can get corrupted if we’re not careful.


So why is it that many decades later, I often feel I am once again sitting in a circle, this time a much larger corporate circle, listening to what someone said somewhere about something, then passing it on as though it were true?

Did we learn nothing?

Based on what I have experienced, it feels we at times give too much credence to rumors spread around corporate offices.

In fact, it is not that uncommon to witness disciplinary action taken on an employee solely based on information spun in an office rumor mill.

Do rumors pose a corporate risk? Consider a common rumor — that of a pending “corporate restructuring.” We have all sat in that rumor circle at one point. The degree of anxiety and insecurity that runs rampant through an organization with that rumor is astonishing. And sadly it can quickly harm productivity, morale and ultimately profitability.

Exacerbating things is the amplification power provided by our social media and communication tools.

Gossipers no longer have to limit their sharing to just their immediate neighbor. They now have the exponential power to broadcast information to hundreds and thousands of people whether their story is true or untrue.

In fact, the fear of this risk pushed the Chinese government last year to institute harsh new measures aimed at thwarting the spread of online rumors by threatening three year jail sentences if posted rumors were proven untrue. People could be charged with defamation if their online rumors are reposted more than 500 times or visited by 5,000 Internet users.

Short of jailing our employees, should companies try to proactively manage their rumor mill? Should they manage the potentially damaging effects of rumors before they get out of control? In effect, should companies have a rumor risk management strategy?

Some common guiding principles for rumor risk management strategy include trying to keep employees informed as much as a possible — true and timely information is key.

We should try to avoid vague corporate speak or double talk as much as possible. Don’t let employees fill in the blanks for you. It is likely the blanks started the rumor in the first place.


Create mechanisms that allow employees to be linked with a source of truth. Call it a rumor control center. We know that “mystery leads the mind to dark places” so it is best they have a place to go to alleviate their anxiety.

As management, if you yourself hear a rumor, nip it in the bud. Break the chain and kill the game of broken telephone. Use it to your advantage if need be. Send correct messages into the circuit. But do act quickly, as rumors become stronger and more difficult to stop over time and can become accepted as truth.

Lastly, don’t forget to do a post mortem. Try to get at the root of the rumor and manage the situation better going forward.

Read more of Joanna Makomaski’s columns on risk management.

Share this article:

Column: Risk Management

Killing With Kindness

By: | May 1, 2014 • 2 min read
Joanna Makomaski is a specialist in innovative enterprise risk management methods and implementations techniques. She can be reached at
Topics: May 2014 Issue

I recently attended a baby shower. As per tradition, the room was filled with moms, kids, pink frilly things and plenty of unsolicited advice on child care.

One toddler caught my risk management eye. She happily zoomed around the room on her new wobbly legs as she sucked on her bottle of milk.


Almost as though on cue, we heard a loud crash. She dropped her glass baby bottle. The bottle broke into a million pieces. Rattled, the baby started to cry, ran through the shards of wet glass to seek out mom. Mom pulled out another bottle for her. Moments later, she calmed. All was quiet again.

Only a few minutes later, we hear yet another crash. Mom pulled out another bottle. And no lie, it happened again. But this time mom ran out of glass bottles.

Finally, a grandmother dared to suggest to mom, “Maybe it would be better to use a plastic baby bottle in the future?”

Uh-oh. We all went silent and waited for the inevitable. We woke Mom-zilla. Mom gave granny an earful with a lecture on the clear and present dangers of the common plastic ingredient bisphenol-A (BPA) used to make the polycarbonate and epoxy resins in everything from DVDs to baby bottles. How dare this ancient grandma suggest such a dangerous thing for her daughter?

Poor grandma forgot the first law of risk management: Never take on a first-time mother drunk on hormones and crazed by exhaustion.

But clearly grandma knew the second law: A well intentioned risk mitigation plan can sometimes create an equal or more threatening risk.  I call this law: killing through good intentions.

We see this often in the risk management world. We come up with a risk solution to a real or perceived risk. By implementing the risk mitigation, we create an equal or even bigger problem. Consider the early generation of vehicle air bags. Their intent was to cushion the blow of vehicle impacts, not to smother children to death when deployed. But that is indeed what they did.

I truly believe that good risk management planning involves a balance of ingenuity with critical thinking, healthy perspective and common sense. We should try to analyze solutions from cradle to grave. Try to consider the interdependencies or cascading effects of our plans. In essence, we should really try to think things through.

I have no doubt that the toddler’s mom had only good intentions: to thwart the evil threat of her child ingesting BPA. But what I found more concerning is that for some reason, she could not see the more imminent and real-time danger posed by the sharp wet shards of glass all around her child on multiple occasions.

Our risk analyses need to compare threat to threat as environments and conditions change. For instance, use plastic bottles when we are likely to experience dangerous chips, cracks and breakages of glass bottles. If leaching BPA worries us, heat milk in a glass vessel and then transfer to the plastic bottles. (But for what it’s worth, BPA-free plastic items are clearly labelled and easy to find.)

If your home is wall-to-wall with thick carpeting, it may be safe to let your child run wild with the glass bottle. If she develops a fascination for the sound it makes when it thwacks against the wood or metal furniture, switch to a plastic bottle instead.

Most importantly, if you plan to go to a baby shower in a room with porcelain floors and self-righteous moms, best to consider using plastic bottles. Not worth risking both baby and mom getting cut up.

Share this article:

Column: Risk Management

Handling the Truth

By: | April 7, 2014 • 3 min read
Joanna Makomaski is a specialist in innovative enterprise risk management methods and implementations techniques. She can be reached at

When I think of Jack Nicholson, the actor, I immediately think of one particular movie: the 1992 classic, A Few Good Men. If you have seen it, you know the scene that I am talking about — the dramatic courtroom confrontation between Col. Nathan Jessep (Jack Nicholson) and Lt. Daniel Kaffee (Tom Cruise).


Jessep: You want answers?

Kaffee: I want the truth.

Jessep: You can’t handle the truth!

What a line. It’s not surprising that it was voted the 29th greatest American film quote of all time.

What does the average person know about telling the truth? Since childhood, we have been told that honesty is the best policy. Later in life, we learn that ultimately the truth sets you free. But does that only apply to the warm and fuzzy “truths”?

Let’s not forget. Truths can be harsh, ugly and inconvenient things that can expose our ignorance and make us writhe with discomfort. Honesty can make us feel vulnerable. And what happens when someone feels threatened and vulnerable? They tend to bite.

Enter the corporate risk officer. We have been told that the CRO should have the ability to freely engage with the board and other senior management on key risk issues and to access information the CRO deems necessary to form his or her judgment. The organization should not compromise the CRO’s independence. The CRO should feel comfortable honestly discussing risks and emerging issues in the organization.

That is the theory but is it truly attainable in reality? Do we make it easy for our CROs to be honest? Do we create an environment and incentives that motivate CROs to be truly candid about organizational risks and issues?

The bottom line is that telling corporate truths can be very risky for CROs. Being a straight-laced and good intentioned person may not be enough when it comes to delivering uncomfortable messages. I immediately think of the expression: In a forest of trees, it is the straightest trees that get cut first. Could that be the fate of CROs who bare discomforting messages in some environments?

CROs need to be positioned for success. This should not be left to chance. Most importantly, we should consider where the person resides within the organization. Does your CRO have a high enough stature within the organization and clear lines of communication to the CEO and board committees? Does your CRO engage in business and strategy setting with a clear line of sight to information and strategic actions? In order for the CRO to attain a forward-looking risk perspective, they must sit at the executive table and be seen as a peer who is encouraged to be the devil’s advocate and offer different perspectives to enrich discussions without fear of reprisal.


That said, there is much power when one plays the role of the devil. It is equally as important to clearly define the CRO’s duty. A clear expectation and a governance standard should be pre-established with respect to the CRO’s responsibility for ensuring effective risk management and disclosure. Without this, the CRO may dilute focus and stray toward less important issues, lowering the overall effectiveness of the risk management program.

Handling the truth is not just about our ability to receive unpleasant messages and risks. It’s also about handling the messenger and ensuring his or her ability to speak the truth.

Share this article: