From war planning and strategising to firewalling businesses against risks from security and fraud related issues, there are parallels to draw and lessons to transfer, says former IA F Flight Lieutenant and now Managing Partner of Xpertisehub Risk Management Services LLP , Sreekumar Narayanan
A childhood tryst with radio magazine features on Voice of America (VOA) was enough to set off a ‘flight of fancy’ into the world of aeronautics and aerospace for Sreekumar Narayanan, Managing Partner, Xpertisehub Risk Management Services LLP. His childhood curiosity led him to send a few sensible questions to VOA magazine that won him a colourful collection of coffee-table books on ‘Apollo Expeditions to the Moon’ and magazine editions of ‘Scientific American’. While this aroused his first curiosity and the latent desire to become either an aeronautical or an aerospace engineer, it also enabled him in later years to combine a course and a job, landing him in the Short Service Commission (SSC) of the Indian Air Force (IAF). While planes and cars are the first pipedreams of most youngsters, Narayanan’s calling for the ‘blue skies’ took off as an SSC Engineering Officer with the IAF. With strategic IAF ‘Guided Weapons’ training on war planning and preparation, his understanding of the fundamental principles of military and war waging capabilities early on in his career helped pave his corporate roles too. In fact, building on the warfront strategy of deciding a ‘right-time’ for ‘call-to-action’, he had ample grit to move away from the forces to embark on his corporate journey. The journey of a Pilot Officer (IAF) from 1987 to his final posting as Flight Lieutenant (1991) to VP and Head-Global Command Centre (Reliance) and to his current role as Managing Partner with Xpertisehub is a long leap forward. Narayanan shared his transition from the IAF to his venture as corporate risk management strategist-enabling companies to firewall themselves from business related frauds. He also spoke on corporate security solutions largely linked to violations of assets, information, reputation and operations, on new age app-driven security solutions and on Corporate Governance, Risks and Compliance (GRCs).
It is scientifically validated that early personality orientations are influenced by ‘nature and nurture’. However, my family had more science, engineers, lawyers and doctors as professionals and not people in business entrepreneurship or defence combat roles. Hence, there was a clear proclivity towards engineering and science in my early years, given that my father, C N Sreedharan too was a Math professor at Manipal Institute of Technology for close to 35 years. But my adolescent years in the 1970s and 1980s was much influenced by the AM Radio, the most modern piece of equipment (in semi-urban India), which I exploited to the hilt. From BBC news to Russian pop music on Radio Moscow, topical news from FEBA Radio Seychelles to the Jazz Hour by Willis Conover on VOA, one was free to board and fly flights of imagination across continents in search of what one heard on the AM Radio. Of course, published editions on the future of spacecraft and aircraft did trigger my first curiosity and desire to become an aeronautical or aerospace engineer.
No, in fact, some dissuaded me from joining and agreed only when I told them that it would be a short-service-commission (or SSC Officer) stint in the IAF. Awareness of a career in the Indian Defence Forces was comparatively less in South India those days, compared to what it is today.
Post my Mechanical Engineering degree at MIT Manipal, I pursued my desire with an Aeronautical Engineering course through an IAF advertisement that combined good job prospects too. The IAF advertisement for SSC Engineering Officers seemed to fit the bill and I applied and was selected for the # 4SCC Commissioning course under the Air Force Selection Board (AFSB), Dehradun. The initial six months of the Aeronautical Engg. (Mechanical) course was conducted at the Air Force Technical College (AFTC), Bengaluru. We were then drafted into either Missiles stream (Guided Weapons or Air Defence) or Aircraft stream. As SSC Officers, we were sent to Barrackpore, West Bengal for the ‘Guided Weapons’ course which lasted another six to seven months. After the course, we got posted to Operational Squadrons in the western sector in the Missiles stream (Air Defence Units). My final years from 1991 to 1993 were serviced as Flight Lieutenant, AF Station Surya Lanka (Guided Weapons Firing Range-GWFR) for IAF and some AD battalions of the Army and Navy (mainly new guided weapon acquisitions, missile systems testing and acceptance). I also performed additional roles of Adjutant, Admin Officer and Security Provost.
“By moving away from the brick and mortar enterprise model, there will be more dependency on security as regards protection from theft, violations and regulatory breaches in the digital world“
It was a fascinating experience learning the fundamental principles of military and war waging capabilities early in my career and it certainly influenced my thoughts and career goals. The military experience itself was limited to six years but its influence will always be profound. The concept of layered defence, war planning and annual exercises, new weapons testing, tactical formations and strategic depth, camouflage and concealment when deployed in frontline or combat areas were all new knowledge beyond the purview of civil life. Also, air defence doctrines, such as forward base strike formations, battle reserves and rapid mobilisation to the frontline, close air support to the infantry and armoured divisions of the army and how achieving air superiority alters the equation of an advancing ground force - made me think about the many principles of the battlefield that can be ported to life in business.
My certifications have been primarily gained within the IAF, Ministry of Defence and I am not industry certified. My six-year stint and its varied training experiences also encouraged me not to step out of IAF. However, towards the end of the sixth year, I did get an option to convert to the aircraft stream (from the missiles stream) and a further compulsory service of another 14 years in permanent commission before being eligible for pension (SSC is not eligible for pension but has full ex-serviceman status). But with few operational stations in the southern part of India and given my family circumstances then, I could not see myself posted to AF stations located mainly in the North, North West and North East India. The other compelling reason was to test new waters as most of my engineering classmates with dual MBA degrees had new and interesting stories to narrate on new products, markets, business models, revenue models and also on work place diversity; many who managed to go overseas too. This led me to look seriously at the corporate sector and try out new career choices.
The military teaches us that in our natural state we must be ‘risk-aware’ and constantly develop our ‘response-capabilities’. This also includes developing of a new product or innovate (when an earlier used method or device becomes ineffectual); acquire new knowledge, certification or practice in order to fulfil a higher order demand, identify and assess what factors are limiting our performance, delivery or rewards, etc. With these tinkering thoughts and the idea to venture anew, I decided to ‘risk’ it out with solution driven ideas.
Knowledge-skills-abilities of Defence do not find immediate currency or convertibility in civil life and industry. Those days before IT developed the way it stands today, many an experience of an IAF personnel could not be ported quickly into civilian career pursuits. Hence, there was a period where we found common denominators and worked our way around the ‘gaps’ which defence personnel often faced then. Today, the transition and resettlement are better structured and organised. Also, the ‘culture and skill shock’ for retired or released personnel is not very pronounced as even defence forces have borrowed many good ideas of Key Responsibility Areas (KRAs) or Key Performance Indicators (KPIs) and performance metrics from the civilian industry.
Leadership and motivational skills come naturally to defence officers. That is the ‘essential sauce’ to succeed in a culturally diverse and relatively harsh field environment that we operate in. So, the natural calling was something to do with security, administration or HRD. A chance meeting with a like-minded entrepreneur in Calicut, Kerala got us to start a first-of-its-kind HRD Centre called MASTERS training centre that offers small and medium enterprises (SMEs) and mid-sized companies leadership and problem-solving skills while also imparting new inspirational ideas in business management. It was well received and we carved out an enviable space for ourselves. However, our expansion plans in Dubai went awry and we faced the first challenge of business expansion. The fall-back option then was to embark on the next skill-set latent to all defence officers-that of Security, Safety and Risk Management which I could find in the UAE and then Muscat (Oman) before I set out to Bengaluru in the area of Business Development in Security Systems.
For companies into risk management, it is an idea whose day will come-chiefly, due to the 100-year old institution called ‘Business Organisation’ that is slowly outliving its meaning in a digitally connected era. Job roles are fungible and with Artificial Intelligence (AI) and automation taking away many jobs that are repetitive or involve basic cognitive functions, there may be no organisations or jobs at all as we understand today. There will only be business problems seeking security expertise. Are the youth in India ready for this reality of tomorrow? By moving away from the brick and mortar enterprise model, there will be more dependency on security as regards protection from theft, violations and regulatory breaches in the digital world. Understand that while safety essentially deals with life and limb, security is largely linked to assets, information, reputation, operations. Safety involves people issues and security entails protecting both people and assets.
Most organisations do not have a working risk assessment document and they tend to be more reactive than proactive. When there are life safety situations or events such as loss of assets or information, they tend to look for some solution and that is when they approach companies like us who are into risk management consulting. The trigger point is either some security incident or breach of life safety issues. Theft, work place harassment and fraud are some of the primary triggers when companies look out for risk management consulting.
Close to 25% are IT/ITES/BPO related, FMCG and Food Beverage (FB), put together account for 35%, around 30% queries are divided between pharmaceutical companies and healthcare and the remaining 20-25% come from SMEs.
In the SME sector, the factors associated with risk are rather difficult to handle. They have security events that cause disruptions and loss events, yet they would not like to engage or be involved in such an environment (risk assessment and aversion) as they still don’t know about the takeaways or values derived from risk management which is always an uphill task. They often approach us as a last resort to tackle their problems.
In pharmaceuticals, despite 30% of our business coming from the pharma sector, this number is a bit skewed as it does not show some of the risk issues, as most companies are concerned with field sales and HR. Consequently, we had a number of instances where there were a lot of HR and sales force issues which we were asked to investigate. Some of the evils here are misreporting of sales figures. Pharma sale is a high-pressure job; they have numbers to report and we find that the sales force tends to get into a lot of disagreement with their managers. This calls for human risks, which are much wider and greater in this sector because of the large sales force and the pressure to perform.
Yes, government agencies and public corporations have approached us and we have assisted them in two areas-Digital Investigative Forensics course program and tools to gather Risk Intelligence from Open Source Networks. It is private companies who are initially hesitant to look at scientific risk assessment methodologies and on Governance, Risk and Compliance (GRC) tools and frameworks. They do so when regulatory reporting mandates that they develop such capability or if they have already had a lossevent which has affected their brand reputation which makes it imperative for them to modernise risk assessment audits.
Every mid to large organisation works under the GRC framework. We are also channel partners and are working towards a GRC software. Typically, if a company has access to GRC platforms, they can pull out concerns pertaining to supply chain, HR, operations or in building infrastructure, and report on those non-compliance violations by checking the repository on the app or platform. When they do not have the competency to get an outcome from the platform, they would then ask for tactical investigations. We then send our investigators who give them the desired outcome. Issues could vary from being people or infrastructure related, or those pertaining to technological issues, breaches related to security, engineering issues, or issues related to either compliance , ethics or regulatory. In all these aspects, at the first level they can get solutions from the GRC platform, but where they do not get the desired outcome to close the case, they come to experts like us.
“It is private companies who are initially hesitant to look at scientific risk assessment methodologies and on Governance, Risk and Compliance (GRC) tools and frameworks. They do so when a regulatory reporting mandates that they develop such capability or if they already had a lossevent which has affected their brand reputation and it has now become imperative for them to modernise risk assessment audits”
With India being in a good stead as regards the RTI Act, whistle blowing has become popular in large corporate houses. Organisations largely do not have the means and mechanisms to allow employees to report violations or breaches. However, sexual harassment is well known, but there are a lot of smaller issues that do not come up front. Nowadays, in large corporations, there is a whistle blower’s line which gives access to a chairman’s /MDs email ID, where any employee can write about any particular issue. The system actually classifies the grievance into HR, work place ethics, employee contract issue, building of safety issue, etc. As a security compliance provider, we always advice companies to ‘over report’ than ‘under report’ violations and breaches. It is better if people report more.
Understand that deliverables are different-where one contributes to national security, territorial integrity and social harmony, the roles change to delivering value to a set of internal and external stakeholders. Most defence means and tactics of accomplishing them are still relevant but if there is no appreciation of the “changed context” in civilian life, it will be a recipe for failure. Operating principles of military or defence do not apply to civil life.
I would recommend regular industry-scan, business reading, uptake of concepts and lexicon of business and industry. Develop more revenue orientation than operational orientation and understand what drives business and numbers. In short, from mobilising troops and material, understand what it entails to deliver goods and services to the market and closely understand what is ‘customer orientation’ or why customer is your raison d étre.
By Sangeeta Ghosh Dastidar
