Today’s organizational leaders face more and greater risks in operating their businesses than ever before. Exposures to the enterprise and its stakeholders proliferate as executives tackle the tasks of providing a safe working environment, protecting the company’s assets, ensuring supply chain security, keeping data secure and eliminating environmental hazards, as just a few examples.
An organization that deals with risk on a per-incident basis leaves itself open to considerable financial exposure. This is because the real cost of any accident, theft or workplace disorder is often more than ten times what insurance will cover.
Lost work time, workers compensation claims, fines, higher insurance premiums and, most importantly, lost customer relationships make up some of that hidden cost.
Arguably, the organization that dedicates professional staffs to the risk management in a proactive, holistic way insulates itself from much of the risk. Yet in too many situations, functional strategies do not truly permeate the organization or become part of its culture.
Meanwhile, insurance costs continue to escalate along with the real cost of even the most minor incident. And while the costs of addressing risk management issues can appear prohibitive, they pale compared to the costs of failing to do so.
Fortunately, an approach exists for organizations to achieve benefits that will outweigh increased risk management costs. The best solution is to perform risk management at such a high level that it becomes a driver of enterprise success. Leaders of forward-thinking organizations are imagining risk management as a strategic function that will produce a competitive advantage with distinctive and varied organizational benefits.
In fact, senior executive sponsorship of risk management as a key strategic function is the only way to protect the enterprise, while potentially generating ROI. As counter-intuitive as it may sound, investing more time, resources and capital in the management of risk is the best way of creating a strategy for success.
When risk management becomes a key strategy for the enterprise sponsored by the highest levels of executive management, this “expense” can be demonstrated as an important selling point to acquire and retain customers and motivate valued employees. As Chart #1 illustrates, moving risk management from a problem driven, “firefighting” mode to an executive driven strategy offers a real chance for a return on investment (ROI)
Risk Assessment for Corporations and Large Organizations
A comprehensive risk assessment process can accurately determine what is at stake for an organization’s people, assets, and brand reputation, as well as supplier, distributor and customer relationships. Often this assessment process is conducted by a third party, who brings the experts, technology, processes and experience to benchmark an organization’s readiness. Internal resources may have the functional excellence to assess their own areas but may lack the perspective and tools to conduct an enterprise-wide study. A third-party risk management consultant not only points out the gaps in the risk management status quo, but also can complement and supplement the existing staff’s efforts in fortifying these weaknesses. When an incident does occur, the same resource can help manage the incident, keeping exposure to a minimum. Chart #2 shows the risk management assessment cycle, a continuous improvement process that leads to better bottom line results.
What is your company’s level of Organizational Readiness?
Here are some of the questions executive leaders need to continually answer to self-assess their organizational readiness:
- Does your organization continually assess its security practices and goals to ensure it is correctly positioned to address existing and future risk?
- Is the security process fully integrated into your organization’s culture and business endeavor, and is it largely proactive in approach?
- Does your company have an effective means of communicating security information back and forth throughout the breadth of the organization?
- Has your organization communicated its security philosophy sufficient to promote widespread and ongoing management support, and does this commitment extend to vendors, suppliers, etc?
- Has your company committed to and communicated its “core” protective polices — business ethics, workplace violence prevention, prosecution rules, substance abuse, background screening, etc.
- Does management understand that their roles within the organization are pivotal to its continued success and adequate measures must be taken to protect personnel, especially overseas?
- Do senior executives understand how, if mishandled, an emerging crisis can debilitate an organization, and has management received appropriate crisis management training?
- Is there a security process that protects your company’s supply chain, from the transfer of raw materials through delivery of finished goods?
- Does your organization routinely conduct internal campaigns to promote workplace safety?
- Can senior management and board members be satisfied that there are appropriate safeguards at various levels to protect your company’s data and your customer’s information from theft and/or contamination?
- When an incident does occur, is there an investigative process in place to determine root cause, suggest remedial action and protect the enterprise through timely internal and external communications?
If you can answer yes to all these questions, you are well on the way to turning risk management into a strategy for success. And it’s very likely that your efforts and foresight will yield a positive return on your investment. If some areas need improvement, please contact IMG (954) 458-5500, or by e-mail – chrishagon@imgsecurity.com