Today’s organizational
leaders face more and greater risks in operating their
businesses than ever before. Exposures to the enterprise and
its stakeholders proliferate as executives tackle the tasks of
providing a safe working environment, protecting the company’s
assets, ensuring supply chain security, keeping data secure
and eliminating environmental hazards, as just a few
examples. An organization
that deals with risk on a per-incident basis leaves itself
open to considerable financial exposure. This is because the
real cost of any accident, theft or workplace disorder is
often more than ten times what insurance will cover.
| |
|
Lost work time, workers
compensation claims, fines, higher insurance premiums and,
most importantly, lost customer relationships make up some of
that hidden cost. Arguably,
the organization that dedicates professional staffs to the
risk management in a proactive, holistic way insulates itself
from much of the risk. Yet in too many situations, functional
strategies do not truly permeate the organization or become
part of its culture.
| |
|
Meanwhile, insurance
costs continue to escalate along with the real cost of even
the most minor incident. And while the costs of addressing
risk management issues can appear prohibitive, they pale
compared to the costs of failing to do
so. Fortunately, an approach
exists for organizations to achieve benefits that will
outweigh increased risk management costs. The best solution is
to perform risk management at such a high level that it
becomes a driver of enterprise success. Leaders of
forward-thinking organizations are imagining risk management
as a strategic function that will produce a competitive
advantage with distinctive and varied organizational benefits.
| | |
|
In fact, senior executive
sponsorship of risk management as a key strategic function is
the only way to protect the enterprise, while potentially
generating ROI. As counter-intuitive as it may sound,
investing more time, resources and capital in the management
of risk is the best way of creating a strategy for success.
When risk management becomes
a key strategy for the enterprise sponsored by the highest
levels of executive management, this “expense” can be
demonstrated as an important selling point to acquire and
retain customers, and motivate valued employees. As Chart
#1 illustrates, moving risk management from a problem
driven, “fire fighting” mode to an executive driven strategy
offers a real chance for a return on investment (ROI)
Risk Assessment A
comprehensive risk assessment process can accurately determine
what is at stake for an organization’s people, assets, and
brand reputation, as well as supplier, distributor and
customer relationships. Often this assessment process is
conducted by a third party, who brings the experts,
technology, processes and experience to benchmark an
organization’s readiness. Internal resources may have the
functional excellence to assess their own areas, but may lack
the perspective and tools to conduct an enterprise-wide study.
A third party risk management consultant not only points out
the gaps in the risk management status quo, but also can
complement and supplement the existing staff’s efforts in
fortifying these weaknesses. When an incident does occur, the
same resource can help manage the incident, keeping exposure
to a minimum. Chart #2 shows the risk management
assessment cycle, a continuous improvement process that leads
to better bottom line
results.
| |
What is
your company’s level of Organizational Readiness?
Here are some of the questions executive
leaders need to continually answer to self-assess their
organizational readiness:
|
Does your organization continually
assess its security practices and goals to ensure
it is correctly positioned to address existing and
future risk? |
|
Is the
security process fully integrated into your
organization's culture and business endeavor, and
is it largely proactive in approach? |
|
Does your
company have an effective means of communicating
security information back and forth throughout the
breadth of the organization? |
|
Has your
organization communicated its security philosophy
sufficient to promote widespread and ongoing
management support, and does this commitment
extend to vendors, suppliers, etc? |
|
Has your
company committed to and communicated its "core"
protective polices -- business ethics, workplace
violence prevention, prosecution rules, substance
abuse, background screening, etc. |
|
Does
management understand that their roles within the
organization are pivotal to its continued success
and adequate measures must be taken to protect
personnel, especially overseas? |
|
Do senior
executives understand how, if mishandled, an
emerging crisis can debilitate an organization,
and has management received appropriate crisis
management training? |
|
Is there a
security process that protects your company’s
supply chain, from the transfer of raw materials
through delivery of finished goods? |
|
Does your
organization routinely conduct internal campaigns
to promote workplace safety? |
|
Can senior
management and board members be satisfied that
there are appropriate safeguards at various levels
to protect your company’s data and your customer’s
information from theft and/or contamination? |
|
When an
incident does occur, is there an investigative
process in place to determine root cause, suggest
remedial action and protect the enterprise through
timely internal and external
communications? |
If you can answer yes to all these questions, you are
well on the way to turning risk management into a
strategy for success. And it’s very likely that your
efforts and foresight will yield a positive return on
your investment. If some areas need improvement, please
contact IMG Solutions on (407) 563-1288,
or by
e-mail - chrishagon@globalsecur.com
| |
|
Christopher A Hagon is a Managing
Partner of the Incident Management Group, a
comprehensive risk management and security services
strategic resource that provides organizational
readiness, operations support and incident management
services to organizations, as well as security programs
for individuals worldwide.
Website: http://www.globalsecur.com/
| | |
|
|
|