As 2020 comes to a close, it is time for many organizations to analyze its risk management processes and how well the processes managed the risk events that has recently occurred. For many companies, Covid-19 was a catastrophic or near catastrophic event. Those companies that were prepared to handle the pandemic (such as those that had business continuity plans in place, etc.) were able to handle the risks presented by Covid 19. Those that were not prepared had a harder time. What successful companies know is that in order for a company to succeed it not only has to a sustainable business model but it has to constantly review its risk processes. After all, what happens when the current business model does not work anymore? What happens when the risks outweigh the benefits of continued standard corporate operations? So, maybe it’s time to re-examine your risk management processes. Do they really work?
When talking to your staff or to other departments, how often have you heard the phrase “That the way we have always done things.” Just because corporate processes have been done one way doesn’t mean that the best way or even in todays’ fast changing world- the right way. Even after 2008 many companies continued to use the failed metrics that got them into trouble in the first place. Even the credit markets haven’t changed as much as you would think after 2008. And of course, some companies have not changed processes during Covid. But why?
I truly believe that once processes are created in a corporate or bureaucratic environment, it is as if the processes have been set in stone. They are very hard to change. Even if the world around the company has changed. It is human nature to accept what has been done in the past. Few people want to “rock the boat” even if the proverbial boat is actually sinking. Companies get into real trouble because of this. What happens if the company’s business model is out of date or its business plan is no longer viable? Just because it worked in the past doesn’t mean it will work in the future.
I therefore caution everyone not to blindly accept the current risk management processes in place. Risk managers as well as in house counsel and other managers should be challenging risk management metrics on a regular basis. Counsel should be auditing departments on a regular basis. Does that compliance program really work? Does the business continuity plan really work? Maybe it did 5 years ago. But what about today?
What about re-examining the areas of risk management responsibility? The areas should include the purpose and policy of the RMD in the organization, the functions and execution points of the RMD (who does what, when, how, reporting lines, etc.) as well as a detailed outline of the procedures and processes of the RMD. Procedures and processes can include:
-conducting risk assessments of the organizations’ divisions and departments
-developing solutions for the various risk management issues
-developing business continuity plans
-coordination with various departments to assist with compliance issues
-oversee loss control concerns
-develop training for the organization’s employees covering various risk related areas of concern such as product safety, etc.
Remember, if local or national laws have changed maybe the current processes are out of date. If your organization was not prepared for the Covid 19 pandemic, maybe the current processes are out of date. If the products that your company manufactures or the services it provides have changed maybe the internal processes surrounding the review of those products and services are out of date. What about the current geo-political environment? When reviewing your current product liability review processes have you factored in the new risks created by the Internet of all Things? These risks are real. Are you ready for them? Does your current business model still work or is it outdated? What about data privacy laws? What about business continuity plans?
It is a fundamental truth that all things change. Of course, some things change faster than others. Regardless, don’t rely on your old or standard risk management processes to continue to provide the same level of comfort they did in the past. Continue to review and to modify them if necessary. And don’t think that just because “that the way things are done” your company should continue to operate as usual.
So if you haven’t re-examined your risk management processes- now is the time to do so.