Do Your Risk Management Processes Really Work?

cropped imageThe other day I was caught in a sudden downpour. It was raining harder in Seoul than I’ve seen it rain in a long time.  It was if the rain was washing away all the dirt and grime, a real spring cleaning.  Looking at the rain it reminded me that sometimes we need to wash our risk management processes to.  Or at least re-examine them.

When talking to your staff or to other departments, how often have you heard the phrase “That the way we have always done things.” Just because corporate processes have been done one way doesn’t mean that the best way or even in todays’ fast changing world- the right way.  Even after 2008 many companies continued to use the failed metrics that got them into trouble in the first place.  Even the credit markets haven’t changed as much as you would think after 2008.  Why?

I truly believe that once processes are created in a corporate or bureaucratic environment, it is as if the processes have been set in stone. They are very hard to change.  Even if the world around the company has changed.  It is human nature to accept what has been done in the past.  Few people want to “rock the boat” even if the proverbial boat is actually sinking.  Companies get into real trouble because of this.  What happens if the company’s business model actually is out of date or its business plan is no longer viable?  Just because it worked in the past doesn’t mean it will work in the future.

I therefore caution everyone not to blindly accept the current legal risk management processes in place. Risk managers as well as in house counsel and other managers should be challenging risk management metrics on a regular basis.  Counsel should be auditing departments on a regular basis.  Does that compliance program really work?  Maybe it did 5 years ago.  But what about today?

Remember, if local or national laws have changed maybe the current processes are out of date. If the products that your company manufactures or the services it provides have changed maybe the internal processes surrounding the review of those products and services are out of date.  What about the current social environment?  When reviewing your current product liability review processes have you factored in the new risks created by the Internet of all Things?  These risks are real.  Are you ready for them?

It is a fundamental truth that all things change. Some change faster than others.  Regardless, don’t rely on your old or standard risk management processes to continue to provide the same level of comfort they did in the past.  Continue to review and to modify them if necessary.  Therefore, have you re-examined your checklists to confirm if they are still relevant or do they need updating?  If you are using a heat map are the presumptions still the same?  If you are looking at the top twenty threats to your company have the threats stayed the same or have they in fact changed?  Remember to give your processes a good spring cleaning.

1 Comment

  • The same is also true for Disaster Response Plans (BCPs) / Recovery procedures etc. Companies spend considerable sums preparing procedures in the event of a negative impact and it sits on the shelf gathering dust. When was the last time your company ran a fire drill? Who is responsible for making sure everyone is out? How many blind people do you employ? (did he say blind people?) Yes. In a smoke filled building where visibility is zero whose hand will you grab to make it to the door?
    Where is your back-up office for emergency relocation – or at least who has the list of realtors with the capacity to rapidly supply floor space? etc etc etc….
    A Risk Management Plan / BCP etc will only be effective if it is updated regularly and staff understand how to use it….!!!
    Anthony Hegarty MSc

    Anthony Hegarty March 9, 2016

Leave a comment

Your email address will not be published.