Do Your Risk Management Processes Really Work?

March 8, 2016

cropped imageThe other day I was caught in a sudden downpour. It was raining harder in Seoul than I’ve seen it rain in a long time.  It was if the rain was washing away all the dirt and grime, a real spring cleaning.  Looking at the rain it reminded me that sometimes we need to wash our risk management processes to.  Or at least re-examine them.

When talking to your staff or to other departments, how often have you heard the phrase “That the way we have always done things.” Just because corporate processes have been done one way doesn’t mean that the best way or even in todays’ fast changing world- the right way.  Even after 2008 many companies continued to use the failed metrics that got them into trouble in the first place.  Even the credit markets haven’t changed as much as you would think after 2008.  Why?

I truly believe that once processes are created in a corporate or bureaucratic environment, it is as if the processes have been set in stone. They are very hard to change.  Even if the world around the company has changed.  It is human nature to accept what has been done in the past.  Few people want to “rock the boat” even if the proverbial boat is actually sinking.  Companies get into real trouble because of this.  What happens if the company’s business model actually is out of date or its business plan is no longer viable?  Just because it worked in the past doesn’t mean it will work in the future.

I therefore caution everyone not to blindly accept the current legal risk management processes in place. Risk managers as well as in house counsel and other managers should be challenging risk management metrics on a regular basis.  Counsel should be auditing departments on a regular basis.  Does that compliance program really work?  Maybe it did 5 years ago.  But what about today?

Remember, if local or national laws have changed maybe the current processes are out of date. If the products that your company manufactures or the services it provides have changed maybe the internal processes surrounding the review of those products and services are out of date.  What about the current social environment?  When reviewing your current product liability review processes have you factored in the new risks created by the Internet of all Things?  These risks are real.  Are you ready for them?

It is a fundamental truth that all things change. Some change faster than others.  Regardless, don’t rely on your old or standard risk management processes to continue to provide the same level of comfort they did in the past.  Continue to review and to modify them if necessary.  Therefore, have you re-examined your checklists to confirm if they are still relevant or do they need updating?  If you are using a heat map are the presumptions still the same?  If you are looking at the top twenty threats to your company have the threats stayed the same or have they in fact changed?  Remember to give your processes a good spring cleaning.

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram