Anyone in an organization can take the lead on risk management, simply by posing the right questions to department heads and top executives before crisis arrives. You don’t have to be the CEO to make sure that your company is ready for one of the inevitable bumps and bruises that every company will eventually go through. The first step in leadership for any team is to look at the long list of stakeholders is to ask the hard questions.
What are these hard questions? To start with, take a long, hard look at all of your stakeholders and consider both what perils could face and what perils they can bring! From there, come up with some concrete questions regarding issues that may come up regarding PR risk, Credit Risk, HR risk. Here are some examples of good questions to ask to prevent crisis:
What are your communication protocols? Who comes up with the initial messaging? What communication channels do you have? Who is responsible for each of them?
When things go pear shaped, time will be of the essence, so you need to have the plan ready before the crisis hits. Don’t be left flat-footed when it does.
Where do you keep your compliance records, including evidence of training? Does your compliance program include relevant training for employees? Who determines the training you give to employees?
Your legal team should be actively supplying you with the relevant laws and regulations for your industry, and you need to keep meticulous records to show that you are in compliance with them. If not, when the regulators come calling you’ll make it easy for them to potentially levy fines. And if you don’t have the proper records, if your company is charged with crimes, such as antitrust violations, your company may not get credit for being in compliance.
Have you conducted an audit of the HR department to determine what risk issues exist? If you offer employee benefit plans, have you audited the employee benefit plans to determine if you are in compliance? What risk management processes are in place to prevent harassment claims?
Disgruntled employees - and former employees - are a fact of life. If you have properly trained your entire team by giving them guidance on acceptable and unacceptable behavior, and recorded your compliance and training records, then you can defend your organization against unfair allegations. If you didn’t then you’ll find yourself paying out in the end.
What processes are in place to protect your client’s data? Are you in compliance with all privacy policies of the countries you do business in? Do you train your employees on protocols to properly protect your data? What IT systems do you have in place to protect your data from hacking?
Target, SK Telecom, Uber, Equifax, even America’s NSA have been hacked. The fact that it has happened to so many organizations means that it can happen to anyone. You need to be actively testing your own systems, protocols and employees to make sure that it doesn’t happen to you.