I am getting ready for retirement. It will happen in a month. It really hasn’t hit me yet- but I know I will soon no longer have an office to go to everyday or an office in which to store things. In fact , looking around my office I realize I have files, books and even documents going back 40 years…spanning my career. In essence, clutter.

I am in the process of decluttering my house. My wife and I decided this time around (we have moved six or seven times in the course of our marriage) to do our best to throw out clutter. To go minimalistic if we can. What is clutter you might ask? I think it is stuff that is no longer relevant. Stuff that won’t be used or appreciated. Stuff that will take up space but that we really no longer need in our daily lives. Take clothes for instance. Many of us buy clothes because they are on sale. They are so cheap we have to buy them. We use them once, put them in a closet and then never wear them again. The clothes are irrelevant. We don’t wear them. In fact- we don’t even look at them. They get buried amongst other clothes or pushed into the back of the closet or clothes chest…never to see the light of day. They have become stuff or clutter.

I’ve read from several retirement experts that you should start going through your stuff a good 1-2 years before you retire. It may take that long to get rid of the clutter that has built up in your home. But what about your office? Have you considered that most of the books in your office might be obsolete? Your old documents may be irrelevant. You may have packed your office over time with clutter. Even though you are not up for retirement it still might be worthwhile to take a good look at your office. How many name cards to you have of people you will never call or email? Cards tend to build up over time, especially if you go to networking events. I’ve found over the last few years that most networking events only result in a few good contacts. But the name cards pile up.

Thinking about clutter, I think many organizations allow clutter to build up as well. How many corporate processes, compliance or risk management processes clutter up the organization that have become obsolete or irrelevant? How many documents are in the corporate database that are never used? What about data? Does IT know where all the data is and whether the data is relevant? Are there procedures in place to remove data that has become irrelevant? Maybe it is time your organization declutter itself. Look at your corporate subscriptions to third party reports, memberships, newsletters and magazines. Are they cluttering up your organization? Do you really need a membership to an organization that has become irrelevant to your business? Has your business model changed? If so, many of your processes and documents may indeed be clutter. Time to review your risk management processes.

I am going to continue to review my files. Some I will keep but most are no longer relevant now I am retiring. In fact, looking at most of my old files, books and other belongings I realize they were always just stuff. Time to declutter my office.

As 2020 comes to a close, it is time for many organizations to analyze its risk management processes and how well the processes managed the risk events that has recently occurred. For many companies, Covid-19 was a catastrophic or near catastrophic event. Those companies that were prepared to handle the pandemic (such as those that had business continuity plans in place, etc.) were able to handle the risks presented by Covid 19. Those that were not prepared had a harder time. What successful companies know is that in order for a company to succeed it not only has to a sustainable business model but it has to constantly review its risk processes. After all, what happens when the current business model does not work anymore? What happens when the risks outweigh the benefits of continued standard corporate operations? So, maybe it’s time to re-examine your risk management processes. Do they really work?

When talking to your staff or to other departments, how often have you heard the phrase “That the way we have always done things.” Just because corporate processes have been done one way doesn’t mean that the best way or even in todays’ fast changing world- the right way. Even after 2008 many companies continued to use the failed metrics that got them into trouble in the first place. Even the credit markets haven’t changed as much as you would think after 2008. And of course, some companies have not changed processes during Covid. But why?
I truly believe that once processes are created in a corporate or bureaucratic environment, it is as if the processes have been set in stone. They are very hard to change. Even if the world around the company has changed. It is human nature to accept what has been done in the past. Few people want to “rock the boat” even if the proverbial boat is actually sinking. Companies get into real trouble because of this. What happens if the company’s business model is out of date or its business plan is no longer viable? Just because it worked in the past doesn’t mean it will work in the future.

I therefore caution everyone not to blindly accept the current risk management processes in place. Risk managers as well as in house counsel and other managers should be challenging risk management metrics on a regular basis. Counsel should be auditing departments on a regular basis. Does that compliance program really work? Does the business continuity plan really work? Maybe it did 5 years ago. But what about today?

What about re-examining the areas of risk management responsibility? The areas should include the purpose and policy of the RMD in the organization, the functions and execution points of the RMD (who does what, when, how, reporting lines, etc.) as well as a detailed outline of the procedures and processes of the RMD. Procedures and processes can include:

-conducting risk assessments of the organizations’ divisions and departments
-developing solutions for the various risk management issues
-developing business continuity plans
-coordination with various departments to assist with compliance issues
-oversee loss control concerns
-develop training for the organization’s employees covering various risk related areas of concern such as product safety, etc.

Remember, if local or national laws have changed maybe the current processes are out of date. If your organization was not prepared for the Covid 19 pandemic, maybe the current processes are out of date. If the products that your company manufactures or the services it provides have changed maybe the internal processes surrounding the review of those products and services are out of date. What about the current geo-political environment? When reviewing your current product liability review processes have you factored in the new risks created by the Internet of all Things? These risks are real. Are you ready for them? Does your current business model still work or is it outdated? What about data privacy laws? What about business continuity plans?

It is a fundamental truth that all things change. Of course, some things change faster than others. Regardless, don’t rely on your old or standard risk management processes to continue to provide the same level of comfort they did in the past. Continue to review and to modify them if necessary. And don’t think that just because “that the way things are done” your company should continue to operate as usual.

So if you haven’t re-examined your risk management processes- now is the time to do so.

The events over the last few days and even months have had a major impact on many companies worldwide, especially those in the US. From the Covid-19 lockdowns, unemployment, stock market collapse to the ongoing riots, companies are realizing that those proactively equipped to handle crisis are in a much better situation than those that are just reacting to the recent catastrophic events.

Companies that successfully manage crises have used risk management processes that contain four or five basic crisis management steps in order to prepare for a crisis. They include the following steps:

1. Identify the major areas of vulnerability the company faces.
2. Develop a plan for dealing with potential threats.
3. Form a crisis management team to deal with or handle threats.
4. Simulate crisis scenarios of potential threats to prepare the company.
5. Learn from the experience of managing the crisis.

Other companies have used a variety of processes or steps to handle crises, including:

Avoiding the crisis through proactive steps
Preparing for the crisis through preparation and planning
Properly reacting as soon as the crisis exists, and
Resolving the crisis

To help put everything into context, a company should realize that many crises, including international crises, occur in stages. The crisis management strategy should be prepared to deal with the stages as they unfold. Each stage requires certain responses from the company, and each stage has a certain impact upon a company. Typically, however, a company does not have a crisis management strategy in place, especially one that can handle the various stages of a crisis. Many times, a company is caught sleeping without a strategy and fails to adequately manage or resolve the crisis, which may severely impact the company. Usually, a poorly managed crisis follows a similar pattern:

-Early indications of a crisis starting—perhaps reports from the Service Department indicating product failure or serious defects.
-Warnings of the upcoming crisis are ignored by company management. Maybe the Service Department’s warnings go unheeded by management.
-The crisis explodes, overwhelming management as deaths or serious injuries are reported due to product failure or product defects.
-Management tries to resolve the crisis quickly but without success as it failed to consider the ramifications of the crisis and how to handle it.
-The company fails to take adequate measures to handle the crisis as the crisis continues to unfold as reported by the media.
-The company suffers the consequences of an outraged media, public, and even some or all stakeholders.
-The company’s existence and brand is severely threatened or put into jeopardy as its stock plummets and lawsuits are filed causing its reputation to be severely tarnished.

Though not all crisis unfold in the stages I describe above, all crisis require a strategy to deal with them. It’s best to work on crisis management strategies now instead of dealing with them during a crisis. Dealing with a crisis as it unfolds without a proactive strategy in place can be very costly and time consuming. And of course, a well thought out proactive strategy increases the chances of success.

Before a crisis breaks out, it’s always a good idea for the company’s risk manager or the risk management department (RMD) if one exists to review his or her role, or in case of the RMD, its role within an organization. In today’s environment, including COVID 19 virus issues, it is very important. In order to understand the risk management department’s area of responsibility within an organization, I think it best to for the head of risk management to work with his supervisor in drafting corporate guidelines covering the risk management’s area or responsibility which can then be disseminated throughout the organization. No only should the RM or RMD’s are of responsibility be covered but each individual within the RMD should have his or her position and are of responsibility described in detail as well. It’s best to have everything outlined before the RMD has to contend with a crisis, especially a pandemic.

Areas of responsibility should include the purpose and policy of the RMD in the organization, the functions and execution points of the RMD (who does what, when, how, reporting lines, etc.) as well as a detailed outline of the procedures and processes of the RMD. Procedures and processes can include:

-conducting risk assessments of the organizations’ divisions and departments
-developing solutions for the various risk management issues
-developing business continuity plans
-coordination with various departments to assist with compliance issues
-oversee loss control concerns
-develop training for the organization’s employees covering various risk related areas of concern such as product safety, etc.

Besides managing risk, risk managers must also have a knack for good stakeholder management. In fact, in order to provide effective leadership in today’s corporate world, risk managers and those who have a risk management function, must understand the significance of good stakeholder management. The first step in leadership for any risk manager when looking at stakeholders is to ask the hard questions such as:

(I) Are you prepared to handle risk events relating to your stakeholders or not?
(II) In a crisis management event, such as a pandemic, are you ready to address your customers?
(III) Do you have the right information to communicate to your regulators?
(IV) What are the risk management process to use in case you have major employment related issues?
(V) Do you have a business continuity plan in place?
(VI) Have you coordinated your plans with Legal?

Providing effective risk management leadership requires the risk manager to understand what his or her role within the organization is as well as who the major stakeholders really are and what risk management reporting processes actually exist or should exist. Once a risk manager can answer the questions, the manager as well as the RMD itself is ready to provide effective risk management leadership.

Let’s face it- COVID -19 is creating havoc for many businesses. It is upending markets, impacting the travel and tourism industries, hitting the transportation industry and of course negatively impacting the world’s supply chain. It is a crisis. Which means, that companies must treat it as such. Instead of waiting for an official government proclamation that COVID -19 is now a pandemic, it is time to treat this as a serious crisis.

From a risk point of view, what should companies be doing? Well, it’s time to apply risk management processes. Such processes should seek to mitigate and minimize the impact of the COVID -19 crisis. Such processes can include:

- Mitigation of the spread of COVID-19. Does your company have processes in place to minimize the spread of the virus? How are you protecting your employees? Have you considered the HR issues you might face because of the rate of infection? These questions need to be considered.
- Business Continuity Plan. Have you considered a business continuity plan (BCP) to save the company or minimize the impact of the crisis? A BCP would cover the following steps:

1. Analysis- What aspects of the crisis could hurt the company and why?
2. Design- How do you design a response to the crisis? What measures should be created to address the threats?
3. Implementation- How do you implement the measures?
4. Testing- How do you test the Plan to make certain it addresses the threats?

In order to create and implement the BCP, consider the following risk management processes:

1. Assess the situation- assess the threats by setting goals and priorities
2. Identify all of the major risks
3. Do a risk analysis of the major risks identified by conducting a critical risk analysis
4. Implement a Plan that provides countermeasures to mitigate the major risks – i.e. an Action Plan
5. Review the Action plan to confirm whether it adequately addresses the risks and helps mitigate or minimize the risks facing the company.

It is uncertain how long COVID-19 will have an impact on the world's commerce. However, if you take the appropriate countermeasures now and mitigate your risks the less likely your company will later face threats that could seriously impact it.

Before a crisis breaks out, it’s always a good idea for the company’s risk manager or the risk management department (RMD) if one exists to review his or her role, or in case of the RMD, its role within an organization. In today’s environment, including COVID 19 virus issues, it is very important. A risk management department may have multiple reporting lines within an organization or may report to one department head. Are those reporting lines clear? If not, it is time to clarify them.

In order to understand the risk management department’s area of responsibility within an organization, I think it best to for the head of risk management to work with his supervisor in drafting corporate guidelines covering the risk management’s area or responsibility which can then be disseminated throughout the organization. No only should the RM or RMD’s are of responsibility be covered but each individual within the RMD should have his or her position and are of responsibility described in detail as well. It’s best to have everything outlined before the RMD has to contend with a crisis, especially a pandemic.

Areas of responsibility should include the purpose and policy of the RMD in the organization, the functions and execution points of the RMD (who does what, when, how, reporting lines, etc.) as well as a detailed outline of the procedures and processes of the RMD. Procedures and processes can include:

-conducting risk assessments of the organizations’ divisions and departments
-developing solutions for the various risk management issues
-coordination with various departments to assist with compliance issues
-oversee loss control concerns
-develop training for the organization’s employees covering various risk related areas of concern such as product safety, etc.

Besides managing risk, risk managers must also have a knack for good stakeholder management. In fact, in order to provide effective leadership in today’s corporate world, risk managers and those who have a risk management function, must understand the significance of good stakeholder management. Considering the high employee and investor turnover rates it is no wonder that risk managers must take the lead in providing risk management information to various stakeholders not only from a compliance perspective but from a profit/loss perspective as well.
Who are the various stakeholders that a risk manager must concern himself or herself with? Of course the more sophisticated a company, the more stakeholders there might be. Nonetheless, the main stakeholders of any company or organization usually include:

1. Employees
2. Upper Management including the Board
3. Customers
4. Suppliers
5. Regulators
6. Investors
7. Business partners; and
8. Credit Analysts

The first step in leadership for any risk manager when looking at stakeholders is to ask the hard questions such as: (I) Are you prepared to handle risk events relating to your stakeholders or not? (ii) In a crisis management event, such as a pandemic, are you ready to address your customers? (iii) In case of litigation, do you have the right information to communicate to your regulators? , and (iv) What are the risk management process to use in case you have major employment related issues?
Providing effective risk management leadership requires the risk manager to understand what his or her role within the organization is as well as who the major stakeholders really are and what risk management reporting processes actually exist or should exist.

Once a risk manager can answer the questions, the manager as well as the RMD itself is ready to provide effective risk management leadership.

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram