In Korea, the news covers some aspect of the Sewol Ferry tragedy on a daily basis. The Korean Government denounces the owners of the ferry or the lax safety inspection by the Korean Coast Guard,etc and promises to rectify all perceived wrongs. Some are beginning to point fingers at the Koreans' themselves for allowing a culture that is willing to promote lax safety regulations to encourage the "bali bali" society that created the Miracle on the Han. Though it is obvious that risk management processes were not followed or adequately implemented, the main issue is not one of culture nor is it crony capitalism. The main issue facing Korean society is the same issue facing other societies and companies as well- namely, risk management itself.
To successfully minimize and control risk, one must first anticipate it. Not react to it. But that is precisely what many companies and /or governments do. Many simply wait for disasters or crisis and then try and resolve them by creating processes that are in essence a "reaction" to the risk already encountered. To properly minimize and control risk, one must first anticipate the risk and then plan accordingly. How does a company or government anticipate or foresee risk you ask? Through the use of risk management tools created during an audit. A broad Legal Risk Management Audit not only uncovers potential areas of risk that can be planned against but it provides the company with a blueprint on going forward, on how to effectively operate in today's environment with an eye toward the future. Most companies have failed to internalize the concept of risk management across all divisions and in the board room. Such failure normally leads to a atmosphere of "reaction" instead of anticipation.
There are many kinds of risk that companies must anticipate if they want to prosper and flourish. Among them:
1. Currency risk
2. Political risk
3. Product risk
4. Financial risk
5. Environmental risk
6. Regulatory risk
7. IP risk
8. Customer risk
All areas of risk must be thoroughly examined and anticipated including potential internal as well as external risks. When a company or government promises to rectify past wrongs it may mollify the general public or even shareholders. But the failure to implement processes and procedures that promote the anticipation of risk will lead once again to catastrophe or tragedy. Of course risk assessments must be done on current procedures in order to identify areas of potential risk. But in order to properly anticipate areas of great risk, organizations must internalize the risk management process. Enterprise Risk Management or ERM ensures that risk management becomes strategically part of the management structure. The implementation of a Legal Risk Management Program ( LRM) is the main step needed to foster an environment that allows ERM to succeed.
As today's world is much smaller than it used to be with information flowing immediately around the world, it no suffices to react to risks or events. In order to weather the storm of any crisis, the risks must be anticipated. Crisis management plans must be developed, scenarios examined, internal and external risks including potential risks must be identified and planned for. Only when you truly understand the nature of the risks you have anticipated can you properly and diligently control, minimize and yes, even transfer them.
Organizations that structurally implement risk management processes within the organization itself can control their future. Only by anticipating risk and then managing or controlling risk can an organization stay in front of the crowd, protect itself and prevent or minimize the impact of crisis. Therefore, it doesn't pay to react to a crisis and hope it is enough to handle the impact of such an event. An organization, whether public or private, must anticipate the numerous risks that we now face in this world. Failure to do so will end up in tragedy.