It's Raining Risks—Are You Covered?

Open the umbrella before a drizzle of risk becomes a downpour

Three different men, all brilliant, from three different eras and three different areas of expertise see risk in much the same way:

“Risk comes from not knowing what you're doing.”—Warren Buffett

“It is not the strongest of the species that survives, nor the most intelligent that survives. It is the one that is the most adaptable to change.”—Charles Darwin

“When you're finished changing, you're finished.”—Ben Franklin

All three would have been a great fit at ISM’s Risk Management Conference—“Buying the Umbrella Before it Rains”—held in Chicago in late July. Companies as diverse as General Motors, The American Red Cross, Pioneer Hi-Bred, Avery Dennison and R.J. Reynolds discussed how they deal with risk in their businesses. Providers and analysts like Rose Kelly-Falls of Rapid Ratings and Mickey North Rizza of BravoSolution and consultant Betty A. Kildow talked about risk management from their side of the fence.

Here are a few highlights. General Motors has formal mitigation plans for about 25 risks, according to Brian Thelan, General Auditor and Chief Risk Officer at GM.

“Find your acceptable level of risk and focus on where you ultimately will end up, rather than ‘now’” he explained. Thelan informed audience members that a successful risk management program must be taken to the senior leadership level. “Let the board understand and know the risks,” he said.

We all know about KPIs (Key Performance Indicators), but how well versed are you with KRIs (Key Risk Indicators)? Kelly-Falls and North Rizza teamed up for a financial presentation on just that. KPIs monitor changes in the business performance that already have affected the organization. KRIs, on the other hand, relate to a specific risk that affects a business objective and demonstrates the likelihood of a particular risk occurring.

Among the many important issues they discussed, they provided a list of supplier KRIs that must be addressed. Each of them can have a negative impact on the bottom line. Some are familiar, some maybe not so obvious: commodity, political, social responsibility (labor, ethics, management), quality, delivery, labor, market, talent, intellectual property and financial.

Another key, according to Craig Demarest, Senior Director and Chief of Procurement at R.J. Reynolds Tobacco Co., involves overall data management. “Who’s got the data?” he asked. “How secure is it? Where is it going? How does the supplier manage it?”

Betty Kildow has specialized in business continuity and emergency management consulting for 20 years. In the conference’s concluding presentation, she told a rapt audience that risk—from the Italian, riscare (to dare)—can be a good thing, as it’s necessary for business success when appropriate. In a very detailed and informative presentation, she stressed seven points to remember when building a strong risk management umbrella. One received a bit more emphasis than others: “For an enterprise business continuity program to succeed, the entire supply chain must be included.”

How well does your organization manage risk? Maybe it’s time to check.