Doug is one of three experts who share why companies should be aware of risk and steps to take to mitigate it.
Here is the article, in its entirety.
Three experts share why companies should be aware of risk and steps to take to mitigate it.
By The Editors
An organization’s commitment to corporate responsibility isn’t just within the four walls of the company. It extends to the supply chain as well. A trio of experts – Dynda Thomas, Lydia Hultquist, and Douglas Hileman recently discussed risk management within the supply chain and offered advice on how companies can avoid potential issues.
Where Risk Comes From
Douglas Hileman, a risk management professional and auditor with his own firm, describes risk as anything that poses a threat to meeting organizational objectives. Boards, senior management, investors, and other stakeholders are interested in an organization’s risk management now more than ever.
Dynda Thomas, an attorney at Squire Patton Boggs who specializes in supply chain transparency and compliance, explains that some CR topics that were optional a few years ago are now mandatory. That means that for those topics, such as conflict minerals and modern day slavery and human trafficking, there are added risks such as agency enforcement (with fines or penalties), bad publicity, and even damage to company reputation.
Lydia Hultquist, who works with client engagement at tech company RGP, knows this all too well from the 15-plus years she has spent in-house, managing these issues. And as if regulatory agencies weren’t demanding enough, customers impose their own requirements, sometimes based on industry standards or codes, and sometimes based on their preferences. They may even impose different requirements on products destined for different markets, Hultquist finds. Customers are raising the bar when it comes to monitoring the supply chain.
Hileman says that boards and executives are focused on risk, so it’s a good topic for corporate responsibility professionals to discuss. Supply chain risks can arise from noncompliance with laws and regulations. If suppliers are not managing their own compliance, environmental, and social risks, it can impact their operations, or even shut down their business. This poses risks to their customers (your) daily operations. If companies tell investors, customers, and employees that everything is fine when it’s not- or when you don’t have the basis for this optimistic conclusion, any incident or disruption in the supply chain can cast doubt on your corporate responsibility activities.
Why Companies Need a Risk Management Plan
A risk management plan helps companies prioritize, focus on the key areas, and then take reasonable steps to keep processes on track. According to Hultquist, the exercise of developing-or improving-a risk management plan alone can be helpful. This helps organizations prepare for the worst case scenario. Thomas adds: “Legal can help you identify and prioritize your risks so you can decide which risks to address first.”
“I tell my clients, ‘if you want to get everyone on the same page, it helps to have a page,’ It sounds corny, but it’s true,” Hileman says. “A risk management plan helps an organization identify and consider risks from a broad perspective. They can brainstorm the most effective ways to manage risk. And remember, risk isn’t something to be avoided at all costs. Companies take risks with new products and services or by entering new markets. Corporate responsibility professionals take risks when they embark on new programs, or reach out to new stakeholders. Taking risks can yield rewards.”
Hultquist agrees. “Risk management plans can provide coverage when you’re responsible for an area like corporate responsibility. With resource limitations, you can’t do everything. If something unanticipated does happen, you can look to your risk management plan and say, ‘none of us thought of that.”‘
How Risk Management Constantly Evolves
Risk should be looked at from all angles, at all points in time.
“A risk management plan isn’t something you do, then set it aside,” says Hultquist. “Our world is changing all the time, as are the expectations of our stakeholders. Corporate responsibility and supply chain professionals should refresh their risk management plans every year or so.”
Hileman cites the Volkswagen situation with emissions from diesel vehicles as a good example. In this case, Volkswagen installed emissions software that allowed cars to meet standards set by the Environmental Protection Agency. In test mode the cars complied; however when being used normally the cars would have failed.
Few people had considered how compliance, supply chain, business reputation, sales, money for contingent liabilities and fraud would come together until this took place, according to Hileman. “Corporate responsibility professionals are in a good place to see how all this relates and to show how a solid CR program can reduce risks, he says.”
Where to Start when Forming a Risk Management Strategy
Hileman, Hultquist, and Thomas all agree on where to begin. • Step 1 is to inventory your risks; • Step 2 is to evaluate the likelihood and impact of something happening, according to Hileman and Hultquist; • Step 3 is to review all the measures you have in place now to reduce the likelihood and impact, and to assess how effective they are; and • Step 4 is to prioritize the “residual risk” of these items, and take additional steps to mitigate these risks. Unless something happens, we’re likely to accept things the way they are.
This stepwise approach challenges complacency. Hileman and Hultquist say to look for opportunities, including competitive advantage. And when you do something great, they say, make sure everyone knows about it.
Hileman tries to provide some assurance to those who believe risk management is a complex issue: “Risk management sounds intimidating; don’t let it scare you,” he says. “We all face risks every day. Give it a good effort to identify, assess, mitigate risks. Escalate things when needed. Document what you do, and how you’re doing it.”
When you’re considering improvements, use all the resources available to you. There are good publications-many consultancies publish white papers and offer webinars. Many are pleased to share perspectives in a call. “Industry groups are a terrific resource-and so are people right down the hall. Don’t go it alone,” Hileman says.
POSTED OCTOBER 12, 2016 IN VOL. 7 NO. 5 - SEPTEMBER/OCTOBER 2016
Felicity Huffman and Environmental Fraud: The Connection & Tips for Auditors
March 20, 2019
Supply Chain Compliance and Governance Best Practices
June 1, 2016
Environmental Risk or Fraud?
A Transaction Gone Bad