Telamon Top 5 - Tips for Tampering Down on Risk

 

On January 15,2009, US Airways pilot Chesley Sullenberger emergency landed an 80-ton plane in the Hudson River, after a double-bird strike took out both engines. Within 56 minutes, all 155 passengers were safely ashore. What worked? For starters, “Sully,” a risk expert, had a plan – and even a back-up one. And in today’s turbulent environment, the most successful organizations are likely to be the ones that can best handle the unexpected. Here are 5 tips for implementing your organization’s own Risk Management Plan.

 

1. Assign a “Chief Skeptical Officer”. 
In the moments before US Airways Flight 1549 landed, air traffic control offered Sully five different runway options. “No,” said Sully, confidently, calculating the numbers in his head. “We’re going in the Hudson.” Business experts recommend you assign a “Common Sense Officer” in your organization who can see the realities of risk – even if they aren’t expected or popular. This individual must have an independent voice and the courage to challenge sources of authority – including the CEO and the Board. He or she should not have to worry about getting fired for telling the truth, and should have full access to your company’s decision makers. What are some of the top skills this individual should have? Strategic thinking, that enables them to see the relationship between quantitative and qualitative risk; help the organization mitigate and manage risk; allocate capital and meet business goals and objectives. This individual must also be credible, have broad financial expertise, and the ability to look at problems logically. They must be able to assimilate information from a variety of sources in the enterprise, have thorough knowledge of all aspects of the business and build strong partnerships. Further, this person must have outstanding communication skills so they are able to communicate complex information in a clear objective and instructive way, especially to those with little experience in risk management.

 

2. Involve Your Flight Crew. 
“This was a crew effort,” said Sully, receiving the keys to the city from NYC’s Mayor Bloomberg. “I knew once we landed, the crew could evacuate.” Just as the ‘Hero of the Hudson’ relied on the rescue boats chugging their way towards the crash site before the plane had even hit the water, it makes sense to involve your company’s department heads in your Risk Management program.   Key stakeholders should be engaged in the development and implementation of your risk management program, and asked to answer important questions, like: “What are you worried about? What keeps you awake at night?” They should list their concerns, prioritize the top 3-5, focus less on the past and present, and more on the future. In addition, it is important to keep separate silos from forming. Risk management, done right, requires a multi-disciplinary approach that looks at multi-risk scenarios. In managing risk, there is a critical interdependence across the business, operation and financial functions that must be managed in an integrated way. And it can help to bring in an objective, outside perspective. At Telamon, our Risk Management Team conducts risk management surveys for a broad range of companies, and we can be part of your extended crew. 

 

3.   Review Your Safety Card Before Take-off.

At the recognition ceremony, Mayor Bloomberg replaced the library book Sully lost when his plane went down. It was titled “Just Culture. Balancing Safety and Accountability.” Much of risk mitigation has to do with doggedly building a knowledge base and culture of risk avoidance and accountability that permeates every level of the business. This starts with doing everything possible to avoid a costly crisis in the first place – far better than the cost and disruption of having one. Build risk avoidance into every employee’s thinking. Some ways of doing this include developing a system for applying lessons learned, and regularly reviewing critical decision-making processes. It’s also important to educate and sensitize employees at every level. For example, help them anticipate how their internal and external communication, ill-chosen words, or speculative musings, e-mails and memos could unintentionally implicate the company, or exacerbate a crisis. You could even consider simulating a mock ‘cross examination’ of an employee, to help educate employees about how their actions could be perceived by others with ill-will towards the company. If needed, put a new product about to be launched ‘on trial’, making sure it has passed all the hurdles in production, quality and marketing before it hits the market. Telamon’s Risk Management Team has backgrounds as safety engineers, safety consultants and teachers, and can help you weave safety into the fabric of your business.

 

4. Take it to the Skies. 

Risk Management should be a top concern that goes all the way to the corporate board.   It should be viewed as a way to optimize a company’s potential, understand threats, impact profitability. It should be debated at all levels. The Board should be willing to challenge management and business and financial strategies, and hold management accountable for the risk return of past decisions. The Board might consider establishing a Risk Committee, especially in high risk industries, and should be willing to allocate sufficient time and attention to Risk Management, perhaps even adding risk experts to their own ranks, as James Lam suggests in his “Agenda for Change in Risk Management”, one of the many informative articles found on Telamon Online.

 

5. Map Out a Good Flight Plan. 

Part of getting your precious cargo safely through its journey stems from charting a course that anticipates variables like the weather, equipment, and personnel. At Telamon, we can help you develop a solid, safe plan by helping you identify risk exposures; implement measures to control those risks; understand risk transfer or financing; and manage current and future exposures. In helping to identify your exposures, we’ll ask you qualitative questions, trying to assess your viewpoint on risk, your tolerance and your aversions. We’ll also look for the hard numbers, including top loss drivers, locations with high frequency issues, fraud behaviors, and OSHA performance. In helping you implement control measures, we’ll focus first on the source of 75% of commercial insurance expenses: claims. We’ll use proactive strategies that range from focusing on employee safety, to building productive relationships with local medical providers, to clamping down on fraud. In addressing the transfer or financing of potential future risk, we’ll consider how much risk you want to assume in-house vs. transfer to a 3^rd party, and how to best to finance it. Finally, we’ll work with you to manage your exposures – ascertaining, for example, if you are prepared to handle a major catastrophe, or an interruption in operations? Click here to learn more about our approach to Managing the Cost of Risk.

 

 

A vital part of managing risk to your business is protecting the personal data of the consumers who shop at your store. TJX Companies, the Massachusetts-based retailer, reported a massive security breach in early 2007, which kicked off an initiative by Massachusetts government officials, led by Attorney General Martha Coakley, to head up a group of more than 30 states to get answers about how the data breach happened and make sure it didn’t happen again. 

 

Now, the new Massachusetts Data Protection Law, originally scheduled to take effect in January of 2009, then delayed until May 2009, has recently been pushed back to January of 2010, causing many Massachusetts-based and international companies doing business in the state to breathe a sigh of relief. But, many say they will still need more time to implement the changes, which they see as specific and demanding, during a time when a recession has their hands tied.

 

The new law, announced last September by the Massachusetts Office of Consumer Affairs and Business Regulation (OCABR), is stricter than laws that came before with very specific requirements making it more expensive for businesses to implement.

 

Some of the more controversial features of the new law include mandatory encryption, complex inventory requirements and a provision requiring businesses to ensure that 3^rd parties handling consumers’ personal data are fully in compliance with very specific rules.

 

On Jan 16, 2009 a coalition of 70 organizations, including the Retailers Association of Massachusetts, the Massachusetts Bankers Association, the Greater Boston Chamber of Commerce and companies such as Wal-Mart, Target, Microsoft and Google submitted a petition to the OCABR asking for a “rigorous stakeholder analysis” of the proposed regulations. “The requirements imposed by 201 CMR17.00 set a difficult course for public and private entities, hindering our ability to invest and protect jobs in Massachusetts,” and warned that the regulations “set a perilous course for already strained individuals, families and businesses and state agencies that depend on the success and growth of the Massachusetts economy.”

 

The implications of the new data security laws in Massachusetts present an interesting and relevant case of risk trade-off. For many businesses, the risk of compromising the safety and security of their consumers’ data is being challenged by the cost and complexity of protecting that data under the currently proposed rules.

 

To learn more about your coverage options, contact Telamon  today.

 

 Browse Telamon Toolkit Features