Take risk management beyond bare minimum requirements to establish a process that best meets the needs of your company.
Whether you’re looking to produce high-quality products at a lower cost or expand to a new and uncertain foreign market, it’s virtually impossible to run a successful manufacturing business without exposure to risk. Managed incorrectly, it can quickly lead to damaged reputation, financial loss, decreased productivity or the failure of the business.
Clearly defining risk acceptance and tolerance levels is the only way to truly understand how risk fits into your company’s strategic objectives. A sound risk mitigation strategy allows you to determine the potential reward certain risks carry, while shedding light on opportunities to maximize profits and increase stakeholder value by minimizing negative risks.
Fine-tuning your approach to risk also gives you a leg up on the competition. In PLANT’s Manufacturers’ Outlook 2015, only 52% of respondents indicated establishing such a risk mitigation strategy was on the top of their “to do” lists – a number that isn’t nearly high enough.
With new revisions to ISO 9001:2015, certified Canadian companies will be required to implement a number of new measures before 2018, one being a tangible analysis that identifies risks within critical processes and areas of business, and outline actions to mitigate them. With that deadline on the horizon, there’s no better time than the present to put your company’s risk management groundwork in place. Here are a few suggestions to get the ball rolling.
If you’re like most companies, you already have some measures in place to identify, track and measure risk. Build on them. Risk management can be applied to an entire organization all at once, or to specific functions, business units, projects or activities.
The key is to take a top-down approach – one that is cross functional and allows boards and senior management to sponsor the process. This makes risk management less of a burden and more of a benefit to the organization.
To help keep moving in the right direction:
- determine any risk tracking and measurement activities already in place;
- document those activities more formally;
- identify where existing risk tracking and measurement activities can be enhanced; and
- implement a pilot program in specific areas of the business to begin a consistent communication and understanding of risk identification, tracking and measurement.
Enterprise risk management (ERM), when implemented correctly, is an excellent tool to leverage risks for greater performance, build a foundation for competitive advantage and establish your company as a market leader.
The problem is that many companies see ERM as a significant and sometimes daunting undertaking. If you’ve avoided implementing ERM, give it another look. Many would argue it’s not as complicated as it appears and provides substantial value.
There are also many resources available to help increase your odds of implementing ERM effectively. Frameworks, such as the ISO 31000 Risk management – Principles and guidelines and the COSO 2013 Internal control – Integrated framework, are helpful tools for companies developing ERM risk assessment strategies and processes.
ISO 31000 is a standard that provides principles and generic guidelines for risk management. It allows organizations of any size to increase the “likelihood of achieving objectives, improve the identification of opportunities and threats, and effectively allocate and use resources for risk treatment.” Basically, it’s designed to outline the nature of the risk management process and offer guidance on how to implement a successful strategy.
The Committee of Sponsoring Organizations of Treadway Control (COSO) 2013 Internal control—Integrated framework was recently updated to reflect the needs of today’s business environment, and is intended to “broaden the application of internal control addressing operations and reporting objectives, and clarify the requirements for determining what constitutes effective internal control.”
Its role is more to assist the user in evaluating existing ERM processes rather than focusing solely on the risk management process itself. Whether you choose to strengthen your risk management activities through ERM or by other means, it’s important to remember that, at its core, risk management is about protecting your business from adverse events and, when possible, transforming risk into opportunity. Establishing a company culture that values these qualities is not only a sign of effective stewardship, it’s just plain good governance – something the marketplace will be sure to recognize and reward.
David Florio is a partner, Operational Advisory, with Grant Thornton LLP, a Canadian accounting, tax and advisory firm that provides services to private and public organizations.
This article appears in the April 2015 issue of PLANT.