Nearly two-thirds (64%) of companies believe that shifting more risk management responsibilities to the “first line” – that is, business units and corporate executives – makes their companies more agile and more able to anticipate and mitigate risk events, according to a new PwC report, Risk in Review 2017 (PDF). The report, which surveyed over 1,500 corporate officers including board members, C-level executives, and their direct reports, also found that 46% have plans to further this shift within the next three years.
With the first line setting a strong organizational tone focused on risk culture, followed by the second and third line of defense working within a collaborative, strategic framework, allows a company to effectively meet the challenges of today’s risk landscape. The report defines the second line of defense as risk and compliance functions and the third as the internal audit functions that provide objective insight. To get there, the report suggests, a company should:
Set a strong organizational tone focused on risk culture, starting with the board and CEO, and aligning risk management with strategy at the point of decision making;
Recalibrate the risk management program across the three lines of defense;
Implement a clearly defined “risk appetite framework;”
Develop risk reporting that “enables executive management and the board to effectively execute their risk oversight responsibilities.”
“When the first line is in the driver’s seat for risk decision making, companies report a more rigorous approach to determining risk appetite and tolerance along with better overall risk management effectiveness,” according to the report.
Smart Risk Management Leads to Increased Revenues
Effective risk management doesn’t just lead to a reduced threat of harmful events leading to injuries, interrupted work flow, and fines, the report states. Smart risk management allows a company to be strategic and proactive rather than protective and reactive, thereby leading to “revenue and profit growth, expanding market share, lower employee turnover, and greater ability to withstand disruption.”
An opportunity for revenue growth, for example, might look like this (via Jean-Gregoire Manoukian in an article on the Enablon Insights blog): say a company surveys its suppliers about purchased materials, either through questionnaires or on-site audits. The survey may show that about 30% of suppliers are providing materials that could pose a risk. If the company stops purchasing from those suppliers and shifts to the remaining 70%, the company ends up consolidating orders and purchasing more from each supplier, leading to the opportunities for cost savings through bulk purchasing or better pricing through increased volumes.
Ineffective Risk Management Can Mean Catastrophic Events, Fines, Loss of Investor/Customer Confidence
On the other hand, lack of comprehensive risk management can lead to significant loss of revenue. Last week, the city of Spokane, Washington, announced it will spend more than $2.5 million on safety upgrades at its waste-to-energy plant; the upgrades were approved by the City Council following the Department of Labor and Industries’ ruling that the city must pay a fine of $59,400 for safety violations. The Department of Labor and Industries cited the city for 10 violations that led to two workers being seriously injured when cleaning out a boiler.
“Lack of safety precautions and inadequate training continue to be the two major root causes of such incidents. Cities and companies can proactively reduce such penalties, related insurance claims and premiums by making it easier to train and to enable workers to follow safety procedures,” Kevin Finlay, Vice President of Rivo Software, a Sphera Company, told Environmental Leader.
A report about the August 2016 deadly nitrous oxide explosion at the Airgas manufacturing facility in Cantonment, Florida, was released last week, and the report found that Airgas was negligent in several ways: the heat from the pump was a known hazard but the company did not look at safer design options that could have eliminated the need for the pump, the company did not perform a hazard analysis before installing the pump, and safeguards that had been installed by the company were likely ineffective, reports NorthEscambia.com.
In addition to the loss of life, Airgas was fined $12,000 by OSHA and was forced to halt its nitrous oxide manufacturing business indefinitely.