In a world that is changing at a phenomenal rate and creating tremendous uncertainty, people are demanding higher and more engaged levels of leadership in companies to manage the risks they experiencein both their professional and personal levels. We are all faced daily with unknown and unexpected risks, whether it be financial, economic, safety, political, health or cultural. Given that people seek protectionto some extent in organizational structures, a company should consider how it responds to these risks where individuals and families are directly affected by the action and precaution companies are willing to take towards risk aversion and minimization.
Executives and managers at all levels in companies are the custodians of the people who work for them. However, global events show us that this responsibility is often disregarded. The safety record in the construction industry is dismal and not improving; the wealth of the petrochemical industry does not ensure that quality is enforced for the safety of its people northe protection of the environment; companies in the automotive industry recall millions of vehicles annually for lack of design standards and safety. Corporate governance declines even as technology develops at a phenomenal pace.
If a company were to take seriously the risk management of its people and assets, what should be the principles considered in the design of such a system? First, distinguish between Risk and Uncertainty. Risk is an event that is probable, possible and expected. It can be assigned a probability and an impact if it were to occur. Uncertainty, on the other hand, is an event that is totally unexpected and improbable, but certainly possible. It too can be assigned a probability and an impact if it could be proactively identified. The challenge is to have the foresight and knowledge to consider it in the first place, and to recognize, predict and thereby prevent the impact of a potential force majeure as example.
In 2011, an immensely destructive 9.0-magnitude earthquake and consequent tsunamipartially destroyed the Fukushima Daiichi nuclear plant in Japan killing 16000 people and
contaminating vast areas of the surrounding Pacific Ocean with radioactive isotopes. In the incident investigation that followed, the investigating Chemical Engineers found thatthe risk assessments that had been conducted recognized the possibility of an isolatedearthquake, as well as the possibility of an isolatedtsunami, and included well-designed safety requirements for these probable events. The risk assessments, however, never considered the improbable occurrence of a combined earthquake and tsunami and consequently the safety requirements of the power plant failed under the tremendous strain of the simultaneousevents.
Therefore, first principle of an effective risk management system is that a company should employ or develop skills in risk assessment and the understanding of identification of risk and uncertainty. In every business context, the best people for this critical role are those who possess sound knowledge of the business environment and technical requirements – the experts in the company, those with a years of experience.
The second principle is lifecycle risk assessment. Companies can no longer afford to consider the impact of their service or product only within the defined boundary of raw material receipt to product delivery. Vertical and horizontal integration of the supply chain is becoming a driven form of risk mitigation, and society is demanding remediation of environmental degradation and human impact years after a product is consumed or absorbed or mined.
The third principle of risk management is Leadership. If the leaders of a company are not fully committed to the effective and timeous identification, mitigation and minimization of risk, its employees, families, clients, consumers and society at large will pay the price for this lack of commitment and care. If not immediately, certainly later. When accidents occur on construction sites, on oil rigs, from defective vehicle parts, in factories; or if people lose their work from the lack of governance, ineffective cyber security implementation in firms, or fraud – it remains, at all times, the responsibility of the executives and their commitment to risk management.The role of companies in society is to create value for its stakeholders whilst managing the risk of those people who are working for them and trusting them to do so.