Happenings, Insights, Thought Leadership
Businesses today face a plethora of risks, from cyber attacks to workplace injury. To some degree, risk management relies on every employee to do their part with steps as simple as keeping passwords confidential, securing mobile devices and protecting ID security badges. At a higher level, there is a team of individuals tasked with more direct oversight of risk management for the organization.
“Businesses today are far too complex for any one person to hold sole responsibility for risk management,” says Larry Lawson, Executive Vice President of Risk Management and Insurance Services with FCC Services. “It’s critical that comprehensive risk identification, protection and mitigation plans are put in place to cover all aspects of the business, and to do that well it takes a cross-functional team.”
Central to the team is the person tasked with overseeing the Enterprise Risk Management (ERM) plan. In some organizations, this is a full-time risk management manager or Chief Risk Officer; in others, it’s assigned as an additional responsibility to someone with another primary role. This person works with others in the organization to identify business hazards and risks, develop and implement measures to prevent or reduce the risk of loss, and select the most cost effective means of financing various types of losses. For Farm Credit organizations, the key risk management person also interfaces with FCC Services for all Captive and other insurance processes. In addition, the risk management lead sits at the hub of a team of other leaders tasked with discrete aspects of the ERM plan.
At the executive level, the President or CEO, with the support of the Board, sets the tone, ensuring all employees recognize the importance of risk management through his or her proactive support for the risk management efforts, and that risk management policies and procedures are implemented and all employees are held accountable for adhering to them. The Chief Financial Officer’s role is to ensure financial information and any changes in business operations are accurately reported, and to ensure that within the organization there are steps in place to protect against concealment, fraud or intentional misrepresentations of critical financial information (in some institutions this role will fall to a Chief Auditor). At financial institutions like Farm Credit, the Chief Credit Officer is responsible for ensuring that everyone in the organization follows appropriate lending and credit administration procedures and cooperates with internal audit and credit review processes.
The head of Human Resources plays an important role in protecting against discrimination and harassment charges by ensuring the organization maintains a safe and respectful work environment, and complies with all state and national employment laws. In the event of an incident, he or she is responsible for coordinating workers’ compensation claims, and maintaining contact with an injured employee to manage next steps in returning to work or other resolution. Also contributing to the physical safety of employees and visitors is the Facilities Manager, who oversees inside and outside property maintenance. It is also the Facilities Manager’s responsibility to protect against financial risk by carefully reviewing any facility lease documents.
In today’s connected world with constant electronic communication and extensive information databases, the head of IT security is key to identifying and protecting against cyber risks. This requires maintaining a secure IT environment within the organization as well as ensuring that outside technical vendors follow best-practices for protecting information. In some organizations, the IT security head also works with the Facilities Manager to implement and manage physical security through electronic key card access programs that protect against outside individuals accessing confidential information by restricting certain parts of the facility.
Whenever a risk incident occurs, whether an on-the-job injury, cyber attack, EEOC claim or discovery of fraud or embezzlement, the person charged with risk management for that function is responsible for reporting the incident as soon as possible to the appropriate senior leaders and to the risk management lead. In most cases, the head of marketing should also be included in discussions about the event to ensure that all internal and external communications are forthright while protecting, to the extent possible, the organization’s reputation with customers, the industry and the public.
Across all these functions, the General Counsel is integral to any ERM program, including reviewing and writing contracts that reduce liability, ensuring compliance with corporate and risk management policies, exercising due diligence in mitigating losses, reporting and managing any lawsuits, and obtaining insurer authorization for any settlements.
“Truly effective risk management requires input and ongoing attention from senior managers across the organization, both to identify and devise protections against risk and to resolve situations that occur despite these efforts,” says Larry. “The risk management lead is critical for coordinating this cross-functional team, but it takes the internal team as well as trusted outside vendors to best protect the organization.”
While many risks are not insured, Farm Credit’s insurance policies have been crafted to provide as much coverage as is possibly available in the marketplace. “We can’t eliminate risks, but together we can manage them effectively and reduce their impact,” says Larry.
Sign Up for Our Newsletter for the Latest Articles, Insights & Events