Poor Risk Management and Stinky Diapers

chemical plant explosion in Japan on Sunday shows the consequences of poor risk management in a really personal way. The Nippon Shokubai Co. produces a chemical that is a critical link in the supply chain for one-fifth of all the world's diapers. A diaper shortage is expected.

One, where was the risk management program to prevent the explosion? As is always with these things, in the next 6 weeks, evidence of an employee warning their management about conditions that could result in an explosion will be uncovered. It is always the front line that detects the vulnerability, but too often organization's Enterprise Risk Management (ERM) programs do not reach the front line; and therefore, there is no effective systematic risk assessment and control evaluation mechanism in place to evaluate and allocate resources properly.

Two, how can one fifth of all the world's diaper manufacturing rely on a single factory for a core ingredient? Again, poor vendor risk managementMost organizations manage vendors from a compliance standpoint and request documentation on business continuity plans but rarely do they require these plans to be tested or validated. They are typically just nice looking gibberish documented to meet a vendor compliance regulatory requirement.

Corporate vendor managers often do not incorporate ERM in their vendor management programs so that vendors can be risk assessed from various points of view for their criticality to prioritize the level of examination beyond just checking a box. In this specific case, a risk assessment would have identified that this particular supplier is extremely risky in terms of reliance and ease substitution, perhaps among other things, and thus can be identified as a critical vendor which demands more scrutiny than the standard documentation acquired through meeting compliance requirements.

Both scenarios one and two above are easily addressed by extending ERM out to the front line with an automated ERM Software that is integrated in the functional operations and governance, risk, and compliance (GRC) areas of their institutions. It typically takes only 90 days and US$15,000 to save millions or more. ERM programs are jokingly underfunded, so when you are making your next business case for automating your ERM program, help illustrate the operational consequences on business performance, and not just compliance, to get your business case approved, as you do not want your organization to be in the news for having caused a major operational risk due to negligence--or worse be shopping your resume with the equivalent of dirty diapers on your hands!

Votes: 0
E-mail me when people leave their comments –

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!