I’ve talked a lot about the see-through economy, and one of its major characteristics is fast-paced. Consumers and investors are constantly inundated with opinions, reviews, news, and updates at a pace that quickly outruns any ad campaign.
At this point, Wells Fargo is in too deep for a superficial ad campaign to be an effective approach to recovery, and if they don’t fix their issues at the root-cause level, the see-through economy will rear its head once again to expose their wrongdoings.
The public has already demonstrated a strong, skeptical response to the Wells Fargo ad campaign. One viewer felt the ad came across as “really insincere and inauthentic.” The fact is, PR has become entirely ineffectual. The world moves too fast for reactive measures to be a sure fire way to get a company out of the spotlight and their stock prices back up.
Simply put, reaction is out, prevention is in.
Wells Fargo needs to dig deeper and fundamentally improve its risk management program. They need to listen to the regulators who have explicitly cited their lack of risk management, and with whom they recently settled for $1 billion.
One of the Wells Fargo ads lists what’s new: “Building a better bank,” “Putting service first,” “Upgrading our banking features,” and “Increasing community impact.” Vague statements like these sound all well and good, but the time has come when the public needs proof Wells Fargo can be trusted again.
We can’t be sure what Wells Fargo has in store to “Re-Establish” themselves, but we can be sure of what they should have in store. In this article, I’ll provide a step-by-step guide every company can use to improve their risk management program.
1. Engage process and risk owners on the front lines through standardized, recurring risk assessments
While the see-through economy has presented a real challenge for companies to stay ahead of risk, the see-through economy can also be leveraged to a company’s advantage.
Organizations should consider front-line employees as the eyes and ears of risk. They can provide expert insight into what’s really going on at the company and what risks the business faces every day. A great way to leverage employees’ insight is to engage them in risk assessments where they can identify and assess operational risk.
It’s paramount that these assessments are standardized with a set numerical scale and evaluation criteria, so the information can be compared across departments and levels and then prioritized. Not every initiative to mitigate risk can be rolled out at once, which makes prioritization key.
2. Create relationships between risks, controls, departments, processes, and people.
Of course, it’s not enough to know what the company’s risks are; risk managers need to know their root-cause in order to develop effective mitigation activities.
LogicManager uses taxonomy technology to help customers connect the dots between risks and other facets of the business. Risk managers can make connections between a risk and a particular department, a specific control, or a certain procedure.
The benefits of this approach are numerous. First, sharing information across levels and departments cuts down on duplicate efforts, allowing more time for strategic decision making. Second, making these connections reveals gaps and prevents oversights symptomatic of a silo’d approach. Third, revealing the relationships between risks and other areas of the business provides insight into the level of impact a risk can have if it manifests, which helps prioritize improvement initiatives.
3. Integrate incident management into the risk management program
Many companies have an incident management process that empowers employees to speak up about adverse events, from customer complaints to internal fraud. However, not every company goes the extra mile to connect incident management with risk management.
In step 2 of this process, the company has developed a system to create relationships between risks and other aspects of the business. Organizations can again leverage this same system to drastically enhance their incident management program. When an incident is reported, it should be specified which department, people, and processes it’s associated with. Over time, these relationships will reveal trends that can then be remediated.
Incident management is another great way to leverage the see-through economy that exists within every company and make each front-line employee a process improvement specialist.
4. Present aggregated information and all gaps to leadership on a recurring basis to drive strategic decision making
Steps 1-3 of this process are designed to help risk managers standardize and prioritize risk information collected throughout the enterprise. With standardized risk assessments and a taxonomy system in place, risk managers are in an excellent position to aggregate risk information collected throughout the enterprise and present it to senior leadership in an organized, prioritized fashion.
C-suite executives and the board are most concerned with strategic objectives. Therefore, risk managers can and should organize risk information in a way that speaks towards how certain risks are impacting the company’s ability to achieve certain goals. This is a great approach to get executive buy-in and allocate resources most effectively.
Enterprise risk management software can help risk managers generate accurate and dynamic reports that can stay at a high level or drill down deeper into specific risks, departments, and initiatives.
5. Work with the audit team to implement proper monitoring activities to ensure controls are working effectively over time
Equally important to implementing a risk management program is monitoring it. Risk managers can work with the internal audit team to develop monitoring activities and collect metrics to determine how effective the controls are.
As a company’s risk management program matures, risk managers will be able to demonstrate its success to the board and senior leadership with quantitatively measurable metrics. Monitoring also helps risk managers determine how to evolve the program alongside the evolution of the company. As a business grows in size or capabilities, controls that were once effective may fall out of use and need to be reconfigured.
Maintaining a pulse on a risk management program is the best way to keep the company on the up and up and prevent it from falling into old habits of ineffectual risk management practices.
The Wells Fargo ad campaign will not be enough to help them recover from the failures they’ve perpetrated over the years. The only way forward for Wells Fargo is to fix their risk management program and advertise how their risk management program is protecting customers and investors.
These are steps that every company that has found themselves in hot water over risk management failures can follow to improve themselves, regain consumer and investor trust, and achieve success.
This article was originally posted on LogicManager.com