Risk management is top of mind for most financial executives, with various surveys pinpointing where that risk is coming from (regulatory risk tops all other types, according to KPMG, while the Association of Finance Professionals says customer satisfaction/retention is the biggest risk factor), how bad the situation is (loss of income from the top 10 risks has increased from 28% in 2011 to 42% in 2013, based on an Aon study), and how widespread is the concern, especially among chief executives (90% of U.S. CEOs worry about uncertain or volatile economic growth, according to PricewaterhouseCoopers).
Yet despite the recognition of so many risks, it's an open question whether companies are ready to deal with them. Many companies are gambling their survival on a "hope and prayer" strategy, believing that nothing bad will happen to them, while in reality they face the possibility of "significant financial losses and potentially irreparable damage to their brand if/when a major event disrupts their operations," cautions Gerry Fay, chief global logistics and operations officer with Avnet Inc., a $26 billion distributor of electronic components and computer products.
"A weak risk assessment plan might overlook more subtle threats such as insufficient employee training in regulatory compliance," Fay points out. "This oversight could bring an organization into noncompliance with various government requirements and may result in substantial fines and/or the loss of business."
As a global company based in the U.S., Avnet has seen its customer base shift dramatically over the past five years, with the Asia/Pacific region growing from 18% in 2008 to 30% of Avnet's total revenues; concurrently, the Americas region has shrunk from nearly half of all revenues (48%) to 42% today. As Rick Hamada, Avnet's CEO, recently remarked at an analysts briefing, "A slower recovery is impacting technology spending," making it that much more critical that the company be able to quickly identify and then act upon any marketplace risks, no matter where they might occur.
One of the main stumbling blocks preventing companies from fully accomplishing an enterprise risk management strategy is a silo mentality. Business silos impede progress in a company because they make it very difficult to quickly get every department and every decision-maker on board to tackle a common problem, notes Graham Bolton, executive VP of financial services consulting with Freeborders, a provider of financial IT services. "When executives from varying divisions are not aware of the types of financial controls other legal entities or product areas have in place, there are potential risks."
To overcome this type of crippling silo mentality, Avnet assembled a cross-functional risk council that includes executive-level participation from various departments, including finance, legal, human resources, logistics, IT, audit, trade compliance, corporate communications and all operating groups. "The range of interests represented in this group gives us confidence that our key corporate objectives and strategies are being considered," Fay says.
Avnet's risk council first establishes risk priorities, and then identifies risk owners within the various departments and business areas. These risk owners engage in risk assessments, manage control plans and report risk exposures and potential actions to the council, Fay explains. In terms of best practices, the risk council uses an internally developed risk assessment tool, based on the Six Sigma process failure modes and effect analysis process.
Using the tool to assign ratings for severity, occurrence and detection, it then suggests the proper action to take: accept the risk, mitigate it, avoid it or transfer it. The company has also set up a risk hotline for employees, who are able to report risks wherever they see them.
|Stay up-to-date with the latest risk management trends at www.businessfinancemag.com/blog/full-disclosure.|
"We're able to take a more proactive, pre-emptive approach to risk management," Fay observes, "so that we are controlling the risk, not the other way around."