Increasing Risk Complexity Outpaces ERM Oversight

More organizations are recognizing the value of a structured focus on emerging risks. The number of organizations with a complete enterprise risk management (ERM) program in place has steadily risen from 9% in 2009 to 28% in 2016, according to the N.C. State Poole College of Management’s survey “The State of Risk Oversight: An Overview of Enterprise Risk Management Practices.”

Yet this progress may lag behind the increasingly complicated risks that need addressing. Of respondents, 20% noted an “extensive” increase in the volume and complexity of risks the past five years, with an additional 38% saying the volume and complexity of risks have increased “mostly.” This is similar to participant responses in the most recent prior years. In fact, only 2% said the volume and complexity of risks have not changed at all.

Even with improvements in the number of programs implemented, the study—which is based on responses of 432 executives from a variety of industries—found there is room for improvement. Overall, 26% of respondents have no formal enterprise-wide approach to risk oversight and currently have no plans to consider this form of risk oversight.

Organizations that do have programs continue to struggle to integrate their risk oversight efforts with strategic planning processes. “Significant opportunities remain for organizations to continue to strengthen their approaches to identifying and assessing key risks facing the entity especially as it relates to coordinating these efforts with strategic planning activities,” the researchers found.

According to the study:

Many argue that the volume and complexity of risks faced by organizations today continue to evolve at a rapid pace, creating huge challenges for management and boards in their oversight of the most important risks. Recent events such as Brexit, the U.S. presidential election, immigration challenges, the constant threat of terrorism, and cyber threats, among numerous other issues, represent examples of challenges management and boards face in navigating an organization’s risk landscape.

Key findings include:

RIMS Conference Veterans Offer Advice to First Time Attendees

Last week a member of the RIMS Opis online community asked an important question: “What advice can RIMS Annual Conference & Exhibition veterans give to someone attending the show for the first time?” Luckily, the risk management community rushed in with some sage advice.

First and foremost, several people pointed out how helpful the First Time Attendee Orientation (4:30 p.m. on Sunday, April 23) is. Aside from getting the conference layout, attending the orientation is a great opportunity to meet and get to know people, as “networking is a huge benefit—perhaps the biggest benefit—of attending the conference.”

Here are some other tips from previous attendees to get the most out of the conference:

  • Download the RIMS app. The app will help to keep you on schedule. “I love this app because you can add your own events, see who is attending and plan your schedule. It even has a map!”
  • Leave the uncomfortable shoes at home. The Pennsylvania Convention Center in downtown Philadelphia is massive, and attendees will be doing a lot of walking. That said, don’t opt for flip-flops either, as most attendees are in business formal or business casual attire. One commenter shared this helpful system, “I can’t emphasize comfortable shoes enough! I log 25,000+ steps each day of RIMS and it is non-stop from morning to night. I bring a backpack and carry dressier shoes if I need to put them on for a specific meeting during the day.”
  • Take advantage of free food. “If you work this out right, you won’t buy any meals (except the occasional),” one commenter said. “There are many opportunities to eat for free at a RIMS Annual Conference, and that’s just on the tradeshow floor!” There are also several evening events hosted by underwriters and brokers, some of which splurge on impressive entertainment.
  • Get organized, but stay flexible. There are more than 150 education sessions, tradeshow floor activities and general sessions to attend. Before you get to Philadelphia, make note of the sessions you would like to attend, and put holds on your calendar along with location information. That way you won’t feel overwhelmed and flustered when you’re on site. There will inevitably be things that pop up when you’re at RIMS 2017—your plans will change, and that’s OK.
  • Find a show veteran to tag along with. Doing this can help with maneuvering the Exhibition Hall and to learn how to “work” the tradeshow floor.
  • Talk to the people around you. This can’t be emphasized enough. During down time before or after education sessions, during meals and at parties, be sure to meet new people and collect their business cards. Many business deals and careers have received big boosts from new connections made at the annual conference.
  • Bring a very tall stack of business cards!

Finally, a RIMS member advised attendees who don’t want to leave their healthy habits at home amidst all of the activity and parties, to “embrace wellness” with these tips:

  • Take part in the 5K Fun Run. This event will take place on Tuesday morning, before the start of educational sessions. It’s a great way to network, raise money for Spencer Educational Foundation (which supports the next generation of rising risk professionals), and experience the host city with an early morning perspective.
  • Visit the Wellness ZENter. The ZENter will be located centrally in the RIMS Marketplace Exhibit Hall.
  • Drink plenty of water. In addition to the health-conscious choices available at RIMS meals, look for other options, such as infusers and water bottles, in vendor handouts and giveaways.

Software May Help Oil Companies Determine a Location’s Earthquake Potential

New software for monitoring the probability of earthquakes in a targeted location could help energy companies determine where they can operate safely.

The free tool, developed by Stanford University’s School of Earth, Energy & Environmental Sciences, helps operators estimate how much pressure nearby faults can handle before rupturing, by combining three important pieces of information:

  • Location and geometry of the fault
  • Natural stresses in the ground
  • Pressure changes likely to be brought on by injections

“Faults are everywhere in the Earth’s crust, so you can’t avoid them. Fortunately, the majority of them are not active and pose no hazard to the public. The trick is to identify which faults are likely to be problematic, and that’s what our tool does,” said Mark Zoback, professor of geophysics at Stanford, who developed the approach with graduate student Rail Walsh.

Fossil fuel exploration companies have been linked to the increased number of earthquakes in some areas—Oklahoma in particular—that have been determined to be the result of fracking. According to the Dallas Morning News:

Only around 10% of wastewater wells in the central and eastern United States have been linked with earthquakes. But that small share, scientists believe, helped kick-start the most dramatic earthquake surge in modern history.

From 2000 — before the start of America’s recent energy boom — to 2015, Oklahoma saw its earthquake rate jump from two per year to 4,000 per year. In 2016, its overall number fell to 2,500, but its quakes grew stronger.

Five other states, including Texas, Arkansas and Kansas, have seen unprecedented increases in ground shaking tied to the wells, although North Texas had no earthquakes strong enough to be felt last year.

The insurance industry has also been monitoring the rise in temblors. A Swiss Re report concluded, “It’s highly likely that this dramatic rise in earthquake occurrence is largely a consequence of human actions.”

According to the report:

Along with the increase in seismicity, Oklahoma has seen a growth in its oil and natural gas operations since 2008, specifically hydraulic fracturing (often referred to as “hydrofracking” or “fracking”) and the disposal of wastewater via deep well injection. Both hydrofracking and deep well injection involve pumping high-pressure fluids into the ground. A consensus of scientific opinion now links these practices to observed increases in seismic activity. Earthquakes where the cause can be linked to human actions are termed ‘induced earthquakes,’ and present an emerging risk of which the insurance industry is taking note.

Food Defense Initiatives Can Safeguard Your Company

When most people think of product contamination and recalls, the first thing that comes to mind is food poisoning cases from bacteria such as e-coli and listeria. Food and drug companies, however, are experiencing malicious and intentional product tampering that can be equally deadly and dangerous. Many of us can’t forget the 1982 cyanide Tylenol crisis, Johnson & Johnson’s worst nightmare as reported cases of death from their products came pouring in, causing recalls nationwide.

The Tylenol case was long ago, but unfortunately, decades later and despite modern day advancements in packaging and processes, there is still a steady flow of cases globally, where bad actors contaminate products. This can lead to possible danger for customers, recalls, lasting reputational damage and potentially huge financial losses.

For example, in 2013, unsafe levels of the insecticide malathion was found in a Japanese frozen food company’s product after customers reported a chemical smell coming from the products and almost 3,000 incidences of sickness from consuming them. As a result, the products were recalled and the company shut down, causing its stock to plummet.

Why does it happen?
The main motive for tampering with food products is to make a statement. Bad actors aim to cause injury or economic and reputational harm to companies, especially since news of these acts can go viral, creating the negative impact on companies they hope to achieve.

As with cases of cybercrime, these companies are in a sense being “hacked” and need protection. Like with the mysterious hacker, manufacturers and retailers are facing this threat from both inside and outside the organization.

Oftentimes an employee within the company is the culprit, such as in the case of Just Bare Whole Chicken. A recall of 55,608 pounds of chicken sold nationwide went into effect last June, after black sand and soil was found in some Gold’n Plump and Just Bare branded poultry. The employee responsible was identified and terminated, but the effects of the disruption were lasting.

Taking Preventative Measures
Food companies should have a full understanding of the risks they face, the insurance available, and the regulations associated with product tampering.

Insurance: Malicious Product Tampering (MPT) insurance addresses deliberate contamination, or the threat of such contamination of products when a company or the public has a reasonable belief that the products might cause bodily injury if consumed. MPT insurance should be considered as part of a total product recall risk management solution. Many of these insurance programs provide experienced crisis management consultants to help a company manage and recover from such incidents efficiently and effectively in order to minimize loss. When putting together a risk management program, make sure to have first and third party coverage for product recall, including malicious contamination, business interruption, product extortion, product recall costs, rehabilitation expenses, replacement costs and consultant costs.

Defense initiatives: There is a difference between food safety processes, which protect food from unintentional contamination by products that are present in the production plant, and food defense initiatives, which protect from intentional tampering by unknown substances. Some people use the terms interchangeably, but food defense is key to protecting against tampering.

In 2016, the FDA issued a final rule on Mitigation Strategies to Protect Food Against Intentional Adulteration and, as part of this initiative, released the Food Defense Plan Builder program, which assists food facility owners and operators with developing personalized food defense plans. This user-friendly tool should be quite valuable to your food defense strategy.

Regulation: The Food Safety and Modernization Act aims to ensure that the U.S. food supply is safe by focusing on preventing contamination before it happens rather than simply responding to it. It requires mitigation strategies to be put in place in certain food facilities.

With these risk management strategies and the right insurance plan in place, companies can protect themselves and help mitigate their risks of food or product tampering.