Increasing Risk Complexity Outpaces ERM Oversight

More organizations are recognizing the value of a structured focus on emerging risks. The number of organizations with a complete enterprise risk management (ERM) program in place has steadily risen from 9% in 2009 to 28% in 2016, according to the N.C. State Poole College of Management’s survey “The State of Risk Oversight: An Overview of Enterprise Risk Management Practices.”

Yet this progress may lag behind the increasingly complicated risks that need addressing. Of respondents, 20% noted an “extensive” increase in the volume and complexity of risks the past five years, with an additional 38% saying the volume and complexity of risks have increased “mostly.” This is similar to participant responses in the most recent prior years. In fact, only 2% said the volume and complexity of risks have not changed at all.

Even with improvements in the number of programs implemented, the study—which is based on responses of 432 executives from a variety of industries—found there is room for improvement. Overall, 26% of respondents have no formal enterprise-wide approach to risk oversight and currently have no plans to consider this form of risk oversight.

Organizations that do have programs continue to struggle to integrate their risk oversight efforts with strategic planning processes. “Significant opportunities remain for organizations to continue to strengthen their approaches to identifying and assessing key risks facing the entity especially as it relates to coordinating these efforts with strategic planning activities,” the researchers found.

According to the study:

Many argue that the volume and complexity of risks faced by organizations today continue to evolve at a rapid pace, creating huge challenges for management and boards in their oversight of the most important risks. Recent events such as Brexit, the U.S. presidential election, immigration challenges, the constant threat of terrorism, and cyber threats, among numerous other issues, represent examples of challenges management and boards face in navigating an organization’s risk landscape.

Key findings include:

Software May Help Oil Companies Determine a Location’s Earthquake Potential

New software for monitoring the probability of earthquakes in a targeted location could help energy companies determine where they can operate safely.

The free tool, developed by Stanford University’s School of Earth, Energy & Environmental Sciences, helps operators estimate how much pressure nearby faults can handle before rupturing, by combining three important pieces of information:

  • Location and geometry of the fault
  • Natural stresses in the ground
  • Pressure changes likely to be brought on by injections

“Faults are everywhere in the Earth’s crust, so you can’t avoid them. Fortunately, the majority of them are not active and pose no hazard to the public. The trick is to identify which faults are likely to be problematic, and that’s what our tool does,” said Mark Zoback, professor of geophysics at Stanford, who developed the approach with graduate student Rail Walsh.

Fossil fuel exploration companies have been linked to the increased number of earthquakes in some areas—Oklahoma in particular—that have been determined to be the result of fracking. According to the Dallas Morning News:

Only around 10% of wastewater wells in the central and eastern United States have been linked with earthquakes. But that small share, scientists believe, helped kick-start the most dramatic earthquake surge in modern history.

From 2000 — before the start of America’s recent energy boom — to 2015, Oklahoma saw its earthquake rate jump from two per year to 4,000 per year. In 2016, its overall number fell to 2,500, but its quakes grew stronger.

Five other states, including Texas, Arkansas and Kansas, have seen unprecedented increases in ground shaking tied to the wells, although North Texas had no earthquakes strong enough to be felt last year.

The insurance industry has also been monitoring the rise in temblors. A Swiss Re report concluded, “It’s highly likely that this dramatic rise in earthquake occurrence is largely a consequence of human actions.”

According to the report:

Along with the increase in seismicity, Oklahoma has seen a growth in its oil and natural gas operations since 2008, specifically hydraulic fracturing (often referred to as “hydrofracking” or “fracking”) and the disposal of wastewater via deep well injection. Both hydrofracking and deep well injection involve pumping high-pressure fluids into the ground. A consensus of scientific opinion now links these practices to observed increases in seismic activity. Earthquakes where the cause can be linked to human actions are termed ‘induced earthquakes,’ and present an emerging risk of which the insurance industry is taking note.

Food Defense Initiatives Can Safeguard Your Company

When most people think of product contamination and recalls, the first thing that comes to mind is food poisoning cases from bacteria such as e-coli and listeria. Food and drug companies, however, are experiencing malicious and intentional product tampering that can be equally deadly and dangerous. Many of us can’t forget the 1982 cyanide Tylenol crisis, Johnson & Johnson’s worst nightmare as reported cases of death from their products came pouring in, causing recalls nationwide.

The Tylenol case was long ago, but unfortunately, decades later and despite modern day advancements in packaging and processes, there is still a steady flow of cases globally, where bad actors contaminate products. This can lead to possible danger for customers, recalls, lasting reputational damage and potentially huge financial losses.

For example, in 2013, unsafe levels of the insecticide malathion was found in a Japanese frozen food company’s product after customers reported a chemical smell coming from the products and almost 3,000 incidences of sickness from consuming them. As a result, the products were recalled and the company shut down, causing its stock to plummet.

Why does it happen?
The main motive for tampering with food products is to make a statement. Bad actors aim to cause injury or economic and reputational harm to companies, especially since news of these acts can go viral, creating the negative impact on companies they hope to achieve.

As with cases of cybercrime, these companies are in a sense being “hacked” and need protection. Like with the mysterious hacker, manufacturers and retailers are facing this threat from both inside and outside the organization.

Oftentimes an employee within the company is the culprit, such as in the case of Just Bare Whole Chicken. A recall of 55,608 pounds of chicken sold nationwide went into effect last June, after black sand and soil was found in some Gold’n Plump and Just Bare branded poultry. The employee responsible was identified and terminated, but the effects of the disruption were lasting.

Taking Preventative Measures
Food companies should have a full understanding of the risks they face, the insurance available, and the regulations associated with product tampering.

Insurance: Malicious Product Tampering (MPT) insurance addresses deliberate contamination, or the threat of such contamination of products when a company or the public has a reasonable belief that the products might cause bodily injury if consumed. MPT insurance should be considered as part of a total product recall risk management solution. Many of these insurance programs provide experienced crisis management consultants to help a company manage and recover from such incidents efficiently and effectively in order to minimize loss. When putting together a risk management program, make sure to have first and third party coverage for product recall, including malicious contamination, business interruption, product extortion, product recall costs, rehabilitation expenses, replacement costs and consultant costs.

Defense initiatives: There is a difference between food safety processes, which protect food from unintentional contamination by products that are present in the production plant, and food defense initiatives, which protect from intentional tampering by unknown substances. Some people use the terms interchangeably, but food defense is key to protecting against tampering.

In 2016, the FDA issued a final rule on Mitigation Strategies to Protect Food Against Intentional Adulteration and, as part of this initiative, released the Food Defense Plan Builder program, which assists food facility owners and operators with developing personalized food defense plans. This user-friendly tool should be quite valuable to your food defense strategy.

Regulation: The Food Safety and Modernization Act aims to ensure that the U.S. food supply is safe by focusing on preventing contamination before it happens rather than simply responding to it. It requires mitigation strategies to be put in place in certain food facilities.

With these risk management strategies and the right insurance plan in place, companies can protect themselves and help mitigate their risks of food or product tampering.

Weather Threatens Oroville Dam Emergency Efforts

As measures are taken to repair a damaged spillway at the Oroville Dam in Northern California, weather forecasters are calling for rain later this week. Almost 200,000 people were evacuated from their homes below the dam, the largest in the country, on Feb. 12 as erosion of the dam’s emergency spillway threatened to flood the towns below.

While the situation was said to have stabilized on Sunday morning, conditions worsened and evacuation orders were issued. Roads in the area quickly backed up as a result, according to reports.

The dam’s main spillway was damaged after a winter season of record rains and snows following years of drought in the state.

Photo: California Department of Water Resources

California Representative John Garamendi told MSNBC that the evacuation was essential. “Fortunately when they were able to open the main spillway gates. That began to lower the reservoir level, because the water coming into the reservoir was about half of what they were able to expel down the main spillway, so it’s stabilized.”

The next issue, he said, is whether the spillway can be patched up “sufficiently to weather the storms that are clearly ahead of us.” Garamendi added that the months of March and April are the heavy storm season in the state.

Sheriff Kory Honea of Butte County said at a press conference that the Department of Water Resources (DWR) reported that the dam’s erosion is not advancing as rapidly as they thought. He said a plan is in place to plug the hole in the spillway by dropping large bags of rocks by helicopter. The DWR said that another measure being taken to relieve pressure on the spillway has been to raise the rate of discharge water from 55,000 cubic feet per second to 100,000 cfs, which it said has been working.

Helicopters transport large bags of rocks from the Oroville Dam parking lot, to the erosion site at the Oroville Dam auxiliary spillway in California, to help fight further erosion, February 13, 2017. Oroville is in Butte County. Florence Low / California Department of Water Resources

The New York Times reported that Northern California is close to 225% above normal rainfall levels since Oct. 1. According to the Times:

Repeated rounds of rain have pounded the area in recent weeks, rapidly raising the water level at Lake Oroville, the second-largest reservoir in California and a linchpin of the state’s water system. On Tuesday, a gaping hole opened in the main spillway that is used to release extra water. Early Saturday, an adjacent emergency spillway was also put into use, the first time water flowed over it since the dam was finished in 1968, department officials said.

State officials have said the 770-foot Oroville Dam itself, the nation’s tallest, is sound.

The problems with Oroville Dam are not a surprise to some. In 2005, during a relicensing process for the dam, three environmental groups warned the DWR of potential dangers with the emergency spillway, which is not a concrete spillway, but a concrete lip with a dirt hillside below. The concern was that the hillside could be easily eroded in the case of an emergency.

The Washington Post reported:

The upgrade would have cost millions of dollars and no one wanted to foot the bill, said Ronald Stork, senior policy advocate for Friends of the River, one of the groups that filed the motion.

“When the dam is overfull, water goes over that weir and down the hillside, taking much of the hillside with it,” Stork told The Washington Post. “That causes huge amounts of havoc. There’s roads, there’s transmission lines, power lines that are potentially in the way of that water going down that auxiliary spillway.”

Federal officials, however, determined that nothing was wrong and the emergency spillway, which can handle 350,000 cubic feet of water per second, “would perform as designed” and sediment resulting from erosion would be insignificant, according to a July 2006 memo from John Onderdonk, then a senior civil engineer for the Federal Energy Regulatory Commission.

Garamendi said that “What happened with the widening of the sinkhole was the result of someone overlooking the problems, including the fact that there was no concrete apron on the spillway.”

He also noted that while there will most likely be federal dollars to help rebuild the dam, “This is just one really startling, quite tragic and potentially catastrophic example of what’s happened to the infrastructure across America. We’ve seen bridges collapse in Minnesota, we’ve seen them on I-5 in Washington State and now this reservoir, which is the linchpin of California’s water system.”