Implementing a Safety Culture for Company Drivers

Organizations with a safety policy in place for drivers of company vehicles may believe they are protected from liability in case of an accident. What they may not realize, however, is their defense could hinge on documentation of steps they have taken to ensure that the policy is being followed by employees, according to the study, Creating a Safety Culture: Moving from politics to habits, by SambaSafety.

The study found that, regardless of the policy in place, “simply saying that you didn’t know about poor driving behavior will no longer cut it – not when people’s lives and companies’ well-being are at stake. With the data readily available today, the courts are sure to ask how you didn’t know.”

To implement a successful program, it is important for employees to understand that the company’s policies must be followed by employees at all levels. “If someone in senior management breaks the rules and suffers no aftereffect, what’s the motivation for others to keep things in line?” the study asks.

Additionally, safety policies are not limited to employees whose primary responsibility is driving, or to those who drive company-owned or leased vehicles. According to the study:

Employee-owned or rented vehicles that are used for work-related journeys also must be part of the equation. To decrease liability (in addition to improving safety), policies should clearly state this fact and affirm that the same safe behavior is expected of every driver in the organization – on and off the job. That behavior might include non-distracted driving, for example, or even properly maintaining a personal vehicle used for company business to ensure safety and a positive refection of the organization.

Employees need to know that their employer can be held responsible for anything that happens while employees are conducting company business. Organizations also need to see that reimbursed drivers have adequate insurance, as well as administering signed driver agreements, providing uniform driver training – and ensuring that all drivers’ behavior and records are continuously monitored.

To move into a safety culture, SambaSafety advises organizations to keep their program in line with company principles, values and brand. Also important is working with the company’s existing culture:

Employees in a high-energy, competitive environment, for example, may enjoy contests between regions vying for the safest driving records. In a top-down culture, on the other hand, employees might respond best to regular tips and reminders from respected senior leaders.

In any case, clear communication can keep drivers from feeling micromanaged or worrying about their privacy and personal information. It can also mean fewer accidents and a higher level of safety for employees.

In a Changing World, Questions For the CRO

Before the financial crisis in 2008-2009, many businesses didn’t think of risk as something to be proactively managed. After the crisis, however, that paradigm shifted. Companies began perceiving risk management as a way to protect both their reputations and their stakeholders.

Today, risk management is not just recommended, it is considered crucial to successful operations and is required by federal and state law. The SEC’s Proxy Disclosure Enhancements, enacted in 2010, mandate that organizations provide information regarding board leadership structure and the company’s risk management practices. Company leadership is required to have a direct role in risk oversight, and any risk management ineffectiveness must be disclosed.

The CRO’s role

Volatility in the current business environment—a confluence of factors including transfers of power, the world economy and individual markets—is nothing new. Political transitions have always been accompanied by new agendas and shifting regulations, economies have always experienced bull and bear markets, and the evolution of technology constantly changes our processes.

Even so, recent events like Brexit, the uncertainty of a new administration’s regulatory initiatives, and thousands of annual data breaches have contributed to an unprecedented atmosphere of fear and doubt. To navigate this environment, the chief risk officer needs to adopt a proactive risk management approach. Enterprise-wide risk assessments grant the visibility and insight needed to present an accurate picture of the company’s greatest risks. This visibility is what the board needs to safely recognize opportunity for innovation and expansion into new markets.

To grow a business safely—by innovating and adding to products/services and expanding into new markets—risk professionals should not focus on identifying risk by individual country. This approach naturally leads to a prioritization of “large-dollar” countries, which aren’t necessarily correlated with greater risk. Countries that contribute a small percentage of overall revenue can still cause major, systemic risk management failures and scandals.

A better approach is to look at risk across certain regions; how might expanding the business into Europe, for example, create new challenges for senior management? Are there sufficient controls in place to mitigate the risks that have been identified?

When regional risks are aggregated to create a holistic picture, it becomes possible for the board to make sure expansion efforts are aligned with strategic goals.

Three processes that require ERM

Risk management is an objective process, and best practices, such as pushing risk assessments down to front-line process owners who are closest to operational risk, should be adhered to regardless of the current state of the international business arena.

While today’s political climate has generated a significant amount of media strife, it’s important not to let emotion influence decision-making. By providing the host organization with a standardized framework and centralized data location, enterprise risk management enables managers to apply the same basic approach across departments and levels.

This is particularly important when an organization expands internationally, which involves compliance with new sets of regulations and staying competitive. Performing due diligence on an ad hoc basis is neither effective nor sustainable. Instead, the process should follow the same best-practice process as domestic risk management efforts:

  1. Identify and assess. Make risk assessments a standard part of every budget, project or initiative. This involves front-line risk assessments from subject matter experts, revealing key risks and processes/departments likely to be affected by those risks. For example, financial scrutiny is no longer a concern just for banks. Increased attempts to fight terrorism mean transactions of all kinds are becoming subject to more review. Anti-bribery and anti-corruption processes estimate and quantify both vulnerability and liability.
  2. Mitigate key risks. Connect mitigation activities to the resources they depend on and the processes they’re associated with. ERM creates transparency into this information, eliminating inefficiency associated with updating/tracking risks managed by another department. Control evaluation is the most expensive part of operations. Use risk management to prioritize this work and reduce expenses and liability.
  3. Monitor the effectiveness of controls with tests, metrics, and incident collection for risks and controls alike. This ensures performance standards are maintained as operations and the business environment evolve. Evidence of an effective control environment prevents penalties and lawsuits for negligence. The bar for negligence is getting lower; technology is pulling the curtain back not only internally but (through social media and news) to the public as well.

Lastly, the CRO role is increasingly accountable for failures in managing risk along with other senior leaders and boards—look no further than Wells Fargo.

Disruptive Technologies Present Opportunities for Risk Managers, Study Finds

PHILADELPHIA–Disruptive technologies are used more and more by businesses, but those organizations appear to be unprepared. What’s more, companies seem to lack understanding of the technologies and many are not conducting risk assessments, according to the 14th annual Excellence in Risk Management report, released at the RIMS conference here.

The study found an apparent lack of awareness among risk professionals of their company’s use of existing and emerging technologies, including the Internet of Things (IoT), telematics, sensors, smart buildings, and robotics and their associated risks. When presented with 13 common disruptive technologies, 24% of respondents said their organizations are not currently using or planning to use any of them. This is surprising, as other studies have found that more than 90% of companies are either using or evaluating IoT technology or wearable technologies and that companies in the United States invested $230 billion on IoT in 2016.

Another finding was that despite the impact disruptive technology can have on an organization’s business strategy, model, and risk profile, 60% of respondents said they do not conduct risk assessments around disruptive technologies.

“Today’s disruptive technologies will soon be — and in many cases already are — the norm for doing business,” said Brian Elowe, Marsh’s U.S. client executive leader and co-author of the report said in a statement. “Such lack of understanding and attention being paid to the risks is alarming. Organizations cannot fully realize the rewards of using today’s innovative technology if the risks are not fully understood and managed.” According to the study:

Organizations generally, and risk management professionals in particular, need to adopt a more proactive approach to educate themselves about disruptive technologies — what is already in use, what is on the horizon, and what are the risks and rewards. Forward-leaning executives are able to properly identify, assess, and diagnose disruptive technology risks and their impact on business models and strategies.

This lack of clarity presents opportunity for risk professionals. In fact, previous Excellence reports have indicated that C-suite executives and boards of directors want to know what risks loom ahead for their organizations and increasingly rely on risk professionals to provide that insight.

“As organizations adapt to innovative technologies, risk professionals have the opportunity to lead the way in developing risk management capabilities and bringing insights to bear on business strategy decisions,” said Carol Fox, vice president of strategic initiatives for RIMS and co-author of the report. “As a first step, risk professionals are advised to proactively educate themselves about disruptive technologies, including what is already in use at their organizations, what technologies may be on the horizon, and the respective risks and rewards of using such technology.”

One thing companies can do to manage risks associated with disruptive technologies is facilitate discussions through cross-functional committees—yet fewer companies, only 48%, said they have one, a drop from 52% last year and 62% five years ago.

Whether discussed in weekly, monthly, or quarterly organization-wide committee meetings, emerging risks — including disruptive technologies — need to be examined regularly to anticipate and manage the acceleration of business model changes. When risk is siloed, too often the tendency can be toward an insurance-focused approach to risk transfer rather than an enterprise approach that may lead to pursuing untapped opportunities.

The Excellence survey, Ready or Not, Disruption is Here, is based on more than 700 responses to an online survey and a series of focus groups with leading risk executives in January and February 2017.

Findings from the survey were released today at the RIMS 2017 Annual Conference & Exhibition. Copies of the survey are available on www.marsh.com<http://www.marsh.com> and www.rims.org<http://www.rims.org>.

Protecting Employees in the Face of International Risks

Increasing globalization and the growing world market presents employees with opportunities to travel and experience new countries and cultures. With travel comes risk, however. In the event of an unforeseen incident, it is an organization’s top priority to ensure its employees are safe and out of harm’s way.

By following proactive travel risk management strategies, employers can help ensure not only the safety of their employees abroad, but also the success of their businesses while avoiding major financial, legal and reputation costs. When developing travel policies, companies must consider the health, safety and security risks that their employees could encounter.

Security Risks
The frightening unknowns of crises such as sudden earthquakes or airport terror attacks can cause distress and chaos. It is the duty of a company’s human resources department to ensure employees are safe and secure, as being unprepared for such events could have dire consequences. For the best outcome, companies should proactively develop travel risk management plans before disaster strikes. Consider these guidelines for your company’s travel emergency plans:

  • Share information. Ensure employees are educated on how to avoid security risks in their destinations and share corresponding safety advice.
  • Develop a communication plan. Decide how employees should contact HR and/or other crisis response team members and vice versa in the event of an emergency.
  • Give employees information about who to contact if they’re in an emergency scenario. Create staffing patterns or third party resources that can accommodate after-hours calls.
  • Consider rearranging travel plans if there’s a high security risk. Use technologies, such as video conferencing, to keep business rolling as usual if employees need to conduct in-person meetings in destinations where it may be temporarily unsafe to travel.
  • Encourage employees to enroll in the Smart Traveler Enrollment Program (STEP). The app provides updated travel warnings and alerts via email. It can also help the nearest U.S. embassy or consulate locate individuals in the event of a disaster.

Health Risks
Recent disease outbreaks in several countries have caused concern among business and leisure travelers alike. If organizations have plans for employees to travel to areas experiencing widespread illness, consider exercising flexibility. If a disease epidemic is dominating news headlines, there is a good chance employees will be concerned about going to a destination that’s affected. In these cases, advise alternative options such as video calls or contacting local partners to help out. On the other hand, if employees elect to travel to the location, it is the employer’s job to ensure they have the knowledge and resources they need to have a safe and successful trip. To help protect the health of a traveling employee, HR professionals should:

  • Research and understand destination-specific health risks and share this information with employees. Education is essential to preventing life-threatening situations.
  • Ask employees to fill out personal medical information Forms. An employee should bring a copy on the trip and also leave copies with trusted friends or family. In the event of a medical emergency, the trustees will be able to obtain important personal medical details from the document, such as insurance coverage, current or past medical conditions and emergency contact information.
  • Remind employees to carry prescription paperwork. This can prevent issues at airport security and can be useful should a new or similar prescription be necessary locally.
  • Confirm that employees are covered by health insurance that is accepted overseas. This will help avoid monstrous fees later on.

Potential Costs for the Business
The costs of not following these strategies can be far-reaching. Your employees’ health and safety is always of utmost importance. However, there are also some continuity issues to consider.

At the most basic level, a health or safety issue that affects a traveling employee will likely cause a loss in productivity and, therefore, an impact to your organization’s bottom line. Companies could furthermore face cancellation fees, lost deposits, unused inventory or lost sales. Additionally, medical bills, medical evacuations and security evacuations can pose huge financial burdens on both employees and the company.

Furthermore, an organization that doesn’t adequately prepare for potential risks and therefore compromises an employee’s safety can lose loyalty quickly. If employees know their colleagues were put in risky situations, they will likely lose trust in their companies—which could cause engagement (and business results) to decline.

Adding to the strain of a disillusioned workforce, legal disputes could arise. An injured worker seeking remedies could bring an injury claim against their employer. The cost a company could face when it comes to duty of care disputes depends on the complexity of the case, the length of time and whether it reaches a full trial. Businesses should be prepared for the possibility of facing court cases by following key risk management strategies before being pulled through lengthy and costly litigation processes.

There are also reputation costs to consider. One of the most damaging scenarios may be that the company’s failure to fulfill their duty of care obligation leads to media headlines resulting in serious brand damage. In this case, the news can mar the company’s reputation, causing stakeholders to pull away and resulting in devastating loss in revenue.

Above all, employees are the backbone of an organization, and their safety and security should be the top priority for every business. Devising a sound risk management plan for travelling employees is crucial for ensuring the safety of employees as well as the longevity of your business.