The vendor risk management process is becoming an area of increased focus for risk managers. The operational, financial, and regulatory risks third-party vendors and contractors pose to an organization continue to expand unabated. Despite the magnitude of the threat posed from lax vendor management programs, many risk managers do not feel their organizations have the technology and capabilities in place to properly face the challenge.
A Deloitte study notes that 94% of responding executives have only low to moderate levels of confidence in the tools and technology they use to manage third-party risk. Nearly 90% have similar lack of confidence in the quality of the underlying risk management process. Armed with dubious solutions and processes, risk managers fighting for effective vendor risk management assessment may find it an uphill battle.
The status quo may not hold
Recent New York Times coverage of the dire supply chain effects Hurricane Maria had on the availability of critical prescriptions in the U.S. illustrates how quickly vendor management issues can escalate. The article notes, “Federal officials and major drugmakers are scrambling to prevent national shortages of critical drugs for treating cancer, diabetes and heart disease, as well as medical devices and supplies, that are manufactured at 80 plants in hurricane-ravaged Puerto Rico.”
… read more
Trying to determine the value of enterprise risk management (ERM) is a difficult challenge. A quotation frequently attributed to Albert Einstein (although more likely originally said by sociologist William Bruce Cameron) gets to the crux of the issue: “Not everything that can be counted counts, and not everything that counts can be counted.”
Issues with measuring ERM value
Donna Galer, writing for the Insurance Thought Leadership blog, summarizes the reasons why the value of ERM programs are not easily quantified:
- It is extremely hard to know when a loss did not happen because of ERM.
- It is just as hard to quantify the cost of loss that did not happen.
- It is difficult to quantify the “soft” benefits of enhanced reputation because ERM is practiced or because of improved strategic alignment in the organization; ERM requires an understanding of the company’s strategic goals and objectives to identify the risks that might derail their achievement.
- It is often hard to justify the time and expense of measuring something that is not easy to measure.
Determining the objective value of a prevented loss or improved strategic alignment is highly problematic. Despite the very real value associated with those activities, determining a specific value without having an actuary assess probabilities and amounts seems extremely difficult. Not everything that counts can be counted.
… read more
As discussed in previous posts, the manufacturing skills gap is a critical risk that demands effective risk management strategies. The real world impacts that can be felt from this risk include:
- Increased wage costs
- Production inefficiencies
- Increased workers’ compensation expenses
- Inability to meet customer demand and potential loss of market share
- Inability to expand
- Decreased R&D effectiveness
In addition to the skills gap, manufacturers face numerous other risks arising from factors that include new regulations, geopolitical shifts, supply chain vulnerabilities, and environmental impacts. Added on top of that are the traditional risks that face all industries such as market risk, disruptive competitors, technology obsolescence, and health/safety risks. Collectively, manufacturers must address a larger number of risks, that change more frequently, and are more interconnected than most industries.
… read more
Technology is often the first thing risk managers turn to when seeking to enhance enterprise risk management (ERM) programs. The appeal of leaving behind a jumble of spreadsheets and manual processes for a single, dedicated ERM workhorse is undeniable. Yet, without the right context to shape the selection process, a new technology solution may not help at all. In fact, it could even make matters worse. … read more
Given the continuing discussion on the new ISO and COSO framework updates, and the lively “Great Debate,” we recently sat down with Michael Yip, Vice President, Risk Management with DFW International Airport to get his thoughts about the new Enterprise Risk Management (ERM) framework updates. With over 20 years of strategic management consulting experience, his frequent speaking engagements and thought leadership on ERM, and his extensive history of domestic and international assignments implementing corporate governance and compliance initiatives dating back to the introduction of first generation COSO and ISO frameworks, he is an ideal choice for this topic.
It quickly became apparent, however, that merely adding to an ever-growing collection of “Which ERM framework is right for you?” articles was not something that he was entirely interested in pursuing. In fact, he found the situation that the industry is still wrestling with frameworks, after all this time, “problematic” as it entirely circumvents the strategic conversation about ERM. So, we had that discussion instead.
… read more
The impact of Flood risk has typically been managed by government controls (building flood barriers, managing release of water via dams, and determining the locations and types of structures that can be built). Owners of properties are then responsible for the financial impact of any remaining risk related to flooding. This is often handled through the purchase of insurance and, sometimes, through reliance on a government disaster payments.
This approach has not been perfect. The National Flood Insurance Program has been around since 1958 and has so far managed to incur a debt well in excess of $24 billion. And 2017 was certainly a bad year for flood victims and insurers. Premium increases can be expected and may not be available for locations where there have been multiple claims over the years. (One location, for example, is said to have been flooded more than 30 times in 50 years).
There are new options for some flood damage control, such as replacing sandbags with chemical filling such as silica, which is relatively light, doesn’t require the labor associated with filling bags, and may be reused if floodwaters contain no significant pollution. Additionally, new technologies are being deployed to prevent flooding. These include hydraulic powered water gates in Tokyo, surge barriers in the Netherlands, and the Fox Point Hurricane barrier, which protected Providence Rhode Island against the surge of Hurricane Sandy.
Insurance of own property and other various controls are, typically, the primary methods to reduce the impact on organizations. So, how is this related to Enterprise Risk Management? … read more
This is the fifth in a series of five brief articles on key data issues identified by several prominent risk managers at leading UK and European companies. Recently, they participated in a roundtable on future-proofing management information (MI). The event was co-hosted by Gallagher Basset and Origami Risk.
… read more
This is the third in a series of five brief articles on key data issues identified by several prominent risk managers at leading UK and European companies. Recently, they participated in a roundtable on future-proofing management information (MI). The event was co-hosted by Gallagher Basset and Origami Risk.
… read more