Risk is inherent in every aspect of business – Bernard Matthews had to face the consequences of an outbreak of bird flu across his turkey farming empire, while Cadbury’s has dealt with cases of salmonella in its production line.
Everything from the need to recall a faulty product or employee fraud, to breaches of corporate governance, health and safety regulation or employment law, attract adverse attention and all of these incidents can have significant consequences for a business in loss of income, the payment of fines, a drop in share value, loss of reputation, or even prison for the directors.
Where are the risks?
The range of risks a company now has to consider has increased significantly. The list of risks for which directors and company officers, in particular, are ultimately responsible just gets longer – the imminent introduction of the Corporate Manslaughter Bill is a case in point.
Consequently, organisations face a myriad of perils, many of which can have a negative impact directly on their income and profitability, or at worst close them down and cause immense distress to staff and investors alike. That means that the management of risk at all levels is becoming a major concern for everyone involved in an organisation, whether they are directors, employees, customers or shareholders.
And it isn’t just a question of simply ticking boxes to show that procedures and processes exist on paper a company needs to take risk management seriously – and be seen to do so. The HR function has a role to play at the forefront of risk reduction, policy development and communication in the business.
The traditional way of mitigating risk has been to introduce internal audit and compliance procedures, and to consider how to insure or underwrite insurable risks while limiting, as far as possible, the likelihood of someone making a claim. This concentrates responsibility firmly at the top of an organisation, while diluting real responsibility and disempowering the people working at lower levels in the organisation. It can also divert the focus of those who should be concentrating on driving the strategy of the business into the detail of operational management and company administration.
A more effective approach is to cascade responsibility down through an organisation, something known as ‘functional self-responsibility’. This empowers and energises management and staff alike, creating absolute clarity about how the business as a whole operates.
If each person is clear about how their role drives benefit for the business and is motivated to treat their role as if they ‘owned the business’ then, by extension, they will feel like they can take full responsibility for the functions they deliver.
To really mitigate risk, every person in the business needs to buy into this culture from top to bottom, and understand how their role plays an essential and integral part in delivering growth in the company and how the consequences of their actions can directly affect the company negatively as well as positively.
Building a framework
To successfully diminish risk, it is essential to address the functional structure of your organisation. This means looking at the fundamental issues about how a business runs profitably, assessing who does what and ensuring they are appropriately skilled or experienced for the job.
By doing this, you will get the most appropriate people in a business undertaking activities for which they have the skills, improving skills where needed, and empowering staff to understand the responsibilities attached to each role.
As each person within an organisation takes on the culture of self-responsibility and understands not only their own role but how it integrates within the larger organisation, they will be able to identify risks at an individual level. Staff no longer view risks as just a responsibility of the organisation, their manager or of their manager’s boss.
The will and commitment to make this happen needs to come from the top layer of management, but HR’s role is pivotal in ensuring this framework of functionality is driven throughout the business, so work closely with senior executives and compliance and legal departments.
You create an environment where everyone is more engaged, as they fully understand the remit and responsibilities of their job through taking on individual responsibility.
Reduced claims result in reduced insurance premiums.
The board can demonstrate to stakeholders that it has a transparent operating structure, functioning in the most efficient and effective way.
There have been a number of high-profile cases where organisations have had to put risk management procedures swiftly into place, Here are just a few examples of organisations that have been in sticky situations:
- February 2007: Following a salmonella scare a few months earlier, Cadbury’s was forced to recall some of its Easter eggs because they did not carry the correct nut allergy labelling.
- February 2007: Turkey producer Bernard Matthews was forced to lay off 130 workers just days after insisting that all jobs were secure in the wake of the bird flu outbreak at its Suffolk farm.
- October 2004: A fire at Premier Foods’ factory in Bury-St-Edmunds, which produces Branston Pickle, caused significant damage to 40% of the plant, bringing production to a standstill and prompting pickle lovers to place bids for as much as six times the price of a jar on eBay.
- October 2003: Barclays chief executive Matt Barrett told consumers to steer clear of credit cards, saying: “I do not borrow on credit cards. I have four young children. I give them advice not to pile up debts on their credit cards.” He even told the Commons’ Treasury select committee that he did not use credit cards from his own subsidiary, Barclaycard, because it was simply too expensive.
- April 1991: In the original PR gaffe, business tycoon Gerald Ratner ruined his company’s business with a speech to the Institute of Directors, when he joked that one of his firm’s products was “total crap”, and boasted that some of its earrings were “cheaper than a prawn sandwich”.
Working out the risk
Coaching firm Shirlaws divides the functions required in a successful, and low-risk, business into three groups, and colour codes these activities as red, blue or black. This enables a company to demonstrate where the business is spending most of its time.
- ‘Red’ activities are all the essential cost functions, including HR, legal, compliance, admin and IT, without which the business would cease to function effectively.
- ‘Blue’ activities include all revenue-generating functions and are customer related, such as sales, marketing, production and customer service.
- ‘Black’ covers all the strategy and management activities related to business growth and long-term planning, including such areas as joint ventures, mergers and acquisitions, and the positioning of the business in the market.
In a functionally balanced business, each individual is engaged in a clearly defined role for which they are skilled and for which they take responsibility. You should start this exercise at the most senior level, where too often directors are engaged in red and blue activities when they should be engaged with strategic black activities. Repeat the process through all the levels of the business to ensure the most appropriate executives focus on the appropriate activities, increasing productivity and mitigating risk.