What you need to know to stay current in risk management
It’s Thursday July 19th and our latest edition of the Feagin Company Weekly Risk Report: What you need to know to stay current in risk management.
Culture – Not as simple as Mesophilic or Thermophilic
Hot topic in ERM: search “risk culture” and you’ll find a slew of consulting companies selling services to come to your rescue (academics). Managing risks is an important component when attracting investors and growing/protecting the business. Real world experience and key components to strengthening risk culture from “been there, done that” include: 1) advocacy from the top, 2) communication transparency across the organization, 3) trust, and 4) action. It may be called “risk culture,” but in reality, it’s just solid business culture. Don’t shoot the “risk” messenger; user adoption is key to institutionalization, which is key to risk culture success. Pay attention to the organization’s capacity for change; OCM is a risk. Risk managers: you’re blowing your budget and possibly your career if you don’t manage this. Seek lessons learned.
Governance – Is Netflix the corporate governance golden child?
Netflix may take a unique approach to corporate governance according to a recent study conducted by the Stanford Graduate School of Business. Transparency and preparedness are major points of focus by the board, and board members observe monthly and quarterly senior management meetings. Typical communications to the board are analysis-heavy, 30-page memos with internal links to further information. According to the study, meetings were shorter and decisions were made faster; I’d consider that cause for celebration. However, there is cause for concern; according to Institutional Shareholder Services (ISS) insights on Yahoo Finance, Netflix scores 2 for Audit, 10 for Board, 10 for Shareholder Rights, and 10 for Compensation. Sounds good, until you realize that a score of 10 denotes “high risk.” On another note, Netflix “dethroned” HBO’s 17-year Emmy nomination winning streak with 112 nominations to HBO’s 108. Not a number institutional investors care about. Shares are falling on slowing subscriber rates and increased debt.
Hot topics in ERM – Risk Appetite Continued…
Risk appetite was originally a concept developed for financial institutions…think VaR but not too hard, it has its issues. The idea of risk appetite is to define how much risk an organization is willing to accept before it must reduce its risk, logical and hotly debated. But, can an organization come close to knowing all of its risks in the first place?…ludicrous assumption made all the time and shut the door if you want zero risk. Don’t patently dismiss the outliers, those risks you may score “a snowball’s chance in hell” of occurring or that only one person in the company raises. The “n=1” risk is usually the one that sinks the ship. Be careful about buying into the notion that you can somehow quantify your risk appetite with absolutes. If ever right, these numbers are usually obsolete before the ink dries: market factors, acquisitions, sales performance, geopolitics, quant assumptions, etc. Stuff happens…
Lessons learned: One approach to risk appetite that we recommend and that has worked well with organizations of all types: start by writing a risk appetite policy statement and implementing governance that focuses on identifying, assessing, communicating, and managing risks. Nail down the basic “blocking and tackling” before taking on complexity. You can’t manage what you don’t identify and your organization can only handle so much change.
Business Continuity via Facebook became an unintentional workaround during Super Storm Sandy when the C-suite and board of a very large organization I later advised was unable to communicate (cell towers and sat phones inoperable). They inadvertently discovered they could “friend” each other on FB and make key decisions through FB and Messenger; I choked on the implications. They weren’t alone. Now is a good time to brush up on alternative, encrypted 3rd-party methods for disaster communication. Key points: encrypted and “not for exploit.” Trending in ERM: integration and oversight of Business Continuity and Disaster Recovery processes; smart. Check out NAVIGO .
Industry – WHAT THE BEEF!?
SuperMeat, an Israeli biotech firm has raised $3MM in a seed round. The future of meat “disruption” is no bull as millions of investment dollars pour into “lab grown” meat startups from the likes of Richard Branson, Bill Gates, Cargill, and Tyson Foods. By-the-way, the preferred term for “lab grown” meat seems to be “clean meat,” while “slaughter-free meat,” “in vitro meat,” and “cultured meat” are media spin runner-ups. Farmers wearing lab coats soon? By the way, the traditional meat industry is a multi-billion-dollar industry employing millions with massive downstream economies (tractors, feed farmers, etc.).
Chips you may not want to eat. It seems like Facebook may be entering the computer chip market and diving in head first. According to news reports, Shahriar Rabii, a rockstar chip engineer, joined Facebook from Google. While the discussion around Facebook’s motives center on power and speed, I can’t help but be concerned that it is another way to track users through digital thumbprints, gather their information, and sell it. Yes, Google, Apple and others do this already. More GDPR-type regulations are in work in other countries… just saying. Where’s the US?
Cerner EHR implementation continues to struggle for many according to numerous reports. Senator Murray, not alone, blasted the DoD’s effort while the VA launches its own $16-B Cerner initiative. The VA, well aware of the DoD’s struggles, has created the Office of Electronic Health Record Modernization which will be headed by Genevieve Morris. Her deep experience in IT Health and testing is critical… extensive planning, transparency, execution, and testing are success factors. Manage the risks and issues proactively for opportunity… bullish outlook for VA but long road ahead. Speaking of experience, Truitt Health is a standout when it comes to optimizing and fixing Cerner.
NATO Summit Fallout – Geo-political risk heating up?
Two notable narratives: one is that NATO is now stronger and healthier than ever before, the other is that the US continues down a path of isolationism. Either way, when risks are not addressed in a timely manner, they can become systemic problems that have a multiplier effect (case study fodder). Key takeaway: don’t sweep risks under the rug hoping they will just go away or fix themselves. NATO is an important alliance to balance world power but systemic issues should have been dealt with decades ago. Companies are no different. Real leaders don’t pass the buck and when decisions have to be made to solve hard problems, rarely will anyone be completely happy about the outcome.
- DocuSign – 5 out of 12 board members exit. Company states that it was just part of a “planned transition.”
- Build-A-Bear’s pay your age promotion attracted thousands, even 1-yr olds, and caused the company to briefly shut down stores. Program revamped; show up on your birthday.
- Papa John’s Founder and Board Chair, John Schnatter, out after using a racial slur on a conference call…claims he was coerced. Merger talks with Wendy’s over?
- Facebook being probed by the SEC for not warning investors of privacy lapses related to the Cambridge Analytica data breach.
- LabCorp cyber attack occurred this past week on the 14th. Company responded with immediate countermeasures and submitted 8-K on Monday the 16th; brilliant!
- Florida based marketing firm Exactis reportedly experienced a recent cyber breach exposing 340 million records: 230 million individuals and 110 million businesses may be impacted. It’s likely this company stores information about you…crickets.
- Consensus bias
- Game theory
- Strategic planning
- Trade war