Category Archives: Enterprise Risk Management

Wells Fargo: What Should Have Happened

Posted on by

wells-fargo

When Wells Fargo fired 5,300 employees in September for inappropriate sales practices, then-CEO John Stumpf approached the scandal with an outdated playbook. In response to the $185 million in fines levied by regulators, he first denied any knowledge of the illegitimate accounts. Attempting to mitigate press fallout by distancing the company from a group of “bad eggs” acting independently is not the answer, however. Even if Stumpf had maintained this assertion of innocence, changes in the risk environment over the past few years demand a proactive approach.

Rather than simply deflecting responsibility in these situations, executives must be able to accomplish two things:

• Provide historical evidence of due diligence and risk management (if such a program was actually used)
• Demonstrate how the company is adjusting its policies and/or implementing new policies to ensure a similar incident doesn’t happen in the future

In 2010, the SEC’s Proxy Disclosure Enhancement (rule 33-9089) explicitly made boards of directors responsible for assessing and disclosing risk management effectiveness to shareholders. It mandates the use of risk monitoring systems to demonstrate that existing controls (mitigation activities) are effective. Under this rule, “not knowing” about an activity performed by employees is considered negligence.

buy phenergan online blockdrugstores.com/wp-content/uploads/2023/10/jpg/phenergan.html no prescription pharmacy

This is a crucial development; negligence carries the same penalty as fraud, but it does not require proof of intent. The Yates Memo (2015) gave the SEC ruling more “teeth” by requiring organizations to provide the Department of Justice with all the facts related to responsible individuals.

As a result, many companies have suffered significant penalties and frequently criminal charges, even though their executives were allegedly unaware of illicit activities. Consider the emissions scandal at Volkswagen and fines paid (to the SEC) by global health science company Nordion Inc. In both instances, deceptions were perpetrated by individuals below the executive level, but senior management’s inability to detect/prevent the incidents came back to bite them.

How to Prevent Risk Management Failures at Your Organization

John Stumpf’s approach should have started with an admission of Wells Fargo’s failure in risk management processes across the enterprise, followed by evidence that a more effective, formal enterprise risk management process is being implemented. For example, risk assessments must cascade from senior management down to the front lines and across all business silos. This ensures that the personnel most familiar with operational risks (and how to mitigate them) can keep the board informed.

In other words, instead of simply apologizing and attempting to provide restitution, Stumpf should have demonstrated that Wells Fargo is taking proactive risk management measures to protect its many stakeholders.

buy hydroxychloroquine online blockdrugstores.com/wp-content/uploads/2023/10/jpg/hydroxychloroquine.html no prescription pharmacy

It is the company’s duty to ensure that something like this never happens again.

The scandal is predictably following the same track as have previous failures in risk management: it starts with regulatory penalties, then leads to punitive damages, class action lawsuits, and finally, criminal charges and individual liability, depending on the particular case.

buy bactroban online blockdrugstores.com/wp-content/uploads/2023/10/jpg/bactroban.html no prescription pharmacy

The key to this pattern is the absence of adequate risk management, which means negligence under the new enterprise risk management laws, regulations and mandates passed since 2010.

The good news is that avoiding serious, long-term consequences is possible if proper actions are taken. For example, by providing a historical record of risk management practices, Morgan Stanley avoided regulatory penalties when an employee evaded existing internal controls. Other corporations that can provide evidence of an effective risk management program (risk assessments, internal controls that address risks, monitoring activities over these internal controls, and an electronic due-diligence trail) are largely exempt from punitive damages, class-action lawsuits, and possible jail time.

When implemented proactively, effective risk management systems have and will continue to prevent scandals, regulatory fines, litigation and imprisonment. For a more in-depth analysis of the Wells Fargo scandal, read the LogicManager blog post “The Walls Fargo Scandal is a Failure in Risk Management.”

Examining U.S. Immigration’s Economic Impact

Posted on by

In last night’s third and final presidential debate of the 2016 election cycle, immigration again emerged as a defining topic in discussion of both regulatory reform and the economy. With an increasing amount of immigration by highly skilled laborers—and, of course, the potential reputation impact on companies seen as giving more jobs to non-citizens or moving out of the country in pursuit of labor—changes in such policy have clear implications for risk professionals.

Last month, the National Academies of Sciences, Engineering and Medicine released one of the most comprehensive studies to date on the economic impact of immigration in the United States. Overall, the researchers found that immigration over the past couple of decades has done more good than harm, creating positive impacts on the national economy and causing little lasting impact on the wages or employment levels of native-born Americans. “Immigration enlarges the economy while leaving the native population slightly better off on average,” the study said, also pointing out increases in innovation, entrepreneurship and technological change across the economy. “The prospects for long run economic growth in the United States would be considerably dimmed without the contributions of high-skilled immigrants,” the researchers reported.

Some of the study’s key findings and conclusions include:

  • When measured over a period of 10 years or more, the impact of immigration on the wages of native-born workers overall is very small. To the extent that negative impacts occur, they are most likely to be found for prior immigrants or native-born workers who have not completed high school—who are often the closest substitutes for immigrant workers with low skills.
  • There is little evidence that immigration significantly affects the overall employment levels of native-born workers. As with wage impacts, there is some evidence that recent immigrants reduce the employment rate of prior immigrants. In addition, recent research finds that immigration reduces the number of hours worked by native teens (but not their employment levels).
    buy reglan online dentalhacks.com/wp-content/uploads/2023/10/jpg/reglan.html no prescription pharmacy

  • Some evidence on inflow of skilled immigrants suggests that there may be positive wage effects for some subgroups of native-born workers, and other benefits to the economy more broadly.
  • Immigration has an overall positive impact on long-run economic growth in the U.S.
  • In terms of fiscal impacts, first-generation immigrants are more costly to governments, mainly at the state and local levels, than are the native-born, in large part due to the costs of educating their children. However, as adults, the children of immigrants (the second generation) are among the strongest economic and fiscal contributors in the U.S. population, contributing more in taxes than either their parents or the rest of the native-born population.
  • Over the long term, the impacts of immigrants on government budgets are generally positive at the federal level but remain negative at the state and local level — but these generalizations are subject to a number of important assumptions. Immigration’s fiscal effects vary tremendously across states.
    buy tamiflu online dentalhacks.com/wp-content/uploads/2023/10/jpg/tamiflu.html no prescription pharmacy

“The panel’s comprehensive examination revealed many important benefits of immigration—including on economic growth, innovation, and entrepreneurship—with little to no negative effects on the overall wages or employment of native-born workers in the long term,” said Francine D. Blau, Frances Perkins Professor of Industrial and Labor Relations and professor of economics at Cornell University, and chair of the panel that conducted the study and wrote the report.

buy trazodone online www.delineation.ca/wp-content/uploads/2023/10/jpg/trazodone.html no prescription pharmacy

“Where negative wage impacts have been detected, native-born high school dropouts and prior immigrants are most likely to be affected.”

Check out the April cover story from Risk Management, “Welcome to America: Why Immigration Matters for Business,” for more on the risk management implications of immigration into the United States.

Chipotle Provides Yet More Reminders of D&O and Food Safety Risks

Posted on by

If the average food safety crisis or product recall forces companies to weather a storm, Chipotle has spent the past year trying to weather a category 4 hurricane. Now months into their recovery effort, it seems they are still seeing significant storm surges.
Last week, a group of Chipotle shareholders filed a federal lawsuit accusing executives of “failing to establish quality-control and emergency-response measures to prevent and then stop food-borne illnesses that sickened customers across the country and proved costly to the company,” the Denver Post reported. The suit accuses executives, the board of directors, and managers of unjust enrichment and seeks compensation from Chipotle’s co-CEOs, while also asking for corporate-governance reforms and changes to internal procedures to comply with laws and protect shareholders.

Sales remain significantly impacted by the series of six foodborne illness outbreaks last year.

online pharmacy propecia with best prices today in the USA

The company reported in July that same-store sales fell another 23.6% in Q2, marking the third straight quarter of declines for performance even lower than analysts had predicted. The company’s stock remains drastically impacted, currently trading at about 4 compared to a high of 9 before the outbreaks came to light a year ago.

online pharmacy fildena with best prices today in the USA

In addition to the most recent shareholder lawsuit, the bad news for directors and officers specifically has also been further compounded recently.

Shareholder lawsuits were filed earlier this year alleging the company had misled investors about its food safety measures, made “materially false and misleading statements,” and did not disclose that its “quality controls were not in compliance with applicable consumer and workplace safety regulations.” In June, a group of shareholders sued a number of top executives for allegedly violating their fiduciary responsibilities and engaging in insider trading.

online pharmacy synthroid with best prices today in the USA

Relying on insider knowledge about insufficient food safety protocols, the suit alleges that the executives sold hundreds of thousands of shares in the first half of 2015 before the food poisoning scandal was made public.

Check out previous coverage of the Chipotle crisis in the Risk Management March cover story “Dia de la Crisis: The Chipotle Outbreaks Highlight Supply Chain Risks.”

Vendor Risks: Preventing Recalls with ERM

Posted on by

Recall
In 2016 alone, there have been dozens of recalls, by food companies, car manufacturers, and vitamin producers, among others. Not only do these recalls greatly impact a company’s bottom line, they can also affect the health and safety of consumers. With this in mind, what can organizations—both within the food industry and otherwise—do to improve their chances of uncovering suppliers operating in subpar conditions? How can they mitigate the risk of recalls?

buy ocuflox online meadfamilydental.com/wp-content/uploads/2023/10/jpg/ocuflox.html no prescription pharmacy

Customers of CRF Frozen Foods, for example, a full-line, individually quick frozen processing plant that packages fruits and vegetables for a variety of customers, recently had big problems when it was linked to a widespread listeria outbreak. Contaminated foods affected big-name distributors like Trader Joe’s, Costco and Safeway, and some customers fell ill as a result.
buy tadalafil online https://royalcitydrugs.com/tadalafil.html no prescription

Even though a series of sanitation concerns and other facility issues at CRF had been exposed by regulators as early as 2014, the factory was allowed to continue operating and its customers weren’t notified.

Red flags raised by regulators aren’t always seen by the companies they’re most relevant to, however.

buy cytotec online meadfamilydental.com/wp-content/uploads/2023/10/jpg/cytotec.html no prescription pharmacy

The fact that these outbreaks occurred seems to demonstrate that customers’ vendor management practices either failed or simply weren’t robust enough to detect issues. It all comes down to effective enterprise risk management (ERM). ERM provides the tools and framework that allow any organization to standardize processes and effectively mitigate vendor risk.

An ERM approach is characterized by standard criteria, interdepartmental communication, and automatic alerts and notifications. It keeps everyone in the organization on the same page and ensures assessment results are always understandable and accessible. This eliminates redundancy in the risk management process. As a result, you can quickly and easily determine the last time your organization evaluated a supplier. Something as simple as a notification that regulators have published new requirements might save your organization from acquiring infected or defective products.

There are three general stages that apply to any successful risk management effort:

  1. Identify specific risks, followed by assessment and evaluation
  2. Implement tailored mitigation activities to address those risks
  3. Monitor those mitigations to ensure long-term effectiveness

The first step serves as the foundation for steps two and three. Without a proper understanding of what risks your organization faces, it is impossible to prioritize and mitigate them. Especially across multiple business departments or within supply chains—it is quite difficult to identify and account for every variable.

To keep up with vendors’ fluctuating conditions, teams need to systematically identify and assess risks, catching them as they crop up. Preventing assessments from becoming obsolete is the key to keeping a pulse on everything that may affect the business, therefore avoiding unwanted surprises.

Risk assessments also help determine the best way to allocate limited resources. Minimizing vendor-related risks needn’t be burdensome, however. It should be a streamlined process that, by enabling you to avoid harmful incidents, improves operational efficiency. Once your risk assessments reveal the areas of highest priority, you can determine exactly how to mitigate those concerns.

The Freedom of Information Act can be extremely helpful when it comes to your third-party risk management efforts. It grants all companies the right to ask vendors for specific information about plant processes, worker training, sanitation practices, and maintenance. Suppliers are required to be forthcoming with all information (when asked), and teams need to take advantage of this opportunity. It is an important part of the risk management equation and will help you understand your risks before disruptions occur.

Performing vendor risk assessments—in the form of inspections, questionnaires, and service level agreements—generates an enormous amount of data and information. This information is useful for mitigating risk, but only if it is up to date, consistent and distributed to the appropriate individuals. The Freedom of Information Act provides an opportunity to evaluate suppliers with robust risk assessments, and ERM provides the means to capitalize on that opportunity. Ad-hoc assessments of current and prospective vendors, without standardized processes, will only get your team so far.

Steps to Effective ERM

Capitalizing on your vendor assessment rights is only part of the equation. Without an appropriate means of processing, distributing, and making data actionable, you’re back at square one. To make sense of important data, follow these steps:

  1. Create a taxonomy: define relationships between risks, requirements, goals, resources and processes. If each area of the business uses its own system for identifying and classifying risk, the resulting information is subjective and unusable by other departments. There is also significant information overlap—and therefore waste. Use your existing information to create a standard for data collection with minimal work.
  1. Streamline with the standardized risk assessments identified in step one. Risk assessments can be conducted in many different formats and qualities. Use resources already in place and streamline the results using the standard from step one. The most effective way to collect risk data is by identifying the root cause, or why an incident occurred. Honing in on the root cause provides useful information about what triggers loss and your organization’s vulnerabilities.
    buy tretiva online meadfamilydental.com/wp-content/uploads/2023/10/jpg/tretiva.html no prescription pharmacy

    When you link a specific root cause to a specific business process, designing and implementing mitigations is simpler and more effective.

  1. Connect mitigation activities to each of the key risks in these processes. A risk taxonomy gives you a more holistic understanding of all the moving parts in your organization. This makes it easier to design mitigation activities.
  1. Connect incidents, complaints and metrics (for each business process) to mitigation activities. Typically, companies already dedicate many resources to monitoring business performance, collecting information about incidents, complaints and metrics. These processes are often inefficient and ineffective. Simply connecting them to mitigation activities, however, identifies the reason such incidents happen. You can then take straightforward corrective actions, meeting top priorities and allocating resources with forward-looking measures. Risk management, after all, is not about minimizing fallout after an incident, but preventing such an incident from happening in the first place.

To make this entire process effective, management must work to develop an enterprise-wide risk culture. ERM is not just an executive-level process, but should be pushed all the way to frontline managers, where everyday decisions are made and the risks are known—but resources are often absent.

Approach your vendor risk assessments as you would any other risk assessment—they should be reoccurring and standardized. Perform them regularly and evaluate the results with the same scale and criteria with which you evaluate all other risks. Finally, automate information collection and review so that reporting reveals cross-silo dependencies before these risks turn into scandals. The result will be increased vendor security and the prevention of surprises, at a fraction of the cost.