Category Archives: Reputation Risk

Want to scan your crypto wallet for risks? Check: AML crypto BTC, USDT, ETH. Checking cryptocurrency wallets for dirty money.

Vendor Risks: Preventing Recalls with ERM

Posted on by

Recall
In 2016 alone, there have been dozens of recalls, by food companies, car manufacturers, and vitamin producers, among others. Not only do these recalls greatly impact a company’s bottom line, they can also affect the health and safety of consumers. With this in mind, what can organizations—both within the food industry and otherwise—do to improve their chances of uncovering suppliers operating in subpar conditions? How can they mitigate the risk of recalls?

buy ocuflox online meadfamilydental.com/wp-content/uploads/2023/10/jpg/ocuflox.html no prescription pharmacy

Customers of CRF Frozen Foods, for example, a full-line, individually quick frozen processing plant that packages fruits and vegetables for a variety of customers, recently had big problems when it was linked to a widespread listeria outbreak. Contaminated foods affected big-name distributors like Trader Joe’s, Costco and Safeway, and some customers fell ill as a result.
buy tadalafil online https://royalcitydrugs.com/tadalafil.html no prescription

Even though a series of sanitation concerns and other facility issues at CRF had been exposed by regulators as early as 2014, the factory was allowed to continue operating and its customers weren’t notified.

Red flags raised by regulators aren’t always seen by the companies they’re most relevant to, however.

buy cytotec online meadfamilydental.com/wp-content/uploads/2023/10/jpg/cytotec.html no prescription pharmacy

The fact that these outbreaks occurred seems to demonstrate that customers’ vendor management practices either failed or simply weren’t robust enough to detect issues. It all comes down to effective enterprise risk management (ERM). ERM provides the tools and framework that allow any organization to standardize processes and effectively mitigate vendor risk.

An ERM approach is characterized by standard criteria, interdepartmental communication, and automatic alerts and notifications. It keeps everyone in the organization on the same page and ensures assessment results are always understandable and accessible. This eliminates redundancy in the risk management process. As a result, you can quickly and easily determine the last time your organization evaluated a supplier. Something as simple as a notification that regulators have published new requirements might save your organization from acquiring infected or defective products.

There are three general stages that apply to any successful risk management effort:

  1. Identify specific risks, followed by assessment and evaluation
  2. Implement tailored mitigation activities to address those risks
  3. Monitor those mitigations to ensure long-term effectiveness

The first step serves as the foundation for steps two and three. Without a proper understanding of what risks your organization faces, it is impossible to prioritize and mitigate them. Especially across multiple business departments or within supply chains—it is quite difficult to identify and account for every variable.

To keep up with vendors’ fluctuating conditions, teams need to systematically identify and assess risks, catching them as they crop up. Preventing assessments from becoming obsolete is the key to keeping a pulse on everything that may affect the business, therefore avoiding unwanted surprises.

Risk assessments also help determine the best way to allocate limited resources. Minimizing vendor-related risks needn’t be burdensome, however. It should be a streamlined process that, by enabling you to avoid harmful incidents, improves operational efficiency. Once your risk assessments reveal the areas of highest priority, you can determine exactly how to mitigate those concerns.

The Freedom of Information Act can be extremely helpful when it comes to your third-party risk management efforts. It grants all companies the right to ask vendors for specific information about plant processes, worker training, sanitation practices, and maintenance. Suppliers are required to be forthcoming with all information (when asked), and teams need to take advantage of this opportunity. It is an important part of the risk management equation and will help you understand your risks before disruptions occur.

Performing vendor risk assessments—in the form of inspections, questionnaires, and service level agreements—generates an enormous amount of data and information. This information is useful for mitigating risk, but only if it is up to date, consistent and distributed to the appropriate individuals. The Freedom of Information Act provides an opportunity to evaluate suppliers with robust risk assessments, and ERM provides the means to capitalize on that opportunity. Ad-hoc assessments of current and prospective vendors, without standardized processes, will only get your team so far.

Steps to Effective ERM

Capitalizing on your vendor assessment rights is only part of the equation. Without an appropriate means of processing, distributing, and making data actionable, you’re back at square one. To make sense of important data, follow these steps:

  1. Create a taxonomy: define relationships between risks, requirements, goals, resources and processes. If each area of the business uses its own system for identifying and classifying risk, the resulting information is subjective and unusable by other departments. There is also significant information overlap—and therefore waste. Use your existing information to create a standard for data collection with minimal work.
  1. Streamline with the standardized risk assessments identified in step one. Risk assessments can be conducted in many different formats and qualities. Use resources already in place and streamline the results using the standard from step one. The most effective way to collect risk data is by identifying the root cause, or why an incident occurred. Honing in on the root cause provides useful information about what triggers loss and your organization’s vulnerabilities.
    buy tretiva online meadfamilydental.com/wp-content/uploads/2023/10/jpg/tretiva.html no prescription pharmacy

    When you link a specific root cause to a specific business process, designing and implementing mitigations is simpler and more effective.

  1. Connect mitigation activities to each of the key risks in these processes. A risk taxonomy gives you a more holistic understanding of all the moving parts in your organization. This makes it easier to design mitigation activities.
  1. Connect incidents, complaints and metrics (for each business process) to mitigation activities. Typically, companies already dedicate many resources to monitoring business performance, collecting information about incidents, complaints and metrics. These processes are often inefficient and ineffective. Simply connecting them to mitigation activities, however, identifies the reason such incidents happen. You can then take straightforward corrective actions, meeting top priorities and allocating resources with forward-looking measures. Risk management, after all, is not about minimizing fallout after an incident, but preventing such an incident from happening in the first place.

To make this entire process effective, management must work to develop an enterprise-wide risk culture. ERM is not just an executive-level process, but should be pushed all the way to frontline managers, where everyday decisions are made and the risks are known—but resources are often absent.

Approach your vendor risk assessments as you would any other risk assessment—they should be reoccurring and standardized. Perform them regularly and evaluate the results with the same scale and criteria with which you evaluate all other risks. Finally, automate information collection and review so that reporting reveals cross-silo dependencies before these risks turn into scandals. The result will be increased vendor security and the prevention of surprises, at a fraction of the cost.

Delta Limping Back to Normalcy

Posted on by

After two days of cancellations due to a system-wide outage, leaving thousands of customers stranded, Delta today announced it will return to normal operation by mid-to-late afternoon. It added a caveat, however, that “a chance of scattered thunderstorms expected in the eastern U.S. may have the potential to slow the recovery.”

Delta said that by late morning on Wednesday it had canceled 255 flights whileDelta 1,500 departed. About 800 flights were canceled on Tuesday and there were around 1,000 cancellations on Monday. It also extended its travel waiver and continued to provide hotel vouchers, of which more than 2,300 were issued Tuesday night in Atlanta alone.

“The technology systems that allow airport customer service agents to process check-ins, conduct boarding and dispatch aircraft are functioning normally with the bulk of delays and cancellations coming as a result of flight crews displaced or running up against their maximum allowed duty period following the outage,” Delta said.

The company’s chief operating officer, Gil West, said on Aug. 9:

Monday morning a critical power control module at our Technology Command Center malfunctioned, causing a surge to the transformer and a loss of power. The universal power was stabilized and power was restored quickly.

buy prograf online www.urologicalcare.com/wp-content/uploads/2023/10/jpg/prograf.html no prescription pharmacy

But when this happened, critical systems and network equipment didn’t switch over to backups.

buy strattera online www.urologicalcare.com/wp-content/uploads/2023/10/jpg/strattera.html no prescription pharmacy

Other systems did. And now we’re seeing instability in these systems.

buy cytotec online www.urologicalcare.com/wp-content/uploads/2023/10/jpg/cytotec.html no prescription pharmacy

For example we’re seeing slowness in a system that airport customer service agents use to process check-ins, conduct boarding and dispatch aircraft. Delta agents today are using the original interface we designed for this system while we continue with our resetting efforts.

Reuters reported:

Like many large airlines, Delta uses its proprietary computer system for its bookings and operations, and the fact that other airlines appeared unaffected by the outage also pointed to the company’s equipment, said independent industry analyst Robert Mann.

Critical computer systems have backups and are tested to ensure high reliability, he said. It was not clear why those systems had not worked to prevent Delta’s problems, he said.

“That suggests a communications component or network component could have failed,” he said.

The airline has not yet detailed the financial impact of the event.

Employer Accountability Targeted by Osha and DOJ

Posted on by

Safety harness
OSHA and the Department of Justice (DOJ) formally agreed to team their investigations and prosecute worker endangerment violations on Dec. 17, 2015. While the agencies have worked together in the past, this is now a formal arrangement which employers should be very concerned about, especially those with something to hide. Facing OSHA is bad enough, but it’s a walk in the park compared to tangling with the Department of Justice.

online pharmacy atarax with best prices today in the USA

“On an average day in America, 13 workers die on the job, thousands are injured, and 150 succumb to diseases they obtained from exposure to carcinogens and other toxic and hazardous substances while they worked,” said Deputy Attorney General Sally Quillian Yates in a memo sent to all 93 U.S. Attorneys across the country. “Given the troubling statistics on workplace deaths and injuries, the Department of Justice is redoubling its efforts to hold accountable those who unlawfully jeopardize workers’ health and safety.”

Deputy Yates urged federal prosecutors to work with the DOJ in pursuing worker endangerment violations. The worker safety statutes provide only for misdemeanor penalties. Prosecutors, however, are now encouraged to consider utilizing Title 18 and environmental offenses, which often occur in conjunction with worker safety crimes, to enhance penalties and increase deterrence. Title 18 of the United States Code is the criminal and penal code of the federal government, dealing with federal crimes and criminal procedure.

This cooperation could lead to hefty fines and prison terms for employers and individuals convicted of violating a number of related laws.

online pharmacy flagyl with best prices today in the USA

For example, the owner of a roofing company may go to prison for up to 25 years in connection with the death of one of his workers who fell off of a roof. Not only did the worker not have the required fall protection equipment, but the owner then lied to OSHA inspectors.

James McCullagh, owner of James J. McCullagh Roofing Inc. of Philadelphia, pleaded guilty in federal court to six charges in connection with the death of Mark Smith in June 2013. Smith fell 45 feet from a roof bracket scaffold while repairing the roof of a church in Philadelphia.

McCullagh pleaded guilty to one count of willfully violating an OSHA regulation causing death to an employee (failing to provide fall protection equipment) and four counts of making false statements. He admitted lying to investigators that he had provided safety gear and harnesses to his employees when, in fact, he hadn’t.

McCullagh also admitted to telling an OSHA inspector he had seen his employees in harnesses and tied off earlier on the day Smith fell to his death. McCullagh pleaded guilty to one count of obstruction of justice for instructing workers to tell OSHA investigators that they had safety equipment when they did not. He was sentenced in March 2016 to 10 months in prison as well a one year of supervised release and a $510 special assessment.

“No penalty can bring back the life of this employee,” said OSHA chief David Michaels, “but the outcome, in this case, will send a clear message that when employers blatantly and willfully ignore worker safety and health responsibilities, resulting in death or serious injury to workers, or lie to or obstruct OSHA investigators, we will pursue enforcement to the fullest extent of the law, including criminal prosecution.”

While criminal prosecution in worker fatalities is still a rarity, the likelihood of charges being brought increases when there is suspicion of lying to OSHA or other federal officials.

This partnership has been brewing for a while, as the Justice Department has tried to use the nation’s tougher environmental statutes to bring stronger prosecutions of workplace safety violations by focusing on companies that put workers in danger.

OSHA has placed emphasis on criminal enforcement of workplace safety violations recently by referring more cases to the Department of Justice and U.S. Attorneys offices for criminal prosecution. They referred or assisted with the criminal prosecution of 27 cases in fiscal year 2014—the highest ever in OSHA history.

What can an employer do to avoid the double team? They first need a strong offense by recognizing that under the OSHA Act, they are responsible for providing a safe and healthful workplace. Second, they must know that OSHA’s mission is to assure safe and healthful workplaces by setting and enforcing standards. They also provide training, outreach, education and assistance.

online pharmacy nolvadex with best prices today in the USA

OSHA inspections can be conducted without advance notice, on-site or by phone by highly trained compliance officers. Their priorities are imminent danger; catastrophes and fatalities; worker complaints; targeted inspections due to high injury or illness rates; and severe violators as well as follow-up inspections.

One of the errors many employers make is waiting too long to put an effective program in place. They risk a huge fine, being placed on the Severe Violators Enforcement list, or even jail. Before OSHA shows up, companies need to establish good safety and health programs with four essential elements:

  • Management Commitments and Employee Involvement. The manager or management team must lead the way by setting policy, assigning and supporting responsibility, setting an example and involving employees.
  • Worksite Analysis. The worksite is continually analyzed to identify all existing and potential hazards.
  • Hazard Prevention and Control. Methods to prevent or control existing or potential hazards are put in place and maintained.
  • Training for Employees, Supervisors and Managers. Managers, supervisors, and employees are trained to understand and deal with worksite hazards.

“Every worker has the right to come home safely. While most employers try to do the right thing, we know that strong sanctions are the best tool to ensure that low road employers comply with the law and protect workers lives,” said Assistant Secretary for Occupational Safety and Health Dr. David Michaels. “More frequent and effective prosecution of these crimes will send a strong message to those employers who fail to provide a safe workplace for their employees.

We look forward to working with the Department of Justice to enforce these life-saving rules when employers violate workplace safety, workers’ health and environmental regulations.”

That’s why it is important to have a living, targeted safety program, versus one copied from another employer or one quickly downloaded from a website. OSHA inspectors can quickly determine if a program is real or just a binder on a shelf.

Given the formal partnership with OSHA, the Justice Department’s renewed focus on prosecuting individuals, company executives, managers, and supervisors for workplace safety violations, organizations should note the enhanced risks, and implement measures to stay in the clear and keep their workers safe.

5 Analytics Tips for Your Chief Safety Officer

Posted on by

Safety data
Industries on average experience 3.2 non-fatal occupational injuries per 100 full-time workers, according to the U.S. Bureau of Labor Statistics. Some industries have nearly four-times this rate. Similar statistics exist for workplace illnesses and, unfortunately, fatalities. Could analytics be a solution for lowering these statistics?

Companies today gather huge volumes of operational and enterprise data, plus they have access to myriad sources of external data such as weather, traffic and social media. Unfortunately, this data is normally stored and analyzed in siloed data systems that are scattered across the enterprise. There are, however, steps a chief safety officer (CSO) can take to apply analytics to all available data to reduce incidents and, therefore, safety-related costs.

Here are five steps CSOs and other safety leaders can take to be smarter about data and safety.

1. Know your network

To reduce incidents and therefore safety-related costs for your organization, you need to know the what, where, when, why and how of accidents. After all, accidents happen at a specific time and place, and involve specific people and pieces of equipment. Knowing your network of time, place and equipment speeds up response time when accidents happen, and can even prevent them.

buy symbicort inhaler online blackmenheal.org/wp-content/uploads/2023/10/jpg/symbicort-inhaler.html no prescription pharmacy

Analytics systems are now able to correlate, analyze and visualize operational, enterprise and external data from across your company. The resulting information can identify the situations, patterns and trends that indicate hazardous but preventable conditions. You can more clearly see the job roles, work sites and times of the day or week that pose the greatest risk.

buy levofloxacin online blackmenheal.org/wp-content/uploads/2023/10/jpg/levofloxacin.html no prescription pharmacy

This information lets you invest your time, money and effort where it has the greatest impact.

2. Collaborate across departments

When you have analytics illuminating the times, places and activities of greatest risk, share that with everyone who can help reduce that risk. Workers and their supervisors need to know what the data indicate about risk, so that they can make appropriate changes. Your facilities department needs to know that some aspects of a work site—lighting, ventilation, access and drainage—contribute to unsafe conditions. Human Resources needs to know what training and certification is required, or should be offered, to increase staff potential.

But collaboration isn’t simply feeding analytics to various job roles. It is important that all those roles—operations, facilities, HR and more—share the same view of analytics in order to work together to address dangerous conditions before something happens.

3. Learn to trust your own data and analytics

There is now too much data arriving too quickly for us humans to manually gather and analyze. It’s still common for business and risk analysts to spend 80% of their time gathering data and only 20% applying it to solving problems. Analytics systems that correlate and analyze multiple data sources flip that equation, enabling analysts to spend 80% of their time acting on insights from data to solve problems.

While you might be willing to trust the math of analytics, you are probably like a lot of leaders who don’t trust their data. Many leaders believe their data is too incomplete, inaccurate, outdated or irrelevant to support an analytics program. When people say this, I usually ask them how they know their data is bad. Until you work with your data, you don’t really know its condition. When you start working with your data to solve a use case, you can address any data quality issues related just to that use case, without needing to somehow fix all of the data.

4. Look for analytics-leveraging skills when hiring

There is a witticism in the business world that “Culture eats strategy for breakfast.” While sayings like this can be cliché, in the case of analytics, this one is true. If your human and work culture doesn’t embrace data-driven decision making, any analytics strategy faces uncertain odds of success.

To establish an analytics culture within your organization, hire people who are comfortable exploring and applying data. You don’t necessarily need to hire data scientists, as that skillset is available from consultants and vendors if and when it is needed. You do, however, need people who are curious and capable of working with each other, and with data scientists, to formulate inquiries, pursue those inquiries, and apply the insights they discover.

5. Start small, but start now

Existing company safety programs that are not data-driven struggle to show their impact. That makes funding harder to justify, which can mean safety programs grow stale over time. If you’d like your organization to be better at safety and analytics, but struggle to measure the effectiveness of your investment in safety programs, it is possible to start small.

buy keflex online blackmenheal.org/wp-content/uploads/2023/10/jpg/keflex.html no prescription pharmacy

Any CSO can immediately identify their most dangerous job role or location. Start with one of those dangerous situations, use data to drive tangible changes in facilities, tools, process or training, and measure the results.

It is really that simple. You can start small, but at least start—now—and make safety a priority.