Grow Employee Engagement with a Strong Investigation Process

Posted on by

In a tight labor market, employers are seeking to gain or retain a workforce with more pay, work for home and other perks. They can also improve retention through a culture of trust and consideration. Improve how you listen and investigate when someone on your team speaks up about compliance. If you investigate with urgency and respond, then you’ll gain trust and build employee engagement.

Here is an anecdotal case, from the perspective of the business: An anonymous report comes in from a small foreign office, that says “It seems like there is something going on between the marketing lead and a partner. I suspect they are wasting marketing funds.” The seriousness of the issue is not entirely clear—maybe the person reporting the issue is questioning the quality of the marketing campaigns. It is a challenge to reach people overseas.  Some initial questions are asked, but the case sits for months before anyone starts reviewing the matter closely. 

After almost a dozen interviews, no one reveals anything useful. The answer has to be found by sifting through years of email. The investigation ultimately uncovers how the company is being taken advantage of. It is shocking how so many people in the office know the marketing lead is stealing company funds, but said nothing. 

After the late start, combined with actual wrong-doing that is festering, the person who reported the wrongdoing and the rest of the office have stopped caring. The business is left with a problem infecting the whole office, instead of having to deal with only one or two bad actors.

Compliance is a Retention Issue

A compliance report may raise questions about potentially uncomfortable topics: harassment, fraud, conflicts of interest or any number of issues highlighted in a typical code of conduct. When a report is substantiated, someone might be disciplined or fired—thus, colleagues may view the person who reported the issue as disloyal to the team. Those who come forward may also fear that their company may not care about the reported issue or try to cover it up, and maybe even retaliate against them.

With the risks reporting presents, it is likely to be the most engaged, loyal employees who report, so you risk losing your best if you fail to listen. This happens when you leave reported issues unaddressed, where you fail to rectify a substantiated report or when you let a report languish unresolved. But if you follow up and respond quickly, you will win trust. When a talented employee feels listened to, they will have higher morale, trust the boss more and be more committed.

Improving Investigations

Listening to a compliance reporter is about taking the issue seriously and expediciously running it to ground. The foreign office scenario above would have gone better had the investigators seen through the vagueness of the report to the potential seriousness of the underlying misconduct and then doggedly pursued a resolution from the start. With those in the office uncooperative in interviews, having access to past email made it possible for the investigation team to close the case.  

Here are five tips to improve and speed up how you investigate:

  1. Have a process: Implement a disciplined approach for following the routine steps in a compliance investigation—assessing the initial report; developing an investigation plan; finding, verifying and analyzing to formulate a decision; and resolving with discipline, prevention, and training.
  2. Be selective when choosing your investigators: Staff your investigative team with individuals who are not wired to let cases sit. Provide them investigation training and consider augmenting with outsourced external investigators if an issue is large or complex.
  3. Define objectives: Set a clear objective for the investigation at the outset to keep investigators on track. The investigation can move on when they have obtained sufficient facts about the objective—finding that “smoking gun” email, for example. When you learn something new that needs further review, flag it for later but do not let it interfere with your first objective.
  4. Use technology: Give your investigators direct access to the data. It is frustrating for an investigator to receive a report and then have to wait for IT to provide the relevant emails or other data, then wait for IT to provide additional materials when the investigator learnes something new. The team’s investigation times accelerate when it has direct access to email and other communications through archiving platforms and other technology.
  5. Track timing: The time to complete an investigation is dependent on the circumstances. The investigation team should set period of time to resolve the investigation when a compliance issue arises.

A business builds a strong culture when it supports those who speak up. Having a strong investigative team, defining objectives, using technology and being aware of completion timing will allow you to quickly learn what is going on. You will also demonstrate that you are not using a haphazard approach.  This will give your employees more confidence in your company and encourage them to stay around.

Tornadoes Devastate Midwest and Southern States

Posted on by

Last week, a series of tornadoes ripped across the Midwest and Southern United States, killing dozens and crippling infrastructure in Arkansas, Illinois, Indiana, Kentucky, Mississippi, Missouri, Ohio and Tennessee. While Karen Clark & Company has estimated that the insured loss from the tornado outbreak will be about $3 billion, and credit rating agency Fitch predicted that losses would total $5 billion, Dr. Joel N. Myers, AccuWeather founder and CEO, estimated that the tornadoes are expected to cost about $18 billion in total damage and economic loss. Mark Friedlander, director of corporate communications at The Insurance Information Institute, said, “Based on preliminary assessments of the extensive property damage we are seeing across multiple states, this weekend’s tornado outbreak has the potential to be the costliest on record in the U.S.”

As of Monday, 88 deaths across the region had been confirmed, but over 100 people are also missing, which means the death count may be higher. The cyclones killed more than 70 people in Kentucky, the hardest-hit state, leaving thousands homeless and knocking out power for more than 25,000 in the western region of the state. Additionally, 10,000 Kentucky homes and businesses reported being without water, and another 17,000 were under boil-water advisories, according to the Kentucky Division of Emergency Management.

Across the entire affected region, 750,000 customers were left without electricity. These outages have complicated search and rescue efforts, as rescue workers excavated destroyed buildings, searching for people who are still missing. In Mayfield, Kentucky, for example, the city’s main fire station and multiple police stations were inoperable, and the city was scrambling to find new ways to field emergency calls.

Also in Mayfield, at least eight people died at a Mayfield Consumer Products scented candle factory after workers reportedly pleaded with supervisors to let them leave the building after warning sirens sounded and an initial twister had passed with little damage, only to be threatened with firing if they did not continue working. Over 100 workers were trapped inside the building after the next tornado leveled it. Several survivors have already filed a lawsuit against the company, citing “flagrant indifference” to worker safety, and that the company “knew or should have known about the expected tornado and the danger of serious bodily injuries and death to its employees if its employees were required to remain at its place of business during the pendency of the expected tornado.”

Another tornado struck an Amazon warehouse in Edwardsville, Illinois, killing six people and injuring another. Amazon claims that it took all necessary precautions, but family members of victims have alleged that the company prioritized productivity over worker safety by not heeding tornado warnings and not adequately preparing employees for emergency weather safety responses. Amazon pledged to help workers and their families affected by the tragedy by donating $1 million to the Edwardsville Community Foundation, a charitable trust that benefits regional communities. OSHA is reportedly investigating the Amazon warehouse, and Kentucky state regulators are investigating the Mayfield Consumer Products event.

While an Amazon spokesperson noted that the company’s warehouse was up to code, Illinois governor J.B. Pritzker also promised an investigation into whether building codes needed to be updated, “given serious change in climate that we are seeing across the country.” Scientists say that climate change may have changed normal weather patterns and led to these tornadoes’ increased intensity and reach, with record warm temperatures across the region potentially exacerbating the disaster.

Businesses and risk professionals should prepare now for more frequent and intense weather events. The following recent Risk Management articles may help:

RIMS Risk Forum India 2021: Building Resilience As COVID, Cyberrisk Top Business Risks

Posted on by

An increasingly key theme year over year, resilience is at the root of the latest Excellence in Risk Management India report from Marsh and RIMS—and the RIMS Risk Forum India 2021 virtual event, where the report was officially released today. In the second year of the COVID-19 pandemic, risk professionals in India reported acute short- and long-term concerns about the interconnected risks of COVID-19 cases, global economic recession, and surging cyberrisks amid shifts in work arrangements.

In addition to the death of more than 5 million people in India, the pandemic has taken a considerable economic toll on the region. “According to the Organization for Economic Co-operation and Development (OECD), India’s economy contracted by close to 8% in 2020, while the world’s economy contracted by 3.5%,” the report noted. “Despite the OECD’s projections for economic expansion—both in India and globally—in 2021 and 2022, the potential for a prolonged global recession remains a concern for organizations in India.

buy fildena online orthomich.com/img/blog/jpg/fildena.html no prescription pharmacy

Previously one of the top risks for India-based risk professionals before COVID-19, cyberrisk has also increased significantly with the pandemic and the shift to remote work. “The shift to a remote workforce necessitated by sweeping lockdowns to stem the spread of the pandemic is widely seen as having increased cyberrisk,” Marsh and RIMS noted. “The Indian Computer Emergency Response Team (CERT-In) data indicated that cyberattacks in India rose by 300% in 2020, according to news reports. And cyber risk remained elevated in 2021, with more than 600,000 cybersecurity incidents reported in the first six months of the year alone, according to CERT.”

The continuing pandemic, resulting fallout, and ever-growing cyberrisk have presented the biggest risks for organizations in India in 2021, and the survey indicates that local risk professionals expect these to dominate the agenda for businesses in the year to come.

Despite the considerable concern, few respondents said their company is fully prepared for the continued fallout from COVID-19 or future pandemics. Asked to rate their organization’s preparedness from 1 to 5 (not prepared to fully prepared, respectively), the majority of India-based risk professionals ranked their organization a 3, and only 10% said they are fully prepared. While cyberrisk has been a top threat for longer, preparation is not much better for the threat—only a quarter of Indian companies said they are fully prepared for a cyberattack. This is particularly concerning as “some extent of remote work is expected to remain, leading to concerns of increased cyberattacks due to unsecured home networks,” Marsh said in a press release.

According to the report, this underscores the imperative to develop robust risk management strategies for both current and emerging risks and to focus on building resilience. Marsh identified four “common behaviors among companies that are on the path to becoming more resilient”: anticipating risk, connecting risk management to business strategy, avoiding gaps in the perception of preparedness, and measuring relevant data. Marsh and RIMS explained these further, defining key pillars that have set successful businesses apart, and potentially also offering considerations for other organizations to develop more mature risk management programs:

  • Anticipation: Resilient companies expect the unexpected. They have crisis management plans in place, but they also dig deeper, look farther ahead. Consider that during the pandemic even organizations with thorough business continuity plans struggled. Why? Many of them didn’t fully anticipate the widespread, long-lasting damage a pandemic could create.
  • Integration: Another key behavior among resilient organizations is to fully integrate risk management with operations and strategy. Doing so increases the ability to develop effective responses. Most organizations do not connect resilience planning with their long-term investment strategy. Those that do make the connection are on the path to better mitigating financial exposure, reputational damage, business interruption, and other losses.
    buy solosec online orthomich.com/img/blog/jpg/solosec.html no prescription pharmacy


  • Preparedness: On the journey to resilience, it’s important to develop an accurate perception of an organization’s preparedness. A false sense of security can halt an organization in its tracks. Companies often overestimate how quickly and effectively they will be able to respond to and recover from a given risk.
    buy antabuse online orthomich.com/img/blog/jpg/antabuse.html no prescription pharmacy

  • Measurement: There is no shortage of data and analytics in today’s business environment. But consistently applying metrics can be a stumbling block. Many companies fail to conduct a high rate of modeling and forecasting even on risks they see as important. And among the companies that do so, most only model in select areas.

Marsh and RIMS recommended that organizations in India focus on resilience heading into 2022 and beyond. “Resilience means being able to absorb the impact from a range of emerging risks and depends in large part on having robust risk management strategies in place,” the report explained. “This includes anticipating risk, connecting risk management to business strategy, ensuring your organization’s perception of preparedness doesn’t lead to a false sense of security, and measuring relevant data.”

Respondents largely indicated that their organization planned to increase investment in risk management, with 55% saying they expect increased resources, 27% expecting investment to stay the same, and only 4% expecting a decrease. This could be a critical differentiator in navigating COVID-19 recovery and other emerging risks in 2022. Indeed, 42% cited budget at the most critical barrier to understanding the impact of emerging risks on risk management.

Among the takeaways from the report, Marsh and RIMS urged organizations to invest in preparedness. “Look beyond pandemic as you develop a risk management strategy that is prepared to respond to any number of emerging risks,” the report said. “For example, shifting work patterns have intensified an already escalating cyber risk landscape that calls for a range of responses, from scenario planning to financial quantification.”

In addition to a panel on the Excellence in Risk Management India report, the RIMS Risk Forum India 2021 virtual event includes a number of sessions that address resilience challenges and opportunities for risk professionals in India. The program includes keynote addresses by Ajay Srinivasan, chief executive officer at Aditya Birla Capital Limited (ABCL), and Dr. Soumya Kanti Ghosh, group chief economic advisor at the State Bank of India, as well as education sessions like “Cyber Risk Management: A Priority for a Resilient Economy,” “Climate Risk and Your Path to Resilience,” “What COVID-19 Has Taught Us About ESG Risks and Why Risk Management Needs to Change,” and “Breaking the Chain: How Understanding Business Interruption Exposures Can Mean Supply Chain Resilience.”

The RIMS Risk Forum India 2021 virtual event continues tomorrow, December 4, and sessions will also be available for on-demand viewing for the next 60 days. Registration can be found here: https://www.rims.org/events/rf/india-forum-2021

RIMS ERM Conference 2021: IRS Receives Global Enterprise Risk Management Award of Distinction

Posted on by

On Friday, RIMS President Ellen Dunkin presented the Internal Revenue Service (IRS) with the 2021 Global Enterprise Risk Management Award of Distinction at the Society’s ERM Conference in New York City. The honor recognized the IRS’s outstanding achievements that allow it to anticipate emerging risks and establish the appropriate culture, processes and structures to strengthen strategic decision-making. 

Navigating the impacts of an extended government shutdown, sweeping tax reforms, operational disruption due to the COVID-19 pandemic and providing essential financial relief to thousands of businesses and individuals across the United States, the IRS ERM program helped the agency to remain resilient and effectively manage a multitude of dynamic challenges.

“Through the ERM program’s focus on embedding risk management capabilities into the existing structures and operations, the agency has become more risk aware,” said Jeffrey Tribiano, the IRS’s deputy commissioner for operations support. “There is also greater collaboration across the enterprise to address significant risks that require efforts from multiple business units. By effectively highlighting the enterprise-wide effects of risks, and by capturing risks on the enterprise risk profile, ERM has helped garner agency-wide attention and support for measures to help address the risks. Since IRS established its ERM program in 2014, it has played a critical role in helping the agency to better understand and respond to risk, thus making the organization more resilient and better able to serve the American people.” 

This year, RIMS honored three other organizations for their exceptional accomplishments developing, implementing and maturing ERM within their organizations. Honorees included:

  • 2021 RIMS Global ERM Award of Distinction Honorable Mention: Dallas Fort Worth International Airport
  • 2021 RIMS ERM Award of Distinction–U.S. Honoree: Eversource Energy
  • 2021 RIMS ERM Award of Distinction–International Honoree: EuroChem

“Enterprise risk management continues to deliver exceptional value to organizations, allowing them to successfully address emerging risks while also identifying and leveraging opportunities that might not have otherwise been apparent,” Dunkin said. “Risk professionals get better—and deliver better results—by learning from each other. We are so grateful to the IRS and all of honorees for sharing their ERM journeys with the RIMS community and doing their part to advance this rewarding profession.” 

Judging criteria for the Global ERM Award of Distinction include measurable, tangible and sustainable results; unique program strengths; ERM innovation that links risk with strategy or performance; and the program’s ability to build sustaining risk management capabilities. The panel comprises members of RIMS Strategic and Enterprise Risk Management Council.

RIMS ERM Conference 2021 was held November 11-12 in New York City and virtually. The program themed “ERM in an ESG World” focused on the growing risks stemming from environmental, social and governance challenges.