We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

Manage Tomorrow's Surprises Today

Steven Minsky

Why are so many companies missing the point? ERM's Role in Risk Prevention

Vote 0 Votes

Regardless of guilt or innocence, FedEx's recent indictment has reminded us that in today's world of complex global interactions and increased regulations, organizations must have a strong handle on interrelated risk, business processes, and relationships.

This past week, FedEx made headlines for knowingly assisting illegal online pharmacies, according to the U.S. Federal Government. The company is being charged with conspiracy to distribute controlled substances and drug trafficking, as reports claim the shipping company willfully delivered unprescribed medications for over a decade. Whether or not management and the Board of Directors were aware of the situation is a major factor in the case, but nevertheless, FedEx has been indicted on a violation of the Controlled Substance Act.

Just over a year ago, FedEx's competitor UPS found itself in a similar situation. UPS admitted to knowingly distributing controlled substances through illegal means, and they agreed "to establish a compliance program designed to ensure such customers won't be able to use its services to illegally distribute drugs." - Business Week 7.18.14

Unfortunately, FedEx failed to take preventative steps and is now caught in a legal battle, facing possible fines over $800 million. Although such a compliance program may seem standard practice, FedEx is not alone with its lack of governance.

Many companies are far behind in establishing effective controls and processes relating to risk management. Linking policies and procedures that are already in place to the specific compliance and regulatory standards they support uncovers business process gaps and allows for efficient mitigation activities. Without transparency into compliance gaps and existing oversight, events such as those experienced by FedEx and UPS are all but inevitable.

To ensure full transparency, it is critical to take things a step further and create an enterprise-wide governance program. Compliance management only goes so far on its own; integrating other existing governance areas such as risk, audit, and business continuity planning (BCP) drastically increases the value of compliance efforts. Coordinating and sharing overlapping information between these functions ensures that all risks are identified and remain uncovered. In other words, creating a true enterprise risk management (ERM).

Damage control and press release statements can only go so far once an incident, like FedEx's, occurs. The repercussions can be nearly impossible to bounce back from, regardless of a company's size or financial standing. Taking a reactive approach versus a proactive, companies are left facing consequences instead of preventing surprises in the form of effective enterprise risk management.

To learn more about how to integrate ERM and compliance, find the complimentary ebook 'How to Integrate Governance Areas' or request a demo to see how the LogicManager platform can help.

Leave a comment

In this blog, risk expert Steven Minsky highlights the differences between traditional risk management and true enterprise risk management, which is about helping things happen rather than preventing them from happening. Manage Tomorrow's Surprises Today is designed to help you think about risk in new ways and learn how to benefit practically from this rapidly evolving field.

Steven Minsky

Steven is the CEO of LogicManager, Inc. the leading provider of ERM software solutions. Steven is the architect of the RIMS Risk Maturity Model for ERM, author of the RIMS State of ERM Report among many other papers, and a RIMS Fellow (RF) instructor on ERM. Steven has conducted ERM and RIMS Risk Maturity Model training for hundreds of organizations around the globe. Steven is a patent author of risk and process management technology and holds MBA and MA degrees from the University of Pennsylvania’s Wharton School of Business and The Joseph H. Lauder Institute of International Management. You can reach Steven at steven.minsky@logicmanager.com.

Recently Commented On

Monthly Archives