Whether they’re making cars or refining oil, these days it’s common among large firms to use organisational risk management (ORM) to protect themselves against any unforeseen hiccups – from power cuts to political coups. ORM involves systematically assessing the likelihood that such events could occur, as well as establishing the degree of damage they’d cause if they did. But while it’s increasingly common for firms to use ORM, they may all do so for different reasons. Here are the five key drivers…
When asked why they invested in ORM, 85% of firms surveyed by DuPont said safety was a very important reason. Which makes sense: a risk management system driven by safety concerns won’t just help to ensure the physical wellbeing of your people, partners and customers – it can breed all sorts of other knock-on effects, from making teams happier, to improving your appeal in the market.
Compliance-focused ORM could mean anything from running Excel-based audits to integrating vast databases of regulations. But many companies see compliance as little more than an inconvenient box-ticking exercise, believing that once they've ticked those boxes, they're in the clear. Yet regulation often provides only a mere baseline minimum standard of risk management – and it may focus on issues that are not the true source of risk to that particular company. So ORM has to go further than compliance alone – to a system that’s right and appropriate for each organisation.
3. Avoiding unplanned shutdowns
This was an important ORM driver for 96% of firms. Many of these are likely to fall into the ‘once bitten, twice shy’ category: anyone who’s suffered an unplanned shutdown once is likely to try everything to avoid another one. Such incidents can be can be highly damaging to an organisation’s cash flow, with management suddenly distracted from their intended strategy byut the urgency of responding to whatever this latest meltdown is. With proper ORM, you’d already have a contingency plan in place. In fact you’d have realised the importance of maintaining your assets in the first place, meaning those unplanned shutdowns – and unexpected costs – may never even have arisen.
4. Driving improved performance
Rather than treating ORM as a ‘check the box’ exercise, many leading firms are looking at its long-term benefits, focusing not only on significant operational risks, but also changing customer requirements and even new avenues for growth. After all, ORM is largely about reviewing the same operations that feed into your operational excellence program. Any such attention can only open up more opportunities.
Nearly 90% of respondents to DuPont’s research described reputational concerns as ‘important’ or ‘very important’ in their decision to develop ORM. It’s often a significant secondary driver too. Of course these factors don’t exist in a vacuum – a glaring oversight in your safety controls, say, will hit your reputation pretty hard. When BP had its Gulf of Mexico incident, for example, it didn’t exactly do great things for its rep. Other firms’ reputations have blown up more spectacularly – whether it’s neglect of care patients at the Winterbourne View home, or stories of alleged mismanagement at Kids Company, all-too-often the damage to your reputation is irreparable. Whatever the driver for ORM, it can only be effective if it’s based on a rigorous assessment of the threats specific to your business. As avoiding such fall-outs can save you money, your reputation and the health of your stakeholders, good ORM is surely worth the investment.
DuPont offers risk management consultancy services to help safeguard your organisation's people and assets.