Month: October 2016

Doug is one of three experts who share why companies should be aware of risk and steps to take to mitigate it.

Here is the article, in its entirety.

_________________________________________

Three experts share why companies should be aware of risk and steps to take to mitigate it.

By The Editors

An organization’s commitment to corporate responsibility isn’t just within the four walls of the company. It extends to the supply chain as well. A trio of experts – Dynda Thomas, Lydia Hultquist, and Douglas Hileman recently discussed risk management within the supply chain and offered advice on how companies can avoid potential issues.

Where Risk Comes From

Douglas Hileman, a risk management professional and auditor with his own firm, describes risk as anything that poses a threat to meeting organizational objectives. Boards, senior management, investors, and other stakeholders are interested in an organization’s risk management now more than ever.

Dynda Thomas, an attorney at Squire Patton Boggs who specializes in supply chain transparency and compliance, explains that some CR topics that were optional a few years ago are now mandatory. That means that for those topics, such as conflict minerals and modern day slavery and human trafficking, there are added risks such as agency enforcement (with fines or penalties), bad publicity, and even damage to company reputation.

Lydia Hultquist, who works with client engagement at tech company RGP, knows this all too well from the 15-plus years she has spent in-house, managing these issues. And as if regulatory agencies weren’t demanding enough, customers impose their own requirements, sometimes based on industry standards or codes, and sometimes based on their preferences. They may even impose different requirements on products destined for different markets, Hultquist finds. Customers are raising the bar when it comes to monitoring the supply chain.

Hileman says that boards and executives are focused on risk, so it’s a good topic for corporate responsibility professionals to discuss. Supply chain risks can arise from noncompliance with laws and regulations. If suppliers are not managing their own compliance, environmental, and social risks, it can impact their operations, or even shut down their business. This poses risks to their customers (your) daily operations. If companies tell investors, customers, and employees that everything is fine when it’s not- or when you don’t have the basis for this optimistic conclusion, any incident or disruption in the supply chain can cast doubt on your corporate responsibility activities.

Why Companies Need a Risk Management Plan

A risk management plan helps companies prioritize, focus on the key areas, and then take reasonable steps to keep processes on track. According to Hultquist, the exercise of developing-or improving-a risk management plan alone can be helpful. This helps organizations prepare for the worst case scenario. Thomas adds: “Legal can help you identify and prioritize your risks so you can decide which risks to address first.”

“I tell my clients, ‘if you want to get everyone on the same page, it helps to have a page,’ It sounds corny, but it’s true,” Hileman says. “A risk management plan helps an organization identify and consider risks from a broad perspective. They can brainstorm the most effective ways to manage risk. And remember, risk isn’t something to be avoided at all costs. Companies take risks with new products and services or by entering new markets. Corporate responsibility professionals take risks when they embark on new programs, or reach out to new stakeholders. Taking risks can yield rewards.”

Hultquist agrees. “Risk management plans can provide coverage when you’re responsible for an area like corporate responsibility. With resource limitations, you can’t do everything. If something unanticipated does happen, you can look to your risk management plan and say, ‘none of us thought of that.”

How Risk Management Constantly Evolves

Risk should be looked at from all angles, at all points in time.

“A risk management plan isn’t something you do, then set it aside,” says Hultquist. “Our world is changing all the time, as are the expectations of our stakeholders. Corporate responsibility and supply chain professionals should refresh their risk management plans every year or so.”

Hileman cites the Volkswagen situation with emissions from diesel vehicles as a good example. In this case, Volkswagen installed emissions software that allowed cars to meet standards set by the Environmental Protection Agency. In test mode the cars complied; however when being used normally the cars would have failed.

Few people had considered how compliance, supply chain, business reputation, sales, money for contingent liabilities and fraud would come together until this took place, according to Hileman. “Corporate responsibility professionals are in a good place to see how all this relates and to show how a solid CR program can reduce risks, he says.”

Where to Start when Forming a Risk Management Strategy

Hileman, Hultquist, and Thomas all agree on where to begin.

• Step 1 is to inventory your risks;
• Step 2 is to evaluate the likelihood and impact of something happening, according to Hileman and Hultquist;
• Step 3 is to review all the measures you have in place now to reduce the likelihood and impact, and to assess how effective they are; and
• Step 4 is to prioritize the “residual risk” of these items, and take additional steps to mitigate these risks. Unless something happens, we’re likely to accept things the way they are.

This stepwise approach challenges complacency. Hileman and Hultquist say to look for opportunities, including competitive advantage. And when you do something great, they say, make sure everyone knows about it.

Hileman tries to provide some assurance to those who believe risk management is a complex issue: “Risk management sounds intimidating; don’t let it scare you,” he says. “We all face risks every day. Give it a good effort to identify, assess, mitigate risks. Escalate things when needed. Document what you do, and how you’re doing it.”

When you’re considering improvements, use all the resources available to you. There are good publications-many consultancies publish white papers and offer webinars. Many are pleased to share perspectives in a call. “Industry groups are a terrific resource-and so are people right down the hall. Don’t go it alone,” Hileman says.

POSTED OCTOBER 12, 2016 IN VOL. 7 NO. 5 – SEPTEMBER/OCTOBER 2016

Social Media is everywhere – maybe even on Internal Audit’s radar screen. With a topic this pervasive, how does Internal Audit approach it for purposes of risk assessment, conducting an audit, or embedding it into existing practices and procedures? How does Internal Audit keep up with something this dynamic, and the risks they could pose?

This session will provide an approach to general risk assessment of Social Media, and considerations for Internal Audit as they contemplate how (or whether) they should incorporate Social Media into their own activities.

Learning objectives include:

• Learn how social media differs from traditional media
• Gain an understanding on how controls align with generators of info on social media
• Learn one approach for high-level risk assessment of social media
• Learn examples of how Internal Audit can use Social Media for their own activities, and factors influencing how (or whether) to do so.

EVENT FLYER

Lunch Program Topic Presented by:

Doug Hileman, CRMA, CPEA, P.E.
President, Douglas Hileman Consulting LLC

The GAO’s third annual report, (Aug. 2016) came down hard on Commerce for not fulfilling a statutory requirement pertaining to the Independent Private Sector Audit (IPSA) provision of the SEC Rule.

DHC believes there are valid reasons that Commerce’s delay has served the best interests of stakeholders.

DHC has generated a white paper, outlining three of these reasons, and also insights as to how Commerce may forge a path forward.

Read and download the white paper here.

Douglas Hileman Consulting LLC (DHC) provides this tip sheet on the Government Accountability Office’s (GAO) third annual report pursuant to Section 1052 of the Dodd-Frank Wall Street Reform and Consumer Protection Act. The report is titled “SEC Conflict Minerals Rule: Companies Face Continuing Challenges in Determining Whether Their Conflict Minerals Benefit Armed Groups ” (2016 GAO Report).

The 2016 GAO Report summarizes companies’ SEC submittals for the 2014 reporting period; by GAO’s press time, the 2015 submittals were in, and several organizations have published their summaries of the newest (and third) batch of submittals. The GAO Report highlights continuing challenges in the conflict minerals supply chain, and takes the Department of Commerce to task for not fulfilling some statutory mandates regarding due diligence and the Independent Private Sector Audit (IPSA).

DHC believes the GAO report includes two sections that are misleading or unsupported. DHC’s perspective on these two issues are outlined in a white paper titled: GAO’s Third Report on Conflict Minerals “Companies Face Continuing Challenges…”” An Analysis.

Read and download the full white paper here.