Elon Musk is a visionary in the news as the face of the coming thing: the Tesla auto, the new Model X, batteries to get your house off the grid, and satellites and space travel. A tactical responsibility for dealing with unwanted publicity was not in his plan. But now Mr. Musk along with the organization he founded is in the unwanted position of confronting issues that illustrate risks that arise from the way business is done today: potentially illegal immigration, sub-minimum wages, and workplace injuries. This was certainly not part of their business plan.

The San Jose Mercury News published an investigative account in May 2016 involving a painter at Tesla’s vehicle factory in northern California. The article recounts how the Slovenian, an unemployed electrician who spoke no English, was recruited to work at a factory in South Carolina, but was sent instead to Tesla’s Fremont, California location. He came to the U.S. on a B1/B2 visa that allowed limited business and tourism in the U.S. He was among ~140 Eastern European workers in the paint shop there, installing pipes and welding parts. He earned for $5 per hour, working 10 hours per day and six days per week.

The Mercury News reported “His job at the Fremont factory ended May 16, 2015, a Saturday afternoon. He climbed atop the paint shop roof and onto an unsecured tile, and then plunged nearly three stories, bouncing off scaffolding, to the factory floor. The fall broke both his legs and ribs, tore ligaments in his knee and gave him a concussion.” Tesla said it never employed Lesnik [he was employed by a contractor], and. “To our knowledge [the individual] Lesnik was injured when he allegedly failed to wear the proper safety harness provided by his employer.”

The Mercury News followed swiftly with an editorial stating that “the betrayal by Tesla is especially disappointing. The cutting-edge car maker was regarded as the role model for bringing manufacturing jobs back to California.” Tesla said it will probe reports, an announcement that was reported in the Mercury News, The Los Angeles Times and elsewhere.

This incident highlights how enterprise risk extends far beyond the legal boundaries of an enterprise. Many questions might arise in the investigation of this incident in the subject areas below

• Contracts and Oversight: What did they say, who was in charge of compliance, contract oversight and enforcement?
• Visas and Human Trafficking: Who was responsible for following (and monitoring) legal hiring procedures? Who held the individual’s passport? Did the worker pay a recruitment fee, and if so, was he indentured for service in order to pay it off?
• Safety: Who was responsible for the safety program, including training, monitoring, and enforcement?
• Fraud: Did any of the parties involved in contracts, operations, compliance management, communications between parties, etc. knowingly engage in deceit?
• Company Image: Will this story “grow legs” and result in a hit to company reputation, and even stock value?
• Extent of Problems: How deep does this go? What will further probing show next
• Business Continuity: If entire segments of the operation or business must be modified how can discontinuity in operations be minimized?
• Required Disclosures: The SEC requires disclosure of risk factors and legal proceedings in Forms 10-K. Should this be mentioned, and if so, how?

It may very well be the case that few of the issues noted above will ultimately turn out to be a substantial problem. But if they are a concern at the moment, they warrant investigation. This can be a high-pressure situation, where the company is incurring substantial costs from teams of experts. This incident distracts Mr. Musk from his visionary role, and thrusts him into the unfortunate situation of being the Chief Crisis Manager.

How Might this have Been Prevented?

An effective Enterprise Risk Management program could have prevented this situation.
The COSO Enterprise Risk Management model includes four categories of risk: Operations, Compliance, Reporting and Business Strategy. Many professionals discuss the categories of risk management as though they are distinct. They are not. Risks incurred in each category have changed as the ways companies do business have changed, as shown on the accompanying figure.

Internal Audit, functional auditors (compliance, safety, etc.), and risk management professionals can all play a role in enterprise risk management – including reducing the likelihood of another incident like the one at Tesla. An Enterprise Risk Assessment should consider today’s risks and current business practices, and develop policies, procedures, governance, and oversight practices to track and manage risks.

Mr. Musk and the executives at Tesla would rather be accelerating the launch of the Model X, and speeding the Model 3 to market. Your CEO has better things to worry about, too. A robust enterprise risk management program can help take this kind of worry off their plate.

___________________________________________________

Douglas Hileman helps organizations develop sound Enterprise Risk Management programs by doing risk assessments, developing/ upgrading policies and procedures, and conducting assessments and audits.  He is president of Douglas Hileman Consulting LLC.  His experience He is on the Board of the IIA Los Angeles Chapter, and on the [global] Guidance Development Committee.

He has special expertise in conflict minerals, compliance, operations, and non-financial reporting.