Enterprise Risk Management: What is Your Plan B, C, D, and E?
Next, the chemicals were moved to non-refrigerated trailer trucks for containment. Arkema officials knew explosions would be inevitable in this circumstance, and they worked with local law enforcement and emergency services to evacuate everyone within a 1.5-mile radius of the plant.
No one was killed or injured in the resulting explosions, but damage to the plant became part of the estimated $180 billion cleanup cost for the entire hurricane-affected area.
Arkema’s story is a compelling case in the area of risk management. The explosion happened because their backups failed due to extenuating circumstances. As their media statement described, “Our site followed its hurricane preparation plan in advance of the recent hurricane, and we had redundant contingency plans in place. However, unprecedented flooding overwhelmed our primary power and two sources of emergency backup power.”
In addition to having a physical action and evacuation plan in place, the company worked closely with air and water quality investigators from the Environmental Protection Agency. They put out clear and straightforward media statements, and their president, Richard Rennard, was active in overseeing the operation and speaking to the public and the media.
Tempting Fate by Thinking About Risk
Risk is one of the least popular elements of any company’s culture. Even acknowledging that risk exists seems like tempting fate – inviting weakness and trouble into the status quo. Risk mitigation techniques cost money and time, which impact profits and the bottom line. Humans naturally tend to shy away from scenarios that scare them, and this can result in risk management plans that are inadequate, short-sighted, or become quickly obsolete.
It is vital that companies in any industry focus on everything they can do to mitigate every risk proactively to help keep their record and brand from being tarnished, and prevent property and lives from being lost. It is vital to get ahead of potential problems and justify the expense of doing so.
Most companies’ risk management plans do not go far enough. They may have redundant systems to back up power and data. They should also have designated spokespersons to handle news media inquiries and social media announcements. But how far is far enough?
For Arkema, their double set of generators were flooded out. Is it simply “armchair quarterbacking” to suggest that companies in Houston, a flood plain that has seen hurricanes before, now reinforce their hurricane preparedness techniques, especially in light of the increased intensity of climate-related disasters?
What about the company president or CEO? Richard Rennard seemed to demonstrate great leadership and put a public face to the Arkema problem, a lesson perhaps learned from observing the Deepwater Horizon debacle of 2010. But what if a company’s CEO is unavailable to comment, either because of physical absence, incapacity, or in the case of corporate wrongdoing, is under arrest? Who speaks when the official spokesperson is unavailable?
Risk Takes Many Forms, But the Data is There
Companies can no longer sweep their mistakes under the rug. Too much data and information exist to even contemplate that. People have a way of finding out. One need only observe recent high-profile crises at Uber and Equifax to note that risk management is not just about software security. It is also about how the situation is handled as it unfolds.
Risks and dangers don’t exist solely in the short-term. The legacy of a crisis lasts months and even years. The costs, including reparation and litigation, often exceed the expense of good planning and thorough preparation.
It is vitally important to manage risk proactively, update management plans regularly, rehearse emergency scenarios, and communicate more effectively with employees, managers, and the public. The data is there to help assess and even predict a much wider selection of problems and solutions.
All that is required is the proper corporate mindset, supported by all available facts and situational intelligence.
Best-in-Class companies implement an integrated risk management framework to assess risks, define controls, manage audits, identify issues, and implement remediation plans. Download Aberdeen’s “Operational Risk Management: Building a Framework to Identify, Assess and Remediate” report to learn more.