Following recent food industry crises such as Sudan I, Melamine and Horsemeat, regulators and industry naturally take steps to prevent a recurrence. As a result we have BRC7 and vulnerability assessments. Many manufacturers changed their supplier approval procedures, retailers are paying closer attention to supplier specifications and supplier audit teams are challenging traceability more.
But there’s a problem with managing risk retrospectively: It’s a variation on what military historians call “fighting the last war.” As memories of the horsemeat scandal fade business leaders worry that enhanced food safety risk assessments to incorporate TACCP / Vulnerability Assessments are impeding growth and profits without much gain. Many food businesses and retailers decision making processes may be too slow, in part because of an excessive focus on preventing risk.
Research from CEB, a Washington-based firm concluded that if this “organisation drag” was reduced that rate of revenue growth might double. Their research indicated that risk managers and auditors spend more than half their time on financial reporting, legal and compliance risks even though the vast majority of big losses in market value occur because of mismanaged strategic risks. Most companies (91%) plan to reorganise or reprioritise risk management in the next three years and have already begun increasing budgets to that end.
Take the recent £300 million hit to Tesco from the Horsemeat scandal. This is a massive number until you compare it to the decline in the Tesco share price and market value in recent years. From a high of £4.74 in November 2007 the Tesco share price has declined to £1.58 at the time of writing, wiping £26 billion off the Tesco market value.
The CEB researchers identify three best practices for assessing and managing risk:
Strike the right balance between risk and reward
“Risk management” is often synonymous with “risk prevention.” But in financial services lower risk often means lower return. Leaving your money in a bank account earns a very low return compared to alternative but more risky investments. Today’s risk managers see their role as helping firms determine and clarify their appetite for risk and communicate it across the company to guide decision making. In some cases this means helping food safety, NPD, marketing and sourcing teams make well informed decisions on which products to launch where residual risks remain but are accepted.
Focus on decisions, not process
Many food safety teams associate risk management with compliance driven work such as supplier risk assessments, vulnerability assessments, SSAQ reviews and supplier specification reviews. Although all of these activities are important, they may not reduce risk. In addition to relying on paperwork or process, risk managers are turning to tools such as dashboards that show risk in real time and training to help employees assess risk. They are also helping companies factor a better understanding of risk into their decision making.
Make employees the first line of defence
Decisions don’t make themselves – people make them, and there isn’t always a risk assessment expert present when they do. So smart companies work to improve employees ability to incorporate appropriate levels of risk when making choices. This might begin during the hiring process: Some firms now use “risk screens” or other assessments to gauge candidates appetite for risk. By bringing in people with an aptitude for risk assessment, they reduce the need for training or remediation later.
How often have food and drink businesses considered this?
Companies are also trying to identify which teams face higher levels of risky decisions and providing training and support to these teams. With a focus on simulations or scenarios team members get to practice decision making in real scenarios.
Finally, risk managers are becoming more involved in employee exit interviews because leavers can be an excellent source of intelligence.
To pull all of this risk management into a cohesive picture some firms are changing their structure to remove the spread of risk management across multiple departments which results in pockets of information and lack of a joined up risk profile. The goal being to transform risk management from peripheral activities to a function integrated with day to day management.
This is where the recently upgraded QADEX supplier risk assessment module can add value. It enables multiple teams, at different locations, to complete diverse risk assessments such as supplier, product, ethical, sustainability, commercial and financial risk assessments on a standalone basis but then consolidate into a total risk score, or 360 degree risk profile by supplier. Using QADEX risk management becomes a protection shield rather than an action stopper.
It is not beneficial or possible to remove all risk, but you can learn how to better live with risk.
¹ Many of the ideas in this blog post have been adopted from a Harvard Business Review article on how to live with risks published in July 2015