Howard Karp, a chef at the Waldorf Astoria and instructor at the California Culinary Academy who cooked for four U.S. presidents, once told me the secret of cooking: "It's all in the technique. There are no shortcuts."
Exquisite food comes from a highly trained, coordinated and cohesive kitchen operation that involves culinary skills such as slicing, dicing, searing and sautéing. Chef Karp added: "One must also understand the chemistry of cooking."dwdwdw He explained that the order and manner in which all the ingredients are "introduced to one another" makes all the difference.
Watching him cook a five-course dinner for a small group of us was like watching an artist paint a masterpiece. I never followed a recipe card again.
In my world, risks are a common ingredient and need to be handled just as expertly as the fish, meat and other ingredients that Chef Karp works him magic on. The risks to business ventures include:
- Damage to reputation/brand
- Economic slowdown/slow recovery
- Regulatory/legislative changes
- Increasing competition
- Failure to attract top talent
- Failure to meet customer needs
- Business interruption
- Third-party liability
- Cybercrime/viruses
- Property damage
Some organizational risk management programs I've seen follow a recipe of sorts that seems to have been passed down from one risk manager to another -- but only good wines and spirits improve with age.
Clearly, the prevention of accidents (workforce, property, fleet, customer, etc.) establishes the basis for sustained profitability. So, boards demand that senior management have robust involvement in the organization's enterprise risk management (ERM) efforts. Risk management departments cannot operate outside the business flow and related decision-making processes. Management silos have no place here. Decisions about risk must be driven across all operational aspects of the organization in a consolidated, standardized fashion to build trust and meaningful partnerships with operations.
But the traditional corporate approach to reducing risks is one clever safety campaign after another. Risk management staff, especially those in workers' comp, obsess on frequency and severity -- cutting the number of claims and reducing reserves and settling claims. Risks are "managed" by things like: compliance enforcement; personal protective equipment (PPE); signs; and those safety contests. Risk management operations are often buried in finance, HR or legal departments.
But these loss controls, from my experience, are no match to the potential losses that may occur under a bureaucratic, disliked supervisor.
Senior management must raise its game and focus on the strategic components of risk, such as: alternative risk financing, market economics, reputational risks and human capital. In turn, management needs to know the true costs in each business unit. Relevant risk factors may be buried in a ream of statistics, but corporate executives need to know if their risk management program is making an impact. How is information collected, managed and disseminated? Are your analytics predictive?
After 38 years of directing risk management, I believe that organizations must embrace what some friends and colleagues are calling a culture of safety (COS). This is the pièce de résistance.
COS involves using embedded risk management teams in each business unit to send signals up and down the corporate ladder that loss control is much more than a motto or simple list of steps to take. COS requires developing loss-control programs that are a product of the DNA of a specific organization. COS builds strong, binding partnerships among business units that allow the development of a platform for data analytics, volatility analysis, forecasting and reporting that allow for continual improvement through ERM/Six Sigma. COS has demonstrated significant savings, in the tens of millions of dollars a year at a single company.
There are five essential stages to a viable culture of safety:
- Awareness, repositioning of responsibility and analytics
- Cultural sustainability through behavioral economics
- Behavioral change through positive observations
- Combined service, safety and engagement measures
- Extended service, safety and engagement measures to the community
An organization should have a vision to assess knowledge, skills and abilities and work with HR to train employees to bring about new levels of expectations. Old safety methodologies focused on inspectors; audit and regulatory-based decisions; checklists and processes; task completions; and frequency-based decisions. COS, on the other hand, is behaviorally focused using coaches, trainers and outside consultants who partner with teams of employees who are already technically proficient and operational savvy. In addition, key performance indicators (KPIs) can help shape behaviors.
To deploy a viable COS, companies should consider using qualified outside experts as a diagnostic tool to identify and quantify risks using meaningful analytics. Companies need to know how they stack up against the competition. This type of analysis by reputable firms can provide practical insights for senior management and lead to the building blocks for a fine-tuned corporate risk strategy and an enhanced culture of safety.
One such consulting firm, Operant Solutions, inspired me to write this article with stories on risk management successes it presented at the RIMS Western Regional Conference in Lake Tahoe recently. (If you're interested in getting a copy of the presentation, you can contact Sue Antonoplos at 650-336-3144.)
I am inspired by the words of Julia Child: "Cooking well doesn't mean cooking fancy."