Director of Advisory Services at SAI Global, James Green, is this week’s guest on the Innovation In Compliance podcast. James’ role involves helping clients manage atypical risk concerns or situations, including business continuity, vendor risk, pandemic, workplace violence, and active shooters. He chats with Tom Fox about his company’s 360° view of risk management and how to survive risks and those bumps in the nightthat you never saw coming.
Compliance vs Operational Risk Management
James gives his perspective on the difference between compliance and operational risk management. Compliance, he says, is ensuring that you’re adhering to your own standards, policies, and regulatory requirements. Operational risk management, on the other hand, is mitigating any risk to the company, no matter where it originates. Hurricane Harvey is a classic example of checking all the compliance and risk management boxes, but failing to mitigate the actual risk. Tom comments that compliance and risk management are much closer than just complementary: a combined approach helps a business create a more robust strategy for overall risk management.
360° View of Risk Management
SAI Global advocates a 360° view of risk management; risk and compliance need to be seen holistically. “We believe a company needs to be assessing risk in totality wherever it comes from,” James says. “And it doesn’t matter where it comes from, because the goal is to increase your organization’s resilience, right. That is really the goal of all of our collective functions, is that when there’s a bump in the night, we can manage through it successfully, legally, ethically, to the satisfaction of our stakeholders.”
When Things Go Bump In The Night
Tom comments on SAI Global’s real-time risk management approach. He asks James how it allows an organization to be more agile and responsive to market conditions as they come up. James responds that while compliance and risk professionals are great at mitigating issues that just happened, they need to also be aware that there will always be unknown and unanticipated issues. “…The problem is in our world, there’s always an unknown that’s coming up. Right now we’re living through COVID-19 which was unknown to a lot of us,” James points out. “There’s always something that’s gonna happen. There’s always another bump in the night. So you can’t be planning based on what happened in the past. You need to be agile. You need to be nimble.” He gives tips on how to determine if a risk is strategically acceptable, and the role risk management should play in the corporation.
COVID-19 and Supply Chain
They originally saw COVID-19 as a supply chain issue, James says, and started advising their clients about it in January. It became much more than that, he remarks. “Supply chain really needs to be embedded in your risk model… because it can damage what your suppliers and vendors do, it can damage your brand to your customers.” He shares useful COVID-19 resources that his company has made freely available to the public.