According to a new report published by the Institute of Risk Management, businesses responding to supply chain scandals with additional rules and regulations leave workers even more vulnerable. The Institute of Risk Management (IRM) report entitled ‘Extended Enterprise: Managing Risk in Complex 21st Century Organisations’ argues that the ‘modern commercial obsession’ with systems and processes obscures the real problem” failure to understand and predict human behaviour and build trust. The report urges companies to prioritise behavioural risk over ‘tick box compliance’ in order to tackle the ethical uncertainties present in today’s complex delivery networks. Peter Neville Lewis” one of the report’s authors and an IRM member” explained:” Ticking boxes is easy” and dangerous. Boxes were ticked at Rana Plaza, in Rotherham and at BP. Developing a sophisticated understanding of ‘personal risk management’ may be a somewhat harder task but, as companies as diverse as John Lewis and Tata Industries have shown, it does help to create the ethical behaviour that controls risk across an organisation however big or complex the operation may be.” Back in August, a Chartered Institute of Purchasing and Supply survey of UK businesses revealed that nearly 75% of supply chain professionals admitted to having ‘zero visibility’ of the first stages of their supply chain. Shockingly, 11% acknowledged it was ‘likely’ that slave labour was used at some point in the process. Human cost of wilful blindness The IRM’s technical director Carolyn Williams” who authored the new report” pointed out:” This is the human cost of wilful blindness in extended enterprise risk. It’s time businesses stopped expressing remorse and started tackling the behavioural uncertainties at every stage of their operations.” Shareholders have a direct interest in whether a company takes a tick box or behavioural approach to organisation-wide risk management. A 2013 report published by the World Economic Forum highlighted the fact that significant supply chain disruption cuts the share price of affected companies by an average of 7%. ‘Extended Enterprise: Managing Risk in Complex 21st Century Organisations’ marks the transition from risk management of a single organisation to a coherent programme which meets the global and interdependent challenges of today’s joint endeavours. Made up of IRM practitioners together with academic experts, the report’s project group has skilfully developed models, tools and techniques to help risk practitioners understand and manage risk across extended enterprises. ” Today’s extended enterprise environments achieve amazing outcomes but also display many of the characteristics of complex systems, with all of the potential for volatility and uncertainty that implies,” continued Williams.” By modelling the extended enterprise in practice, we provide risk practitioners with the tools such that they can begin to understand organisational exposure to extended enterprise risks” wherever in the chain they may be.” Williams went on to comment:” By their very nature, complex systems cannot be managed or controlled. However, they can be influenced so, in terms of the future risk manager, this will demand new skills around leadership and when it comes to the understanding of culture, ethics and behaviour.” Methodologies and tactics for addressing risk The report offers recent multi-agency examples to demonstrate why there should be concern around extended enterprises. These include the scandal in the UK when horsemeat appeared in some beef supply chains, the management by some banks of their outsourced IT providers, failures in care homes and child protection in the UK and the tangle of responsibilities that became evident following the Macondo well disaster in the Gulf of Mexico. As well as supporting organisational performance, the IRM report claims that a better understanding of risk across the extended enterprise is also vital in tackling wider problems such as slavery, abuse, environmental damage and dangerous working conditions. The report argues that wilful blindness by organisations to these issues within their broader networks is unacceptable. Put simply, companies must now ask themselves whether any claims that they make about their values hold true across their extended enterprise. Richard Hibbert” CEO of cloud-based Governance, Risk and Compliance (GRC) solutions provider SureCloud (who sponsored the report)” stated:” This is a thought-provoking study which highlights the risks posed by relationships across extensive networks of suppliers, partners and associates. It also offers methodologies and tactics for addressing risks and harnessing the benefits.” *The new report was officially launched at a conference held at the Cass Business School in London on Thursday 9 October
“Ticking boxes will not prevent the next Rana Plaza” states the Institute of Risk Management
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.