Risk management as a function is in a state of constant evolution. Since the 2008 global financial crisis, which caught many organizations off-guard, the 'traditional' risk management model has been questioned. The traditional focus on insurance and operational risks has become insufficient for many organizations, and the evolution of risk management into a more strategic role has been underway.
There are three primary trends driving this evolution. The first is the introduction of new technology. Big data and the use of algorithms are introducing new risk management techniques that enable organizations to make better and faster decisions at an increasingly lower cost. Computing power is getting faster and cheaper, which allows organizations to quickly process increasing amounts of data from a wide range of sources. This can provide better and timelier information upon which to detect problems earlier, make better decisions and predict problems before they happen. This, in turn, can give an organization a competitive advantage.
The second trend is the globalization of risk. As our economy, supply chains and networks become more globalized, sociopolitical, macroeconomic or disaster events abroad have a ripple effect like no other time in history. This comes with an increasing realization that we can no longer insulate ourselves entirely. We now understand that the risk exposures and prearedness of our key suppliers and customers in areas such as business continuity planning, labour practices and concentration of assets in natural catastrophe-exposed zones can make an impact far and wide across the globe when something goes wrong.
To respond to this trend, an organization must commit to an enterprise-wide risk management approach. This means risk managers will need to develop a much broader skill set and potentially form an internal risk committee to access the knowledge required for better initial risk assessment that contemplates the compounding effects of interrelated risks, and how these relate to the corporate financial materiality threshold. The result might lead to a recalibration of the risk management atrategic plan that achieves greater awareness and influence on management decisions versus the more conventional model, which focuses on a silo top-down approach.
The last trend that will impact risk management moving forward is the focus on creating a strong risk culture. The increasing speed in the evolution of risk means that it will become more difficult for organizations to adjust their risk management plans and insurance programs at a speed that keeps pace with this change. Decisions will need to be made quickly and changes implemented rapidly. Insurance products often lag behind the evolution of new risks, which will force organizations to increasingly self-insure in the short-term. Having a strong risk culture that starts at the top and filters down to all levels creates a level of preparedness to mitigate risk when insurance is not available, affordable or feasible.
To create a strong risk culture, organizations must establish a few key elements. First, buy-in at the C-suite or board level will ensure that risk management becomes an important component of the business planning process. Second, it requires a risk appetite and philosophy that is well understood across the organization. This is because it becomes the measuring stick by which people will make their day-to-day decisions. Lastly, the culture needs to be reinforced with sound metrics for measuring effectiveness and incentives that promote risk-intelligent behaviours.
To effectively deal with these three trends, successful risk managers will have broad skill sets that include knowledge of financials, operations, technology, marketing and others. These skills will need to be coupled with strong interpersonal skills that will enable them to be true change agents within an organization, translating vast amounts of information into meaningful risk strategies that can be effectively communicated and implemented. In the end, this will separate the winners from the losers in Canada and around the world.
Michael Loeters is vice-president and risk management practice leader at BFL Canada. BFL Canada helps its clients become resilient organizations by taking a strategic approach to insurance and risk.
The rising acceptance of GFSI is catching the attention of smaller food manufacturers.
Many small companies are working with limited resources and as a result, employees wear a variety of different hats. As they look to begin the process of selecting a GFSI scheme, the process can be daunting. Where should they start? Which scheme makes the most sense? In an interview with Rick Biros, publisher of Food Safety Tech, Claudio Bauza discusses where small food companies can begin their journey.
Peter Neumann is a graduate of the University of Connecticut with a BS degree in Biology and Chemistry.
Peter has over 40 years in the food industry in Bakery and high risk processes including Dairy and Edible Oils.
His background includes responsibilities for Quality Control, Production, and Engineering, as well as Senior Management positions in Fortune 500 Companies. He has managed large, multi-product facilities in both Union and Non-Union environments where he received numerous recognitions for Team Building, Lean Plant of the Year, as well as Quality and Performance commendations.
Peter has an extensive background in Lean Manufacturing and implementation of HACCP and SQF. He is a Certified High Risk SQF Consultant and enjoys teaching and training in these disciplines as well as Leadership and Strategic Planning.
A look at how certification to the GFSI recognized scheme aligns with FSMA in supplier controls, a food safety plan, audit readiness, and building a strong food safety culture.
If my company is GFSI-certified, is it also FSMA compliant? The answer is: With shared goals of producing safe food, coordinating preventive measures and ensuring continuous improvement, if your company is FSSC 22000 certified, you’re well on the road to FSMA compliance, according to Jacqueline Southee, Ph.D., U.S. Liaison, FSSC 22000. Southee discussed several areas in which FSSC 22000 aligns with FSMA as part of a recent Leadership Series, “GFSI in the Age of FSMA”.
Supply Chain Visibility
FSSC 22000 is applicable to all aspects of the supply chain and requires interactive communication (all of which must be documented), from the downstream level in ensuring raw materials and suppliers meet requirements of ISO 22000 framework to communication with customers and suppliers to verify and control hazards.
FSMA controls the hazard of food within the United States, says Southee, whereas GFSI certification is a global initiative, thereby extending supply chain visibility to foreign suppliers.
The Food Safety Plan
There has been much discussion surrounding building a FSMA-ready food safety plan and the migration from HACCP to HARPC. “HARPC can be referred to as HACCP with preventive controls,” says Southee. FSSC 22000 provides a flexible yet robust approach in a framework that is applicable to all situations (i.e., different manufacturers have different issues, such as producing ice cream versus baked goods). Rather than being prescriptive, the prerequisite program has the flexibility to apply to a particular situation. In addition, validation, verification, monitoring and documentation are an inherent part of the ISO 22000 approach and the FSSC 22000 certification.
FSSC 22000 serves as an effective tool in preparing companies for FSMA compliance. “We’re not a regulatory system; FDA has that domain,” says Southee. “They’re the ones that carry the responsibility of meeting those regulations. We work with everyone…to do the best job we can.”
Being audit ready all the time is a key part of preparing for FSMA. FSSC 22000 certifies a food safety management system (a three-year certification cycle) and requires internal audits of company performance, along with helping companies ensure that their records are organized at all times. The goal is to install a management system that enables constant monitoring, reevaluation and assessment as part of an ongoing process of keeping food safe, according to Southee. “If you’re certified and have an effective ongoing management system, unannounced audits won’t be an issue,” she says.
Food Safety Culture
FSSC 22000 and ISO 22000 provide a strong foundation for building food safety culture. ISO 22000 requires proof of management commitment to the food safety process, along with accountability, and for management to make resources available to see the food safety process through. “We agree that culture has to come from the top,” says Southee. “The personnel have to see that management is committed, and the culture will come from that commitment.” It also requires constant communication, up and down the supply chain as well as internally. This includes involving all employees and making sure that they know what they’re doing (i.e., training). “Everyone needs to know they’re valued and important, and how their function contributes to the function of safe food,” says Southee.
FSMA Alignment and Gap Analysis
There are sure to be some gaps when it comes to FSSC 22000 and FSMA. FSSC 22000 has commissioned a gap analysis to compare the preventive controls for human and animal food rules with the GFSI scheme and will add addendums as needed. Areas of review include a requirement to include food fraud into the hazard analysis and a review of unannounced audit protocol.
Zephyr Wilson, product manager at Roka Bioscience discusses how to build the right food safety culture in the context of environmental monitoring with Maria Fontanazza, editor of Food Safety Tech. She also provides tips regarding the questions companies must ask when conducting test methods and self audits. Video shot at the 2016 Food Safety Consortium.