Archive for February 12th, 2007
Welcome to the Governance, Risk and Compliance blog. We will be providing periodic posts to encourage perspectives on a wide range of issues related to corporate ethics and how it relates to emissions, environmental footprints and effects on global warming. We’ll also talk about other operational issues that impact public and private organizations. We hope you will also offer us your news items and commentary, and share your perspectives on the issues that impact organization heads, corporate directors, production managers, IT managers, compliance managers, corporate security managers and governmental incident commanders.
For those of you who are becoming acquainted with ESS for the first time, we are the leading global provider of innovative software solutions, training and services that help companies meet corporate governance goals through managing environmental compliance; health and safety compliance; corporate security support; and managing emergency response to natural and man-made disasters. We have been the industry leader for more than a decade, and our client portfolio includes more than 17,000 clients, including 75 percent of the Fortune 100 and more than half of the Fortune 500.
You can obtain more information about ESS on our Web site, www.ess-home.com.
This blog represents our effort to launch a high-level conversation designed to help organizations meet their goals for sustainability, and reduce various forms of operational risk. By offering this forum, we will provide perspectives that demonstrate how savvy organizations find ways to reduce costs and balance concerns that lead to a healthy triple bottom line for people, planet and profit.
As with any discussion, we will manage conduct on this site based on a few simple guidelines:
- We will respect proprietary information and confidentiality.
- We will be respectful when disagreeing with others’ opinions.
Thanks for joining our discussion.
Tags: health and safety operational risk management osha health safety compliance safety management
February 12th, 2007
Based on recent industry trends, I have noticed that the focus of the proactive Environmental, Health and Safety (EHS) professional has moved beyond compliance activities. Emphasis is now placed on finding ways to add business value and increase a company’s shareholder value through enhanced EHS performance.
Managers can see that this shift in focus is evidenced in the recent trends for risk portfolio management. Analyst groups offer evidence of links between EHS risk management and financial performance. Stock trends highlight upward trends for companies with strong EHS performance records.
One example is translating injury and illness data into key performance indicators (KPI) that provide proof of your company’s commitment to employee and community safety. OSHA requires that this data be collected anyway. Using the data for performance metrics is a natural progression.
Company press releases and annual reports are full of EHS key performance indicators. These neither provide business value nor drive improved performance since most data a) indicate what has already happened, b) represent situations that may no longer exist and c) often become the end result, not a tool for further evaluation and decision-making.
If corporation officers want to spend money on environmental protection, they must have realistic expectations of value those investments will generate, and that they are appropriate for the size and character of the corporation. We already know that environmental professionals in many companies struggle just to maintain regulatory compliance. This applies to companies of all sizes, although the challenge is greater for small and mid-size organizations.
Traditionally, the most effective “non-regulatory” environmental initiatives are those that require disclosure and executive management involvement. The Toxics Release Inventory (TRI) had a major influence on pollution prevention programs after business management discovered how much was being released in association with their company’s facilities.
Today executives and plant managers must sign off on their environmental reports. That has brought environmental issues to the forefront of corporate governance.
KPIs show where a company is headed and give production managers tools they need to take action ahead of significant performance downturns and where they need to produce performance measurements.
Examples of ‘next generation’ KPIs that could affect your operations in the near future:
- Measurements of performance trends, not merely performance. Leading indicators can be derived from trends in wastewater discharge overages, spills, audit findings, reportable injury rates, near misses, or workman compensation claims for a particular condition, among others.
- Periodic surveys of relevant opinion leaders. Targeted surveys could provide insights into both short and long term EHS trends.
- Sustainable development metrics. Metrics that monitor and understand regional and global environmental data using information solutions that capitalize on material and waste data management
- Other measures such as physical conditions, employee attitudes and other factors should be rolled up into data that track factors affecting performance and results.
Businesses and economists have been using leading indicators for decades. I think you’ll find that the secret to developing effective KPIs is to create a process that provides results rapidly, so managers can develop strategies and tactics to correct negative trends in a timely manner. Look for software solutions like Essential Performance Manager™ – which we expect to hit the market very soon.
Tags: ehs performance key performance indicators pollution prevention programs safety osha toxics release inventory
February 12th, 2007
Is your organization ready to deal with internal risks that could cause business interruptions or negatively impact your bottom line? Recently I’ve had the opportunity to talk to managers and business owners from all corners of the globe to assess their risk readiness. Here are some perspectives that could be helpful to consider.
“The Enterprise,” while we always refer to it in the aggregate, is actually composed of many different types of businesses – from online virtual businesses like EBay to electric utility companies, from oil and gas companies to financial service companies. Many of the businesses that make up the enterprise are public companies that are discovering a new set of compliance issues with the passage of the Sarbanes-Oxley (SOX) legislation and have embraced a relatively new concept: enterprise risk management.
Although SOX may have given birth to a new focus on Enterprise Risk Management (ERM), SOX is only part of a larger concern: operational risk in general. Every business, large and small, should learn to better manage its operational risk. Many tenants of the World Trade Center discovered that on 9/11, and many New Orleans companies had the same epiphany after hurricane Katrina.
Especially in asset-rich industries, risk management is about the relationship between SOX compliance and every other government regulation passed before it and since. It is about any other strategic or operational risks a company needs to consider and how to assess both the asset and portfolio risk of the enterprise.
Operational risk management takes into account the links between the operational and the financial aspect of any compliance effort. What are the costs of compliance? What are the costs of being out of compliance? But it is more than a financial compliance and reporting mindset, it is about an integrated approach to corporate, financial, strategic and operational systems.
If the enterprise is to be protected, insofar as that is possible, more than just the ordinary financial risks must be considered. What would happen in a terrorist attack? A natural disaster? An oil spill?
A new ERM model emphasizes the need to go beyond internal financial controls and audit-related compliance and look at the operational interdependencies and associate the risk of these interdependencies with an organization’s strategic assets. In order to be successful, this ERM framework requires the use of systems and industry knowledge.
To create standardized internal controls, companies need to leverage industry specific people and industry-proven technologies with a centralized dashboard on which an executive responsible for operational risk management (a CRO, or a Chief Security Officer) can see everything in the company for which he or she is responsible. Systems specifically used for project management, asset and service management, EH&S, crisis management and financial management should be integrated to realize the full capability for an enterprise.
Tags: erm oil and gas companies operational risk management sarbanes oxley
February 12th, 2007
