All businesses are constantly "at risk", such as data leakage and product recalls. The source of the problem often stems from inadequate internal policies rather than human errors. So why is this happening? The corporate policies simply never had the chance to catch up to the rapid globalization and social changes.
In 2011, OMRON announced its mid to long-term strategy coined "Value Generation 2020" (VG2020), which includes risk management plan as one of the important business challenges, and has strived to achieve it. The plan was a reflection of the management's firm belief.
"The environment surrounding management and business rapidly changes and increases uncertainty. We need to raise risk awareness and take precautions, so that we can deal with risks while they are budding."
"Growth, profitability and adaptability to rapid social changes are necessary for sound business."
At OMRON, a global risk management team of approximately 200 members work closely on a daily basis. They share a strong mission to resolve issues through cooperation between staff and management, even when the issues stem from environmental changes beyond the control of the staff. We interviewed 5 members to get the inside scoop.
Businesses carry a variety of risks. Due to the fact that the law, culture, and common sense differ by country and region, it can be extremely challenging for globally operating companies to anticipate and avoid all risks. There are times where companies are exposed to threats.
So, here's what they did.
Deterring cartels and bribery, and imposing information security obligations - these are the responsibility of global companies. However, since different regions and countries have their own style of trainings, the Japanese way of training did not work. Thus, in 2011, when VG2020 was launched, they decided to have members from different regions gather and discuss. They established a virtual group called GLH (Global Legal HQ), where the leaders in charge of risk management of OMRON Management Centers meet every quarter. This allowed them to quickly come up with risk management measures suitable for regions at a global level, not from inside Japan. They then selected Risk Manager for each group company. The aim was to have the leaders, in collaboration with each OMRON Management Center, propagate risk management to the staff members who are in the frontline of business.
Such centralized actions trigger actions in other business locations around the globe. According to the main office of the Asia Pacific, managers from different countries gather to attend risk management meetings in every country of the region, not only at the main office in Singapore.
Ohno mentioned, "I oversee 11 countries including India, Australia, and New Zealand. Each nation has its own culture, religion, politics, natural environment, and law, and risks unique to the region. Considering these characteristics, we hold risk manager meetings in each of the 11 countries. This allows the members to understand the culture and atmosphere in specific regions and find their own problems through profound discussion with risk managers. In addition, visiting locations in different countries help develop inter-personal relationships. It is not cheap but the benefit justifies the cost."
As a result, some regions have started to incorporate risk management meetings on a monthly / weekly basis.
As with the Asia Pacific region, the root of OMRON's risk management lies in the frontline. OMRON understands that risks identified onsite are best handled in that region based on the common corporate policy. Thus, globally applicable best practices come from onsite staff members.
The main office in America has incorporated e-learning programs to promulgate an understanding of risk management. The main office in Europe started utilizing e-learning shortly after. It is not uncommon to see practical ideas employed in one region spread to a different region. This is one benefit of gathering on a quarterly basis to make decisions about global risk management measures.
There are other forms of localized activities as well. The Americas has set up a "governance board" meeting directly under the board of each group company. Risk managers from OMRON Management Centers attend the meeting to discuss risk management with the management team of each company on a quarterly or semi-annual basis. By testing the risk assessment provided by HQ and obtaining details on risks using a scoreboard, members of OMRON Management Centers specify their business challenges and provide feedback to the management team. As a result, the management team is able to better understand their responsibility and importance of governance, risk management, and compliance; also allows for profound discussions to take place.
Duregger, at the main office of Europe states, "We handle business risk management on the one hand and risk of non-compliance and governance separately. The reason is that it requires different skills and colleagues from back office are appointed as compliance managers and colleagues of front office are appointed as (business) risk managers as they have a better understanding of the business and business initiatives. At the same time it was a challenge to handle all from HQ only, as we have a very big territory with many different countries and legal entities so we needed to have people "on the ground" locally. This caused us to appoint colleagues who actually had a different "main task" and needed to perform their risk and compliance task in addition to that. In the beginning, they didn't like very much getting assigned additional tasks outside their daily duties. We needed to give training and make them aware of their tasks and our expectations. After they understood the risks in their countries and Business Companies/World Producers things were getting better then. Also, collaborating with the Human Resource Department to add risk management to the performance evaluation for managers and staff helped penetrate risk awareness."
Currently, OMRON Management Center of Korea, which was established in January 2017, is working on strengthening its operational risk management based on examples set in other regions against a rapidly increasing semiconductor workforce. "I feel the necessity to enhance our risk management measures. We have to pay close attention, identify, and deal with risks quickly and appropriately, through collaboration between staff and management, especially in emerging regions." says Ogino passionately.
Such direct actions deliver results. The main office in China reported over 1000 risk buds in 27 business location in 1 month. Daily risk management activities were initially extremely unpopular. However, the entire organization eventually began to trust and understand that this is for their own protection, leading to early risk detection - the product of increased risk awareness.
Earlier in this article, we mentioned that "OMRON's risk management lies in the frontline," however, there are certain risks which the frontline cannot manage. Thus, collaboration between HQ, OMRON Management Centers, and group companies becomes crucial.
A few times a year, the directors and managers get together to rotate the PDCA cycle to further raise risk awareness. There are also education programs such as the 24 universal rules on various risks and "corporate risk management logic" written in 25 languages. The company is devoted to involving both staff and management to take part in the program.
However, this modern age of frequent M&A and open innovation opens new doors to unknown risks. Recognized risk is one thing, but unrecognized risk is another. Unfortunately, there are times where actions performed in good faith triggers problems.
Thus, risk managed and resolved by staff and management is ideal, and the Global Risk Management / Legal HQ dedicates itself to being "the bridge between staff and management".
OMRON will continue to raise risk awareness and clip budding risks before they grow - both staff and management fulfilling its social responsibility as a single team.