Retail Perspective on Enterprise Risk Management (ERM)
CIOReview
CIOREVIEW >> Risk Analytics >>

Retail Perspective on Enterprise Risk Management (ERM)

Francisco Fuentes, Vice President of Risk Management, Tailored Brands
Francisco Fuentes, Vice President of Risk Management, Tailored Brands

Francisco Fuentes, Vice President of Risk Management, Tailored Brands

In the modern world of retail, an Enterprise Risk Management (ERM) program should be dynamic and keep up with the internal and external changes in the stakeholders’ concept of risk. While it is important to maintain the most significant elements of retail ERM, such as cybersecurity, technology, brand reputation, sales and competition amongst others, it is also necessary to consider how an organization designs a proper ERM engagement and executes the necessary mitigation controls taking into consideration the proper framework, such as COSO, ISO or others. 

In the current retail environment, public companies and their leaders are required to balance the need to evaluate the shareholder and customer risk with the consideration for risks affecting customers, employees, the environment, and the communities in which they operate. Consumers, company employees, boards and shareholders are requesting a higher level of ethics and participation in areas of ERM.

 Consumers, company employees, boards and shareholders are requesting a higher level of ethics and participation in areas of ERM  

As such, it is important for a company to provide clarity in defining these new and evolving areas of risk such as corporate social responsibility, cybersecurity, environmental and sustainability since the absence of clear definition, measurements and tracking of such risks can result in significant impact to the company’s performance. It has become apparent over time that corporate responsibility and sustainability is managing longterm risks and overall health of the business. The improper administration of ERM can manifest as significant material losses, customer impact(reduction in sales, compromise of PII information and others) and lack of appeal to modern institutional shareholders. There are multiple cases and examples of this type of losses ranging from significant insurance claims to the negative impact to directors and board members caused by cyber incidents. If a company wants to exist decades into the future, it must plan, communicate and demonstrate its ERM strategy clearly and within the most appropriate framework for their business.

In the retail risk management field one must also have a clear understanding of the security risks impacting corporate social responsibility and cyber risk since the potential for noncompliance is significant along with the business continuity, fraud risks and financial risks that are intertwined with them. How a retailer evaluates, measures and reports on responsibility are important risk mitigation elements of a properly implemented the ERM program.

If a company identifies the risk or opportunity in corporate social responsibility, cybersecurity oroverall in ERM, their leadership and the Board will need to be aware of the cost of implementing and maintaining programs that effectively deliver proper risk mitigation. Implementation of these risk controls is cumbersome and can be a financial burden to the company but to the extent that modern retailers decide to make social, cybersecurity or business resiliency claims, they need to be prepared to support such representations. Absence of doing so presents a higher risk in reputational damage and backlash from consumers.

In summary, there are many risks impacting the ERM profile of a modern retailer amongst which some of the most relevant due to financial and reputational impact are the risk associated with corporate responsibility and cybersecurity. These areas of risk need to be evaluated to build the necessary and sustainable programs, resources and risk mitigation controls to ensure that shareholders’, employees’ and consumers’ expectations are met and exposure to litigation due to non-compliance is avoided. 

Read Also

Revolutionizing The Aviation Industry

Revolutionizing The Aviation Industry

Paul Harding, Director, IT, Air Transport Services Group (ATSG)
How Cloud and AI Are Driving Forward Customer Engagement and Service in Contact Centers

How Cloud and AI Are Driving Forward Customer Engagement and Service...

Tim McDougal, Managing Director, Deloitte Consulting LLP
For a Smarter City: Trust the Data, Ignore the Hype

For a Smarter City: Trust the Data, Ignore the Hype

Brad Dunkle, Deputy CIO, City of Charlotte
Mitigating Account Takeover Fraud

Mitigating Account Takeover Fraud

Robert Waterman, Head of Fraud Operations & Business Services at MassMutual
Post-Pandemic Trends in the HR Tech Landscape

Post-Pandemic Trends in the HR Tech Landscape

Arun Serikar, Director of Global HR Technology, Whirlpool
Your website is the face of your company and is the most important touchpoint for your brand

Your website is the face of your company and is the most important...

Mindy Duong, VP - Design and UX, East West Bank