CIOReview
CIOREVIEW >> Risk Analytics >>

Retail Perspective on Enterprise Risk Management (ERM)

Francisco Fuentes, Vice President of Risk Management, Tailored Brands
Francisco Fuentes, Vice President of Risk Management, Tailored Brands

Francisco Fuentes, Vice President of Risk Management, Tailored Brands

In the modern world of retail, an Enterprise Risk Management (ERM) program should be dynamic and keep up with the internal and external changes in the stakeholders’ concept of risk. While it is important to maintain the most significant elements of retail ERM, such as cybersecurity, technology, brand reputation, sales and competition amongst others, it is also necessary to consider how an organization designs a proper ERM engagement and executes the necessary mitigation controls taking into consideration the proper framework, such as COSO, ISO or others. 

In the current retail environment, public companies and their leaders are required to balance the need to evaluate the shareholder and customer risk with the consideration for risks affecting customers, employees, the environment, and the communities in which they operate. Consumers, company employees, boards and shareholders are requesting a higher level of ethics and participation in areas of ERM.

 Consumers, company employees, boards and shareholders are requesting a higher level of ethics and participation in areas of ERM  

As such, it is important for a company to provide clarity in defining these new and evolving areas of risk such as corporate social responsibility, cybersecurity, environmental and sustainability since the absence of clear definition, measurements and tracking of such risks can result in significant impact to the company’s performance. It has become apparent over time that corporate responsibility and sustainability is managing longterm risks and overall health of the business. The improper administration of ERM can manifest as significant material losses, customer impact(reduction in sales, compromise of PII information and others) and lack of appeal to modern institutional shareholders. There are multiple cases and examples of this type of losses ranging from significant insurance claims to the negative impact to directors and board members caused by cyber incidents. If a company wants to exist decades into the future, it must plan, communicate and demonstrate its ERM strategy clearly and within the most appropriate framework for their business.

In the retail risk management field one must also have a clear understanding of the security risks impacting corporate social responsibility and cyber risk since the potential for noncompliance is significant along with the business continuity, fraud risks and financial risks that are intertwined with them. How a retailer evaluates, measures and reports on responsibility are important risk mitigation elements of a properly implemented the ERM program.

If a company identifies the risk or opportunity in corporate social responsibility, cybersecurity oroverall in ERM, their leadership and the Board will need to be aware of the cost of implementing and maintaining programs that effectively deliver proper risk mitigation. Implementation of these risk controls is cumbersome and can be a financial burden to the company but to the extent that modern retailers decide to make social, cybersecurity or business resiliency claims, they need to be prepared to support such representations. Absence of doing so presents a higher risk in reputational damage and backlash from consumers.

In summary, there are many risks impacting the ERM profile of a modern retailer amongst which some of the most relevant due to financial and reputational impact are the risk associated with corporate responsibility and cybersecurity. These areas of risk need to be evaluated to build the necessary and sustainable programs, resources and risk mitigation controls to ensure that shareholders’, employees’ and consumers’ expectations are met and exposure to litigation due to non-compliance is avoided. 

Read Also

The New Bridges and Barriers to an Integrated World view

The New Bridges and Barriers to an Integrated World view

Brandon Beals, Director of Data & Analytics, Dot Foods
Data Literacy –What is it and Why Should Your Company Care?

Data Literacy –What is it and Why Should Your Company Care?

Lisa M. Mayo, Director of Data Management, Ballard Spahr LLP
Importance of Customer Relationship Management Implementation

Importance of Customer Relationship Management Implementation

Drew Fredrick, Vice President, Home Building Technology, Clayton Homes
Creating Momentum Along Your Customer Relationship Management Journey

Creating Momentum Along Your Customer Relationship Management Journey

Anissa Benich, Sr. Director, Enterprise Strategy and Marketing, OneAmerica
CRM and Customer Experience

CRM and Customer Experience

Ashok Dhiman, Director, Enterprise Customer Experience and Data Integration, The Hartford [NYSE: HIG]
Go Big Data or Go Home – Data Analytics-Enabled Compliance Programs

Go Big Data or Go Home – Data Analytics-Enabled Compliance Programs

Kevin Gleason, Senior Vice President, Voya Investment Management and Chief Compliance Officer, The Voya Funds & Matthew Gleason, an undergraduate computer science major, The University of Arizona