Retail Perspective on Enterprise Risk Management (ERM)
CIOReview
CIOREVIEW >> Risk Analytics >>

Retail Perspective on Enterprise Risk Management (ERM)

Francisco Fuentes, Vice President of Risk Management, Tailored Brands
Francisco Fuentes, Vice President of Risk Management, Tailored Brands

Francisco Fuentes, Vice President of Risk Management, Tailored Brands

In the modern world of retail, an Enterprise Risk Management (ERM) program should be dynamic and keep up with the internal and external changes in the stakeholders’ concept of risk. While it is important to maintain the most significant elements of retail ERM, such as cybersecurity, technology, brand reputation, sales and competition amongst others, it is also necessary to consider how an organization designs a proper ERM engagement and executes the necessary mitigation controls taking into consideration the proper framework, such as COSO, ISO or others. 

In the current retail environment, public companies and their leaders are required to balance the need to evaluate the shareholder and customer risk with the consideration for risks affecting customers, employees, the environment, and the communities in which they operate. Consumers, company employees, boards and shareholders are requesting a higher level of ethics and participation in areas of ERM.

 Consumers, company employees, boards and shareholders are requesting a higher level of ethics and participation in areas of ERM  

As such, it is important for a company to provide clarity in defining these new and evolving areas of risk such as corporate social responsibility, cybersecurity, environmental and sustainability since the absence of clear definition, measurements and tracking of such risks can result in significant impact to the company’s performance. It has become apparent over time that corporate responsibility and sustainability is managing longterm risks and overall health of the business. The improper administration of ERM can manifest as significant material losses, customer impact(reduction in sales, compromise of PII information and others) and lack of appeal to modern institutional shareholders. There are multiple cases and examples of this type of losses ranging from significant insurance claims to the negative impact to directors and board members caused by cyber incidents. If a company wants to exist decades into the future, it must plan, communicate and demonstrate its ERM strategy clearly and within the most appropriate framework for their business.

In the retail risk management field one must also have a clear understanding of the security risks impacting corporate social responsibility and cyber risk since the potential for noncompliance is significant along with the business continuity, fraud risks and financial risks that are intertwined with them. How a retailer evaluates, measures and reports on responsibility are important risk mitigation elements of a properly implemented the ERM program.

If a company identifies the risk or opportunity in corporate social responsibility, cybersecurity oroverall in ERM, their leadership and the Board will need to be aware of the cost of implementing and maintaining programs that effectively deliver proper risk mitigation. Implementation of these risk controls is cumbersome and can be a financial burden to the company but to the extent that modern retailers decide to make social, cybersecurity or business resiliency claims, they need to be prepared to support such representations. Absence of doing so presents a higher risk in reputational damage and backlash from consumers.

In summary, there are many risks impacting the ERM profile of a modern retailer amongst which some of the most relevant due to financial and reputational impact are the risk associated with corporate responsibility and cybersecurity. These areas of risk need to be evaluated to build the necessary and sustainable programs, resources and risk mitigation controls to ensure that shareholders’, employees’ and consumers’ expectations are met and exposure to litigation due to non-compliance is avoided. 

Read Also

Challenges that Compliance Officers face Today

Challenges that Compliance Officers face Today

Samantha-Anne Horwitch, General Counsel/Chief Compliance and Human Resources Officer, Citelum
Risk Exposures and How to Tackle them

Risk Exposures and How to Tackle them

Michael Meyer, Chief Risk and Innovation Officer, MRS BPO, LLC
Creativity Overcomes Scarcity

Creativity Overcomes Scarcity

Geoffrey Fry, Global VP of Supply Chain, Cree Lighting
Putting The Customer At The Centre Of The Energy Transition

Putting The Customer At The Centre Of The Energy Transition

Elvin Nagamootoo, Head of Product, Shell Energy Retail
The Rise of Algorithmic Trading In The Power Sector

The Rise of Algorithmic Trading In The Power Sector

Rajiv Gogna, Partner, Lane Clark & Peacock
How to Align the Business and Operating Models of an Insurance Company

How to Align the Business and Operating Models of an Insurance Company

Ashok Matta, Director, Data Science, EMPLOYERS