Skip to main content

Your Enterprise’s Vulnerabilities: An Activist Approach



In using the term “activist,” I am not referring to high-pressure tactics used by some hedge funds and private equity investors to influence management decisions at private and public companies. I am also not referring to the individuals or groups that protest for or against specific political, social, or business decisions. Rather, I see “activist” as someone who stays on top of current needs and conditions and who also looks to the future. 

Interestingly, Merriam-Webster’s online thesaurus does not contain an entry for activist.  Microsoft Word’s built in thesaurus, however, suggests several appealing synonyms: forward-looking, innovative, advocate. 

A vulnerabilities activist works to stay on top of emerging risks and also works within the enterprise to review existing—and historical—procedures, business models, technology, and training to identify and reduce downsides while increasing the upside consequences of where risk taking is a good business move.

Every enterprise has vulnerabilities.  In this context “vulnerabilities” are conditions and situations that do or might interfere with the enterprise’s ability to achieve its goals. For this process, the vulnerabilities faced by for-profit companies and nonprofit enterprises are remarkably similar: uncertain revenue/funding streams, legal and regulatory changes, local zoning laws, ability to reach target markets/clientele, qualified employees, and, of course, cyberthreats and physical security. In addition, every organization, company, and enterprise—whether for profit or not-for-profit—has unique vulnerabilities to explore and assess.

Risks that can hurt any enterprise

For any and every organization: Be risk aware! Make sure that you have controls and procedures in place for the handling of confidential employee and compensation systems. On September 18, 2018, for example, the FBI issued Alert Number I-091818-PSA describing “Social Engineering Techniques To Obtain Employee Credentials To Conduct Payroll Diversion.” Mitigating steps include Internet firewalls, anti-spam software tools, increasing employee awareness on avoiding attacks, and  standard management controls on changes to payroll information. Always, establishing and enforcing clear procedures and authorities around any process that includes money can thwart such attempts.


Make sure that legally required processes and core insurance policies are in place: For example, money withheld from payrolls or collected as sales taxes must be paid in a timely fashion. Meet with a couple of insurance brokers to make sure that the firm is up to date on primary insurance policies such as workers’ compensation, general liability, and property coverage. Consider cyber insurance to cover the risk of losses via online operations as well as hacking or other loss of internally held data files. Firms with multiple owners and senior decision makers should price “directors and officers” (D&O) insurance and “key person” life insurance policies. Make sure you have more than one person who can cover all core functions… just in case. In a two-person firm this can be hard. In a larger firm, designate key back-up responsibilities.

Risks specific to your enterprise
Because the risks relevant to each organization differ from those of every other enterprise, planning how to reduce them will vary as well. All businesses along an ocean waterfront might face equal risk of flooding, but a food stand will lose more merchandise when electricity fails than will a t-shirt store. A business based on personal integrity, such as a medical practice or law firm, likely faces higher cost of reputational damage than, say, a bookstore.

A few questions to ask about your enterprise: What are your primary assets and relationships, what are they worth to you, do they have value to others, what would happen if they were lost or compromised? How are these primary assets — be they physical inventory, customer records, proprietary formulae, reputation, buildings, or land — backed up? Insured? Duplicate or triplicate files on site and in remote storage? Physical locks and keys? 

Corporate culture matters! 
Do your employees know which risks you want them to take or avoid? This applies to everyone, from core product development and production to internal operations to financial staff to customer service. Do employees report problems, potential problems, or problems avoided? If you know about potential and avoided problems you can change processes to avoid them in the future. Do company incentives support or undermine your preferences?  Over the past few years, for example, a number of executive and middle managers at Wells Fargo Bank were forced out by scandals tied to pay incentives that rewarded untoward activities. These badly damaged the bank’s reputation.  Actions, expectations, and rewards that don’t align create unnecessary risk.

Create a Vulnerabilities Activist Mindset
No small or mid-sized business owner or nonprofit director will spend time on a risk management review that feels like a paperwork exercise. Large firms should more easily institutionalize review processes. With less formality, mid-sized and smaller entities can also effectively use risk reviews. Once a year, have a conversation with all staff or representatives of all departments to identify internal and external factors that have changed and discuss whether these have introduced new risks or opportunities…or both. Gather views from across the enterprise to illuminate risks that senior managers might not see. Ask external advisors and board members to raise issues from their experience that might undermine the firm. Once a year, ask your insurance carrier to review coverage and services. Every so often — maybe every two to five years — ask another insurer to propose coverage to see if you’ve missed something. Finally, discuss the assessment and steps to address uncomfortable vulnerabilities with your board of directors.  Be forward-looking and innovative. Advocate for future success by paying attention to current and evolving issues. 


Michele Braun is Director, Institute for Managing Risk, School of Professional Studies at Manhattanville College. She can be reached at Michele.Braun@mville.edu or 914-323-1238.

Comments

Post a Comment

Popular posts from this blog

Happy Holidays Newsletter from SPS - Make 2021 Count!

"An investment in knowledge pays the best interest" - Benjamin Frankli n Congratulations to all of our students who completed another semester. You made the best of a difficult situation by sticking with your goals and working on your education. Some of you added a few more credits to your program, some of you completed your final project and some of you completed your final classes and are graduating! I applaud you all! I invite you to read this newsletter highlighting our fall accomplishments, student achievements, and upcoming events. In SPS we have been working hard to stay connected and expand our network with engaging virtual programs. Hopefully, you have experienced this effort, if not please consider joining us for a class or our next Power Lunch series.  I hope you stay strong and healthy during these trying times. We need to continue to be vigilant for ourselves and our families. Try to find some good in each day and help others find the same. Keep in touch and e
1 comment
Read more

SPS Prof Richard A. Montanaro: Covid-19 resume gaps will become commonplace, yet still need explaining

Richard A. Montanaro: Covid-19 resume gaps will become commonplace, yet still need explaining As posted on Westchester & Fairfield County Business Journals January 4, 2021 By School of Professional Studies Professor  Richard A. Montanaro B inge watching Netflix is not a valid explanation for gaps in your resume. While a prospective employer may understand, and even sympathize with an unexplained period of inactivity in your employment, you will need to put a positive spin on these gaps even given the pandemic. As an HR practitioner who has overseen the hiring process for over a thousand applicants during my career, I can say that it’s not uncommon for there to be employment gaps: periods without employment during a professional career. Given the pandemic, business downturn and related organizational downsizing, these gaps may be more prevalent now. Yet, regardless of the difficult times organizations and individuals are facing, gaps in employment and how to best represent them rema
Post a Comment
Read more

2020 Sports...It's a Wrap!

On the Eve of 2021 SPS Professor Dave Torromeo Posted on Latin Business Today. As we approach the end of 2020—one of the strangest years known to mankind—we once again turn our attention to the things that make us happy, the things that bring us joy in the face of sadness and despair: live sporting events. We know the leagues and TV broadcast partners are happy, or maybe relieved? While the world tries to return to normal, we can be grateful that sports, although different, have at least given us an outlet. That is what sports have always done—provided us with a release! That is why when people attend or tune into a sports event they do not want to be reminded of their problems, politics, or other incendiary touch point issues. The sports world continues to roll on, albeit with various of stops and starts due to COVID-19. Teams are affected or infected, and then games are postponed or canceled. However, let us focus on the positives as we have live sporting events almost every day and
Post a Comment
Read more