Skip to main content

Your Enterprise’s Vulnerabilities: An Activist Approach



In using the term “activist,” I am not referring to high-pressure tactics used by some hedge funds and private equity investors to influence management decisions at private and public companies. I am also not referring to the individuals or groups that protest for or against specific political, social, or business decisions. Rather, I see “activist” as someone who stays on top of current needs and conditions and who also looks to the future. 

Interestingly, Merriam-Webster’s online thesaurus does not contain an entry for activist.  Microsoft Word’s built in thesaurus, however, suggests several appealing synonyms: forward-looking, innovative, advocate. 

A vulnerabilities activist works to stay on top of emerging risks and also works within the enterprise to review existing—and historical—procedures, business models, technology, and training to identify and reduce downsides while increasing the upside consequences of where risk taking is a good business move.

Every enterprise has vulnerabilities.  In this context “vulnerabilities” are conditions and situations that do or might interfere with the enterprise’s ability to achieve its goals. For this process, the vulnerabilities faced by for-profit companies and nonprofit enterprises are remarkably similar: uncertain revenue/funding streams, legal and regulatory changes, local zoning laws, ability to reach target markets/clientele, qualified employees, and, of course, cyberthreats and physical security. In addition, every organization, company, and enterprise—whether for profit or not-for-profit—has unique vulnerabilities to explore and assess.

Risks that can hurt any enterprise

For any and every organization: Be risk aware! Make sure that you have controls and procedures in place for the handling of confidential employee and compensation systems. On September 18, 2018, for example, the FBI issued Alert Number I-091818-PSA describing “Social Engineering Techniques To Obtain Employee Credentials To Conduct Payroll Diversion.” Mitigating steps include Internet firewalls, anti-spam software tools, increasing employee awareness on avoiding attacks, and  standard management controls on changes to payroll information. Always, establishing and enforcing clear procedures and authorities around any process that includes money can thwart such attempts.


Make sure that legally required processes and core insurance policies are in place: For example, money withheld from payrolls or collected as sales taxes must be paid in a timely fashion. Meet with a couple of insurance brokers to make sure that the firm is up to date on primary insurance policies such as workers’ compensation, general liability, and property coverage. Consider cyber insurance to cover the risk of losses via online operations as well as hacking or other loss of internally held data files. Firms with multiple owners and senior decision makers should price “directors and officers” (D&O) insurance and “key person” life insurance policies. Make sure you have more than one person who can cover all core functions… just in case. In a two-person firm this can be hard. In a larger firm, designate key back-up responsibilities.

Risks specific to your enterprise
Because the risks relevant to each organization differ from those of every other enterprise, planning how to reduce them will vary as well. All businesses along an ocean waterfront might face equal risk of flooding, but a food stand will lose more merchandise when electricity fails than will a t-shirt store. A business based on personal integrity, such as a medical practice or law firm, likely faces higher cost of reputational damage than, say, a bookstore.

A few questions to ask about your enterprise: What are your primary assets and relationships, what are they worth to you, do they have value to others, what would happen if they were lost or compromised? How are these primary assets — be they physical inventory, customer records, proprietary formulae, reputation, buildings, or land — backed up? Insured? Duplicate or triplicate files on site and in remote storage? Physical locks and keys? 

Corporate culture matters! 
Do your employees know which risks you want them to take or avoid? This applies to everyone, from core product development and production to internal operations to financial staff to customer service. Do employees report problems, potential problems, or problems avoided? If you know about potential and avoided problems you can change processes to avoid them in the future. Do company incentives support or undermine your preferences?  Over the past few years, for example, a number of executive and middle managers at Wells Fargo Bank were forced out by scandals tied to pay incentives that rewarded untoward activities. These badly damaged the bank’s reputation.  Actions, expectations, and rewards that don’t align create unnecessary risk.

Create a Vulnerabilities Activist Mindset
No small or mid-sized business owner or nonprofit director will spend time on a risk management review that feels like a paperwork exercise. Large firms should more easily institutionalize review processes. With less formality, mid-sized and smaller entities can also effectively use risk reviews. Once a year, have a conversation with all staff or representatives of all departments to identify internal and external factors that have changed and discuss whether these have introduced new risks or opportunities…or both. Gather views from across the enterprise to illuminate risks that senior managers might not see. Ask external advisors and board members to raise issues from their experience that might undermine the firm. Once a year, ask your insurance carrier to review coverage and services. Every so often — maybe every two to five years — ask another insurer to propose coverage to see if you’ve missed something. Finally, discuss the assessment and steps to address uncomfortable vulnerabilities with your board of directors.  Be forward-looking and innovative. Advocate for future success by paying attention to current and evolving issues. 


Michele Braun is Director, Institute for Managing Risk, School of Professional Studies at Manhattanville College. She can be reached at Michele.Braun@mville.edu or 914-323-1238.

Comments

Post a Comment

Popular posts from this blog

The Marketing Success of Mailchimp

Today in the October 5th New York Times there was a wonderful article published about the success of a small business called MailChimp and how they accomplished this while taking the road less traveled. According to the article there are two ways to create a business.  The first is the typical way a business gets started; a young entrepreneur comes up with an innovative idea, next is the creation of a prototype along with participating in a start-up boot camp. This then leads to small investors hopping on board; which leads to the creation of a Kickstarter. If everything works out and the product is successful it’s time for the founders to enter the haphazard mode called expansion. This usually translates to selling off the company piece by piece for huge chunks of money from venture capitalists. Then, once a few years have passed, if all goes well, the founders hit it big time and then BANG their set.  The second and less well known option is just ...
2 comments
Read more

The End Of A Manhattanville Legend

A piece of Manhattanville College died when sister Ruth Dowd passed on Friday, May 31, 2019, four months after her 100 th birthday. People will look at those dates will say “she had a good run,” or “she had a good life.” And while that is true, the fact is those who really knew her know there is much more to her story! Obituaries tell us about a person’s life; where they are from, went to school, worked, their family etc. They are benign by nature…   Let me tell you my thoughts about the PERSON, and bear in mind, I met her when she hired me 13 years ago…when she was merely 87! Ruth is one of my favorite names. Aside from being the eighth book in the Bible, and only one of two named after women in the Old & New Testaments,  it was my Grandmother’s (mother’s side) name. You want to talk about special people???? Sister Ruth Dowd hired me in 2006 to run the sport business management program at Manhattanville College. I took the interviews, but I really was kind...
1 comment
Read more

Happy Holidays Newsletter from SPS - Make 2021 Count!

"An investment in knowledge pays the best interest" - Benjamin Frankli n Congratulations to all of our students who completed another semester. You made the best of a difficult situation by sticking with your goals and working on your education. Some of you added a few more credits to your program, some of you completed your final project and some of you completed your final classes and are graduating! I applaud you all! I invite you to read this newsletter highlighting our fall accomplishments, student achievements, and upcoming events. In SPS we have been working hard to stay connected and expand our network with engaging virtual programs. Hopefully, you have experienced this effort, if not please consider joining us for a class or our next Power Lunch series.  I hope you stay strong and healthy during these trying times. We need to continue to be vigilant for ourselves and our families. Try to find some good in each day and help others find the same. Keep in touch and e...
1 comment
Read more