When eating out at a chain restaurant, food consistency is important. Restaurant patrons know what their favorite meal tastes like and expect a consistent product.
But, have you ever taken a moment to think about all of the processes and procedures a chain restaurant must have in place that enables them to deliver the exact same meal to the table no matter what the geographical location? In an August 13, 2012 article in The New Yorker, Dr. Atul Gawande, a professor of public health at Harvard, examined how the Cheesecake Factory consistently and efficiently implemented an updated menu twice per year in all of its restaurant chains across the country without sacrificing quality or disrupting service.
Impressed with the Cheesecake Factory’s ability to quickly and effectively distribute information to its geographically dispersed restaurants, enabling each chain to follow exactly the same protocols to deliver the same quality product, Dr. Gawande wondered if a similar business model might successfully be applied to the health care industry. Using the Cheesecake Factory’s model for information distribution and quality control, could the medical industry operate more efficiently and provide better service while simultaneously offering higher-quality care?
For the financial services industry, things are growing more complex everyday. However, like the Cheesecake Factory, the financial institutions that are successful are those that have implemented consistent processes and standards across the entire organization, and then effectively communicated this information throughout all levels.
Key Steps in the Enterprise Risk Management Process: A Recipe for Success
To address unknown risks, financial institutions must adopt a systematic approach to emerging risk identification, assessment, monitoring and reporting. Following a consistent approach to managing risk can prevent unexpected and detrimental events from occurring and enable financial institutions to pinpoint areas of opportunity.
Step 1: Risk Identification
Financial institutions can better protect themselves and even further their business strategies and objectives by approaching risk management in a much more disciplined way. At every Cheesecake Factory restaurant, the kitchen manager inspects every dish before it leaves the kitchen to identify whether the dish meets the restaurant’s standards or needs to be redone. Much like the kitchen manager, a financial institution’s risk manager should identify potential risks not only for each business line, but also at a very high level throughout the organization as a whole.
Step 2: Risk Assessment
At each restaurant, the kitchen manager rates the food on the line using a scale of one-to-ten.
Similarly, while it is common for financial institutions to face a variety of risks, it is important to gather a manageable list of what are collectively seen as the most significant risks. Once the risks are identified, they can be scored or rated, and then prioritized based on their significance.
Step 3: Risk Monitoring
The fact each dish is inspected before it reaches the customer at the Cheesecake Factory, kitchen managers can coach their staff to aim for a score of 10 and provide customers with a consistent product.
Financial institutions should also be coaching their business line managers on how to understand and monitor their risk profiles. Risk monitoring protocols should be scheduled on a regular basis, so that risks can be reviewed, re-prioritized and controls can be tested and tweaked.
Step 4: Risk Reporting
Efficient communication is a key factor in the Cheesecake Factory’s ability to implement new menu items quickly and consistently. Most ERM programs should also have a robust reporting/communication component in place.
With all of the information at hand, knowing the full range of risks the financial institution faces as well as the controls at its disposal, the organization can use the risk data to implement practical business decisions.
For financial institutions, the end result is a strong risk management culture that will encourage innovation in business lines without exposing an organization to the kinds of risks that contributed to the financial crisis. Giving more thought as to how information is actually managed and distributed throughout an organization will only lead to more intelligent risk-taking that is more effectively communicated across the financial institution.