On our recent webinar, “Risk Management Best Practices for Retail”, we sat down with Joe Hardy, a veteran of risk management in retail, to get his thoughts on where the industry is going. As always, Joe’s answers were extremely valuable and we decided to compile the interview portion of the webinar into a blog post. 

Joe started off in the finance department of Maple Leaf Foods in 1982, but made his way into an assistant risk manager position shortly thereafter. He worked with the best mentors and  the early pioneers of risk management. Learning about self insured programs, large deductibles and lower premiums, and that implementing good risk control leads to good risk financing.

He later joined Molson Breweries and continued on to the Oshawa Group, one of the largest retailers in Canada with over 1300 stores. Following the Oshawa Group, Joe moved to the Hudson’s Bay Company, the oldest company in North America. Joe has been a part of many risk management committees and boards, including RIMS, and is now in his fifth year with ClearRisk.

From E Coli, to foreign objects in food, to slips, trips and falls, to medical malpractice, non-compliance, the mouse in the bottle and business continuity, Joe has managed every aspect of risk management throughout his career.

[Q] As an active retired risk manager, what do you see as the future challenges for risk managers in the retail industry?

[A] Volatility in the financial environment has been, and continues to be, a top risk. I think anyone in the risk management community will understand that because risk has not changed. It’s really the uncertainty of what might happen in the future.

Another challenge is knowing the different kinds of risk management, and one might say what do you mean by that? What I mean is that we have to get away from silo risk management and manage by enterprise risk management (ERM).

So recognizing that there is different risk management within an organization, and demonstrate why companies need effective ERM. Demonstrate how ERM can improve business performance. Dealing with the ERM barriers... and that being that most retailers have a very limited budget in the risk management field.

So you may identify 10 of your top risks, and you may have the resources to address only 5 of them. So you will have to examine and assess those risks, and triage within the corporation. This will allow you to limit the resources and get the most benefit from those limited resources, the most bang for your buck in minimizing the impact of those risks.

And last but not least, the challenge you will have in protecting your brand and your reputation. Dealing with the impact of social media is probably the greatest risk you will face in protecting your brand and reputation. Those are a few that I see being challenges in the future.

[Q] What do you see as the greatest risks facing the retail industry today, and how can we be better mitigating them?

[A] Well, this may come as a surprise and it may not be on anyone’s list, but what I see as being one of the top risks, if not the greatest risk, is not identifying a risk owner. And by that I mean for those risks that you have uncovered, or identified, which may be the reason that they are a risk in the first place.  

If you don’t have an owner for that risk, you have to assign one. Because in my humble opinion, to mitigate a risk, someone has to be accountable. That would be at the top of my list, but I’ll list another four more. There are many, many more, but when you’re dealing with enterprise risk, you have to get it down to those critical risks.

One of them is supply chain disruptions, we’re going to be seeing more of that. Another one is cyber crime. Natural disasters will be on the top of the lists, and that will lead to disruptions in the supply chain as well. And finally, your social media risk. Dealing with negative press can certainly harm one’s reputation and is one of the top risks.

With regards to the mitigation of these risks, in order to mitigate supply chain disruption, we need to enhance the efficiency in the supply chain. With cyber crime, transfer risk to insurance, encrypt data, constant updates of devices, and anti-virus protection to secure your data. Mitigating natural disasters requires business continuity planning, post-disaster recovery, and disaster management.

In a recent article I read, the Federal Emergency Management Agency (FEMA) estimates that 75% of companies without well-conceived and tested business continuity plans will go out of business within three years of being affected by a major disaster. Last but not least, to mitigate social media risk, companies require a company-wide, social media strategy policy. You need a formed strategy on how to deal with negative press and customer issues. 

[Q] What do you see as Critical Technology for risk managers today?

[A] I’ll be honest, not too much has changed over the years since when I first started because I’m finding that people are still using excel spreadsheets, and there is still that stagnant, third-party software out there.

So from my perspective, what I see as the critical technology in the retail space are those software tools that show significant value at a lower price point. Selling the return on investment … you know, establishing a business case for the return on investment is a big issue. How does one go about, with the budgets I mentioned earlier where you have very little resources, how do you convince management that the software you want is going to add value? By selling the ROI.

Establish a business case for the ROI. By showing, efficiency, risk reduction and improved performance. I think moving to an in-house, web-based, risk and claims management software is definitely critical. Having ownership, not having some insurance company basically dictate to you what your claims and incidents are.

Particularly for those companies who self-insure, I mean why would you want to report those claims to a third-party software? I think a third would be moving to cloud-based, on demand, software.

And this is really a touchy subject, but I think you run the risk of being left behind. I think in the retail industry it’s been known that with cloud-based solutions retailers can achieve savings from lower initial capital expenditures, and the usage-based pricing model used by most cloud applications lines up well with the seasonal nature of retail business.

And I think that’s a mouthful, but it’s something that the retail industry, and I know well having spent many, many years in the retail industry, that the margins are small, especially in the food industry. Therefore, the luxury of having large budgets is certainly not there.  It wasn’t when I was there, and with the volatility of today’s financial environment, it’s even less today.

Another critical technology is the point of sales software. I mean this is a deluge of information that retail is capturing at the front of the store. And one of very critical importance when it comes to security as well, probably more so than any other of the software out there. And I guess last but not least is the security surrounding all of the critical technology.  

ClearRisk's Claims, Incident, and Risk management system can help you maintain the best practices of the retail industry as highlighted by Joe. 

If you found this article helpful, you may be interested in: