No, Black Swans are not the next Food Fraud incident. Black Swan events are extreme events that are not foreseen, but if they occur could have catastrophic results, and in hindsight could have been seen coming (see The Black Swan by Nicholas Taleb). Black Swan events are the types of threats that led to the creation of Enterprise Risk Management (ERM).
Using ERM concepts to conduct Food Fraud vulnerability assessments is not only efficient but has been recognized as progressive by higher level managers. Stepping back to consider this broader corporate strategy can seem foreign since we are scientists and want to jump into taking action and testing products. But to be competent corporate leaders with an enterprise-wide risk such as Food Fraud we need to speak the language of finance and of the Board of Directors.
ERM is a concept and system that monitors all risks across an entire enterprise. ERM is filtering down from the Board Rooms through the organizations and will soon be an everyday practice in Business Units and in Operations (see my 2009 Packaging World Magazine article ). Specifically, these enterprise-wide risks – as opposed to the more traditional operational risks – are more “vulnerabilities” than recurring events. Their impact is more strategic than operational. An extreme event may be very unlikely but, if it occurs, could be catastrophic. For example, consider the impact on your business of the sub-prime lending crisis (economic collapse), the Japanese Tsunami and nuclear meltdown (radioactive migrating tuna), another avian influenza scare (shut down of some trade routes), or Food Fraud (the horse meat scandal and the global suspicion of a food staple). The growing awareness of these types of complex risks that are distributed across an enterprise led to the creation of the ERM system and of a Chief Risk Officer (CRO) position. The CRO is responsible for all risks across the entire enterprise.
I want to emphasize that each business function is usually competently addressing risks that are clearly defined as within its roles and responsibilities. In each of the ERM examples above the Food Safety or Food Defense group would be competently focusing on the objective of reducing foodborne illnesses or attacks that can create public health threats – but within their boundaries what could they do about mitigating the risk of the sub-prime lending crisis?
What is unique about enterprise-wide risks is that they are often distributed across many business functions. In addition, the specific incidents are so improbable or uncontrollable that it would be inefficient for any one business function to address that vulnerability. That being said, the combined risk to the enterprise could be catastrophic.
What’s also different about these types of strategic risks is that they are governed at the Board of Directors level (where the risk appetite and defining accountability are established), at the Company level (where CEO and CFO evaluate the risks across the entire enterprise), and at the business unit level (where they are responsible for implementing and managing countermeasures in line with the Board of Directors and Company requirements).
Food Safety professionals will find that ERM principles are similar to International Standards Organization (ISO) standards such as 31000 Risk Management and 22000 Food Safety. We can also rely on best practices from ISO 27000 Information Technology Security, 28000 Supply Chain Security, and the work of Technical Committee 247 on Fraud Countermeasures and Controls. All these standards also provide a framework to address the “written risk assessment” mandate in the Food Safety Modernization Act.
Are you ready for a Black Swan event? Are you speaking the language of Enterprise Risk Management? This isn’t just another version of HACCP or Carver+Shock. JWS.