We’ve all read about the huge scandal 7-Eleven recently faced after Fairfax Media and Four Corners blew the lid off a “half pay” scam being conducted by franchisees.
Obviously, franchisees are forced to back pay the exploited staff, and fines have been imposed by Fairwork legislation, but what about the impact felt at the highest levels of the organisation? The board members of 7-Eleven are the ones forced to shoulder the brunt of the scandal, whether they had visibility of these issues or not. What matters is they should have known this exploitation was occurring in their stores.
As a senior executive, it’s critical that you can answer ‘yes’ to the following three questions:
- Are you confident your corporate risk framework provides you with enough visibility of your organisations risk?
- Do you have an appropriate structure for managing risks as they emerge?
- Does your organisation have a culture which embraces the identification and management of risks?
No doubt you have a corporate governance framework for managing risks, and you have annual reports detailing how you manage risk, but is this information sufficient to act on risks as they become apparent in your organisation?
Fundamentally, it is your job to ensure that your organisation has a process to identify unknown and unforeseeable risks and implement procedures to manage these risks. On a personal level, the knock on effects of failing to do this can be brutal. Just look at the founder of 7-Eleven Australia, Russel Withers, who, after the scandal became apparent, was forced to resign from the prestigious Australian Olympic Committee.
Since the scandal, MPs are now talking about new bills to make franchisors responsible for underpayments, which could be the “kiss of death” for smaller franchisors. I’ve written this blog to ensure you understand how critical a corporate risk framework is for your business, and to reinforce the importance of ongoing risk evaluation.
Why you need to be on top of your corporate risk framework
At the end of the day the Board is responsible for governance and therefore will be held accountable for the actions of a franchisee, or a business unit, or a subsidiary. So it’s imperative you have to have visibility of their operation.
Risk management is essential for all organisations, but for a franchise model it is especially important because of the lack of visibility and accountability implicit in the relationship.
Whilst the impact on the 7-Eleven brand is huge, the impact will be viscerally felt by the board members who didn’t identify and respond to the issue. This means you could lose your job, your livelihood, and your reputation could be irreparably damaged.
A corporate risk framework is a great start to managing this risk, but how does it translate in practice? Does your framework revolve around the financial risks in your business? Whilst this may look great in annual reports for investors, how will this ensure you’re not blindsided by a scandal occurring within your franchisee’s business?
Corporate risk frameworks are often very generic in their structure, having the same basic understanding of risks across a spectrum of organisations. Obviously, 7-Eleven is going to have a very different operation to your business, so why would you have the same risk management approach? Critically, your business needs a tailored framework that accounts for the unique, hidden and unquantifiable risks you’ll inevitably encounter.
A corporate risk framework isn’t enough to guarantee the safety of your business or your position. You need a tailored approach that addresses the key areas of risk unique to your business.
How can I protect myself and my organisation?
Firstly, if you’re a business that has a corporate risk framework that was assessed at in the past and isn’t being regularly updated then you’ve got a real problem. In our experience, most businesses have a framework with lots of data about risks and controls, but this is never updated. In fact many organisations have invested significant time in assessing risks, but haven’t considered implementing the controls, addressing the gaps in the controls, or the necessary corrective actions.
You have to recognise that risks, controls, and operating environments constantly change and if your risk report has sat idle for two-three years you may as well start from scratch.
These frameworks are more than reports and chunks of big data, they provide the basic structure for how to manage risks in your organisation, whether that is to minimise exposures to the business or maximise opportunities. So, if you’re risk framework isn’t a living process, responding to the changing circumstances presented by your business environment, then you’re already behind and in danger.
Here are five key points you need to consider in order to protect yourself from the damages of corporate risk:
- Do you have a framework in place for identifying and managing risk?
- Does your framework identify controls and improvements that manage these risks?
- Is there a process for promptly responding to risks as they become apparent?
- Does your risk framework allow you to prioritise activity and the allocation of resources, to improve your ability to achieve your strategic objectives?
- Is your risk framework embedded in the businesses, and is it being updated and reviewed as your understanding of risks evolve?
Remember, risks are not static – they constantly evolve and your ability to steer your risk framework in the correct direction could mean the difference between losing or retaining your position.
If there are risks that are keeping you awake at night, then your existing risk framework may not be providing you with enough visibility of your organisation’s risk management. So contact the Victual team to discuss your concerns.