Governance, Risk Management, and Compliance: It Can't Happen to Us—Avoiding Corporate Disaster While Driving Success by Richard M. Steinberg

Risk Management

What then is risk management? Myriad definitions exist but suffice it to say it involves identifying a risk, understanding it and its implications, and doing something about it—either to lessen the likelihood of the event occurring or its impact, or making it go away altogether.

Importantly, it's not about reacting to a problem after it occurs. There's a good example of how one organization is moving from a reactionary mode to instituting risk management—perhaps surprisingly, it comes from the federal government.

In December 2010 the U.S. House of Representatives passed a bill, expected to be signed by the President, to make the nation's food supply safer. It was in reaction to illness and deaths among the American public from such foodborne diseases as salmonella from eggs and peanuts and E. coli from spinach. According to surrounding media reports, here's what the law will change:

• Rather than reacting after the fact to outbreaks of such diseases, with warnings and recalls, the focus will be on disease prevention.
• Food manufacturers must assess their systems to identify ways food could be contaminated, and come up with detailed plans to prevent contamination.
• Companies are required to provide plans to the Food and Drug Administration, along with results of product tests showing how effectively they're being carried out.
• The FDA will conduct frequent inspections.
• The FDA's inspections will extend to other countries where food is processed for export to the United ...