We all know the basics; there are four responses to risk (avoid, reduce, transfer, accept). However, we often think of reduce as mitigate or put controls in place. We forget that reduce should also include eliminate. Especially in the area of regulatory risks. Are there areas of regulatory risk that we can eliminate?
I recently moved from Pennsylvania to South Carolina. On the second day of the move, the person in charge informed me that he would be out for several hours. He had to go to the DMV to have his CPAP results certified so that he could drive the truck to South Carolina the next day. CPAP stands for continuous positive airway pressure and, in this case, refers to the machine he wears at night to help with breathing. All commercial drivers need to have their CPAP results certified regularly to maintain their commercial driver's license (CDL).
I find myself continually wanting to question every process to make it more efficient yet controlled. Trust me, this is extremely annoying to my family! In this case, I continued to ask him questions about the CDL requirements as we were working on packing the house. The more I probed, the more it became clear to both of us that his CPAP machine probably was not necessary. Should he choose to accept it, his task was to discuss the device's necessity with his doctor. In other words, could he eliminate the regulatory requirement?
The critical thing to note here and with any regulatory requirement is to discover, with the help of an expert, if the requirement can be eliminated. In this case, he needed to consult with a medical professional. In most of our business requirements, we need to check with our general counsel or compliance department. It is worth exploring, especially if a specific requirement has become overly burdensome or no longer makes sense.
Earlier in my career, I worked for a government contractor. It was amazing to me the number of requests and requirements eliminated just by asking why. Whenever anyone asked for information, our standard policy in the accounting/finance department was to ask why. Why do you need that information? We explained that we were asking why to determine if the information they needed was readily available in a report to send to them regularly. Or, did the request need to be added to our monthly metrics? Understanding the request helped us supply the correct information, but it also eliminated work because most requests were already available. Give a man a fish and feed him for a day, but teach a man to fish and feed him forever. Give a person some data, and they will never stop asking you for data. Teach a person how to find the data, and they will leave you alone! Maybe.
Happy New Year! Let me know if you have any ERM or process efficiency needs in the new year. We are here to help!
RTE and Company
Becky is a strategic risk management executive with years of demonstrated expertise in creating and maintaining value-added risk management departments. Currently, Becky is the founder of RTE and Company: a strategic consulting company focused on improving their client's success by helping them create and maintain enterprise risk management functions that add value to their organization. Her career included risk management roles at Freddie Mac and consulting opportunities partnered with PwC.
We help companies achieve their strategic objectives by identifying, understanding, and mitigating their risks. Let us add a fresh set of eyes to your current situation. We pride ourselves on being practical in all aspects of the engagement.