A Davison, B Burford
Publication Date (Web): 12 February 2016

In today’s corporate world, it is fundamentally important for enterprise leadership to recognise, understand and manage risk. Regulatory compliance is necessary but not sufficient, because there are many real and significant areas of risk that can have existential impacts if problems arise.

These include: brand/reputation damage and loss of shareholder value, as well as direct costs through product recalls; reduced cash flow; legal challenges; and compensation. Water contamination occurring in both piped supply and bottled water sources over the past couple of decades has been found to incur direct costs at least in the tens of millions, if not hundreds of millions, of dollars to the suppliers.

One of the iconic disasters was the 1990 Source Perrier failure: bottled water contaminated with benzene went undetected for six months, when carbon filters clogged and a warning light failed, leading to the recall of 160 million bottles of water from 120 countries. Although there seemed to be no actual illness as a result, the reputational damage meant the company traded at a loss for more than a year.

Questions exercising the minds of all stakeholders are: how far should risk management go, and will there be a payback? An international survey of 46 multinational businesses by the Ponemon Institute demonstrated that, on average, the benefit of avoiding risk was 2.65 times the cost of addressing it up-front.

In the UK, South West Water demonstrated that upstream water quality protection work cost less than the alternative of downstream treatment. In Australia, Central Highlands Water constructed a water treatment plant costing less than half of the equivalent for a neighbouring utility that had less rigorous quality protection measures upstream. The literature is replete with examples of how much risk failures cost, some of the better-known examples being: Milwaukee (USA, 1993); Walkerton (Canada, 2002); and Dasani (bottled water, UK, 2004).

There are many regulatory and management tools for risk management and related activities, including: ISO 31000; HACCP; the Framework for Drinking Water Quality Management; ISO 9001; ISO 14001 and ISO 22301, to name just a few. The challenge lies in ensuring that Boards integrate risk management with all other facets of corporate governance. The benefits accruing from integrated management include better employee relations, better customer relations, and improved operational performance and business outcomes.

Tokenism by management and less than comprehensive implementation by staff threaten to undermine the benefits of notionally sound risk management. A box-ticking exercise is no substitute for a real, fully compliant and integrated system, with buy-in from all concerned. Where plans are made, implemented, monitored, reviewed and revised, they are more likely to be successful.

Business decision-making is a critical area of risk management. Business decisions should be made on the basis of objective, evidence-based arguments about the benefits and risks of taking a proposed action (or not taking it), and demonstrate consistency with corporate objectives. Within an effective risk management system, business cases also need to focus on the needs of the audience.

The take-home message is that properly implemented corporate risk management constitutes an important, necessary investment, not a cost. This is especially true for the water industry, where products and services pervade people's lives.

Click here to read the full paper