LogicManager

The LEGO Group, a global toy manufacturing company, has a comprehensive risk management program. The company's approach to risk management is proactive and extensive, and it was recognized as a recipient of the 2015 RMM Recognition Program. The company's risk management program is based on three core processes: an elaborate risk identification method, proactive risk management processes for key business projects, and workshop-based reviews of key strategies and complex initiatives.

Chipotle, a renowned food industry innovator, faced a significant challenge when it experienced a series of salmonella outbreaks linked to food sold in its branches. The company's reputation for safe, sustainably grown food was severely damaged, leading to a 35% reduction in share prices since the end of October and a 30% drop in December sales in some locations. The situation was further complicated by a civil lawsuit alleging that Chipotle failed to disclose that its quality controls were inadequate to safeguard consumer and employee health. The company's failure to implement necessary risk management measures to support its innovative approach to fast food was identified as a key factor in these issues.

The YMCA of Greater Boston was struggling with managing incidents across their twelve branches. They were dealing with around 400 incidents a year, including policy violations and safety-related incidents such as slips, trips, and falls. The process was manual, involving the creation of a physical incident form, scanning it, and emailing it to the incident management group who was then responsible for ensuring its resolution. This method was inefficient and time-consuming. Without a centralized framework in which to collect and review incidents, it was difficult to track the status of the incident’s resolution, analyze the data being collected, and create actionable and meaningful reports.

The customer, a leading wholesale financial services provider, was faced with the challenge of implementing the Check 21 Act, a new legislation that allows organizations to create digital versions of paper checks. This process, known as remote deposit, was met with resistance from some customers who were unaware of the new compliance process and ended their relationships with the company. The customer was concerned about the potential loss of customers and the financial impact of that loss. They also had concerns about their check-processing system managing a higher volume and the compliance concerns about new geographies.

Infinity Property and Casualty Corporation (IPACC) is a national provider of car insurance, specializing in nonstandard car insurance. They work with over 12,500 independent agents to provide insurance for those who cannot access it through standard providers due to prior driving history, age, vehicle type, and so on. The company was recognized in the 2015 RMM Recognition Program for its engagement across silos and levels. However, the company faces challenges in maintaining an open and effective line of communication between departments and increasing awareness of corporate goals across areas.

The International Air Transport Association (IATA) has a wide range of global responsibilities, including promoting safety, security, reliability, and cooperation in the airline industry. To effectively manage these responsibilities, IATA has developed and matured their risk management program since 2006. Initially, the program was aligned with the COSO framework, but as the internal growth of ERM required more comprehensive guidance, IATA adopted additional frameworks, including the RIMS Risk Maturity Model. However, the challenge was to implement a strong foundation for risk assessments that includes a standard methodology, processes, and a system for recording and reporting. This system would be used across the organization in the assessment and classification of risks to achieving business objectives.

Georgia Farm Bureau Mutual Insurance Company® was struggling with an inefficient risk management process. The company was spending a disproportionate amount of time and resources on constructing and sending out risk assessments via spreadsheets, leaving no time to synthesize the most consequential aspects into simple reports for management. This resulted in limited engagement from front-line employees and a failure to realize the true value of risk management. The company was also struggling with a culture where some departments and levels of the organization were not considered entirely risk-aware.

C1 Bank, a rapidly growing bank in the US, had developed an Enterprise Risk Management (ERM) program with the support of upper-level management. The bank had invested in technology, staff, and training to build a robust risk management program. The risk team had implemented best practice frameworks, including the Risk Maturity Model (RMM), to establish processes for risk identification, assessment, and monitoring. However, the bank was facing a significant challenge in the coming year. It was about to undergo a merger with Bank of the Ozarks, which would require a shift in focus from maturing existing processes to ensuring a smooth transition of the ERM program to a much larger entity.

The University of California, a large public research university system, has a robust risk management program integrated into nearly every aspect of the University. However, due to its size, the University faces the challenge of knowing which areas of the program to focus time and resources on. The Risk Services department uses the RIMS RMM to assess the University’s current and optimal state of risk management processes. The results of their RIMS RMM assessment are used to validate strengths and identify areas for improvement in their ERM framework.

Winona Health, a community-owned healthcare provider, was facing a challenge in managing over 3,000 incidents related to patient and visitor safety each year. The existing incident management software was not capable of integrating with the board-mandated Enterprise Risk Management (ERM) program. The separation of the incident management program from ERM was reducing the value of the program as incidents were manifestations of risk. The organization needed to track their risk mitigation activities back to their effort on hospital incidents to understand which controls were most effective and where to provide additional resources. The implementation of a new system presented logistical challenges as well. The client had just 45 days between signing their agreement with LogicManager and the end of their contract with the previous incident management solution. Any downtime in employees being able to report patient safety incidents would cause huge regulatory and liability concerns.

The health insurance provider was facing major cash flow disruptions due to sudden losses of large accounts to competitors, especially during renewals. The company had multiple divisions and products, and used spreadsheets to report separate account revenue and cost data to the CFO. Connecting revenue to the direct costs, aggregating this information, and tracking data over time were error-prone and time-consuming processes. The cross-functional nature of product usage and double counting data made results difficult to interpret accurately.

The customer, a global security and aerospace company, was implementing an Enterprise Risk Management system in the corporate branch. The aim was to identify and assess risk across all business units, penetrating down to the vice president level. With over 500 participants in the Risk and Control SelfAssessment (RCSA), the risk management team was left with a vast amount of data and no means of aggregating it cross-functionally to departments, the appropriate business unit, or even the enterprise at large. The customer's method of data collection, consisting of disparate spreadsheets, provided no consistency or year-over-year trending. The risk management team spent nearly a quarter analyzing the data for audit and board reports, but the findings were only loosely tied to the company's strategic plan and not at all to the audit function, which rolls up to the same executive branch. The organization was also spending over $10,000 annually outsourcing survey distribution.

The bank, headquartered in the southern United States with more than 255 locations across the country, was facing challenges in managing third-party risk. Prior to partnering with LogicManager, the bank was using multiple third-party point solutions to manage their vendors, which resulted in poor integration, communication issues, and a lot of manual work to maintain accurate data and reports. The bank had recently undergone two mergers that doubled its size to over $20 billion in assets, and the corporate risk team grew from 12 people to 150 people in approximately 24 months. This rapid growth and expansion posed significant challenges in terms of due-diligence and data integration. The bank was relying on multiple processes and systems including Excel, SharePoint, and another external third-party management solution, which were inefficient and prone to errors.