How to get your daily dose of risk management

As Catherine Chow puts it, lawyers can see grey sky on a blue-sky day. That’s what makes them perfectly positioned to be the ones helping to identify risk and shepherd management of that risk in an organization.

As the vice president legal and general counsel of The Keg Steakhouse +Bar, Chow has helped lead a focused approach to identifying what could be trouble for the popular Canadian restaurant chain. With 10,000 employees and operations across North America, The Keg has its share of risk to track.

Since 2006, Chow has been the only in-house counsel at the company, and while she doesn’t carry the full responsibility for risk, she has helped identify where risk can be tackled to reduce the cost to the bottom line.

“For us, the most common risk is a customer coming in and having a slip and fall or a food incident,” said Chow, speaking last week at an Association of Corporate Counsel B.C. chapter panel in Vancouver about how to tackle risk management.

The panel, called Picking the Low-Hanging Fruit: Lessons in Getting Early Wins in Support of Enterprise Risk Management Goals, featured Chow, David Bowles, associate general counsel of UrtheCast, Richard Thomas, senior vice president and chief compliance officer of PI Financial, Mark Morrison, partner at Blake Cassels and Graydon LLP, and it was moderated by Andrew McLeod, partner at Blakes.

Over the years, as The Keg has developed its risk analysis systems, it has used data gathering to discover simple but important things, such as slip and falls are more likely to happen in Whistler than they are in the lower mainland, Toronto or Arizona. It makes sense, but when you put it all together, you can figure out where and when you need to target the problem.

In 2013, The Keg decided to consolidate all of its insurance under a single carrier and Chow led the negotiations for its corporate and franchised operations across Canada and the U.S.

Building on the existing risk management program, Chow initiated the development of a risk management web page to educate employees and franchisees in creating a safer workplace. The idea was to enhance and measure guest experiences through proactive risk controls and best practices to reduce insurance claims. That then allowed the company to negotiate improvements to its insurance program.

It’s an example of understanding risk behaviour, and how to go after low-hanging fruit in an organization when you’re a small in-house team. With 10,000 employees, building a culture of good practices has been key to risk management in the organization, she said.

The company has also introduced a series of “insurance video minutes” to show employees good practices. She sees it as “brand defence”: If a customer has a bad experience in the restaurant, it’s about more than the value of the meal — the brand also suffers.

“It became an insurance management issue,” she said, noting it’s similar to sneaking vegetables into a child’s daily diet. “We’re ‘sneaking’ risk management into the enterprise diet. We also ask employees to come up with ideas to avoid risk. Staff are asked to submit ideas to make the company better.”

Chow says in-house counsel also have to practise “actively avoiding being the Dr. No.”

“One of the ways to do that is to start by looking at the low-hanging fruit,” she said.

Morrison of Blakes advises not treating risk as “the boogeyman” but rather to take a step back and spend a little time deciding what potential incidents could be proactively avoided or planned for, realizing you “can’t cover the waterfront.”

Bowles of UrtheCast, a Vancouver-based company that has high-definition cameras on the International Space Station, says a good first step is to do a risk assessment of the organization.

“UrtheCast is five years old and continually changing,” he said, noting that a fast-growing company brings with it different kinds of risk challenges.

He explained that last year the company did an acquisition of a company from Spain with two satellites in the air but it did not have a comprehensive compliance program.

“We were struggling with dealing with the cultural issues of imposing our will on a company that had been in business for a number of years and putting a North American executive team in that business with language and cultural barriers,” he said.

Morrison agreed with Bowles, adding that, after the risk assessment, it’s important to build a policy and procedures to address the identified risks, but it shouldn’t be “just a piece of paper” but an effective program that evolves all the time. 

“If it’s important and you’re going to turn your attention to it, be sure you follow through on it,” he said.

Thomas said for him it boils down to all executives on the team being aware of upcoming changes.

“Rolling out a program is one thing, but making sure it is being followed is another. Sales people, for example, are not always the best at following procedures. It’s a matter of people following proper practices,” said Thomas.

But Chow is adamant that in-house counsel should not be the ones holding the bag entirely for risk management in an organization.

“From my perspective, you don’t want to be the only one holding the weight of the organization on your shoulders,” she said. “A lot of what we do is about personal buy-in from the team and operations.”

Thomas agreed. “There are so many risks, it’s not possible for one person to be the champion of all of it.”

At UrtheCast, Bowles said the approach is by consensus at the executive level when it comes to deciding what fruit they are going to pick.

“We look at what the business strategy is and we’re constantly re-evaluating what the risk assessment is — you need to have visibility to all of that,” he said.