but also the experience of how one division can benefit another. A manager in
one division can learn from the experience of those in other parts of the com-
pany. Risk expertise accrues and the experience of the company as a whole is
leveraged. Managers learn not only from their own experience but also from
the experience of others in a very real and tangible way.Chapter 2: Risky Business: Turning Risks into Opportunities 51
Regulatory risks are diverse: All hands on deck
Companies today must comply with many differ-
ent regulations, and that means monitoring many
kinds of risks to achieve a holistic approach to
GRC. Because the risks are so diverse, neither
corporate risk managers nor the C-suite execu-
tives can have a complete handle on them. Line
of business owners must monitor and manage
these risks, often with the help of experts in the
organization. Here are some of the types of risks
that must be monitored:
Environment, Health, & Safety Risks
The environment, health, and safety (EH&S)
umbrella contains many risks that pose potential
threats to your employees and your company. If
you don’t comply with EH&S regulations, not only
do you expose your employees to unnecessary
harm, but you potentially face significant fines
and penalties, disruption to production, and
damage to your company reputation. However, if
you manage EH&S issues effectively, you can
lower your operating costs and ensure the safety
of your employees. See Chapter 10 for more
details on this type of risk.
The Risk of Noncompliance with Emissions
Regulations
A related operational risk for many companies
is emissions control. The potential for political,
financial, and public image fallout for noncom-
pliance with regulations such as the Kyoto
Protocol, the U.S. Clean Air Act, or the EU IPPC
Directive is enormous. Noncompliance with
greenhouse gas emissions regulations poses an
even greater risk to brand image and corporate
goodwill for companies that operate complex,
multifaceted manufacturing facilities. See
Chapter 11 for more details on this type of risk.
The Risk of Noncompliance with Financial
RegulationsThe passing of the Sarbanes-Oxley Act (SOX)
means that institutional investors, rating agen-
cies, and regulators have started assessing
GRC management as part of their evaluation of
companies. Furthermore, the stakes for non-
compliance with financial regulations such as
SOX have become more than just fines and
penalties. Stock valuations and credit ratings
can be affected by your inability to comply with
mandated regulations. There are numerous
other laws to consider as well in this category,
including those dealing with security and pri-
vacy, as well as your responsibility for your part-
ners, such as the Foreign Corrupt Practices Act.
See Chapters 4 through 7 for more information
on this type of risk.
Global Trade RisksSecurity concerns of the post-9/11 era have
spawned a host of new trade and transport reg-
ulations. To ensure that you are not trading with
any entities on government-issued “watch lists”
or “sanctioned party lists,” you need to identify
your business partners — and their outsourcing
suppliers — throughout your global supply chain.
Noncompliance with these trade regulations can
be expensive; in extreme cases companies have
even had their trade licenses or privileges
revoked. See Chapter 8 for more information on
global trade risks.