If you see “change” as a “four letter word,” it’s not just your spelling you need to be worried about… It’s your job!
Five exercises to help Risk Managers successfully change and adapt to a new era of retail Risk Management…
Change is an emotive subject, notwithstanding its inevitability.
As the Greek philosopher Heraclitus wrote, circa 500 BC, “There is nothing permanent… except change.”
We know that without changing ourselves we become less useful. Sir Winston Churchill famously said, “To improve is to change; to be perfect is to change often.” This is, unfortunately, particularly relevant to those in Risk Management currently facing job insecurity. If your current efforts are not getting you where you want to be, then perhaps it is time for you to change tack.
Given Retail’s extraordinary evolution over the last few months, and rapid acceleration towards a digital-first business design, Risk Management should be evolving at a similarly breakneck speed if it is to stay relevant, let alone expand its influence. So, chances are that you and your department need to make changes to embrace the latest retail developments. However, whilst much has been written recently about the need for change, it seems that little practical advice on how change can be brought about in a large retail business.
So, here are five exercises designed to help you bring about change in a business. My team, as a third party security and technology provider, regularly undertake these exercises with new clients, to identify how to successfully get from where they are… to where they want to be, as quickly and cost effectively as possible.
Ask which internal stakeholders are corporately accountable for what and what regular activities, contact or reporting does the LP department provide to them on a BAU basis?
What are the typical requests that the LP team support from those business areas, in what volume and how often, and what data do they act upon/require to be successful?
What physical and virtual access do the LP team require? Is there an opportunity to allow a third party that access if required?
What are the hardware, software access and domain requirements?
In terms of performance of cross LP support services, what are the product definitions and roles needed to drive specific third party use cases in relevant sensitive subject matters (e.g. payment team/merchant relations for chargeback reporting versus fraud prevention principles, etc.)?
These exercises are not about building what you have, but creating a scalable plan of what you may need. Together they will help you to identify which resources need to be dedicated or can be shared, and inform you about the access required. This should help to bring about changes that reduce operating costs and minimise spend. A worthwhile endeavour during these challenging times!