There appears to be ongoing confusion within the business leaders and operators in the cannabis space around the term risk management, and it is costing these operations millions of tangible and hidden losses because of this confusion.
Some of this can be attributed to those that are “smarter than the experts” or decide to make the uninformed choice to attempt to explain losses and risks after they become evident or discovered.
In other cases there is a legitimate lack of foresight or knowledge around the risks associated with the business and it is truly a surprise to the board, owners and operators. Are these acceptable approaches to business? Let’s chat…
Firstly, let’s look at the term Risk Management from a business perspective. The Oxford Dictionary states:
(in business) the forecasting and evaluation of financial risks together with the identification of procedures to avoid or minimize their impact.
Many business leaders take this approach without recognizing how broad this definition really is. Debates rage about whether security should be a piece of the bigger risk management discussion and plan. Should other aspects of your operation be a significant point in your risk management plan? Human resources? Maintenance? Operations? Logistics? Accounting/AR? What else?
The reality is that every aspect of your operation has a direct impact on the financial viability and sustainability of your operation and if you pick and choose which areas to address you create your own blind spots. In many ways, your best asset could be a Risk/Security consultant who understand much more than just security.
The most competent security consultants have a deep understanding of business operations, allowing them to build out aspects of that Risk Management plan in a way that allows it to be integrated and understood in the overall plan that sits on the CEO’s desk. This combined with your robust business plan creates the roadmap to business success by allowing risks to be mitigates AND responded to when they arise.
As previously noted, there are no boundaries that should be imposed on a risk management plan across the organization, and we can take a lesson from urban planning and community risk audits in recognizing that often our experts are under our own roof. Input from the front line and line managers can be critical to discovering and understanding risks in various departments and operations.
Does this take more effort and time? Absolutely! That being said, what are you willing to risk by not doing a complete and credible risk management plan based on current information and the expertise you have at hand? Go ahead, pull out that SWOT analysis and risk matrix and measure that for presentation to the board… I’ll wait.
Corporate organizations are quick to throw the CEO, CFO or Board Chair out the window. Of course ultimately the buck stops there. But if we are to look more critically at failures in businesses, we would find that a common theme is a lack of credible or accurate information and a lack of recognition of the risks created the situation. This creates a decision-making void that will put the best leaders in a situation they cannot win.
So who is responsible? As stated above, the leader of the organization is ultimately responsible, and the leadership style and culture of the organization will drive much of the information flow. In truth the responsibility for risk management lays with every member of the organization from the Board of Directors through to the front-line employees.
This is one of the biggest challenges a truly great business leader faces. Although, when managed effectively, creating an environment where risk is mitigated and informed allows the entire organization to be empowered, aware and report risks and find solutions.
Sounds simple, doesn’t it! Probably not, but it is a business imperative that should be embedded into the business plan, strategic plan and ongoing evaluation of operations.
Stay tuned for more around integrating departments and expertise into your COVID recovery plans. Spoiler alert, COVID operations are here for the long term and have fundamentally changed how many businesses operate. Plan for it and ensure your sustainability.
Barry Davidson is one of 21 globally certified crime prevention through environmental design practitioners. He has worked on more than 170 cannabis retail sites across Canada and has been working in the global security advisory realm on high-risk locations for more than 25 years. He can be reached at his firm, Davidson Global Advisory Group by email at Barry@DavidsonGlobal