Caryn Helmandollar is group head of risk management for Ferguson plc (the world’s leading specialist distributor of plumbing and heating products) and oversees enterprise risk, claims, insurance, product integrity, and security. A graduate of James Madison University, Harvard Business School’s risk management program and KPMG’s Executive Leadership Institute for Women program, she was named 2017 Fleet Executive of the Year by Fleet Financials Magazine.
Kirchner: Would you please begin by telling us a bit about Ferguson plc and your role in the organization?
Helmandollar: Ferguson plc is the world’s leading specialist distributor of plumbing and heating products. We operate in the United States, United Kingdom, and Canada. My current role as group head of risk management involves enterprise risk, insurance, claims, product integrity, and security. We are listed in the UK on the London Stock exchange (LSE:FERG) and are a constituent of the FTSE100 index.
Kirchner: What are the roles of risk mitigation, business continuity, disaster recovery, and emergency management and planning in your organization?
Helmandollar: We take a collective approach with cross-functional teams. Each scenario may involve various stakeholders. We have an overall business continuity management process based on an all-hazards risk approach. We have taken steps to test our response to various scenarios with tabletop exercises and a crisis management simulation. Real-world events have also provided various opportunities to test our response. Following an event, we conduct a post-mortem to determine where we excelled and the opportunities to improve our processes.
Kirchner: What are some current trends that you observe in the risk management arena?
Helmandollar: Common themes emerge in discussions with risk colleagues. All are focused on the potential for disruption in our respective industries and strategies to address evolving business models. How do we disrupt our own organization(s) before an external player enters the space? Information technology risks are also at the forefront. The ever-changing landscape of cyber risk is a constant focus. We are committed to testing our IT disaster recovery plans on a regular basis. Finally, addressing resiliency is critical – whether this is externally driven by market conditions or our ability to successfully manage through disaster events.
Kirchner: What kinds of potential natural and man-made disasters/severe outages are on your radar screen? What keeps you awake at night?
Helmandollar: Our footprint spans more than 2,000 physical sites across the globe so weather events often trigger activation of our business continuity management process. We are constantly scanning the horizon for potential threats, and that proactivity enables our businesses to initiate appropriate preparations. We have three primary areas of focus post-event. No. 1 is accounting for the safety of our associates. The next priority is ensuring our businesses can reopen so that we are situated to address the needs of the community, our customers, and vendor partners.
The possibility that keeps me awake at night is the potential for cyber threats, which is an issue that impacts all industries. The engagement between risk management and information technology is key.
We actively manage the risks to our businesses we have identified, but the major focus is emerging risks – the areas that may develop over time as threats to the organization. By definition we cannot predict the next black swan event, but careful consideration of external trends and world events is an important aspect of risk.
Kirchner: To what extent do you believe that your organization is prepared to continue to function and survive in a disaster or severe outage situation?
Helmandollar: In the past we have demonstrated resiliency across a wide range of natural disasters, from Hurricane Sandy to two tornado losses during the span of two weeks. In cyberspace, we have developed specific plans to test our response. One factor that I believe sets us apart is our associates. The way they have come together to support each other and the company in the face of adversity is, in my view, a differentiator.
Kirchner: For young professionals considering the field of risk management, what advice would you give them for building a solid career foundation in that area? Any pitfalls to avoid?
Helmandollar: The role of risk management in organizations has evolved significantly and positively in terms of visibility, value, and the link between risk and strategy. This is recognized as critical for organizations. I believe the demand for professionals in this space will continue to increase. The key to success in any role is a foundational understanding of your business. Then you can apply specific knowledge from your technical expertise to benefit the organization. Risk practitioners also need to build strong relationships with various internal stakeholders who represent the critical functions in their organizations. A good example in the current landscape is ensuring you are connected with information technology teams at all levels. Some of the common pitfalls stem from focusing too narrowly in your own world. While we all understand insurable risk, the vast majority of risk is uninsurable, and that is where a risk professional should focus.
Theresa A. Kirchner, Ph.D., MBCP, MBCI (tkirchne.edu) is an adjunct associate professor of marketing with Old Dominion University and a former senior vice president with Bank of America and principal consultant with Keane, Inc. Her professional experience includes service as a DRJ Editorial Advisory Board member, DRII Certification Commission member, and president of the Hampton Roads Chapter of the Association of Continuity Professionals.