This RIMS 2015 panel, consisting of risk managers that represent some of the largest supermarket chains in the United States, addressed the latest and largest risk management issues facing the supermarket industry.
- Max Koonce, VP, Risk Management, Wal-Mart Stores, Inc.
- Lizabeth Christman, Vice President, Risk Management, Ahold USA, Inc.
- Dorina Hertner, Director, Corp. Insurance & Risk Management, 7-Eleven, Inc.
- William Zachry, Vice President Risk Management, Safeway Inc.
- Mark Walls, Vice President Communications & Strategic Analysis, Safety National (moderator)
Most of you are dealing with the unrest in Baltimore. How do you deal with crisis communications and how do you prepare for it?
- A large part is preparation beforehand with all of the departments within our organization to coordinate the response before it happens. We have a business continuity manager who manages the communications.
- A lot of it is anticipating what can potentially happen and defining roles in the organization as to who will handle what when the crisis occurs. This takes constant communication.
How do you decide when you are going to close the store in a crisis situation?
- It entails anticipating the safety and risk implications for our employees and property.
- We use what we have experienced during previous events, like Katrina, to learn and plan for future events. We have protocols and processes as a result.
- We have simulated earthquakes and cyber attacks as a method to train and prepare. Not only has this made us more prepared, but it has significantly helped reduce our insurance premium because underwriters feel like we are primed in this area.
Do you have a plan in place if something happens to your corporate office?
- We have a pretty comprehensive business continuity plan in place. Every single business area has a contingency plan for their particular area. We have identified the areas with the most risk, document them and test the plan around their areas.
- We have business continuity plans for each department with different scenarios – plan A, plan B, etc.
Our simulated earthquake was at headquarters. We determined, for example, who would order product and how would it work if headquarters was down. I’m very comfortable that we are well prepared due to our planning.
- You plan and have back-up solutions for everything you can, but some things are out of your control. Power in supermarkets is one of the largest issues because it can mean a significant loss of product. A regional loss of power is something that worries me the most.
Food safety means you are dealing with vendors and their insurance. How do you handle that?
- We have a instituted a requirement that our suppliers have the right kind of insurance. Our food safety people are in the front lines with the operations department because we think that is where they belong.
- We do a lot of training and audits on things like proper temperatures, etc. Everyone has to go through certification training, but ongoing reinforcement of that training is equally as important.
- We have insurance coverage through the vendors but, if something happens, we have brand reputation damage that is a concern.
- More and more, people want locally-sourced food (like produce) but these companies are not financially large enough to have sophisticated insurance coverage. We’ve instituted insurance minimums for these vendors. Some local food is simply too risky to allow in our stores.
How do you handle recalls?
- We take recalls very seriously. We do press releases, auto calls, we put it on social media – anything that can spread awareness.
- We took tomatoes off the shelf when they weren’t contaminated, but we had a reason to believe that they might be dangerous. You need to get anything off the shelves that you believe might harm someone. Deal with the costs later, but this is how you manage your reputational risk.
Most of you are huge targets for hackers. How do you handle this?
- It’s no different than any other risk. We have to evaluate it and determine how much we really want to absorb.
- The difficulty is that the value we place on cyber today is probably not the value we will place on it a year from now because it keeps continuing to grow.
- This is a problem. Your DNO used to cover cyber exposure and now it does not. You need to work with your broker to find out what coverage you really need and make sure you get it.
- What the Target breach did for us is that it got the attention of our executives to spend the right money so that we are protected. It’s a multi-level approach and IT has to be significantly engaged. We want our guests to feel comfortable shopping in our store, so it is worth the cost.
- Another aspect is that you have to educate your colleagues on how to analyze information and recognize red flags.
What do you see as your biggest challenge and how are you working to address it?
- Compound pharmacy. We are looking in to this to find validity of prescriptions to see if they are working for the injured employee.
- One in particular is related to our online home delivery business, which has created a significant amount of claims. We looked into where and how they were delivering – sometimes it included hauling groceries up six flights of stairs. There are incredible physical demands and we started hiring individuals who had the physical attributes to handle the job. We don’t want to set up people to get injured.
- It’s not the severity of the injury, it’s the ability of the person to cope with the recovery that drives costs. We started asking questions to identify psychosocial issues and became much more successful in managing claims and intervening when we need to.
- The aging workforce. They cannot afford to retire, so they are still working. They have a better attitude about returning to work, but take longer to recover. We have to be careful about what jobs we give them, however, they are some of our best workers.