5 Biggest Risk Management Issues For Facility Managers

Risk management is not just for risk managers anymore. For multi-site retail, restaurant and convenience store brands, facility management impacts all facets of an organization. With hundreds of locations, thousands of commercial contractors, and millions of customers, there are all kinds of formal and informal touchpoints outsiders have with a company. And there is potential risk inherent virtually everywhere.

What makes this a challenging issue for the FM professional is the diverse array of risks that the facility manager could — or should — be responsible for, regardless of stated job definitions.

Evidenced by recent data security breaches at leading retailers, technology is certainly a risk facing organizations, though not the only one. But what areas of risk impact facility management?

IT Security Risk

The first, though not always most obvious, source of risk from a facility perspective is IT/security-related. Most facility managers now understand the benefits of moving to some type of FM software or system (e.g., CAFM, CMMS, IWMS). Running an FM program of any size and complexity manually or using a spreadsheet-based approach is not only virtually impossible, but likely a recipe for near-term failure.

Adding a level of sophistication to facility operations with an FM technology platform can bring newfound visibility, cost savings, and service improvements. But depending on the system’s approach to security and its underlying technology deployment, with these gains can come unforeseen corporate-level (“front page”) risk factors.

Over the past months, major retailers, among others, have experienced significant data security breaches. The impact has gone far beyond the companies themselves and their proprietary data. The latest hacks have directly hit consumers as personally identifiable information as well as credit and debit card data have been stolen and sold on the black market. However, in most of these cases, hackers have gained access by leveraging valid third-party users.

How? To facilitate collaboration and increase efficiencies, companies often provide direct access through their secure barriers to partners (e.g., for efficient invoicing or payment processing).

The problem arises when these third parties have credentials stolen (e.g., via online phishing scams), allowing hackers direct access into a retailer’s hosted system. But the problem doesn’t stop at the billing system. Once inside a hosted system for vendors on the retailer’s network, hackers can then gain unfettered access to all of a retailer’s systems across its entire geographic footprint. Thus, a facility team could put the entire organization and its reputation at risk through its FM system.

However, with the segregation of customer data from contractor access and the deployment of cloud-based technologies, third parties and external (to the company) users can still exchange key data but not serve as conduits to illegal digital access.

By utilizing cloud-based deployment for such collaborative systems, contractors and vendors can still access key operating data, submit invoices and proposals, and perform other necessary online tasks. But only the cloud-based system has access into the retailer’s system, through an encrypted and secure single point of communication. Through such a “cloud-based isolation” approach, contractors and vendors never directly access a retailer’s system and compromised external accounts can’t gain entry to sensitive customer data.

In addition, with modern FM systems, companies can actually perform financial transactions on the platform. Related materials and supplies can be ordered directly from some systems, thus necessitating controls over who can order what, spending and purchasing authority, budget limits, etc.

Actually making service payments to third-party contractors directly from an FM system is a powerful tool for companies to gain efficiencies and save money when done properly. However, it’s important to manage this process properly to not bring undue risk into the picture.

With lax controls around payment functionality, there is a risk of fund misappropriation. Companies need to monitor access, both from internal sources as well as external parties, to watch for abuse of invoicing capabilities or more blatant hacking. Through cloud-based approaches and careful controls, security risks via FM technology can be minimized.

Contractor Management Risk

FM groups are responsible for hiring a range of commercial contractors to address their ongoing repair and maintenance issues.

But are these on-site contractors in compliance with corporate policies? Are they currently insured and properly credentialed? And is this being monitored on a monthly basis?

It’s quite costly and difficult to maintain all of this information on all of a firm’s contractors all of the time. Service providers’ insurance may have been up to date when they were first contracted, but how do you ensure it remains current? If not managed properly, a Pandora’s Box of potential risk issues relating to uninsured or uncredentialed contractors accessing a company’s locations can arise.

Companies often find that their contractors were on site without valid insurance or current certification only after the incident. There’s also risk from unqualified or poorly performing contractors, or simply contractors sourced locally without adherence to corporate standards. Firms relying on contractors also run into operational or performance risk without an objective method to compare contractors against key performance indicators.

There are a number of ways to reduce such contractor risk. Some FM platforms provide the ability to monitor a company’s own private network of contractors. This approach ensures that all relevant information is documented, contracts are signed and insurance/credentials are in place. The most advanced systems track credentials in real-time and provide alerts and notifications to all parties before an insurance expiration so renewals can occur or improperly insured contractors can be substituted.

Many retail and restaurant chains have also embraced the concept of rating or scorecarding their contractors. Using objective measures allows a company to be confident that standards are being met consistently across the enterprise, regardless of geography, store, trade, etc.

In addition, by gaining visibility into contractor performance, more work can be directed to those delivering the best service, and review of those underperforming can also be based on hard data, rather than subjective opinions and anecdotal evidence.

Financial Risk

Another contractor-related issue is the level of financial health, not only of a company’s current network of contractors but of the ongoing array of prospective contractor partners. There can be any number of potential financial liabilities in dealing with contractors big and small.

Why is this important? Retail and restaurant chains can find themselves managing hundreds to thousands of third-party contractors. Some may be large, publicly held firms with nationwide service coverage; others can be regional or hyper-local businesses that may only support a small number of locations or even a single store. Regardless of contractor size, however, it’s important to be cognizant of business partners’ financial health and strength.

Avoid a situation in which a contractor involved in a long-term project and on whom you are dependent for specific repair and maintenance services suddenly goes out of business and is no longer able to provide the quality of service (or even the service itself) on which you’re relying. There have been cases in which contractors providing regularly scheduled maintenance services have ceased operations suddenly without notice, leaving the client without delivery of the service and making payments for months. This can open up risk issues with non-serviced equipment or unperformed maintenance in addition to the potential difficulty in payment recovery.

Financial risk also comes into play with prospective partners. During the RFP process, the FM group needs to not only consider service capabilities, experience, references, etc., but also whether a firm is financially sound enough to earn the business. While previously under the purview of a company’s finance function, managing the financial risk from all these contractors can very well end up under the FM group’s umbrella.

Today there are a number of tools that a facility team can use to monitor the financial condition of its contractors. Credit risk management providers can assess overall financial, payment, and going concern risk associated with a specific contractor’s business. This can provide decision-impacting information not only on prospective partners but on an existing network of contractors as well. By addressing this risk factor early and often, a facility team can ensure there are no surprises emanating from its operations.

Brand Risk

Leading organizations know that their physical, customer-facing sites leave the biggest brand impression on the consumer. Branding is typically thought of as solely a marketing or other corporate function — certainly not one within the domain of facility management. But maintaining a company’s brand image in the mind of its customer can, in fact, be one of the most crucial responsibilities of an FM organization.

A company’s physical sites (stores, restaurants, kiosks, carts, etc.) are the most direct touch point with its customers. Keeping facility locations clean, conditions safe and equipment in good working order is paramount to a store or restaurant’s brand uptime, much like a website’s uptime.

Alternatively, a store (or other physical location) with an inconsistent and neglected appearance leaves the same impression on a consumer as a website that has not changed for long periods of time is damaged or simply “down.”

However, a store being out of commission impacts more than simply that store. Customers may form negative opinions of a store due to ceiling leaks, faulty air conditioning, broken lights, parking lot potholes, etc., but the negative experience doesn’t end there. These opinions will likely help form a more general perception of the company, its other locations, and even its seemingly unrelated products and services, harming the brand itself. Thus, a company’s store uptime is directly related to its brand uptime.

Brand uptime is a new way to think about physical infrastructure and the positive or negative impact it has on overall company performance. Infrastructure and how it is perceived, whether or not the perception is accurate, leads directly to how a customer experiences a brand. Customers see a store or restaurant being down as equivalent to the brand being down. And that experience correspondingly has a direct and quantifiable impact on corporate results. Bottom line: How well facilities are maintained — or not — can put a brand at risk.

This potential revenue impact from failing to maintain an exemplary level of brand uptime is making facility management increasingly crucial, not only as a needed line item to monitor, but as a core component of an overall brand strategy.

But how can facility teams guarantee brand uptime? Most important, visibility is paramount. As is said, you can’t improve what you can’t measure. It’s critical to have insight as to the state of all physical assets, active service orders, level of contractor compliance, problem resolution metrics, outlier locations, etc. Facility managers need this to respond effectively to issues as they arise and proactively maintain equipment on schedule as necessary. Only by being in a position to maintain a smooth running physical infrastructure can one ensure uptime and minimize brand risk.

Emergency Preparedness/Health And Safety Risk

A company’s facilities and related equipment and supplies can prove to be a critical way to respond to dangerous safety issues as well as the unforeseen emergencies that can arise. However, with responsibilities for employee, contractor and customer safety across its locations, the FM team needs to manage and prepare for any and all potential risks that could arise, no matter how unlikely.

When considering health and safety risk, facility managers need to make sure not only that any potential hazard is addressed but that it’s done on a timely basis and by qualified tradesmen. Having specified procedures in place and systematically recording all actions taken can help mitigate risk should incidents occur resulting in legal action.

Ensuring safety inspections occur across all locations is another important FM task. This can be challenging to perform on a consistent basis; however but if not done properly can also lead to increased risk. Using a mobile-based site auditing tool can make sure that whoever is conducting the review covers every item on the checklist, records every problem and in some cases even creates a work order on the spot to facilitate its timely remediation.

Today, being prepared for on-site emergencies, whether man-made or not, is another role that falls under the FM umbrella. With contractors working at a company’s behest (and often in not readily visible locations) there’s potential danger in an emergency situation. Again, facility managers can take advantage of the latest technology to minimize risks. There are GPS-based tools that track contractors’ presence. Such mobile apps can provide contractors who are unfamiliar with a facility with emergency procedures and location maps with exit locations and evacuation routes.

Making sure repairs can be made quickly, comprehensive site audits are completed consistently, exit routes and emergency procedures are made readily available, and contractors’ on-site status can be monitored, are just some of the ways facility staff can manage this risk.

There are various risk factors inherent in virtually any company, and they impact organizations and their facility management teams. By understanding potential threats and implementing the strategies and actions discussed, facility professionals can reduce, minimize or eliminate risk.

Interested in learning more? Contact us for a free demo.