- Effective compliance and risk management require balancing resources, acknowledging complexity, and promoting teamwork, especially in regulated industries.
- Compliance cannot eliminate all risks; it requires ongoing investments, cultural alignment, and robust audit functions to minimize risks.
- Regulatory expectations often exceed risk appetite, making a proactive, informed approach to compliance essential for long-term business viability.
While this story is more from a financial/safety compliance/risk perspective, it still underscores the complexities of managing compliance, safety, and risk, especially in highly regulated industries. It discusses a recent example from Tesla’s Fremont facility illustrates the ongoing challenges: regulatory bodies ordered Tesla to address frequent toxic emissions, showing how violations can lead to strict oversight and costly requirements. Similar issues at Tosco Corporation’s Avon refinery illustrate how risk management becomes a balancing act between safety, cost, and regulatory expectations. In Tosco’s case, even after numerous investments and management changes, recurring incidents highlighted the challenges of managing safety in a highly complex operation. Risk could not be eliminated, but ongoing investments and audits helped to reduce it.
As the Chief Audit Executive (CAE) for Tosco, the author found that effective compliance and risk management hinged on detailed insights into refinery operations and a culture of teamwork. A divided workforce and strained union relationships, however, exacerbated risks and weakened compliance efforts. Regulatory scrutiny remained high despite these internal efforts, showing that meeting regulatory requirements often goes beyond typical risk tolerance levels. Even substantial safety investments were insufficient to prevent all incidents, leading Tosco’s CEO to sell the refinery as the most viable risk mitigation strategy.
This experience highlights several takeaways: absolute safety is unattainable in complex environments, and managing compliance risk requires continuous investment in personnel, training, and culture. A risk-based approach provides only limited insulation against incidents and the resulting scrutiny. Compliance and internal audit are critical in assessing operational risks and presenting senior management with clear, comprehensive insights to aid in tough decisions. The lessons from this environmental/safety case history still can apply to risks from ongoing operations such as manufacturing, supply chain, customer relations and product design.
Leave a Reply
You must be logged in to post a comment.