Corporate Legal Department Risk Management - "No Excuses!"

By Gabrielle A. Townsend 

Early one morning as I headed to the office break room for a glass of water, I noticed a posting on the fridge.  The poster featured a tall man, wearing a hooded sweatshirt and jeans, covertly exiting a DuPont office building.  He looks stealthy and has a laptop clutched under his arm.  The caption reads: 

"Someone is always waiting . . . for when you leave your computer unattended. 

NO EXCUSES!  LOCK ALL LAPTOPS!"

I work between two office sites and a home office, using numerous conference rooms, training rooms and visitor offices per week, so this poster quickly got my attention.  As a member of the DuPont Information Technology organization supporting the DuPont Corporate Legal Department, I know getting my laptop stolen would be a major headache on a variety of levels.  The poster's message, issued as part of the DuPont Information Security Organization's "Securing Our Future Campaign", really stuck with me.  I now find myself locking my office door more frequently, asking colleagues to "watch" my laptop in a conference room while I run to the rest-room before meetings start, and even taking my computer in to the grocery store with me during lunchtime errands.  The message was delivered, received, and practical changes are happening.  I am becoming more accountable for everyday risks. 

Successful risk management in DuPont's Corporate Legal Department is highly dependent on individual accountability.  How can a department or corporation foster a sense of personal accountability for risk management in each employee?  Organizational culture is a critical factor behind consistent individual accountability in all aspects of a job role, including risk management.  DuPont's Core Values of 1) Safety and Health, 2) Environmental Stewardship, 3) Highest Ethical Behavior and 4) Respect for People, form the cultural foundation where risks can be identified, discussed and managed.  For example, our culture leans heavily in to safety programs, which by their very nature encourage identification and elimination of risks by every employee.  

DuPont's culture is also heavily influenced by DuPont Information Security Organization (DISO) campaigns.  Posters, buttons, magnets, presentations, and numerous other methods cause culture shifts each year.  This year, we have a new "DuPont Security Month", which challenges employees with the question, "Are you part of the team?”  Security Month and other campaigns emphasize a personal role in protecting DuPont information and reducing risks.  Each employee is given practical methods they can use to secure DuPont assets in their work environment, from challenging strangers in the office to correctly labeling all documentation. 

Without DuPont Core Values and DISO campaigns, risk management would take a back seat to earnings growth and cost productivity.  The results of risk management activities, such as safety, health, stewardship, and ethical behavior, mirror our values.  Risk management also provides numerous financial and competitive advantages.  Before seriously starting a risk management program or applying techniques to projects, a thorough examination of your organizational culture is recommended.  Where are you as an organization regarding personal accountability?  Are there attitudes that it is "someone else's job" to protect company or firm assets?  What are some campaigns and directives you can implement to slowly change your culture?  The effort is challenging, but the rewards are great.