Introduction
Businesses today operate in a highly global business environment in which potential hazards seem to appear at every turn. A single bad decision or poorly managed endeavor can result in loss of revenue and damage to the company's long-term brand image. In addition, factors outside the company's control can often have a very negative (or even disastrous) impact on its operations and profitability. This could be an economic upheaval, introduction of strict labor laws in a supplier nation or an inability to obtain necessary raw materials. Dealing with such issues is one of the principal problems that business executives and managers face on a daily basis. Enterprise risk management (ERM) is a process designed to support a business's objectives while helping it minimize or manage risk. It does this by examining and evaluating all the company faces in a range of areas and combining it into a single organizational structure. Many corporations employ ERM to help them avoid risk in their operations and decision-making. This paper will examine the Nike Corporation in detail, considering its overall structure and performance. Along with a brief SWOT analysis, the following will consider the current management strategy at Nike and the company's specific risk management philosophy and practices.
Organizational Narrative
The Nike Corporation is one of the world's largest and best-known manufacturers of sportswear and clothing. Headquartered for many years in Beaverton, Oregon, Nike has more than 44,000 employees on six continents and in 160 nations. The company's total revenue in 2015 was well over $30 billion (Germano, S, & Stynes, T. 2015, p. 1). It has close associations with many different celebrities, and any number of athletes serve as spokespersons for its products. For many people, Nike has become synonymous with sophisticated premium sportswear.
As first established in 1964, Nike was originally known as Blue Ribbon Sports and operated simply as a footwear distributor for other manufacturers. At the time, Nike served as a distributor for a Japanese shoe manufacturer, rather than manufacturing shoes of its own. In the very early days, the company's original founders (Phil Knight and Bill Bowerman) sold the shoes out of the trunk of Knight's old car. In fact, it wasn't until 1967 that the company would open its first brick-and-mortar store. But in short order the company had stores located across the country.
The overall strategic planning at Nike is based in part on its mission statement, which involves bringing innovative and inspiring products to athletes across the globe. Its primary objective (or vision) is based on its founders belief in innovation, both in product design and in business opportunities that provide value for company shareholders. Obviously, Nike has many stakeholders, including employees, suppliers, the communities in which it operates and so on. But the most important of all its stakeholders (for the operation of its business) is still its shareholders. If the shareholders at Nike are dissatisfied with its decisions and results, they have the power to make this displeasure known in a very tangible way.
Nike is organized by large divisions, but also has functional departments within the corporate structure. For example, Jordan and Converse are divisions within the company, while an example of a functional department in the company is Nike Design. These various Nike departments are further subdivided into a number of smaller subdepartments, each of which is assigned a specific task. In the hierarchical structure at Nike, you will obviously find the CEO and board of directors at the very top. At lower levels in the organization, Nike employees work for their divisional managers, while those divisional managers in turn report to the company CEO.
Nike's organizational structure is designed to help assist with its need for innovation and rapidly implemented R&D. This structure also helps Nike to quickly respond to changes taking place in the marketplace around the world. In a highly competitive marketplace, slow and steady doesn't necessarily win the race.
Before discussing ERM at Nike, it's useful to examine the company's current position so as to better appreciate the risks it faces, as well as the opportunities. SWOT analysis is a widely used method for examining a company's external and internal situation. Based on this technique, a company can formulate its strategy in a way that takes into account its strengths, weaknesses, opportunities and threats (hence the abbreviation "SWOT"). Taking all of these factors into account allows a company to improve its performance and position relative to its present and future competitors (Gasparotti, 2009). Below is a SWOT analysis for the Nike Corporation:
Nike Strengths
Nike is highly competitive and is led by a strong and forward thinking management team that is not afraid to take reasonable risks
Because Nike has no factories of its own, it can relocate its production to wherever costs are lowest so as to maximize its profits
The company has extremely effective and innovative marketing and an excellent brand image with the public
Nike has a global presence and its various products are sold around the world
Nike Weaknesses
While the company sells a variety of products, the majority of Nike's income comes from the sale of footwear, meaning that the company is vulnerable to changes in this market (such as changes in fashion, introduction of more innovative footwear by competitors or a global economic downturn that limits consumer spending)
Nike has experienced a good deal of bad publicity in recent years resulting from accusations it has exploited workers in poor, developing nations. Unfortunately, many of these accusations were well-founded
Opportunities
Recycling waste from production to make new goods. Not only is this good for the environment and for the company's image as a socially responsible corporation, it also helps save Nike money
Diversification of areas, including sunglasses, jewelry and similar fashion items
Expansion into new national markets and reaching out to new demographics
Threats
International currency fluctuations can impact Nike's profit margin, as can trade barriers and rising energy costs
Loss of sales due to increased competition from alternative brands, such as cheaper knockoff brands from China and elsewhere
Increased consumer resistance to Nike products because of their higher price. This becomes more of a threat during an economic crisis or recession when the average consumer's income is reduced
The core competencies at Nike include R&D, innovative marketing and effective (while still hopefully sustainable) use of global resources and processes. The target audience for Nike's products are individuals between 18-35 years old who enjoy and active lifestyle and are willing to pay extra for the high quality and premium priced products that Nike provides.
Nike's principal competitors (at least for footwear sales) are the Adidas and Reebok corporations. Both of these companies are similarly positioned to Nike, since they have an international approach to business management, are highly profitable and face similar difficulties with regard to publicity about the manufacturing of their products. Nike's primary advantage over these two companies that allows it to make it its position as market leader is its superior R&D and highly effective marketing approach.
As mentioned in the introduction, ERM is used by companies to manage the various risks that they might face in their daily business operations. This concept is widely used throughout the business world (TANG, D, et al. 2012, p. 18). However, there are a number of different approaches to ERM that can be used. One of the most popular is COSO (Committee of Sponsoring Organizations of the Treadway Commission) ERM. While there are some critics of the COSO approach, corporations around the world have come to see it as an effective model that can be used in a variety of situations. This easy adaptability and applicability is one of the reasons for the popularity of this particular model.
As shown above, COSO can be best visualized as a cube. This cube illustrates the connections between various objectives within the company (placed at the top of the cube) and five critical components (controls) that allow the company to achieve those objectives (shown on the front of the cube). The cube's third dimension is meant to represent its businesses units, which allows the model to look at divisions within the organization and how they are impacted by the other axes. The following examines the five controls in question:
Control Environment: This component relates to how the company's management and staff view internal controls. In other words, are they treating the need for internal controls in a serious way? For instance, it may well be that a company's control environment isn't very good or effective if audits reveal a number of problems. Unfortunately, many executives and managers for a more seat-of-the-pants approach to management that frequently results in problems.
Risk Assessment: Has the management clearly identified just what the company's risks are and put in place measures designed to detect problems or prevent them from ever occurring? For instance, has the accounting department taken into account the risks involved in unrecorded expense transactions?
Control Activities: Control activities relate to the procedures and policies that have been implemented to make sure that the directives laid out by management or actually carried out by the employees. Not doing this can lead to fragmentation and confusion within the corporation as different departments work at cross purposes. Worse, a failure by lower-level employees to conform to company policies in regard to safety, environmental policies, etc. can lead to substantial financial losses and critical legal liability for the Nike Corporation.
Information and Communication: This component focuses on the importance of the company having effective information and communication technology and processes that minimize risk. This includes more than just ensuring that the equipment itself is secure. Companies should have clear safeguards and firewalls in place to protect company and customer data, as well as effective off-site data backup.
Monitoring: As its name implies, the monitoring component relates to how effectively the company's management is monitoring the existing controls. It's essential for a company to confirm that their internal controls are working and change them if it turns out they're not. For instance, if a company finds that proprietary equipment or data has been leaving the company premises without authorization, it will need to put in place stronger controls to prevent this sort of thing.
Risk Management at Nike
One of the most important aspects of risk management and the use of ERM at Nike is governance. Nike seeks to have clearly stated goals for governance in every situation so that risk management can be efficient and relevant. They want to use a senior managers time as effectively as possible so that any inherent risks (including both their impact and their likelihood) are clearly communicated and understood. This is a significant point in risk management, since the company can create “risk fatigue” if it fails to maintain efficiency and relevance in its ERM. This essentially means that risk management could easily become a formality in which employees are simply going through the motions.
It should be noted that in many organizations, risk management is governed using a top-down perspective, while other companies (including Nike) have a much more decentralized approach (Weitzner, D. & Darroch, J. 2010, p. 362). Generally speaking, studies have demonstrated that the latter approach provides a much greater likelihood of effectively limiting risk. The top-down approach is more likely to have managers imposing their opinions regardless of the facts presented to them by their employees.
As this suggests, Nike's approach to ERM governments involves much more collaboration than would be possible with a top-down approach. However, the Nike Corporation does not necessarily stamp relevant documents with the term “enterprise risk management” or create steering committees intended to control this function. Instead, ERM governance at Nike is considerably more organic and sophisticated than that. It is also more flexible, allowing the company to deal with circumstances ranging from a change in the value of the euro to an unavailability of inexpensive cotton or a decline in the Indonesian economy. Moreover, it can respond to such changes quickly and in a way that top-down management would allow.
Unlike other corporations that want everything done by the book, Nike instead establishes goals and procedures that allow its managers to deal with ERM issues in a way that doesn't have a rigid, bureaucratic feel. One of the benefits of avoiding a centralized EMR governance approach is that it allows the people who were actually carrying out the work to evaluate their own risk management, rather than allowing an auditor to do it for them. This makes them a part of the process of ERM, rather than making them simply the subject of ERM.
One of the most important aspects of risk management for Nike (not to mention most of the corporations) is IT management of data. In the past, data was all on paper and because of its bulkiness was more difficult to remove from a business and disseminate to unauthorized parties. Now data can be stored on phones, small pads, tiny flash drives or simply accessed via the Internet from a company server. For this reason, data loss is a greater risk today than it has ever been before. Moreover, such risks are only likely to increase in the future with the reduction of cloud technology and greater integration between networks.
Given this rapidly changing data environment, Nike ID experts attempting to minimize risk focus less on specific capabilities than they do on organizational behaviors and risk awareness (Bhatti, W.A., Zaheer, A. & Rehman, K.U. 2011, p. 2850). In other words, while it might be possible to secure a device given a specific approach for encryption method, it is just as important to ensure that employees understand why this is being done. Otherwise, they may well to attempt to bypass such restrictions in a way that the company has not accounted for simply because they don't see the point of the additional safeguards.
Another aspect of data security involves the careless handling of vital data and the device that is stored on. As important as minimizing the risks of data loss is the need for communicating the need for data security to the employees. For this purpose, Nike has hired advertising agencies and tasked them with educating Nike employees in this matter so they will better understand its vital importance to the company. As Nike executive Hilary Krane put it, “We're hiring essentially outside advertising agencies who speak Nike's language to have our employee as the consumer in mind, and deliver the message to them in a Nike look and feel, in a way that's respectful and fun and honors sport and engages them as part of the team.” She goes on, “‘Would the coach leave the playbook on the subway? No. Why would you?’ We're about to launch into what's going to be a multi-month and probably multi-year internal marketing campaign” (Brechbühl, H., 2012, p. 7). Such metaphors and analogies are a useful way of communicating Nike's need for security to its employees.
Unfortunately, like most major corporations Nike has found that it's employees seem to have greater respect for physical property (such as laptops for other office equipment) than they do for data and intellectual property (despite the fact that the loss of such data can frequently represent a much greater loss for the company than the loss physical property). Just as importantly, many businesses fail to realize that most of their data breaches are caused by their employees (either intentionally or unintentionally), not by professional hackers. The following graph makes this clear:
There is also the risk of legalistic creep. This refers to the idea that there are certain measures that a company might be able to take either today or in the future that would pass muster legally but would still be a bad idea from an ethical and public relations standpoint (Morrison, M 2015, p. 1SS). For instance, a good deal of the data mining that goes on to determine customer preferences and interests could easily get out of hand and become intrusive. In fact, there is a considerable amount of anecdotal evidence to suggest that this is already occurring.
For instance, one commentor pointed out an example of this sort of thing at Target when he said, "they were sending a 16-year-old girl coupons around maternity items because she had been buying items around pregnancy, and the father got involved and went to the store and ultimately got to Target’s headquarters. They’re apologizing profusely. Then he actually came back around and apologized because, in fact, she was pregnant. He didn’t know it, but Target knew it before he did" (Brechbühl, H., 2012, p. 7). While there was nothing illegal about what Target did in in the above example, how they did it was simply too blatant and obvious to be acceptable. Many other companies are doing similar things that might be considered equally intrusive or even borderline (in a legal sense), but they are being much more subtle about it.
Difficulties Nike Faces in Risk Management
In the midst of all of Nike's understandable concerns about eliminating unnecessary risks, the company also has to be concerned about the possibility that excessive or poorly implemented ERM can actually interfere with creativity and innovation. The last thing Nike wants to do is stifle its employees in a way that hurts product creation and sales. In addition to this, risk management must be adapted to the company's culture, goals and procedures. For this reason, Nike in its ERM efforts attempts to avoid overcompensating by creating excessive bureaucracy and paperwork. This will only hamstring the employees and damage company morale.
As Nike's Hilary Krane puts it, "Here we’re allergic to bureaucracy. I mean just allergic to it. I think we’re in a transitional moment as a company in terms of increasing our level of sophistication around enterprise risk, but it’s very fragile because the biggest true risk to our enterprise is squelching innovation This is a company that’s completely driven on creativity and innovationSo you realize that the heaviness of enterprise risk management itself is a big enterprise risk" (Brechbühl, H., 2012, p. 9). This is the mindset that is prevalent throughout the Nike Corporation.
Related to the above points, Nike (like many other large business organizations) recognizes that risk management requires a certain degree of cost-benefit analysis. In other words, the costs involved in ERM policies and procedures should definitely not exceed the realized benefits. To expand on this point, there are a large number of possible risks for Nike in many different areas. Some of these risks are more likely to occur than others and some are more significant in terms of potential losses to the company than others (Rosenberg, C, & Krasik, C 2012, p. 20).
Recognizing this, Nike has to ask itself whether it should invest considerable funds to protect itself against all possible risks, or only the most important and the most likely to cause serious damage. Also, are losses in inefficiency that result from excessive ERM worth the associated cost? In an instance where a risk is completely unavoidable and potential losses alarmingly high, it makes more sense for a business to simply drop certain lines or markets entirely. For example, if Nike determines that its entry into a new market or nation will place it under great risk of legal or civil litigation, it might choose to avoid this market.
Nike further recognizes that the most important risk it could possibly face is a risk to its brand image. Whether it is the result of a problem with a product or bad marketing through social media, every company understands that preventing or mitigating brand image damage is essential if it is going to maintain its market share. Many companies have suffered damage to their brand image in recent years because of their failures with regard to sustainability issues and their lack of transparency in these areas. This is particularly the case with countries who have outsourced their supplier needs to developing nations where workplace rules and environmental laws are lax or virtually nonexistent.
As Hilary Krane of Nike put it, "We have suppliers who are so far out — we don’t make our goods — but the world holds us responsible for it. We’ve been chastened over the years to learn it does not matter. It’s all about your reputation, and you’d better look at it through your consumers’ lens or you’re going to get hurt. That to me is the fundamental bottom line So we’re embracing radical transparency" (Brechbühl, H., 2012, p. 10). Nike has learned from bitter experience with previous problems that transparency and an immediate and quick response to issues when they arise are the best way of dealing with threats to their brand image. Although many activists would argue that this is merely a Band-Aid approach that ignores the fundamental problem underlying Nike's behavior in the Developing World.
In the past, when consumers and groups objected to what they saw as unfair labor practices by Nike in the 1990s, Nike's response was frequently that they were not the producers of the raw materials or the manufacturers of the final products, so they could hardly be held responsible for any unethical or illegal behavior on the part of their suppliers. However, consumers did not see it that way, and in response to this Nike came to understand that it did have a social responsibility for the negative actions and irresponsible decisions of its suppliers. Or the very least, Nike came to understand that its customers believed this and decided to act accordingly.
Risk Management Recommendations For Nike
Whether a company has an explicit and clearly laid out plan for risk management or a looser and more flexible approach (such as the one Nike has put in place), the extent to which a business effectively responds to risk will largely determine its long-term future profitability. With regard to Nike itself, this is made clear by the fact that even though Nike is a very young company, it differs greatly from what it was in the past. The Nike of even ten years ago is not the Nike of today. Ten years from now, the company will most likely differ greatly in its size, revenue, supply-chain and product design. Its risk management approach needs to take this fact into account.
Even how Nike interacts with its customers could well be very different, given the rapidly changing nature of Internet technology. For this reason, Nike needs to be able to integrate risk management into its overall strategy in a way that will maximize innovation and creativity while minimizing risk to the company. Risk involves not only direct financial expenses, but also the risk inherent in protecting private customer data or proprietary information. Maximizing ROI while mitigating risks in the future is a key aspect of ERM at Nike. For instance, Target Corporation recently learned to its cost the heavy price a company will pay when it fails to protect its customer's financial data.
Nike also needs to prioritize its risk management efforts. The company must understand that the concept of prioritizing one risk over another is something that must be deeply embedded in the Nike company culture. Otherwise, the company runs the high risk of a fragmented response to risk that concerns itself with everything and accomplishes very little.
As Nolke of Nike put it, "We’ve been to the ends of the earth trying to manage our restricted substances list. With a shoe like Pegasus or Air Force One, we’re making millions of pairs of these shoes every year. But every once in a while, we do 200 pairs of shoes. They’re expensive. Can we go through all of that diligence around a piece of leather that we’re only going to make 200 pairs of shoes from? So we have to draw the line somewhere" (Brechbühl, H., 2012, p. 11). This point recognizes the limitations inherent in risk management. No one can possibly account for and prevent every possible mischance or mistake. For company that is currently working with foreign suppliers across the globe, it's not even possible for Nike to absolutely ensure that it suppliers are adhering to local and international law. The best it can do is attempt to guide them toward adherence.
Conclusion
In conclusion, ERM at Nike is an essential part of its overall long-term business strategy of revenue growth and value generation for investors. Risk management is associated with all of the various departments and subdivisions within the company, and has to be considered as a critical part of sustainability issues, marketing and brand image. Nike's approach to risk management differs slightly from many other companies in that it attempts to be flexible and adaptable so that both its executives and employees can quickly and effectively respond to emerging risks or changes in the marketplace. This ability to adapt to a changing situation and environment is one of the reasons why Nike has in a period of only 10 years doubled its annual revenues. At the same time, Nike must recognize that amid all the opportunities it has for further growth and diversification, it also faces a number of risks, including increased competition from lower cost alternatives, the potential for economic instability on a national or international level and a high likelihood that the United States and global bodies will impose ever more stringent regulations regarding labor, environmental rules and financial practices. Enterprise risk management is the best way for Nike to ensure that it is prepared well ahead of time for such eventualities.
References
Bhatti, W.A., Zaheer, A. & Rehman, K.U. 2011, "The effect of knowledge management practices on organizational performance: A conceptual study", African Journal of Business Management, vol. 5, no. 7, pp. 2847-2853.
Brechbühl, H., 2012. “Managing enterprise risk: a roundtable overview.” Glassmeyer/McNamee Center For Digital Strategies. Available from: http://digitalstrategies.tuck.dartmouth.edu/cds- uploads/publications/pdf/enterprise_risk_overview.pdf [Accessed March 8, 2016].
Germano, S, & Stynes, T 2015, 'Nike’s Profit Up 20%, Topping Estimates; Revenue Climbs 4%', Wall Street Journal - Eastern Edition, 23 December,
Morrison, M 2015, 'Enterprise Risk Management', American Lawyer, 37, 11, pp. 1SS-4SS.
Rosenberg, C, & Krasik, C 2012, 'Enterprise Risk Management: Making It Count', In-House Litigator, 26, 1, pp. 20-22.
Tang, D, Yang, J, Bamford, D, Xu, D, Waugh, M, Bamford, J, & Zhang, S 2012, 'The Evidential Reasoning Approach For Risk Management In Large Enterprises', International Journal Of Uncertainty, Fuzziness & Knowledge-Based Systems, 20, Supp 1, pp. 17-30
Weitzner, D. & Darroch, J. 2010, "The Limits of Strategic Rationality: Ethics, Enterprise Risk Management, and Governance", Journal of Business Ethics, vol. 92, no. 3, pp. 361-372.