Risk Management
Much risk a company faces is not insurable and must be managed
The list of risks that organizations face every day can be long and complicated. Some risks cannot be fully transferred through insurance or other techniques. If they are not identified and managed, these risks can severely damage and even destroy a company.
In 1998, insurer Conseco acquired Green Tree, a mobile home lender turned subprime powerhouse, for $6 billion. Conseco wanted to diversify its business by getting into financing. In 2002 Conseco filed for bankruptcy, mostly because of its purchase of Green Tree. The company got into trouble because it acquired a business it knew nothing about at the wrong time and drove it into bankruptcy. It was the third largest Chapter 11 filing at the time, after the bankruptcies of WorldCom and Enron. Because of overly ambitious growth, the company’s leadership failed to adequately analyze and manage the risks associated with the acquisition, thus harming innocent shareholders, customers, and employees.
As independent agents and trusted advisors, we can introduce our clients to an efficient, integrated ERM program that can help them identify and take action on risks before they result in a significant loss or even the failure of the business.
Risk is a part of life that we face 24 hours a day. We could fall down the stairs at home, have a car accident on the way to work, or hit a stone while mowing the lawn and cause a life-changing eye injury. The list goes on and on.
The fact is that you can’t have a reward without taking a risk. You could decide not to go out on your boat, but then you will have missed the pleasure of enjoying a beautiful day on the water.
Add workplace risks like setting steel, working in a feed mill, or driving a work vehicle. These and other work-related activities are essential to the success of a company, but each carries an element of risk. The good news is that you can help your clients manage the amount of risk they take compared to the reward they enjoy.
The categories of risks that businesses face are:
- Hazard risk (liability, property damage, catastrophe)
- Financial risk (pricing, asset value, currency, liquidity)
- Operational risk (customer satisfaction, product failure, integrity, reputation, internal poaching, loss of intellectual capital)
- Strategic risk (competition, social trends, capital availability).
Much of the risk a company faces is not insurable and must be managed. There is an art and a science to managing risk. I use the five-step model created in 1972 by risk management expert George Head. This model is simple, easy to explain, and highly effective when executed correctly. The steps are:
Identify. This is where we seek to understand what events in the future could prevent or slow what the client is trying to achieve. The most effective way to understand risk is to talk to the people who do the risky work. Meeting in an executive office to go over insurance options is essential, but it’s also critical that we get in the trenches and learn what goes on in the business. Risk advising without seeing how the work is done and learning from those who do it is like a doctor trying to make a diagnosis without examining the patient.
Analyze. Here we take the risks we have identified, decide what’s most critical, and examine how the risks interact with each other. Study the data, loss runs, OSHA logs, experience mod, safety committee minutes, employee interviews, and near-miss reporting. Collect expert opinions. It may be that your client’s most significant risk is a key supplier who suffers a catastrophic loss and can’t deliver critical components. Make a list of the risks and categorize them in order of frequency and severity. Determine how much risk your client can take, and then go after the most severe risk first.
Control. This is where we determine which risks need to be reduced or mitigated. Can you transfer the risk to another party through a contract? Can your client stop doing something like producing a product that generates very little revenue and could lead to a massive product liability loss? Your client could reduce distracted driving by prohibiting the use of cell phones while driving. The client could eliminate the risk of losing its management team in a plane crash by making it a policy that they fly separately.
Finance/Transfer. With this step, we take action to remove or transfer the risk to someone else by contract, including the insurance transaction. Insurance is an option, but paying someone to take your risk without any attempt to mitigate it can be the costliest option.
Measure/Monitor. Here’s where we ascertain whether the action taken was effective or needs adjusting. It’s also where we keep score as to how well our strategy is performing. Monitoring key lagging indicators, as well as leading ones, and then benchmarking them against industry averages is an excellent place to start. For example, if the workers comp experience mod is 1.00, which is average, it’s important to focus on the minimum mod or zero work comp claims.
Implementing an enterprise risk management (ERM) strategy is not easy. It requires support from C-level management and willingness to sell the benefits across the organization.
If your client is not able to get support from the top layer of management, suggest that he or she build credibility by starting with a smaller project, like instituting a sexual harassment policy and training employees so the company is in the best position to defend itself should a harassment charge be made. This initiative can be championed through the HR department and categorized as compliance. I think we can all agree that the sexual harassment scandals coming out of Hollywood and those involving politicians might not have arisen if appropriate policies and controls had been in place.
Advise your client to keep initiatives simple and go for quick wins, like replacing missing guards on a machine or drafting an emergency evacuation plan. These will create momentum when more complex risk issues arise that require mitigation.
ERM is a continuous process that seeks to identify, analyze, control, finance/transfer, and monitor/measure potential events that create uncertainty and impair a company’s ability to achieve its objectives. As independent agents and trusted advisors, we can introduce our clients to an efficient, integrated ERM program that can help them identify and take action on risks before they result in a significant loss or even the failure of the business.
The author
Randy Boss, CRM, CRA, SHRM-SCP, is a Certified Risk Architect at Ottawa Kent in Jenison, Michigan. As a Risk Architect he designs, builds and implements risk management and insurance plans for middle market companies in the areas of human resources, property/casualty and benefits. He has 40 years of experience and has been at Ottawa Kent for 35 years. He is a lead instructor for the Institute of Benefit & Wellness Advisors, training agents in how to bring risk management to benefits, and co-founder of OSHAlogs.com, an OSHA compliance and injury management platform. You can reach Randy at rboss@ottawakent.com.
