13 Rules for Risk Management Success
Over my 24-plus years in the insurance, general liability claims and risk management professions, I have learned that the following practices or attributes are critical for success.
With this opportunity, I would like to share with the readers of Risk & Insurance® the practices and attributes that lead to success when working in a high energy, heavy work-volume environment in our respective organizations.
“Risk management is about people, not money. Money is why we have risk managers; however people are why we strive for excellence. One needs to be cognizant of the uninsurable costs of risk.”
The modern conventional wisdom is that folks need to “do more with less”. Let’s face it, our organizations are either beholden to stockholders, owners or the tax paying citizens of our great country. More than ever the pressures for producing high quality, high volume and cost-effective work product is expected.
The following are some proverbial words-of-wisdom from someone who is the boots on the ground….
- Be the “get to yes” folks and not the “little dark rain cloud”. Risk management is in the position to assist stakeholders in making informed and sound decisions. Rarely should risk management provide an absolute “no” and if so, then the successful risk manager assists in providing alternative methods to assist in reaching the goal in question. In other words, provide the organization’s stake-holders information enough for them to make an informed decision.
- Check your ego at the door when you enter the office. It is not about “you”, it is about “us” and “them”.
- Risk management is about people, not money. Money is why we have risk managers; however people are why we strive for excellence. One needs to be cognizant of the uninsurable costs of risk.
- Having a positive mental attitude is critical.
- What would Woodrow Wilson Do? Woodrow Wilson said essentially; “In times of crises a thousand hasty counsels is worth one cool judgment. The goal is to provide light and not heat.”
- Change is going to happen, embrace it.
- Be forthright, honest, respectful of others and diplomatic.
- Use your internal and external resources. Governmental entities do not have to worry about trade secrets or competition and generally public entity risk professionals like to share in their successes and “lessons learned.”
- Do not reinvent the wheel. In all likelihood someone with institutional knowledge has “been there and done that.”
- Communicate with stakeholders. They do not like surprises and do not wait to be asked to provide a report or information. Let stakeholders know of your successes and simultaneously help identify where organization success can be maximized or where failure can be mitigated.
- Be timely and ready to address issues as they occur without losing focus of the horizon.
- Communicate and collaborate with organizational personnel in developing and supporting a culture of risk management and safety.
- Battleships turn slowly and sink fast…do not rest on your laurels.
Though the cynic may conclude much of the above is cliché’, it has been my experience that incorporating the above points into how one conducts their risk management endeavors benefits the organization, fosters a positive work environment and provides the foundation for building and/or maintaining a quality risk management enterprise.
University Risk Managers Share Concerns
Higher education risk managers converged on Louisville, Ky., last week for the annual conference of the University Risk Management and Insurance Association, where several themes emerged as key areas of focus.
“ERM seemed to be the biggest theme, but there was a enough variety in the sessions to cover all the basics,” said Mark Logel, director, administrative services & risk management at the University of Evansville and a first-time conference attendee.
More than six in 10 (61 percent) survey respondents said they have not conducted an enterprise risk management process at their institution in the past two years, or don’t know if such work was done, according to data shown during one session, “Managing Risk Intelligently: A New Normal.”
And yet, nearly three-fourths (73 percent) said they are more focused on institutional risk now than five years ago, and 63 percent reported having more full board discussions about institutional risk.
Paradoxically, only 39 percent of respondents said they were getting enough information about their exposures, down from 43 percent in 2008.
However, according to Gary Langsdale, university risk officer at Pennsylvania State University (PSU) and a session speaker, these statistics are not as negative as they appear. Such conflicting opinions may demonstrate that institutions are growing more aware of the complex web of risks they face and therefore asking for more information, not necessarily receiving less.
“There’s an impetus for thinking more holistically about risk,” said Andre LeDuc, executive director, enterprise risk services at the University of Oregon. “It’s a continual struggle to promote a risk-aware culture.”
Such a culture needs to be built from the top down, with buy-in from board members and more communication between academic and student affairs offices. The publicity surrounding the Sandusky scandal at PSU revealed a need for greater board involvement, Langsdale said.
But, he noted, there is a limit.
“Board members should have their noses in but fingers out,” he said, meaning the board’s role is to be informed but not overly involved in risk management.
Langsdale identified ways risk managers can help set the culture for a true ERM effort:
• Look for leadership opportunities.
• Break down organizational silos.
• Understand the analytical tools and methodologies available.
• Elicit views from across the organization.
“Establishing ERM is an evolution,” LeDuc said. “Check back in two or three years to see what works and what doesn’t. Every institution is unique. … We have to take lessons learned back to our home institutions and help the thematic thread spread.”
Changing demographics and enrollment challenges, lack of funding and regulatory compliance are three major strategic risks faced by universities.
According to Christine Eick, executive director, risk management and safety at Auburn University, some schools saw hundreds of millions of dollars’ worth of cuts in government funding during the recession.
That is compounded, Langsdale said, by a lack of funding on students’ end as well. As costs rise, fewer students and their families are able to contribute much from their own pockets.
“We have to make choices about which programs to support,” he said.
Many attendees acknowledged that funding for sports programs, while ultimately accounting for a very small percentage of a school’s overall budget, should be the first to take cuts because of their high visibility.
Enrollment has also fallen as demographics shift. There are simply fewer 18-year-olds in the prospective student pool now than there were a decade or more ago, which increases competition among schools vying to keep classrooms full.
“One help has been recruiting returning military members,” Eick said, “who often come with the support of government funding” and have incentives to obtain a degree as they re-enter the mainstream workforce.
Compliance has also risen as a priority, especially with adherence to Title IX and the handling of sexual assault cases coming under tighter scrutiny.
Along with the increased risk, however, comes the benefit of putting “risk managers at the right tables,” said LeDuc, as universities need to discuss such risks among different offices and with board members.
Like any other organization that collects personally identifiable information, higher education institutions are more concerned with cyber threats.
“Data, data, data. Are we fully aware of our exposures?” LeDuc asked, picking out cyber security as a risk to watch related to students’ personal and financial records, as well as the potential for theft of intellectual property, especially at research institutions.
“Cyber is an increasing threat,” Eick agreed. “There has to be a shift in culture that mandates security training for all faculty to be completed by a certain date. Schools should be employing more privacy officers and CIOs to handle those challenges.”
Universities may have a higher exposure for data breach, Langsdale said, because networks are “designed to be open” to allow access for prospective and current students, alumni, faculty, and researchers from other facilities.
“You need to be on top of your cloud providers and know where your servers are located,” he said. “There should be no deemed export of information.”
Along with the increase in study abroad programs comes the increased need for colleges and universities to do more to ensure the safety of students in such programs, including keeping track of their whereabouts and the conditions of the countries they visit.
Until recently, schools have had limited ways to track and communicate with students abroad, and have kept limited records of incidents. Both nonprofit organizations and businesses offer resources to help risk managers expand their efforts.
One way to conduct due diligence is through site visits, which “are not terribly expensive,” according to Eick, but which usually are only done by larger, better-funded schools.
In addition to scoping out the conditions of hosting school and the surrounding communities, site visits allow risk managers an opportunity to analyze local coverage and ensure that the right policies are in place. Language barriers can result in improper coverage.
A Renaissance In U.S. Energy
America’s energy resurgence is one of the biggest economic game-changers in modern global history. Current technologies are extracting more oil and gas from shale, oil sands and beneath the ocean floor.
Domestic manufacturers once clamoring for more affordable fuels now have them. Breaking from its past role as a hungry energy importer, the U.S. is moving toward potentially becoming a major energy exporter.
“As the surge in domestic energy production becomes a game-changer, it’s time to change the game when it comes to both midstream and downstream energy risk management and risk transfer,” said Rob Rokicki, a New York-based senior vice president with Liberty International Underwriters (LIU) with 25 years of experience underwriting energy property risks around the globe.
Given the domino effect, whereby critical issues impact each other, today’s businesses and insurers can no longer look at challenges in isolation one issue at a time. A holistic, collaborative and integrated approach to minimizing risk and improving outcomes is called for instead.
Aging Infrastructure, Aging Personnel
The irony of the domestic energy surge is that just as the industry is poised to capitalize on the bonanza, its infrastructure is in serious need of improvement. Ten years ago, the domestic refining industry was declining, with much of the industry moving overseas. That decline was exacerbated by the Great Recession, meaning even less investment went into the domestic energy infrastructure, which is now facing a sudden upsurge in the volume of gas and oil it’s being called on to handle and process.
“We are in a renaissance for energy’s midstream and downstream business leading us to a critical point that no one predicted,” Rokicki said. “Plants that were once stranded assets have become diamonds based on their location. Plus, there was not a lot of new talent coming into the industry during that fallow period.”
In fact, according to a 2014 Manpower Inc. study, an aging workforce along with a lack of new talent and skills coming in is one of the largest threats facing the energy sector today. Other estimates show that during the next decade, approximately 50 percent of those working in the energy industry will be retiring. “So risk managers can now add concerns about an aging workforce to concerns about the aging infrastructure,” he said.
Increasing Frequency of Severity
Current financial factors have also contributed to a marked increase in frequency of severity losses in both the midstream and downstream energy sector. The costs associated with upgrades, debottlenecking and replacement of equipment, have increased significantly,” Rokicki said. For example, a small loss 10 years ago in the $1 million to $5 million ranges, is now increasing rapidly and could readily develop into a $20 million to $30 million loss.
Man-made disasters, such as fires and explosions that are linked to aging infrastructure and the decrease in experienced staff due to the aging workforce, play a big part. The location of energy midstream and downstream facilities has added to the underwriting risk.
“When you look at energy plants, they tend to be located around rivers, near ports, or near a harbor. These assets are susceptible to flood and storm surge exposure from a natural catastrophe standpoint. We are seeing greater concentrations of assets located in areas that are highly exposed to natural catastrophe perils,” Rokicki explained.
“A hurricane thirty years ago would affect fewer installations then a storm does today. This increases aggregation and the magnitude for potential loss.”
On its own, the domestic energy bonanza presents complex risk management challenges.
However, gradual changes to insurance coverage for both midstream and downstream energy have complicated the situation further. Broadening coverage over the decades by downstream energy carriers has led to greater uncertainty in adjusting claims.
A combination of the downturn in domestic energy production, the recession and soft insurance market cycles meant greatly increased competition from carriers and resulted in the writing of untested policy language.
In effect, the industry went from an environment of tested policy language and structure to vague and ambiguous policy language.
Keep in mind that no one carrier has the capacity to underwrite a $3 billion oil refinery. Each insurance program has many carriers that subscribe and share the risk, with each carrier potentially participating on differential terms.
“Achieving clarity in the policy language is getting very complicated and potentially detrimental,” Rokicki said.
Back to Basics
Has the time come for a reset?
Rokicki proposes getting back to basics with both midstream and downstream energy risk management and risk transfer.
He recommends that the insured, the broker, and the carrier’s underwriter, engineer and claims executive sit down and make sure they are all on the same page about coverage terms and conditions.
It’s something the industry used to do and got away from, but needs to get back to.
“Having a claims person involved with policy wording before a loss is of the utmost importance,” Rokicki said, “because that claims executive can best explain to the insured what they can expect from policy coverage prior to any loss, eliminating the frustration of interpreting today’s policy wording.”
As well, having an engineer and underwriter working on the team with dual accountability and responsibility can be invaluable, often leading to innovative coverage solutions for clients as a result of close collaboration.
According to Rokicki, the best time to have this collaborative discussion is at the mid-point in a policy year. For a property policy that runs from July 1 through June 30, for example, the meeting should happen in December or January. If underwriters try to discuss policy-wording concerns during the renewal period on their own, the process tends to get overshadowed by the negotiations centered around premiums.
After a loss occurs is not the best time to find out everyone was thinking differently about the coverage,” he said.
Changes in both the energy and insurance markets require a new approach to minimizing risk. A more holistic, less siloed approach is called for in today’s climate. Carriers need to conduct more complex analysis across multiple measures and have in-depth conversations with brokers and insureds to create a better understanding and collectively develop the best solutions. LIU’s integrated business approach utilizing underwriters, engineers and claims executives provides a solid platform for realizing success in this new and ever-changing energy environment.
This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Liberty International Underwriters. The editorial staff of Risk & Insurance had no role in its preparation.