Risk Manager Focus

Meshing Distinct Viewpoints

Procurement and risk management must partner together to help their organization grow, but in some companies, they rarely even talk.
By: | June 1, 2015 • 12 min read
06012015_01_CS

Marilyn Rivers, director of risk and safety, City of Saratoga Springs

Several years ago, Whirlpool decided it could save 75 cents per unit if it outsourced the production of dishwasher water seals to a Chinese supplier. The annual savings were projected at more than $2 million.

But soon after the arrangement was made, the Chinese manufacturer changed to a different rubber supplier, causing a failure rate of nearly 10 percent, according to “Managing Risk in the Global Supply Chain,” a study by the Supply Chain Management faculty at the University of Tennessee.

Advertisement




By the time Whirlpool discovered the problem, more than 2 million dishwashers had been produced with the leaky seals and about two months’ worth of supply was in transit. The oversight cost the company millions — destroying the realization of projected savings for more than three years.

The study listed the example as one of the multitude of risks that can occur in supply chain management. And it’s an example of how risk management could have helped avoid the problem altogether.

In the most effective companies, risk management and procurement work together to ensure both the cost and quality of supplies and vendors, as well as proper risk transfer.

When those functions do not align, the organization suffers. That suffering may take the form of safety violations, product recalls and reputational loss, among other exposures.

But it’s not possible for procurement and risk management — organizational functions with two distinct viewpoints — to always agree. In some organizations, they rarely even communicate. It is possible, however, to build a relationship that allows the organization to prosper without undue risk.

Underlying the relationship should be a common mission of focusing on the organization’s goals as a whole, experts said.

Brian Merkley, global director of corporate risk management, Huntsman Corp.

Brian Merkley, global director of corporate risk management, Huntsman Corp.

“Risk management and procurement are partners in helping to grow the business and at the same time, growing the balance sheet,” said Brian Merkley, global director of corporate risk management at Huntsman Corp., a Salt Lake City-based global chemical manufacturer.

When he first joined Huntsman about 10 years ago, he worked with procurement and legal to develop a contractual risk transfer strategy document, which was “my first introduction to the procurement team and the processes they used. I found a good working relationship with them and it continues today.

“Cultivating a strong relationship with procurement is critical,” he said, noting that there is a constant challenge to make smart risk/reward decisions — balancing price against the potential exposure.

“Risk management and procurement are partners in helping to grow the business and at the same time, growing the balance sheet.” — Brian Merkley, global director of corporate risk management, Huntsman Corp.

Over the years, his department has provided important guidance to refine standards and strategies for procurement that include performance expectations of contractors, indemnity language, and insurance requirements, among others. It also has helped to develop a process to qualify various contractors that meet risk management and procurement’s standards so operations can run smoothly.

Contracts and insurance provisions can’t be reviewed in a vacuum, Merkley said, but have to include scope of work, indemnity, and relationships or prior experience with the parties. “We are going to insist on certain levels of protection based on the type of work,” he said.

Stumbling Blocks

In many organizations, risk managers are not in a position to influence procurement or supply chain decisions. They either don’t have the buy-in of the senior leaders of the organization, don’t have effective channels to collaborate on such decisions, or they don’t have sufficient understanding of the organization’s strategies and goals to provide effective input into procurement activities.

Advertisement




Gary Lynch, CEO and founder, The Risk Project, and a former global practice leader for Marsh, said that over the years he has been “shocked at how little the risk management community knew about the operations of their business. They knew how they made money, but they didn’t know who contributed to bringing value to the market.

“The majority of risk managers that I have worked with don’t have the opportunity, don’t have the capability and don’t have the value to really support [procurement or supply chain decisions]. Those are the three stumbling blocks,” he said.

The same can also be said for many supply chain professionals. According to the University of Tennessee study, most of them have little expertise in insurance products. Nor do they understand many of the potential claims issues — or the insurance programs that are available to protect them.

In the study, insurance ranked dead last in a list of 10 risk mitigation strategies to protect supply chains — ranking 4.5 out of 10. The top strategy was “strong suppliers,” ranking 7.5 out of 10.

“I think there is a lot of disconnect with folks between procuring and supply chain, and the risk management function,” said Mark Robinson, vice president of global operations at UPS Capital, which offers supply chain finance and insurance services. “In my mind, they don’t talk very much.”

There are some risk managers, however, who are able to add value to the procurement process. The words that keep coming up in conversations with them are “relationship” and “partnership.” Risk management and procurement work best together, they said, when both functions keep the organization’s strategic goals top of mind.

Robinson said the visibility of catastrophic events, targeted thefts and the larger size of container ships has heightened awareness of cargo, trade disruption and cyber risk insurance. From 2011 to 2013, the global cargo insurance market increased from $17.2 billion to $18.2 billion, about a 6 percent increase. And the U.S. market is increasing faster than the global market, he said.

The City of Saratoga Springs, N.Y., operates under regimented bidding processes. But even as the city is required to take the lowest bidder, it must ensure that it hires the lowest “responsible” bidder.

“Sometimes, folks give outlandishly low-priced bids,” said Marilyn Rivers, Saratoga’s director of risk and safety. “We structure it so that when we send out a request for quotes or a request for proposal, we place in the language that anyone chosen has to meet all of the requirements and has to be qualified.”

That means vendors or suppliers have to submit a certificate of insurance, execute the city’s “risk and safety agreement” and a “vendor code of conduct” as well as have sufficient prior experience and the ability to complete a project within the set time frame, among other requirements.

“We are always cognizant of the cost, but we must ask, ‘What is the benefit to the public versus the cost, because tax dollars are being used for those projects,’ ” she said.

Plus, Rivers said, the city must “look at the totality of how it impacts the community. … We can’t just slice up a roadway.”

Building Bridges

At Sodexo Inc., which has 8,000 food suppliers and 25,000 non-food suppliers, Peter Rosiere, vice president, risk management, created a new position — supply risk analyst — to more fully bring the risk perspective to the supply chain team.

Peter Rosiere, vice president, risk management, Sodexo Inc.

Peter Rosiere, vice president, risk management, Sodexo Inc.

“One primary reason we created the new position was to develop that communication, linkage and a balance point between the two groups,” he said. “The groups tend to spin in different orbits. What we are trying to do is build a bridge. We have a good bridge. We want to make it even better.”

Evelyn Joe, who holds that new position, said her primary goals are communication, education and collaboration, trying to find the “best working relationship that meets the needs of the company and each team.”

It’s necessary, she said, to understand the other group’s needs and goals while sharing with them the needs of risk management “so we are not talking apples and oranges, so we understand the foundation. … We have worked extremely hard to become part of the supply management process.”

Advertisement




Sometimes, she said, procurement will seek approval of a supplier that does not comply with the department’s insurance requirements or standards. In such cases, procurement and risk management work together, along with legal, to research the organization and find a solution.

“That’s when I’ve been pleasantly surprised because of the constant relationship-building and education with supply management that they completely understand,” Joe said. “The supply manager understood why we couldn’t change our risk management requirements. It’s our job to help our client understand why we have the high standards we do, for both brand and customer protection.”

Opening the channels of communication is, obviously, the first step to creating or enhancing that relationship.

For Dwayne Eastwood, risk manager, McCoy’s Building Supply, it can mean walking around the office with a cup of coffee and asking, “What’s up? What’s the latest? Are you thinking about safety and risk management and contractual arrangements?

“It’s just getting in front of people for a couple of minutes and talking it up. You have to be involved early on. It’s critical.”

But it’s not just asking, he said. It’s also about following up on what is heard by “pointing out and illustrating what the risks are. …Credibility is paramount.”

Credibility matters because the ultimate decision is not within risk management’s control, he said.

“When you step into their world and you point out and illustrate what the risks are, they make the decision for the company that this risk is or is not acceptable. It’s everybody else who makes those decisions,” Eastwood said.

When he explains why a proposed plan “is not really a good idea, most of the time, they will go along with us. They don’t necessarily want to go against the grain. They take our advice most seriously,” he said. “That’s good, and I think credibility is where you get that from, and a proven track record.

“In the beginning, there were a lot of ‘a ha’ moments. It was really up to me and others to educate them that we needed to be involved on the front end. They didn’t ignore it; they just didn’t consider it. When they realized the risks and possible loss of life or big dollar amount lawsuits and what that could look like it was, ‘oh OK.’ ”

Using claims data in such conversations “speaks volumes,” he said. “I’m a huge fan of using loss history to evaluate the risk, frequency and severity, both.”

Eastwood’s colleague, Kevin Shute, director of merchandising-hardlines and merchandising operations, said that the partnership between his function and risk management has over the years “moved from a reactive to a proactive situation. … We like to think that the key to our interconnectedness or connectivity is we know each other personally.”

Shute said that when his team finds a new product from one of its 1,400 vendors, such as virgin sulfuric acid, which is “powerful, powerful stuff,” his team will work with risk management to review all of the processes, packaging, paperwork and safety training and product handling issues.

In another situation, when McCoy’s recently launched a propane tank exchange, the two teams “worked from cradle to implementation” through the contracts, insurance, permitting, vendor and store compliance, employee training, and all other aspects to eliminate any potential liability issues, Shute said.

“We typically don’t look at [risk mitigation efforts] as a problem,” he said. “We look at it as that’s what we have to do to protect our assets.”

Envisioning Risks

It can sometimes be difficult to clearly understand what protection is needed when a catastrophic exposure hasn’t yet occurred, said UPS Capital’s Robinson.

For example, he said, he knows one pharmaceutical company that used to ship $20 million worth of inventory from its location in one truck to an airport 30 miles away every day. From there, it would be divvied up to be transported by plane to various locations.

Advertisement




While the company had claims after the inventory had been brought to the airport and transported, it never had a catastrophic loss related to the 30-mile truck journey. “Can you envision the scenarios? An accident? Being hijacked? Some problem where you lose the whole load?” he asked.

The company had $1 million in coverage for that $20 million load, he said, noting that a conversation ensued with the company about the plausibility of such a loss and how it could protect itself.

A good time for risk managers to begin expanding their partnership with procurement is when contracts are annually reviewed and renewed.

Requiring suppliers or service providers to carry insurance may not adequately protect a company from substantial losses, Robinson said. A major incident could push a supplier into bankruptcy, or a policy’s terms and conditions may not be conducive to compensating the company for its loss -— at least not without a lengthy court battle.

“The groups tend to spin in different orbits. What we are trying to do is build a bridge. We have a good bridge. We want to make it even better.” — Peter Rosiere, vice president, risk management, Sodexo Inc.

It’s not just whether insurance coverage will adequately protect the company. Much of the work risk management must do deals with business continuity planning. Is there resilience in the supply chain for all tiers of suppliers, inventory, labor and transportation? Is there a worrisome geographic concentration? Is there the potential for natural disaster or political upheaval? Is there an acceptable tradeoff between risk and reward?

“The reality,” Sodexo’s Rosiere said, “is that an organization cannot operate without supplies, be it for raw materials or services. But a company cannot operate without good risk transfer. This is not the case with Sodexo, as strict supplier insurance/risk transfer requirements are in place. There has to be an understanding of where the functions rest within the priorities of the organization.

“Sodexo’s awareness of the risk and the partnership with our supply management teams is a key aspect of our growth and culture.”

A lot of it comes down to how decisions affect the company’s margins, said The Risk Project’s Lynch.

When risk managers seek to manage compliance issues or ensure additional capabilities, they are introducing cost into the equation, he said.

“It’s clear to me that these folks have to navigate risk, and not manage it. … You have to manage to the margins,” he said. “Risk management has to be done within the context of the operation’s margin.”

“It’s looking at the totality of the risk,” Saratoga Springs’ Rivers said. “It’s looking at the total risk the project entails and how that project impacts the community, the business or employees, and what an entity, whether public or private, needs to do so it can mitigate risk so it can be successful and the entity doesn’t lose money on it. … The procurement standard should be dovetailed to the project.

“The goal of all risk management is empowering people. It’s a partnership that allows that empowerment but gives the opportunity to know when to ask more questions. … It’s achieving goals cost-effectively but not endangering the health and welfare of employees or the community in the process.”

Regular education and training are crucial, Huntsman’s Merkley said.

“We are all trying to grow the business in an appropriate way and safeguard the balance sheet from making bad bets, and it’s crucial we partner together in doing that.

Advertisement




“The best starting place is to develop personal relationships with the procurement management team, and secondly, you have got to do a lot of work to prove yourself as a reliable subject matter expert. When they come to risk management and look for guidance around insurance language, you have got to back it up.”

Anne Freedman is managing editor of Risk & Insurance. She can be reached at [email protected]
Share this article:

Column: Roger's Soapbox

The 10 Percent

By: | June 1, 2015 • 3 min read
Roger Crombie is a United Kingdom-based columnist for Risk & Insurance®. He can be reached at [email protected]

A watershed moment occurred in my life last week. In itself, it mattered little, but it was the moment at which technology began to deny me a future.

I wanted to buy, online, a dish rack — a metal frame for drying dishes. The local branch of my favorite store didn’t have one on hand, but I could have one delivered to the store by clicking a few buttons. Many screens later, I was instructed (in English English; I’ve translated) to “Enter cell phone number so we may text you the secret code required to collect your item.”

Advertisement




Not having what the British call a mobile phone, I could not order the product. It was the first time that my refusal to mobilize had rendered me impotent. (Not, strictly speaking, the first time: I would previously have been unable to park my car in parts of London without a mobile, had I owned a car.)

The dish rack incident, however, was the start of what I imagine will become a crippling inability to function as the years go by. Blame Edward Snowden, a friend said. Businesses need customers to have a unique key, in much the same way that computers require passwords, and a cell phone of their very own. (Cell users, apparently, don’t share their toys.)

Captive insurance companies are cool? I’ll have three. Cat bonds are sexing up the reinsurance space? Issue some. The logic is: If it works for the other guy, it’s bound to work for us.

I don’t want commerce to grind to a halt, mine or anyone else’s. I’m all for high-tech, within reasonable limits. At the last count, however, 10 percent of Americans and a higher percentage of Brits did not own a cell phone. The pesky little gadgets are by no means ubiquitous.

In the end, I walked to the store, ordered the dish rack, and returned a day later to pick it up. Very little real inconvenience, and a dose of good exercise thrown in as a dividend.

One imagines that the retailers of the dish rack must have concluded that the 10 percent on the wrong side of the digital divide can be ignored without hurting profits. For all I know, they might be right, although it doesn’t sound right.

Now consider the implications of this for the insurance industry.

Many insurance people behave like sheep. A pioneer comes up with a viable concept, and everyone else enters the same line of business, on largely the same terms.

Captive insurance companies are cool? I’ll have three. Cat bonds are sexing up the reinsurance space? Issue some. The logic is: If it works for the other guy, it’s bound to work for us.

If one giant retailer thinks that 10 percent of its customer base can be ignored without damage to profitability, the other retailers will come to the same conclusion. I can’t imagine the ways by which retail insurers will ignore the 10 percent, or some other 10 percent who fail to conform to some societal stupidity, but it seems highly likely that they will.

We hear a lot about ‘disruptors’, business people who come up with new ways of doing things that upset the settled methods of an industry. The Internet has spawned a deep admiration for such types, which has led in turn to established business practices being considered old hat.

Advertisement




The future belongs to the 90 percent, and so be it. The danger for retailers in this case, and insurers in the wider future, is that in the face of aggravation, 10 percent of everybody might decide they don’t need a dish rack, or contents insurance. Think how disruptive that might prove to the bottom line.

Share this article:

Sponsored Content by AIG

Preparing for and Navigating the Claims Process

Be clear on what your organization's policy does and does not cover before you need it.
By: | July 1, 2015 • 5 min read
SponsoredContent_AIG

All of a sudden – it happens.  The huge explosion in the plant.  The executive scandal that leads the evening news.  The discovery that one of your company’s leading products has led to multiple consumer deaths due to a previously undiscovered fault in its design.  Your business and its reputation, along with your own, are on the line.  You had hoped this day would never come, but it’s time to file a major claim.

Is your company ready?  Do you know – for certain – how you would proceed, both internally with your own employees, and externally, with your insurance provider?  What data will you need to provide, and how quickly can you pull it together?  Do you know – and understand – the exacting wording of your policy?  Are you sure you are covered for this type of incident?  And even if you are a multinational with a global policy, how old is it, and is your coverage in concert with any recent changes in the laws of the country and local jurisdiction in which the incident occurred?

As should be clear from these few questions, if you organization is hit with a major event and you need to make a claim, just knowing that you are current with your premium payments is not enough.  Preparation before the event ever occurs, strong relationships with your insurance team, and a thorough understanding of what needs to happen throughout the claims process are all essential to reaching a satisfactory claim settlement quickly, so that a long business disruption and further damage are avoided.

Get Ready before Disaster Strikes

SponsoredContent_AIGThe Boy Scout motto, “Be prepared,” applies equally well to organizations that may suddenly be faced with the need to navigate the complexities of the claim process – especially for large claims following a major crisis.  Crises are by nature emotional events.  Taking the following steps ahead of time, before disaster strikes, will help avoid the sense of paralysis and tunnel vision that often follows in their wake.

Open up a dialogue with your insurer – today.

For risk managers and others who will be called upon to interface with your insurer in the event of a crisis, establishing open and honest lines of communication now will save trouble and time in the claims process.  Regular communication with your insurance team and keeping them up to date on recent developments in your organization, business and manufacturing processes, etc., will provide them with a better understanding of your risk profile and make it easier to explain what has happened, and why, in the event you ever have to file.  It will also help in the process of updating and refining the wording in existing policies to reflect important changes that may impact a future claim.

Conduct pre-loss workshops to stress-test your readiness to handle a major loss.

Firefighters conduct frequent drills to ensure their teams know what to do when confronted with different types of emergencies.  Commercial airline pilots do the same.  Your organization should be no different.  Thinking through potential loss scenarios and conducting workshops around them will help you identify where the gaps are – in personnel, reporting structures, contact lists, data maintenance, etc., before a real crisis occurs.  If at all possible, you should include your insurance team and broker (if you have one) in these workshops.  This will not only help cement important relationships, but it will also serve to further educate them about your organization and on what you will need from them in a crisis; and vice versa.  The value to your organization can be significant, because your risk management team will not be starting from zero when you have to make a claim.  Knowing what to do first, whom to call at your insurer, what data they will need to begin the claims process, etc. – all of this will save time and help get you on the road to a settlement much more quickly.

Know what your policy covers, before you need it.

SponsoredContent_AIGThis advice may sound obvious, but experience has shown that all too often, companies are not aware, in detail, of what their policies cover and don’t cover.  As Noona Barlow, AIG head of financial lines claims Europe has noted, particularly in the case of small to mid-size organizations, “it is amazing how often directors and risk managers don’t actually know what their policy covers them for.”   This can have dire consequences.  In the case of D & O insurance, for example, even a “global” policy many not cover all situations, because in some countries, companies are not allowed to indemnify their directors.  Obviously, these kinds of facts are important to know before rather than after an incident occurs.  So it is important to have an insurer with both a broad and deep understanding of local laws and regulations wherever you have exposure, in addition to an understanding of the technical details of working through the claims process.

Make sure your data management policies are in order.

Successful risk management depends on having consistent, high-quality data on all of your risk-sensitive operations (manufacturing, procurement, shipping, etc.), so that you can quantify where the greatest risks sit in the organization and take steps to reduce them.  Good data, complemented by strong analytics, will also help you to identify potential problems before they occur.  It will also help you to maximize the effectiveness of your insurance purchasing decisions.  Frequent, detailed conversations with your insurer will help you to identify any areas where additional data might be needed in the event of a crisis.

No one ever wants to find themselves in the midst of a crisis.  But if and when such an event does strike, if you have taken the steps above you will be much better positioned to work through the claims process – and reach an effective resolution – as quickly and as smoothly as possible.

For more information, please visit the AIG Knowledge and Insights Center.

This article was produced by AIG and not the Risk & Insurance® editorial team.



AIG is a leading international insurance organization serving customers in more than 100 countries.
Share this article: