Editor's note: Risk & Insurance®
asked risk managers to submit thoughts on how their industry has changed over past decades and where it is headed. Former Risk and Insurance Management Society Inc. (RIMS) President Ellen Vinck, director, risk management and benefits, for San Diego-based BAE Systems Ship Repair Inc.; RIMS board member Wayne Salen, director of risk management, at Palm Beach Gardens, Fla.-based Labor Finders International Inc.; and former RIMS President Janice Ochenkowski, director of global risk management for Chicago-based Jones Lang LaSalle Inc., were kind enough to respond.
Risk management has grown up from what started as an insurance placement function, or traditional "insurance department," to a fully evolved enterprise risk management department that in the most optimum of circumstances interfaces with every department specialty within an organization to assess risk of all types. The previous function of risk management, that of protecting fixed assets, property and people, is now ancient history.
I think enterprise risk managers are constantly thinking about risk in its most holistic form and trying to think ahead of the innate and obscure risk, in addition to thinking about the traditional risk.
Reputational risk, for example, wasn't given much thought decades ago. Now, the risk manager must demonstrate expertise in many areas of the corporation--business management, finance, environmental, safety and health, business development, marketing, mergers and acquisitions, human resources. High-level planning for business interruption and recovery have taken root during the last 10 years and now usually reside within the risk management function.
Our unfortunate evolution into a massively litigious society, where there has to be blame or responsibility assigned for every action, proves difficult to stay in control of.
Depending on the industry, we see many more risk managers with a Juris Doctor or prior litigation experience of some type. The advancement of risk transfer makes the negotiation of business deals much more complex, as the risk manager is not only concerned about the contractual risk but also concerned with the risk of lawsuits from our business partner's contractors and employees.
The days of exclusive remedy governing disputes in workers' comp have grown into the age of third-party tort against whoever can be held responsible, directly or indirectly--especially for companies in the service industries or companies entering into teaming arrangements.
The fallout is a much more executive-level risk (requiring an) executive who understands not only how his or her business operates but is not caught off guard at a critical moment and ensures the long-term return to business as usual after the occurrence of an extraordinary event.
I find that the 21st century risk manager participates on all high-level committees, is a part of the mergers-and-acquisitions team, is advising the C-suite on all aspects of risk to the organization, and finds that his or her advice is embraced and considered part of the decision-making business process.
I don't see a 90-degree turn away from this in the near future but rather a continuing refinement and growing acceptance and embrace of enterprise risk management, which for many midsize companies is only starting to take shape.
Higher education is a must for any executive risk manager wanting to be included in not only the decision-making of the C-suite but to be accepted as part of the executive management team.
Risk management, in the last 32 years, has moved up the organizational structure for the most part, and now has the ear of the C-suite whether just operationally, strategically or in all facets.
While many organizations still view risk management with a jaundiced eye, the vast majority of operations now recognize the strategic importance of risk management and the need to maintain a more long-term view of its value to the organization.
There is no question that risk management is integral to financial planning and strategic, regulatory, and compliance management.
The development of reputational and informational risk, for example, has created a more critical role for risk managers, a role that was nonexistent three decades ago.
The creation of distance connections, whether operational or otherwise, has created risks and opportunities that management had to neither worry about nor manage in decades past.
Risk managers have to be more involved now in the political and regulatory environments. Our expertise and management capabilities as to the cost of risk cannot be duplicated by legislative staffers or politicians looking for quickly fabricated "bills" that will endear them to their constituents and get them re-elected.
A global economy means a globally connected "cost of risk" that is far more complicated today than it was three decades ago.
Our interface within the organizations we serve is far more complex now than ever before. We serve as facilitators, mentors, trainers and motivators as opposed to the long-term tradition of "staff specialist" of the insurance world.
A particular role we have to play is as a change driver, as well as being the instigator of any enterprise risk development. An effective organization in any industry will be using the multiskilled risk manager more than ever before simply because of the skills a seasoned risk manager develops.
The trend of organizations creating the CRO position will continue for the foreseeable future as CEOs and governing boards become more comfortable with the assignment and the role.
I also think the accessibility of the risk manager will increase as risk management information systems (RMIS) mature from activity and protocol to measurement and performance, and I believe that risk management will become the haven of the "project management" duties because our skill sets make this inclusion a natural one.
I am also hopeful that we will see more mature and seasoned risk management professionals in the public sector, which is to say government and quasigovernmental organizations. That will benefit all of us.
STRATEGIC & DIVERSE
Although I was not present when RIMS began its mission 60 years ago, looking back, it is easy to identify some of the dramatic changes in risk management over the past six decades.
The most obvious differences involve technology, and the speed and efficiency that computers, fax machines, e-mail and video conferencing have brought into our world.
Not only are we able to do things faster, we can use technology to improve the accuracy and efficiency of those processes. Similar improvements in communication mean that we can speak to colleagues across the globe as quickly and clearly as to those across the floor. Overnight delivery services have made the world smaller and easier to access. Time zones and miles do not impose the impediments to business today that they did decades ago.
Risk management, therefore, matters when it comes to such issues as policy issuance, disaster recovery and claims, to name a few, which are all better managed today than before.
However, I think that risk management's most dynamic changes are in responsibilities and status.
In the beginning, risk managers generally bought insurance and managed claims. He--and it was likely to be a man back then--ran the insurance department.
Today, there is greater diversity in people working in risk management, and buying insurance is typically only one part of the broader scope of a risk manager's responsibilities.
From a strategic perspective, risk managers now work with senior management to identify risks and to implement selected strategies across the organization. Financial modeling, heat maps and business continuity are all part of the job.
While the purchase of insurance remains a key risk-transfer solution for most organizations, a growing number of entities purchase little insurance at all. Besides which, the range of risks to be managed keeps increasing. For example, 60 years ago terrorism and pandemics were not on most risk managers' radars.
The academic profile of the risk management department has also changed. Many risk managers once upon a time started their careers as insurance underwriters, safety managers or insurance brokers.
Today, while some still follow that career path, undergraduate and graduate degrees in risk management are available. It is not unusual for a risk management department to have one or more members with M.B.A.s or equivalent advanced degrees.
Looking back, the practice of risk management has evolved dramatically over the past 60 years, as has the esteem with which risk managers and the discipline are held.
Looking ahead, we know that technology will continue to evolve in ways beyond our imagination, and the importance of risk management will continue to evolve in order to meet ever-changing business needs.
My hope is that 60 years from now, when risk managers look back to our time, that they view what we are doing as positive steps in the evolutionary process.
May 1, 2010
Copyright 2010© LRP Publications