By Tom Starner
Over the past few months the staggering economy has shown signs of a pulse. Yet, even with that new glimmer of economic hope, the past three years have been so rocky for many organizations that risk managers today continue to live by the "do more with less" mantra -- the seemingly de facto operating slogan for American businesses.
Of course, sometimes hardship and lean times can lead to innovation and progress. In the case of risk management, tough times have meant a more intense focus on harnessing systems and technology platforms to reduce or even eliminate the more mundane manual tasks associated with the risk management function.
According to some experts and risk managers, in fact, technology advances -- over the past few years and those currently emerging -- are finally giving risk managers the power and opportunity to automate the "mundane" administrative chores, allowing them to be more strategic and focus on enterprise-level risk management. The more risk managers can harness these technologies, it seems, the more valuable their contributions to the organization become, and the more likely they will deliver strategic value and gain credibility from senior management -- the end game being the proverbial seat at the executive table.
"When we speak with companies and risk managers about the risks they face, general themes recur," said Ken Coy, a partner who heads the U.S. Assurance Governance Risk and Compliance effort atPricewaterhouseCoopers in Los Angeles. "Bottom line, complexity is going up and the interconnectedness of risks is also on the upswing and gaining momentum."
Coy quickly adds that the residual effect across organizations of trying to manage that complexity means the creation of an even larger number of so-called mundane, day-to-day tasks. So, to the extent that companies can leverage a technology solution to automate everyday gathering and processing of critical information, the better positioned they will be in dealing with growing complexity as it relates to scoping out and managing emerging risks.
For example, he said, within the past couple of years the capabilities of government risk and compliance tools have significantly increased.
"It wasn't too long ago, a few years, that government risk and compliance technology tools could not do the things they can do now," he said.
Joe DeVita, a New York City-based partner who leads the government risk compliance automation practice at PricewaterhouseCoopers, added that the concept of integrating the risk and compliance programs has been out there, but has not had broad adoption within the property/casualty insurance industry. New technology platforms, though, including cloud computing, software as a service and service-oriented architecture, indicate that the property/casualty insurance industry is embracing risk and compliance integration on a much broader level.
"Technology costs have come down," he said. "Much as was the case with enterprise resource planning systems 20 years ago, today those same types of enterprisewide systems are much less costly to implement. With risk and compliance, we see the same scenario emerging."
DeVita added that an automated, integrated government risk compliance effort crosses the many existing silos within an organization, so in turn that can greatly help a risk management department create the right governance and compliance plan -- which involves much of the so-called mundane administrative tasks.
Compliance and risk control need to be managed while rules change constantly, he said. "With today's newer technology platforms, you can create a much more adaptive governance structure whereby you leverage these great tools. Risk and control matrices are much more fluid and adaptable."
Laurie Champion, director of enterprise risk management at Aon Global Risk Consulting, has worked on the risk management side. She explained that it is much easier to make a business case for buying and installing systems when you already have done a good job using what already exists -- especially in terms of reducing manual processes through automation.
"In talking to risk managers, reducing and trying hard to eliminate the more mundane aspects of risk management has been a critical goal within their organizations," she said. "Naturally, reaching that goal then gives them a chance to turn their focus on the truly strategic."
That's the case for Sarah Pacini, vice present of risk management and insurance at Advocate Health Care Corp, a regional health care group based in Chicago. Pacini said the primary tasks being managed using today's risk management information systems (RMIS) technology mainly fall into the data collection and preparation area.
"We have successfully reduced the time and costs associated with most data-based tasks," she said. "Using our risk management information system platform, we are now better able to synthesize data both to eliminate the need for manual work and just as importantly, to present critical, risk management-related data to the C-suite so they can make better decisions."
According to Pacini, Advocate Health, which has more than 30,000 employees spread across 12 hospitals and acute care facilities in the Chicago area, has long had an affinity for being part of the technology uptake. As the risk management function has grown and taken advantage of risk technology, it has gained credibility along the way with senior management.
"We began with smaller challenges but now we are taking on bigger tasks," she said, adding that one major risk management challenge for health care is the heavily regulated environment, especially Health Insurance Portability and Accountability Act-driven privacy regulations, which present unique risk management challenges.
Pacini found that from simple tasks such as collating data to more complex ones such as drilling down and developing opportunities for cost saving and the best patient care, risk management has had to make the shift from silos to the enterprise. In turn, Advocate Health senior management has requested feedback when facing key business decisions. One example, Pacini said, is when an mergers and acquisition decision is on the horizon.
"Technology-based changes come with some trepidation, but risk managers must get out in front of this trend," she said.
Jo Harris, vice president, risk management for Dean Foods, a $12 billion Dallas-based global food and beverage provider, said when she launched her risk management career about 20 years ago, technology was basically risk management information systems providers offering databases that ran somewhat useful reports, albeit with very slow turnaround times. Today, that has changed, as Dean Foods uses quick turnaround of data analytics to drive risk management on a strategic level.
"Even with today's speed, the technology is barely keeping up," Harris said. "But we are so far ahead of where we were in the past."
As for the mundane tasks every risk management department faces, Harris said that at Dean, they have set up repeating tasks -- for example, to coordinate risk management activities -- so the day-to-day processes are all in sync.
"We have created a footprint using RMIS applications to drive the department's basic processes," she said.
Harris explained that once technology can allow risk managers to achieve that level of consistency and time-savings, then they will inevitably focus on higher level risk management efforts, such as analytics and predictive modeling. She added that while there are good solutions out there in terms of risk management information systems offerings, she and other risk managers now need applications that can be bolted across the multitude of internal systems and databases.
"Now that we have begun to master the mundane, we must be able to blend and meld the multiple data sets into a single analytic tool," Harris said. "That way, we can begin to look across the risk spectrum to understand the 'score and the statistics' behind the game we call risk management.
"There are still opportunities out there, and the next step is finding those solutions," she said.
Bob Morrell, CEO at Riskonnect, the Marietta, Ga.-based provider of cloud-based risk management technology, said the annual renewal process represents a prime example of how the mundane can be automated with today's technology. Morrell said, for example, that Riskonnect has a very large healthcare provider client with one of the most complex program structures in existence, with many parties involved. So renewal time is especially challenging.
"The technology even into the early 2000s was just not ready to handle such complexity, Morrell said. "But today, with cloud-based platforms and the innovative applications that sit on them, it can be done."
Riskonnect offers its clients a way to deliver renewal information that basically replaces email bouncing around between outside parties at renewal time by packaging the data and creating an instant "mini-website" that gives all parties access to a ready-made package -- with a central data repository.
"It is all delivered where they can download documents in PDF format," Morrell said. "The content is readily, and easily, available to where a risk manager can track it, or click on a link to update it."
The system knows what the processes are and who they go to, without the potential for wasted time resulting from email. This new system does the communication for risk managers and tracks the entire renewal process.
"The point is, people tend to spend way too much of their energy and time checking and following up," Morrell said. "We still have clients at that stage, but the goal is eventually to automate the entire risk management process, including renewals, claims, even the legal bills."
Mobile computing, in the form of tablets and smart phones, will play a large role in this effort to overcome the mundane and move to the strategic, he said.
"When it comes to reducing costs and time related to the mundane tasks, you had better have systems on mobile platforms," he said. "You have to be able to input and access data constantly. To have a truly automated process, humans need to see what is going on when they are not at their desks."
TOM STARNER writes about technology. He can be reached at firstname.lastname@example.org.
April 13, 2012
Copyright 2012© LRP Publications