Best Practices for Risk Managers: Choose Complacency at Your Own Peril
Are your company’s risk management decisions aligned to its strategic and financial objectives? Do you empirically support risk management decisions and adjust course and strategy to keep pace with the changing risk landscape and financial strength of your corporate objectives? If you have answered “no” to one or both questions, you are likely not managing risk as efficiently across your company as you could. Even worse, you may be exposing the balance sheet to catastrophic scenarios that could significantly impair your company’s performance.
The good news is that strategy, data and capabilities exist to solve this problem. And the risk management team can make progress toward building alignment immediately.
Why Risk Management Teams Need to Transform
Three major factors in the last decade are changing the landscape for risk management teams that challenge their historical approach to the discipline and present a significant opportunity if the transformation is embraced.
First, senior executives have increased recognition of the importance of risk management for protection against a wide set of risks and issues. As a result, more risk management teams are reporting directly to the finance department or a chief risk officer and presenting to a risk review board that manages enterprise and insurable risk issues. With this change comes an increased expectation that strategy and decision-making are validated and meet the corporate standards for allocating capital and operating expenses.
Second, companies are experiencing a complex and evolving risk environment that is leaving executives looking for better ways to assess, quantify and project loss potential. As companies expand globally, implement complex technologies and connect with businesses and customers in new ways, they are likewise creating new points of failure and business risk to grapple with.
Third, data and technology capabilities have never been as mature to provide risk management teams comprehensive data integration platforms, analytics to assess and quantify risk and capital frameworks to evaluate the financial trade-off of risk financing.
The result is a multidimensional disorganized mosaic that requires risk management teams to constantly educate themselves to effectively ensure the needs of their company are addressed and protected. Alignment of corporate risk philosophy with the decisions and actions of a risk management team are critical to delivering value to the company beyond renewing insurance programs at a slightly lower premium year over year.
So What is a Risk Management Team to Do?
Look at widely adopted best practices of other professions. For example, an engineer and the standard design process or a software project manager leveraging a system development life cycle methodology. Risk managers can leverage a standard set of best practices, as depicted in Figure 1, to ensure consistency in approach and alignment of risk management strategies with the business objectives of the company.
Figure 1 – Risk Management Best Practices
While the methodology is depicted sequentially, in reality the relationship between the major parts of the framework is fluid, as represented by Figure 2.
Figure 2 – Non-sequential Nature of Risk Management
There are interrelationships between the various phases, and changes in any of the areas could have an impact on the others. The “art of risk management” is effectively managing the shifts in the business and risk environments in order to most efficiently manage the company’s capital while not exposing the company’s balance sheet to unnecessary and uncalculated risk.
Breaking Down the Risk Management Methodology
- Define and Align Risk Philosophy—seek to understand the overall goals and capital objectives of the company and translate the strategy into a quantified corporate risk tolerance. This appetite and capacity to bear risk will be used to ensure decisions the risk management team is making to retain and transfer risk are aligned appropriately with the objectives of the company.
- Understand Critical Risks—while the concept of identification of emerging risk issues has been prevalent for years, it is important to note that risks are dynamic. Take cyber risk for example, which is not emerging but is rapidly evolving. Companies should leverage industry loss data to identify the likelihood and financial impact similar companies have experienced and seek to understand how risk and issues relate to their own profile. Cast the net broadly, spanning strategic, financial and operational risk categories, but qualify and quantify to whatever extent possible to help the company prioritize the issues.
- Quantify Cost of Risk—if you want to add immediate value to leadership, develop a costing framework that aggregates fixed and variable costs in your risk profile across the portfolio. Despite this being a fairly straightforward concept, many companies do not have a clear understanding of how they spend their “risk dollars” or the protection it affords them. And consider costs spanning paid and reserved losses, administration costs to manage your risk portfolio and premiums the company pays to transfer risk, e.g., insurance premiums. Finally, build a roadmap or plan to impact the costs and protection gaps over a period of time.
- Optimize Risk Financing—the goals of risk transfer for any company should be to get the broadest coverage at the lowest cost with confidence the insurance company will be there when you need them in the event of a claim. An economic “trade-off” analysis, enabled by data, analytics and capital theory, can help to ensure the company is well positioned heading into market negotiations.
- Minimize Retained Risk/Cost—costs related to retained risk often represent a significant and possibly a majority of costs in a company’s total cost of risk. Risk management teams should consistently evaluate variances to industry averages, identify opportunities to influence both before and after claims and closely monitor the process of cost savings initiatives over time.
Treasurers already make decisions regarding financial risk and hedging by leveraging capital and probability theories. They are increasingly expecting risk management teams to improve their decision-making in a similar manner, which was recently confirmed in the Association for Financial Professional’s Strategic Role of Treasury survey.
If you weren’t able to answer “yes” to the two questions at the beginning of this article, expect you will need to in the future. Through leveraging a set of best practices, mature data, technology and analytics and a proven methodology, you can address these gaps today. There are better ways to manage risk.