With the New Year upon us, NU spoke with some of the top players in risk management to discover where the greatest challenges and opportunities are in 2012. Some common themes that emerged: the increasing attention being paid to cyber liability; the ever-growing importance of developing, or further refining, an enterprise risk management [ERM] program; and the need for risk managers to position themselves not as insurance buyers—but as strategic, value-creating assets who can respond to the broader business concerns of their organization’s C-suite leaders.
Click "Next" to read their responses.
Director, Corporate Risk Management Walt Disney Co.
Member of NU’s Risk Managers Advisory Board
The tempo of business has increased dramatically over the past 10 years; everything moves more quickly now, and we have to be more responsive to internal and external customers in terms of [identifying and responding to] trends and emerging risks. With the growing emphasis on enterprise and holistic risk management, we have to consider and evaluate an increasingly broader palate of risks.
Business leaders and operating managers are more attuned to and aware of risk issues than ever before, and this gives us the chance to get an open door to our messages. The insurance industry in many places is becoming more creative and responsive in order to create product differentiation—and that’s a plus for the risk manager.
Technology is both a challenge and an opportunity. A challenge because technology gives us the ability to create, publish and distribute more data, but often not more information—and people are being overwhelmed by it. Also, just because we can produce a report or perform an action through advances in technology, does that mean we should? Does it really add value?
The emerging generation of risk professionals is in many ways more connected and engaged in viewing risk management with a broad view and not narrowly limited by the purchase of insurance. This gives us the chance to pass the torch to a cohort prepared for the risks of the future.
Manager, Risk Management Services UniSource Energy Corp.
Member of NU’s Risk Managers Advisory Board
Our IT department has done a good job identifying our cyber risk. In 2012 it will be time for risk management to make sure we optimize risk transfer and consider an insurance product or internal process in order to be ready for the handling of a potential event.
As risk managers we have not conceded we expect premium increases—but there isn’t much left to squeeze out of this market. I have been careful not to take full credit for the nice ride down with premium, because I don’t want the full blame if and when premiums are on the rise. This market cycle is particularly difficult because the economy just does not give any room in the budget for increases. But a flattening market is a much better opportunity to distinguish company programs and favorable loss experience than in a soft market when everyone’s premium is dropping.
Our company turned lemons into lemonade when, like most companies, it had to limit hiring, but we enhanced our student intern program. Now on our second intern, I marvel at his opportunity to grow into the jobs of the three baby boomers in the department. Working in a college town enables us to develop the win/win that comes with a serious intern program.
Director of Risk Management and Insurance, New York University
Member of NU’s Risk Managers Advisory Board
I’ve spent five years here trying to get in front of the board. I finally got there, not with a traditional risk-management program but with an enterprise risk-management program. The people who sit on most boards are highly educated people, but they are not risk managers. They continually hear the words “risk management.”
[The opportunity is to] show them how it’s working in their organization—and that it’s not just about insurance. All management is risk management. I create a risk map—I find that 90 percent of the things that show up on an organizational risk map are exposures to an organization that don’t allow it to meet its goals. And they’re not covered by traditional insurance programs.
Risk managers looking to the next five years need to expand the view of their operations. They have to include exposures that are not insurable and look at things like reputational risk, legal risk and start to think about building an enterprise risk/strategic risk management program.
We need to be future or forward thinking, and in today’s economic climate, organizations are going to require that more and more. So the idea is to be indispensable.
William J. Montanez
Director, Risk Management Ace Hardware Corp.
Member of NU’s Risk Managers Advisory Board
Global economic instability and increased frequency of worldwide natural disasters are on my list of concerns for 2012. I don’t think we are out of the woods yet, with uncertainty in the EU and rising production costs in third world countries.
Another challenge is global business risk (it is a challenge to keep abreast of changes taking place in countries we do business).
Also on my list: cyber liability and privacy—it seems [this risk] will continue to grow as we try to stay ahead of persons bent on getting to our businesses’ information; and ongoing reputational risks—we are always vigilant in protecting our international brand.
Vice President, Enterprise Risk Management/Insurance Risk Manager
Centerline Capital Group
In terms of challenges, the National Flood Insurance Program continues to be reauthorized for the short term and always at the 11th hour. It’s difficult closing loans in 100-year flood zones with the threat of the national flood program being placed into hiatus. Hopefully, a long-term solution will be reached.
As the economy is slow to recover, there is still an increase in “slip and fall” general-liability claims. Carriers are starting to react adversely to claims frequency by limiting exposure and increasing rates.
Also a concern are corporate-liquidity constraints that force organizations to stall necessary funding for risk-related issues, similar to the potential for higher general liability.
When it comes to opportunities, risk managers are taking on broader enterprise-risk responsibilities and getting support from the C-suite to create a risk-aware culture that ties decision-making and behaviors with risk tolerance.
Frederick J. Kohm
Partner, Economic Advisory Services
Grant Thornton LLP
Successful companies have the ability to utilize compliance departments and corporate governance to enhance and protect a company from many risks, including reputational, contractual and financial risk. A balance needs to be considered with compliance departments. Too much reliance on compliance and corporate governance in business decisions can choke a business. Not enough can expose companies to significant enterprise risk.
Risk managers in 2012 will have the opportunity to weigh these considerations and make an impact on how their companies utilize compliance and corporate governance in a meaningful way.
Relationships with struggling carriers and reinsurers can bring unwanted scrutiny from regulators, auditors, business partners and rating agencies. In a down economy, with continued financial struggles, risk managers will need to safeguard their company brand and reputation.
Significant loss history in recent years is a trend that should keep risk managers collaborating, generating thought leadership and strategies for their companies to offset potentially debilitating catastrophic-loss events. New models, planning and underwriting philosophies need to be considered in many lines for a number of companies.
Also of concern are cyber and white-collar crime, which headlined the Web and newspapers in 2011. Even more is promised for 2012, as the economy continues to suffer. More sophisticated cyber crime may evolve, bringing information, intellectual-property product or supply-chain loss.
President, Public Risk Management Association
Risk Manager for the City of Gainesville, Ga.
Because we’re in the public sector and any funding we have comes from the tax basis, the continued economic slowdown still keeps us in its grip. I think everybody continues to feel that and deal with the impacts.
In some localities, folks are getting property reassessments because of declining property values and some homes are in foreclosure. Of course that impacts the money the city or county has to operate. In addition, you have the impact to the tax revenues of businesses that may have failed during these last few years.
We as an organization are starting the prioritization process. One of the challenges of risk management is the need to be at the decision-making table. But I think just as important is interacting with the employee base in general—communicating about risk to the grass roots of our organization. We should also look to solidify relationships with brokers and insurance providers. They’re such a great resource, and we need to not forget that.
You also have the personnel piece. Employees are stretched thin and doing more with less. That’s cliché, but it’s so true. We’ve even seen it on the workers’ comp side.
It used to be that when we had an injured employee we had the luxury of being very accommodating with light duty and having enough other people on the staff to spread the work around. But now because of some reductions in force and with careful scrutiny on hiring, when one person is out of your mix, it really strains the other employees.
With fewer workers, you get bogged down in reactive issues. But you still have to handle the day-to-day things. One of my challenges for this next year is to take a step back and look at the big picture—how to breathe new life into our program.
Senior Vice President, Global Risk Management and Loss Control Lead
AWAC Services Co., Member Company of Allied World
A big challenge for risk managers is being able to validate their return on the investment for the organization and being able to demonstrate why they are such a valuable asset. It’s a challenge as well as an opportunity.
In many of the sectors, such as health care, we’re undergoing tremendous change in the business of health care and the health-care delivery system. Risk managers have a unique opportunity to make sure they are the experts on the changes and the stewards of their organization in responding to those changes. Risk managers also need to promote themselves as the experts.
One opportunity is that more organizations are relying on data collection and aggregation and trending. Risk managers can be at the forefront of that and use that data not only to validate the return on investment [that risk managers deliver], but also to help organizations establish programs to mitigate the risks and then show the improvements. For example, tracking data related to patient falls before and after implementing a fall-prevention program to demonstrate improvements.
More industries are recognizing the need and the benefit of enterprise risk management. For those risk managers who are at the forefront of understanding what ERM is and who are able to garner support and develop ERM programs, that’s a tremendous opportunity. For those who don’t have a program, now is a good time to get started.
It’s a good time to look holistically at an organization and its risks and how the risks affect one another.
President, Risk and Insurance Management Society
Enterprise Risk Manager, San Francisco Public Utilities Commission
Being the risk manager for the San Francisco Public Utilities Commission, climate-change risks are important for my organization and others.
Risk managers are not the only individuals within organizations who manage risk. So it’s a great opportunity for us to reach out and collaborate with other risk practitioners within our organizations and bring it all together. These may include human resources, security, audit, compliance, IT. Risk managers can play a leadership role in creating those connections.
As a risk practitioner, I think we’ve got organizations focusing more on what we’ve got to lose than on what we have to gain. But there has been a subtle [and encouraging] shift from focusing not only on protecting value, but also on creating value.
For example, I saw a headline that said companies’ cash hoards have swelled by 11 percent; that the biggest U.S. publicly traded companies were holding on to their cash. That’s an opportunity for the risk practitioner to play a role in more of a predictive, strategic way for organizations to approach risk. With companies holding onto their cash, eventually and hopefully in 2012 they will begin to think about how to spend those resources—the wisest way to do that and what will create the most value for the organization.
For risk managers practicing enterprise or strategic risk management, that process is exactly what organizations need to make those decisions strategically. It’s an opportunity for risk practitioners to step forward and offer facilitation techniques to their organization to help them identify their objectives in spending those dollars and also help them identify the risks in doing that.
We talk about wanting to be at the table and in the C-suite, so we need to pay attention to those risks as well. We’re good at the natural hazard risks and those exposures, but it’s being in tune with our C-suite and what keeps them up at night—or what they think they know that keeps them up at night—and all of those unknown unknowns