Risk Management in 2012: ERM Programs, Cyber Risk, Accessing the C-Suite Top the List of Concerns, Opportunities

With the New Year upon us, NU spoke with some of the top players in risk management to discover where the greatest challenges and opportunities are in 2012. Some common themes that emerged: the increasing attention being paid to cyber liability; the ever-growing importance of developing, or further refining, an enterprise risk management (ERM) program; and the need for risk managers to position themselves not as insurance buyers—but as strategic, value-creating assets who can respond to the broader business concerns of their organization’s C-suite leaders. Digital subscribers can click on each response to read more from these risk experts.

Michael Liebowitz
Director of Risk Management and Insurance
New York University
Member of NU’s Risk Managers Advisory Board

I’ve spent five years here trying to get in front of the board. I finally got there, not with a traditional risk-management program but with an enterprise risk-management program. The people who sit on most boards are highly educated people, but they are not risk managers. They continually hear the words “risk management.” [The opportunity is to] show them how it’s working in their organization—and that it’s not just about insurance. All management is risk management. Risk managers need to understand that we need to get beyond the insurance-buyer idea. It’s the idea of getting into the business unit and providing a value-added service.

Karl Zimmel
Manager, Risk Management Services
UniSource Energy Corp.
Member of NU’s Risk Managers Advisory Board

Our IT department has done a good job identifying our cyber risk. In 2012 it will be time for risk management to make sure we optimize risk transfer and consider an insurance product or internal process in order to be ready for the handling of a potential event.

As risk managers we have not conceded we expect premium increases—but there isn’t much left to squeeze out of this market. I have been careful not to take full credit for the nice ride down with premium, because I don’t want the full blame if and when premiums are on the rise. This market cycle is particularly difficult because the economy just does not give any room in the budget for increases. But a flattening market is a much better opportunity to distinguish company programs and favorable loss experience than in a soft market when everyone’s premium is dropping.

Tim East
Director, Corporate Risk Management
Walt Disney Co.
Member of NU’s Risk Managers Advisory Board

The tempo of business has increased dramatically over the past 10 years; everything moves more quickly now, and we have to be more responsive to internal and external customers in terms of [identifying and responding to] trends and emerging risks. With the growing emphasis on enterprise and holistic risk management, we have to consider and evaluate an increasingly broader palate of risks.

Business leaders and operating managers are more attuned to and aware of risk issues than ever before, and this gives us the chance to get an open door to our messages. The insurance industry in many places is becoming more creative and responsive in order to create product differentiation—and that’s a plus for the risk manager.

The emerging generation of risk professionals is in many ways more connected and engaged in viewing risk management with a broad view and not narrowly limited by the purchase of insurance. This gives us the chance to pass the torch to a cohort prepared for the risks of the future.

Frederick J. Kohm
Partner, Economic Advisory Services
Grant Thornton LLP

Successful companies have the ability to utilize compliance departments and corporate governance to enhance and protect a company from many risks, including reputational, contractual and financial risk. A balance needs to be considered with compliance departments. Too much reliance on compliance and corporate governance in business decisions can choke a business. Not enough can expose companies to significant enterprise risk.

Risk managers in 2012 will have the opportunity to weigh these considerations and make an impact on how their companies utilize compliance and corporate governance in a meaningful way.

Relationships with struggling carriers and reinsurers can bring unwanted scrutiny from regulators, auditors, business partners and rating agencies. In a down economy, with continued financial struggles, risk managers will need to safeguard their company brand and reputation.

Significant loss history in recent years is a trend that should keep risk managers collaborating, generating thought leadership and strategies for their companies to offset potentially debilitating catastrophic-loss events. New models, planning and underwriting philosophies need to be considered in many lines for a number of companies.

William J. Montanez
Director, Risk Management
Ace Hardware Corp.
Member of NU’s Risk Managers Advisory Board

Global economic instability and increased frequency of worldwide natural disasters are on my list of concerns for 2012, along with global business risks (it is a challenge to keep abreast of changes taking place in countries we do business). Also on my list: cyber liability and privacy—it seems [this risk] will continue to grow as we try to stay ahead of persons bent on getting to our businesses’ information.  

Lori Seidenberg
Vice President, Enterprise Risk Management/Insurance Risk Manager
Centerline Capital Group

In terms of challenges, the National Flood Insurance Program continues to be reauthorized for the short term and always at the 11th hour. It’s difficult closing loans in 100-year flood zones with the threat of the national flood program being placed into hiatus. Hopefully, a long-term solution will be reached.

When it comes to opportunities, risk managers are taking on broader enterprise-risk responsibilities and getting support from the C-suite to create a risk-aware culture that ties decision-making and behaviors with risk tolerance.

Cindy Mallett
President of the Public Risk Management Association & Risk Manager
for the City of Gainsville, Ga.

One of the challenges of risk management is the need to be at the decision-making table. But I think just as important is interacting with the employee base in general—communicating about risk to the grass roots of our organization. We should also look to solidify relationships with brokers and insurance providers. They’re such a great resource, and we need to not forget that.

You also have the personnel piece. Employees are stretched thin and doing more with less. That’s cliché, but it’s so true. We’ve even seen it on the Workers’ Comp side. It used to be that when we had an injured employee we had the luxury of being very accommodating with light duty and having enough other people on the staff to spread the work around. But now because of some reductions in force and with careful scrutiny on hiring, when one person is out of your mix, it really strains the other employees.

With fewer workers, you get bogged down in reactive issues. But you still have to handle the day-to-day duties. One of my challenges for this next year is to take a step back and look at the big picture—how to breathe new life into our program.

Sue Chmieleski
Senior Vice President,
Global Risk Management and Loss Control Lead
AWAC Services Co.,
Member Company of Allied World

A big challenge for risk managers is being able to validate their return on the investment for the organization and being able to demonstrate why they are such a valuable asset. It’s a challenge as well as an opportunity.

For example, we’re undergoing tremendous change in the business of health care and the health-care-delivery system. Risk managers have a unique opportunity to make sure they are the experts on the changes and the stewards of their organization in responding to those changes.

One opportunity is that more organizations are relying on data collection and aggregation and trending. Risk managers can be at the forefront of that, and use that data not only to validate the return on investment [that risk managers deliver], but also to help organizations establish programs to mitigate the risks and then show the improvements. For example, in my area of health care: tracking data related to patient falls before and after implementing a fall-prevention program to demonstrate improvements.

More industries are recognizing the need and the benefit of enterprise risk management. For those risk managers who are at the forefront of understanding what ERM is, and who are able to garner support and develop ERM programs, that’s a tremendous opportunity. For those who don’t have a program, now is a good time to get started.

Deborah Luthi
Risk and Insurance Management Society Inc.

Being the risk manager for the San Francisco Public Utilities Commission, climate-change risks are important for my organization and others.

Risk managers are not the only individuals within organizations who manage risk. So it’s a great opportunity for us to reach out and collaborate with other risk practitioners within our organizations and bring it all together. These may include human resources, security, audit, compliance, IT. Risk managers can play a leadership role in creating those connections.

As a risk practitioner, I think we’ve got organizations focusing more on what we’ve got to lose than on what we have to gain. But there has been a subtle [and encouraging] shift from focusing not only on protecting value, but also on creating value.

For example, I saw a headline that said companies’ cash hoards have swelled by 11 percent; that the biggest U.S. publicly traded companies were holding on to their cash. That’s an opportunity for the risk practitioner to play a role in more of a predictive, strategic way for organizations to approach risk. With companies holding onto their cash, eventually and hopefully in 2012 they will begin to think about how to spend those resources—the wisest way to do so and what will create the most value for the organization. For risk managers practicing enterprise or strategic risk management, that process is exactly what organizations need to make those decisions strategically. So it’s an opportunity for risk practitioners to step forward and offer facilitation techniques to their organization to help them identify their objectives in spending those dollars and also help them identify the risks in doing that.

Featured Video

Most Recent Videos

Video Library ››

Top Story

Identity theft takes the sparkle off of the holiday shopping season says new study

Cyber risks affect shopping patterns according to Generali Global Assistance.

Top Story

5 things to know about the NAIC's new cybersecurity model law

The NAIC's newly-adopted Insurance Data Security Model Law provides guidance for carriers, agents, brokers and their business partners.

More Resources


eNewsletter Sign Up

PropertyCasualty360 Daily eNews

Get P&C insurance news to stay ahead of the competition in one concise format - FREE. Sign Up Now!

Mobile Phone

Advertisement. Closing in 15 seconds.