I’ve enjoyed working with undergraduate and MBA students to help them develop an understanding of corporate risk management, including some basic risk management techniques that they can use throughout their professional careers — regardless of their chosen professional disciplines.
More often than not, there is a special “aha” moment that occurs when a student grasps the concept that an organization that relies on as few as one or two people to “do risk management” for the whole enterprise is going to have problems down the line.
Enterprise-wide understanding of risk
Similar conversations between professional risk managers and business colleagues tend to focus on how to make risk management more relevant to the business. The core of these questions is a genuine desire to understand how best to ensure maximum liability protection for the organization.
From a liability perspective, managing risk starts with making good decisions on the front lines. It helps to have an enterprise-wide understanding of how risk is created and managed. By working hand-in-hand with the different corporate functions (such as IT, finance, human resources, purchasing and legal) as well as operating units, the corporate risk manager can use these eight core levers to maximize liability protection for the organization:
1. Understand the risk profile
The organization should understand the root causes and enablers of its liability risks. This includes understanding who creates each risk, who owns each risk and who manages or influences each risk. For example, a product liability risk can be created in design or manufacturing, owned by the business unit finance team, and managed by risk management or legal colleagues.
Although the risk manager can facilitate this understanding, the risk manager will need input and buy-in from the business, from internal and possibly external subject matter experts, from other corporate functions, and most assuredly from the risk owners themselves. It helps to understand the causes and impacts of the risk at an enterprise level.
2. Understand the risk implications for the business
The risk manager should facilitate a thorough assessment of the risk using both qualitative and, when possible, quantitative techniques.
It’s not enough to estimate the risk using past history, although this is a key input. The risk manager should facilitate understanding of how the risk can be expected to affect the organization in the near term as part of the business plan cycle and in the future in alignment with the strategic plan where possible. This includes an understanding of potential financial, reputational, legal and organization impacts to the organization.
3. Understand the organization’s risk tolerances
Recognizing that safe products and services are the top priority, accidents or other events affect an organization in several ways including potential liability claims. The leadership team and board of directors should understand the potential impact of major risks to the organization, and they should reach agreement on the amount of risk that is acceptable whether measured in human, financial, reputational or other terms.
Risk in excess of the risk tolerance should be improved through the right combination of risk management methods and tools, and it should be monitored regularly for any changes. The goal should be leadership team alignment regarding the organization’s willingness to allocate resources such as people, cost and management bandwidth to address each risk appropriately.
4. Understand the dynamics of the business
Often, organizations fail to understand that decisions made during the pre-product or pre-service planning stage can have risk implications that extend for years. One example of this is in manufacturing, where decisions made during design and sourcing can affect the liability profile of a product line many years down the road.
By partnering with business colleagues who touch the lifecycle of a product, service or business contract, the risk manager has a better opportunity to help fellow leaders enable the organization to achieve its goals and objectives in the safest possible manner.
5. Develop a liability risk management strategy
Risk should be managed within tolerance using the right combination of risk management methods and tools.
These may include risk and safety audits, risk control reviews, safety planning and education, risk discussions embedded within research, design and testing, other risk control and mitigation actions, appropriate contractual arrangements, and insurance.
6. Develop, negotiate and manage best-in-class insurance programs
The risk manager who truly understands the organization’s risk profile is in a better position to structure, negotiate and manage the corporate insurance program.
In the area of liability risk management, this often starts with an understanding of the organization’s risk and claims profile.
7. Ensuring effective claims management
A well-designed claims management function, whether in-house or provided externally by an insurer or other provider, is a key element in a liability risk management program.
Managing claims well from start to finish is the best way to ensure the right outcomes for claimants and the organization itself. It’s also a good way to gain the insights and analysis needed to manage liability risk as proactively as possible.
8. Leverage the knowledge, skills and network of your broker
Ask whether your coverage wordings including terms and conditions that are best-in-class for your business. Make sure your limits and program structure align with the risk and with your company’s financial posture and risk tolerance. Leverage the broker’s databases, risk quantification models and trusted advisors to understand the risk profile and how it might evolve over time.
Ask the broker and insurer to recommend the most appropriate pre-loss and post-loss services to assist with the overall liability management plan, as well as potential claim scenarios.
Learning how to deal with the complex network of insurers, brokers, service providers, internal stakeholders, claimants, business leaders and functional colleagues, and others who are part of any organization’s risk management system, is a core skill for any risk manager. This operational excellence approach to liability management will help the corporate risk manager understand, manage, insure and report liability risks effectively.
Laurie Champion is managing director and chief operating officer at Aon Risk Solutions. Opinions expressed in this article are her own.