Leaving No Stone Unturned

Crowbars (Interviews and Brainstorming Sessions): Personal interviews and group brainstorming sessions are the most basic tools with which to begin the risk ID process. While individual interviews may be time-consuming, direct Q&A sessions are a great forum to ferret out hidden issues via interactive discussion. Sensitive matters might be revealed quicker in a face-to-face meeting rather than in writing. The ERM team may also explore "what-if" scenarios more dynamically from multiple perspectives in a structured group format. Both interviews and brainstorming sessions also help involve more people in the ERM process, assisting long-term buy-in for ERM.

Belts and Straps (Surveys and Checklists): As flexible and easy to use as lifting straps, written questionnaires provide surprising value for minimal cost. Surveys that provide a common base of key questions help ensure consistency across departments in final answers. Written responses can be submitted anonymously to avoid respondent bias. Similarly, developing checklists for risk identification is a dynamic, low-cost way to help ensure the same issues are addressed and nothing is missed. One such checklist would be a master list of standard risk categories for participants to consider when evaluating loss in their particular area, showing the "universe" of potential types of risk (such as human, operational, reputational, financial, etc.).

Read More Risk Management Insights From Denise Tessier

Pulleys and Levers (Peer and Competitor Reviews): Companies can leverage work already done by others by asking peers about their own list catalogs. Since ERM is a relatively new field of study, involved compliance/risk staff and other professionals are typically willing and eager to share non-confidential information about industry-specific risks, helping to build ERM best practices in their markets. In many cases, companies can also find out what risks peers and competitors are following by reviewing public disclosures. Vendors and suppliers may also be polled, as they have a wide view of practices amongst business partners.

Support Belts (Select Experts): Internal or external experts can assist with risk lists and scenarios. Knowledgeable individuals in specialized areas of the industry often see beyond immediate, obvious risks. Outside experts are useful to provide an independent view on matters, and can compensate for possible biases held by internal sources. Experts may increase project costs, but often have valuable experience not otherwise available to the company.

Borrow a Hand Truck (Read the news!): Borrow information and seek out trends in other industries by reading local and world news and major publications from other trades. Developments in science, technology, and law all have a knock-on impact to the insurance industry, and losses in one market often predict future developments in others.

WHAT ABOUT ADVANCED TOOLS? CLICK NEXT

Scaffolding (A Strengths, Weaknesses, Opportunities and Threats Analysis): A SWOT plan is a more advanced tool – a framework to help focus risk identification assessment on the strengths and opportunities of a project, as well as the threats and weaknesses. Performing a SWOT analysis is similar to "list making" in brainstorming terms, but is conducted on a structured platform that forces staff to consider the potentially positive outcomes that may be overlooked using other idea-generation techniques.

Jackhammers (Workflow or Process Diagrams): Several advanced planning tools help mine embedded risks by acting as jackhammers, breaking apart workflows and systems so that specific tasks or actions can be evaluated in smaller chunks. These models can uncover risks hiding in such key friction points as production bottlenecks, inter-dependencies between business units, and failures of outside parties. Cause-and-effect or "fishbone" diagrams are useful for identifying causes of risks, and can show alternative outcomes for one potential course of action. System or process flow charts, such as a work breakdown structure (WBS), depict how various elements of a system interrelate, and the mechanism of causation. They can expose risks that are inherent in the inter-dependency of a project.

Further, an influence diagram is a simple visual representation of a decision problem, and offers an alternative, intuitive way to identify and display the essential elements of a decision, including uncertainties and objectives, and how they influence each other. Finally, decision trees help illustrate the overall risk associated with a series of related risks. Going through the decision tree analysis process may highlight areas of risk not previously considered through other methods.

Cranes (Software systems): While computer systems cannot replace the human, creative process of risk analysis, IT companies are constantly developing more robust products that are particularly helpful with the "heavy lifting" of basic risk ID and make the whole ERM process much easier. Software allows the ERM practitioner to either examine individual risks in greater detail, with supporting data, or assess the relationships between interrelated risks. IT companies are building in more industry-specific content for ERM assessment models, including "starter" or default risk catalogs. A wide range of applications are available that examine key categories of loss and ensure that identification is thorough. For example, there are programs that help insurers review and manage regulatory and compliance risk, monitor and project future claims, track customer and market behavior, examine potential future impacts to capital, and run predictive analyses of other insurance-related data.

DO(S) & DON'T(S)

Even the simplest of tools come with user guides. Whether you choose to use some or all of the above techniques, here are a few tips to help ensure your risk identification project runs smoothly.

• DO define what you mean by "risk." The word can mean different things to different people, and perceptions of risk can vary. There are many types of risk: credit, liquidity, reputational, etc. When conducting interviews, surveys, or in other communications, the more specific you can be on definitions of risk, the better.
• DO foster a balanced view of risk so that responses lead not only to the identification of potential loss, but also to opportunities. Instead of asking leading or negative questions such as, "What kinds of losses or claims could happen if we do 'X?'" keep questions and "what-if" scenarios neutral and broadly phrased. For example, "If we do X, what could happen?"
• DO include/question a variety of people who might have different perspectives on the same risk, project, or topic. For example, in the examination of the impact of a new product launch, the sales or underwriting team may have a very different view of the future than the claim or compliance departments. There are also many additional advantages to holding ERM meetings on-site, where participants are located and operations are conducted, so that co-workers and other staff can be reached quickly for further input on an issue.
• DON'T disregard or overlook any responses too early in the process. Document all responses from interviews or surveys, and evaluate all potential outcomes in the (later) ranking process, with multiple participants. Something that looks small or unimportant may grow, or may be an indicator of larger problems.
• DON'T forget about history. Study project documentation. Old "forgotten" risks may resurface, and often there is value in historical ERM records, which can provide more detailed insight into the causes and effects of certain actions, and concrete data, for business activities.

Resources for Identifying Risks

Explore natural resources. Several international and trade organizations have positioned themselves as ERM authorities and are natural sources to mine for "gems" of risk-related information. Of note:

• The Risk and Insurance Management Society, Inc. (RIMS) is a not-for-profit organization dedicated to advancing the practice of risk management. Insurers are well-represented in this organization, but also benefit from liaising with risk experts across multiple industries.
• The Global Association of Risk Professionals (GARP) is a not-for-profit organization and is the only globally-recognized membership association for risk managers. GARP's goal is to help create a culture of risk awareness within organizations, and it has an international network of risk management professionals who make up one of the world's largest financial industry associations. I.
• Since 2006, the World Economic Forum has issued an annual Global Risks report, providing a unique analysis of the risks that are shaping the global environment. This year's report, "Global Risks 2011, Sixth Edition," provides a high level overview of 37 selected global risks as seen by members of the World Economic Forum's Global Agenda Council.

Use these tools, techniques and tips to leave "no stone unturned" in the risk identification process.