(216) 609-3940
SandRun Risk
  • Home
  • What We Do
    • Risk Management
    • Insurance Claims
    • Insurance Archaeology
  • Blog
  • About
    • Team
    • Our Company
    • Articles
  • Contact

Enterprise Risk Management:  A Primer for Business Leaders – Part II (Evolution of the Corporate Risk Management Function – 1976 to 1990)

10/9/2019

2 Comments

 
Picture

​Until the 1990s, few business leaders thought of risk management as something broader than the procurement and administration of corporate insurance.  In this article, we explore the origins of the new field known as Enterprise Risk Management (“ERM”) and the value of the traditional risk management community to ERM.

“The literature of a subject constitutes a record of its evolution, and of the different aspects of which have received particular attention at various stages of its development.  Risk management has now been a term in general use for some thirty years, long enough for it to have developed from a largely theoretical approach to risk problems fostered by a handful of academics and far-seeing insurance managers in industry into a generally-accepted approach to the practical solution of certain types of problem in the industrial and commercial world, and in local government. . . Research into risk management immediately encounters some basic problems of definition.  There is still no general agreement on where the boundaries of the subject lie, and a satisfactory definition of risk management is notoriously difficult to formulate.”

- G. Neil Crockford, The Bibliography of Risk Management: Some Preliminary Observations, pp 169-170 (Geneva Papers on Risk and Insurance, 7 No 23, April 1982)

The preceding section described how a call for a holistic approach to risk management that is broader than the procurement and administration of insurance emerged long before today’s focus on Enterprise Risk Management (“ERM”).  In his seminal article written in 1976 for Fortune magazine, Felix Kloman opined that a holistic approach should begin with a “clear written statement of policy supported by the board of directors, designating the administrative authority for coordinating the risk management effort.” (Felix Kloman, The Risk Management Revolution, Fortune (July 1976)).

Fourteen years later, in 1990, Kloman defined a holistic approach to managing risk, a profession that began in the 1950s, as follows: {R]isk management should be seen more as a function than a specific person.  It should be practiced by many levels of management, with coordination and guidance from a senior level. . . .  How will the new risk management process function?  Ted Ferry of the University of South Carolina suggests:
  • We need an overview of checks and balances that studies every interface and assures that all risk elements are considered.  We need persons who can see the big picture, overview, coordinate, assimilate and bring every aspect of risk into focus.  
  • Using the new definition and these comments, risk management becomes a planning and strategic function, not solely an assessment, financial or safety one.
​
The new risk management will be an outgrowth of earlier efforts and disciplines.  It will be a true synthesis of many of the earlier ideas that have approached risk from a more limited vantage point.  The synthesis will be composed of ideas and efforts from the following areas:
  • Insurance management and risk funding.
  • General management theory and practice, from Henri Fayol to Peter Drucker.
  • Macro-risk assessment and decision risk theory and practice, addressing such areas as nuclear, natural disaster, and environmental risk.
  • Quality assurance methodology, for both products and services.
  • Loss prevention, safety, and security engineering.
  • Crisis management.
  • Financial risk maneuvers, including currency hedging and interest rate swaps.
  • Risk psychology, education, and communication.
  • Statistics and actuarial sciences

The new risk manager will not have to be, and certainly cannot be, an expert in each of these areas.  He or she will, however, have to be a manager in the broadest sense of the word, one who is at least conversant with the applicable disciplines and willing to look broadly and holistically at risk as it affects the organization (Felix Kloman, Risk Management Agonistes, Risk Analysis, Vol 10, No. 2 (1990)).

This call for a holistic approach from Kloman and his contemporaries (Other international experts expressing similar views included Gustav Hamilton, a risk manager in Sweden, and Neil Crockford, a risk management expert working in England) in other parts of the world emanated from increasing recognition that various business functions of a corporation (e.g., finance, operations, insurance etc.) were managing different kinds of risk separately and independently of each other.  These visionaries were sensing what previously-discussed leaders like Paul O’Neill and Stanley McChrystal came to realize – silos and stratification impeded building a shared risk consciousness that enables the right people at the right level to make better and timelier decisions with input from relevant and knowledgeable colleagues.  In the 1990s, the business and academic community would give a name to this concept of using a holistic approach to manage uncertainty:   enterprise risk management or integrated risk management.  

Where are we 30 years after Kloman’s call for a holistic approach or what we know today as ERM?  For starters, many organizations still follow the traditional model that equates risk management with insurance management.  This traditional model is oriented toward prevention of accidental loss, insurance purchasing and management, and solving specific insurance-related problems through some combination of avoidance, control and financing.  Subjects of interest include loss control, premium management which includes self-insurance and deductibles, claim management, and captive insurance companies.  Each of these subjects, in turn, have spawned additional areas of specialization and expertise.  Loss control, for example, has a mature base of expertise that includes fire and general accident prevention, health and safety, and security – all of which is designed to reduce the likelihood of a claim being made against an insurance policy.  Insurance companies benefit from increased profits that result from not having to pay out claims and policyholders benefit from having their premiums lowered.

Expertise with the prevention of accidental loss is a core skill needed for effective ERM as the technology industry is starting to discover.  A current fad in software development is the concept of agile development which is based on short iteration cycles that provide constant flow of program code to the customer.  Because requirements for software are presumably clarified with each iteration cycle, there is a tendency to dismiss the need for documentation or to make the documentation less detailed than it should be.  What happens when new members join the team and don’t know the details about certain product features or how they need to perform?  Even worse, software development teams do not last forever and what happens when the inevitable handover occurs and there is no preserved knowledge about how security was addressed, especially when security is an important part of the end product?

This brings us to our concluding thought for this section.  The traditional risk management community has an important and continuing role to play in the future development of ERM.   It is true that some risk is complex and can only be handled through continuous learning in an ever-changing dynamic environment.  But go back for a moment to risk and technology.  Not all cyber-security risk is complex; some of it is simple or complicated risk that can be handled through basic tools like multifactor authentication, strong password rules, and data encryption.  The challenge is getting business leaders, including systems developers and product managers, to recognize that security risk considerations need to be a core tenet of the design and developmental process and not something that is “bolted-on” later or mitigated by scans conducted by personnel responsible for information security.

Healthcare is another example where the traditional skills associated with preventing accidental loss arising from simple and complicated risk is important.  Healthcare acquired infections remain a leading cause of death and illness.  At any given time, about 1 in 25 in-patients have an infection related to hospital care, something we can easily classify as a preventable form of accidental loss.  These infections lead to the loss of tens of thousands of lives and cost the U.S. healthcare system billions of dollars each year.  

Why?  Sadly, the answer is that healthcare settings struggle with managing the types of simple and complicated risks that comprise basic policies and procedures for infection control.  These basic protocols include repetitive behaviors of hand washing and proper insertion, maintenance, and removal of devices such as catheters and ventilators.  At a more abstract level, hand washing is a type of simple risk that can be managed in a linear fashion through standardized procedures that yield predictable outcomes (less infection).  Similarly, using devices is a type of complicated risk that is managed by various experts coordinating the development and implementation of standardized instructions to achieve a specified outcome (again less infection).  This kind of work is what the traditional risk management community excels at.

​In short, simple and complicated risks will remain an important part of everyday life and the traditional risk management community is well poised to help ensure that ERM frameworks contain robust practices to manage this type of uncertainty.

2 Comments
fire engineer brisbane link
11/9/2022 12:50:28 am

Sotera’s service offering in performance based design is proudly backed by Dr Paul Clancy who was involved in the introduction of performance based fire engineering to Australia.

Reply
fire risk assessment link
12/13/2022 09:28:34 pm

Sotera’s service offering in performance based design is proudly backed by Dr Paul Clancy who was involved in the introduction of performance based fire engineering to Australia.

Reply



Leave a Reply.

    Authors

    Lori Siwik and Mark Siwik are the founders of SandRun Risk.  They apply the principles of vertical leadership and lean six sigma to the discipline of risk management.  From time to time they share their blog with guest authors who write about important risk management principles.

    Categories

    All
    Insurance Claims
    Mergers And Acquisitions
    Risk Management

    Archives

    March 2023
    February 2023
    May 2022
    December 2021
    September 2021
    August 2021
    July 2021
    June 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    June 2017
    May 2017
    March 2017
    December 2016
    November 2016
    October 2016
    August 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    February 2016
    January 2016
    December 2015
    November 2015
    October 2015
    September 2015
    August 2015
    June 2015
    May 2015
    April 2015
    March 2015
    January 2015
    December 2014
    November 2014
    October 2014
    September 2014
    May 2014
    April 2014
    March 2014

    Categories

    All
    Insurance Claims
    Mergers And Acquisitions
    Risk Management

    RSS Feed

What We Do.

Risk Management
Insurance Claims
Insurance Archaeology

Blog.

About.

Team
Our Company
Articles

Contact.

Legal.

Privacy
Terms of Use
 
Copyright ©2014 | 4199 Kinross Lakes Parkway, Ste. 275 Richfield, Ohio 44286 | 216-609-3940 | [email protected]