Dos And Don'ts Of Risk Assessment
By Caroline McDonald
NU Online News Service, May 24, 10:54 a.m. EST?The biggest surprise to firms that do an evaluation of their risk exposures is not what they consist of, but their size and spread, according to a loss control expert.
Robert J. Smith Jr., senior vice president, Marsh Risk Consulting, in Chicago, said these were "common conclusions" that have come out of strategic risk assessments. His remarks were delivered at a recent Risk and Insurance Management Society Inc. New York Chapter meeting.
"Any of you who have been through a risk assessment process, if you were surprised [by the risks], I'd like to know," he said. "Most have not been surprised. They have been surprised by the magnitude and impact?they didn't realize how big the risk was and they didn't realize it was going to be that widespread in the organization."
Risk managers who want to begin a strategic risk assessment within their organization should first meet with "core people" within the organization to discuss the features and benefits to the organization, he said.
He explained that it's important to get buy-in from senior executives and to make sure they understand the risks, where the risks are coming from, and that the risks are being effectively managed. "If managing means they accept the risks, that's their decision."
Mr. Smith said a risk assessment is the first part of a process that leads to implementation of an action plan.
He described risk assessment as an ongoing process that "systematically evaluates multiple exposures, assets and impacts to arrive at a range of risk management solutions."
The key elements to a successful risk assessment process, he said, include senior management commitment; consistent and repeatable methodology; well-defined, documented and detailed risk scenarios; a consideration of multiple consequences; risks that are ranked by their likelihood; the risk's impact on the organization; and effectively-evaluated risk management strategies.
Factors that contribute to difficulties in implementing a successful strategy include no senior management support; poorly-defined process, expectations and roles; a schedule that is not maintained; and poor and infrequent communications.
Outlining a desired outcome up-front helps to define the process, he said. An action plan should include a scenario, costs involved, next steps that are needed and a list of who is involved.
The risk should be defined and ranked by measurable consequences, severity and its likelihood of occurrence. Significant risks need a "loss threshold definition," he said. The context of the risk assessment includes financial and strategic business goals, public image, and management and Board involvement.
When ranking a risk, he said that "low" is generally considered to be less than $5 million, medium is $5-to-$25 million, and high is $25 million and above. Every company, however, needs to decide what will "set the company back," when considering a risk's impact on cash flow and earnings, he said.
Patrick A. Hurley, insurance manager, treasury-insurance, for Consolidated Edison Company of New York, said that since strategic risk assessments examine the whole corporation, "you're going to need the support and cooperation of other departments. Sometimes securing that participation can be a challenge."
There are several reasons for resistance, he noted. The first is because "people don't like change. They see projects as a change in the way a corporation does things."
He explained that several factors influence people's reluctance to cooperate:
? A false sense of security with the familiar. Large corporations give employees a false sense of security because they create "a structured world that feels predictable and comfortable."
?People "can be resistant when something is not their idea."
? The project can be perceived as an audit, which can cause "some people to get defensive or downright hostile."
? Concern about potential criticism from individuals?that they were not previously aware of the potential risks or problems.
? The perception that "you are trespassing on other people's turf." This perception can throw up barriers which can "kill off many valuable ideas and obstruct the flow of information and communication between departments," he said.
? Other priorities. The average corporate executive's work week, he said, is now 56 hours. "It's been my observation when I take the commuter trains home that the trains between 4:30 and 5:00 p.m. are fairly empty and the trains after 6:00 p.m. are fairly crowded. So everyone is already putting in a very full day and they are going to perceive this as additional work that may disrupt their current projects, which are priorities."
Skepticism. "Here is another corporate initiative, and they'll question its value," he added.
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.