Risk-Profiling Benefits

Thorough risk profiling is a key element of sound risk management. After completing a risk profile and developing a thorough risk map, risk managers can better understand how their organizational risks interact and how to address those risks. They can pursue the latter through classic risk-management tools of avoidance, retention, insurance, non-insurance contractual transfer, or loss control.

Risk managers can extract many benefits from the process of risk profiling, however. It enhances their awareness and evaluation of risks. It can identify critical contingencies and locales. It can help the decision-making process regarding which risks to manage, which to retain, and which to insure. It affords superior cost/benefit analyses regarding the price of insurance. Finally, upper management can benefit by using it as a strategic tool for optimizing a business' survival odds in the event of a crisis.

Risk profiling also gives a risk manager more bang for the buck by channeling energies into areas posing the greatest risks to the company or organization. Benefits transcend impressive-looking grids, though. Without follow-through action and execution, risk profiling is an empty exercise. Instead, risk managers must have the discipline to analyze and identify different loss exposures that organizations might face. After identification comes the hard work of formulating and executing plans to address the risks and acting on those plans. Such is the essence of risk management. Thoughtful risk profiling is a way for companies to leverage more from their efforts. It avoids a “ready — fire — aim” approach to risk management.

Boosting Enterprise Risk Management

Risk profiling helps risk managers in many ways. First, the exercise of going through it heightens an awareness and evaluation of all risks. Risk profiling helps identify critical contingencies and locations. It aids as a decision-making tool in deciding which risks to manage and which to transfer to an insurer.

Constructing risk profiles is closely related to enterprise risk management. ERM looks holistically at all organizational risks, including but not limited to, insurable risks. The discipline of constructing a risk profile advances the aim of ERM, which is to catalogue and address a comprehensive array of threats to an organization.

For busy risk managers, or those daunted by the risk-profiling process, various resources can help. Larger insurance brokerages likely offer such services. (Tip: Ask your broker if he has this expertise anywhere in his personnel depth chart.) Risk managers also can engage risk-management consultants to assist with the process. It may be money well invested.

Terry Coughlin, a CPCU-designated risk management consultant with Insurance Consulting Associates, admits that he sees few people formally mapping risk exposures. What he sees more often are practitioners tapping products like Silver Plume (www.silverplume.com), downloading checklists from web sites, and using these to identify exposures in an attempt to pass themselves off as experts. Relying on Silver Plume alone is dangerous, though, Coughlin believes. Many practitioners using technology lack the knowledge to plug the gaps that standardized checklists and templates overlook.

Other companies have developed software for risk managers who prefer to pursue the DIY route. For example, International Security Technology has a tool, CORA (Cost-of-Risk Analysis), which is a quantitative operations risk-management decision support system. Its purpose is to evaluate the return on investment/cost-benefit of proposed operations risk-management measures: threat mitigation, risk transfer, business resumption plans, and IT system recovery modes. (Interested risk managers can learn more about it by going to their web site, www.ist-usa.com.)

Is Risk Profiling Shunned?

Despite the benefits of risk profiling, many organizations welcome the practice as much as a root canal. Why do some risk managers and organizations avoid the practice? Likely, there are multiple reasons. Many companies see risk profiling as an up-front extra cost. Some process components may require specialized skills that the risk manager lacks.

Risk profiling implies that an organization may opt to avoid certain risks. However, upper management often considers risk avoidance unimportant when planning new business ventures. In some cases, upper management may perceive insurance as a necessary evil and dismiss risk mapping as a superfluous exercise. Other organizations may question its relevance to their core business, dismissing it as Chicken Little Syndrome for those who are afraid of their own shadows.

Risk mapping's benefits also can seem murky, unclear, or tough to quantify. Some components may appear arcane, requiring specialist skills. “Here comes another outside consultant! Guard the checkbook!”

Further, top management may not consider risk avoidance important when planning new ventures. Focusing on risks makes one look like a killjoy or obstructionist when the zeal is to do the deal. In some cases, upper management may feel that, because they have insurance, there is no need to do risk profiling. Insurance will take care of everything — won't it? Finally, many organizations do not see risk profiling as related to their core business, which admittedly lies not in managing risks but in manufacturing, service, etc.

Risk managers are unlikely to ever become famous through their own efforts at being a profiler. Becoming familiar with this analytical tool, however, can boost their efforts at enterprise risk management.

Kevin Quinley CPCU, AIC, ARM, is senior vice president of Medmarc Insurance Group in Chantilly, Va. He can be reached at [email protected].