The definition of “foreseeable” today is much broader, he added, explaining that “'foreseeable' means a total spectrum of risk,” and warning that firms unprepared for foreseeable losses will be held accountable in the stock market–as well as in shareholder lawsuits, he warned.

“In the post-9/11 world, 'foreseeable' includes the whole spectrum of natural hazards, terrorism and pandemic diseases,” he said. “So 'foreseeable' now includes a lot of serious threats, and the risk manager needs to realize they are not just dealing with the basic workers' comp and general liability and auto and property programs.”

Mr. Schmidt observed that “companies spend a phenomenal amount of time building up their brand, image and reputation–so, “unfortunately, one negative event can have a serious impact on that.”

Although risk managers can't prevent or mitigate every possible exposure, assessing hazards and the company's unique vulnerabilities will help detect and react to a problem quickly, and move to limit the damage early on, he said–”not days or weeks later, when the situation is potentially catastrophic to that company–which generates those suits.”

Many shareholder lawsuits stem from a significant drop in stock price and shareholder equity in the company, he said, citing a 2005 study by Oxford Metrica, which concluded that “the key determinant of value recovery relates to the ability of senior management to demonstrate strong leadership and to communicate at all times with honesty and transparency.”

The study pointed out that after a major loss, stock prices will drop, he noted, adding that “if the company is well prepared, well managed and able to deal with a difficult situation effectively, it might see a boost in its stock price.”

Mr. Schmidt noted that the typical tenure of a chief executive officer “is five or six years, but studies show that within that tenure the CEO will face some sort of a crisis. So in a sense, we're saying that it's almost a 100 percent chance that a CEO in that tenure will have to deal with a significant problem.”

Thus, he said, far-reaching risk management and loss control plans, policies and procedures need to be in place, ready to be implemented at a moment's notice–meaning that crisis management must not begin after the fact.

“Those are the things that can help prevent the shareholder lawsuit,” he said. “So whether you want to call it enterprise risk management or just good risk management, you have to look at that broad spectrum of risk.”

Carol A. Fox, senior director of risk management with Convergys Corp. in Cincinnati, Ohio, and vice chair of the Risk and Insurance Management Society's ERM committee, said shareholder lawsuits are “a risk that any public company would have, and how you approach that depends on a company's culture.”

“Good governance is the underpinning to avoiding shareholder litigation,” added Ms. Fox, whose company provides customer and employee management solutions, serving clients from more than 70 countries in customer care, human resources and billing.

“People think of governance as compliance, but we view it as more than compliance with laws and regulations. It gets to the core values of the company and how we approach our business,” she explained, noting that her company has over 62,000 employees and 72 customer contact centers, three data centers and other facilities in North America, Latin America, Europe, the Middle East and Asia.

When it came time to comply with federal Sarbanes-Oxley corporate governance standards, she said, her company was ahead of the game.

The firm already had an independent board of directors in place, “so that wasn't an issue for us,” she said. The company also has an orientation and training program for board members as part of its governance program, which includes self-assessments on board performance–both at the overall board level and at the committee level.

Non-directors are encouraged to make presentations at board meetings to give the board direct access to management, Ms. Fox said, “so there is an inherent transparency with our governance structure.”

Doing the right things with governance provides shareholders “the value they're buying into,” she said. “And if you have your internal governance infrastructure in place to do that, then there should be less concern from a shareholder perspective.”

Ms. Fox said the company has a strong, and tested, business continuity program. “We have operations in Florida and along the Gulf Coast,” she said. “Through the past two hurricane seasons, we had one of our operations on generator-fuel for about 10 days, while the rest of the community was without the power infrastructure.”

Multiple claims the company had filed with its property insurer were withdrawn, “because we didn't have any material impact to the business,” she said.

In the Philippines, she said the company successfully dealt with a fire in a high-rise building location. “Our employees followed our protocol by meeting in a different place and continuing business at another site,” Ms. Fox said.

The company has an incident command structure in place, with local incident commanders, trained with standard, global instruction, she said. At the senior management level is an issues management team that provide resources, direction and allocation of resources to the incident commanders.

But even with the best preplanning, testing is key, according to Ms. Fox.

“We have an annual mock exercise–this year it's on Avian Flu,” she said. Employees go through the scenario with the objective of thinking critically about the next step, including, “Who do they need to reach out to? Do they have the resources at hand? What else would be needed? [We test] rather than follow a book that may be outdated. It works,” she noted.

In addition to a good governance system and a strong disaster recovery plan, she said it's important for companies to have an effective enterprise risk management program to help management and board directors understand the company's critical exposures. She explained that research through RIMS shows that almost two-thirds of its members either have an ERM program in place or are working on one.

As for insurance coverage, Ms. Fox said that most public companies carry directors and officers policies to protect their corporate leaders, as well as provide “the ability to attract and retain good directors on [their] board.”

Meetings with D&O carriers and potential insurers consist of a team including the company's general counsel, chief financial officer and treasurer, in addition to the risk manager.

“We want that face-to-face meeting with our underwriters so they can ask direct questions of our senior leadership team,” she said. “We believe we're doing the best for the shareholders, and the proof is how the shareholders feel about investing in the company.”

Janice Ochenkowski, managing director with Jones Lang LaSalle Inc., in Chicago, which offers property management and investment management services on five continents, said that although a risk manager cannot be solely responsible for a company avoiding shareholder suits, they can take steps such as making sure the proper insurance coverage is in place, and that senior management understands what is and what is not covered.

Ms. Ochenkowski–who is also vice president, chief risk officer and a director at RIMS–added that it's important for risk managers to make sure underwriters “fully understand the businesses they're in so there are no coverage disputes after a claim is made.”

In an ERM model, she said, the risk manager works with others on the team to “create business practices to encourage transparency and openness in business dealings, and other things that would mitigate shareholder suits, or provide a defense in the event that they are brought.”

Transparency is important, she added, as is good risk management and good business practice. “It should help to insure that the decisions are understood at the time they're being made,” she said, adding that in the event of a suit, such practices help provide a good defense to back board decisions.

“There has to be great communication between the company and senior managers, so that there are no surprises to the board about decisions and actions of the company's management,” she said.

She said the D&O market is relatively softer than some other types of coverage these days, but the price of any individual program “will depend on the underwriter's assessment of the board and the activities of the board, as well as the company's history, such as previous claims or actions by shareholders,” which puts a premium on risk management.

Since retentions are generally based on the value of the underlying company and assessments by underwriters of the firm's credit-worthiness, “as stock prices and corporate values increase, it's understandable that the corresponding retentions would go up as well,” she said.

“In the post-9/11 world, 'foreseeable' [risk] includes the whole spectrum of natural hazards, terrorism and pandemic diseases.”

Donald L. Schmidt, CEO

Preparedness LLC