This document is offered to readers as an introductory template.  It was written to introduce principles of risk management briefly and serve as a basic framework for getting risk management started in organizations.  Not enough assumptions were made in its development to guarantee or warrantee its completeness or effectiveness.

The management of risk

Risk management for a business entity, in its broadest sense, may include management of all risk (uncertainty) faced by a company.  How much risk does your company want to manage?  What do you want to do before, during, and after your company accepts uncertainty or incurs a loss?  Do you want to develop a formal risk management program or just more of what you’ve used in the past?  Your reaction to these questions and use of the following information will influence your future. 

 

Companies face financial risks such as raw materials price fluctuations and new offerings by competition as well as property damage and liability risks.  Managing risk requires a theoretical mindset as well as hard work.  Risk managers’ and other employees’ efforts are put forth to reduce the likelihood of a financial loss and lessen the impact of any losses which do occur.  Risk prevention and risk transfer mechanisms should be used in coordinated ways.  These are commonly called “risk treatment” methods. 

 

Is risk management one of our strategic objectives?  Should our organization have a written “risk management policy statement” as a tool for our managers?  Such documentation may be used to reinforce how risk management work is performed in organizations by declaring organizations’ purposes and methods for risk management.  Risk management duties and reporting relationships for each department may be too vague to be well used during a crisis without such documentation.  The quality of such risk management reinforcement is dependent upon how well the:

q   workers’ documentation is composed and used,

q   department heads support implementation of their segments of the program,

q   documentation’s goals are aligned with the organization’s goals, and

q   organization implements its risk management program^.

^ A formal risk management program is an easily recognized system maintained for planning, organizing, leading, controlling, and reporting about the resources and activities that an organization needs to protect itself from the adverse effects of accidental losses and legal liability. 

 

Or should our organization take small steps to develop more than what is has been using, short of what is described above and illustrated in Exhibit A?  Business publications such as Risk & Insurance recommend risk managers do more than just remain insurance buyers and encourage “corporate managers to be less risk-averse” to encourage creativity in American business.  New rules and regulations of Sarbanes-Oxley should not make us more reluctant to take chances when good planning with careful implementation is likely to produce increased profits.

The most effective and efficient method of managing risks associated with most business ventures could be labeled: Do it right.  Employees, managers, and executives/owners doing the right things the correct ways at the best times will ensure risks are managed successfully.  Doing good work requires proper amounts of training and supervision. 

 

Training should be planned and implemented to make sure new employees learn the principles, practices, people, and processes they need to use to be successful.  Please design each training program/plan to enable learners to:

1.    Exhibit memory of previously learned material by recalling facts, terms, basic concepts, and answers to mentors' and customers' questions.

2.    Demonstrate understanding of facts and ideas by organizing, comparing, translating, interpreting, giving descriptions, and stating main ideas/purposes of what they learned.

 

Mentors who learn from their participation in the risk management process will begin to:

1.    Solve problems in new situations by applying acquired knowledge, facts, techniques, and rules in a different way for the new situations.

2.    Examine and break information into parts by identifying motives or causes.  Make references and find evidence to support generalizations.

3.    Compile information together in a different way by combining elements in a new pattern or proposing alternative solutions.

4.    Present and defend opinions by making judgments about information, validity of ideas, or quality of work based on a set of criteria.

5.    When accomplished, the above actions will enable your team to become a learning organization which will increase their productivity and profits.

Supervision should reflect well thought out planning and subject matter expertise.  Mentors, supervisors, managers, and executives/owners should focus on doing the right things more than just doing things right.  Too many customer-contact personnel are unable to successfully serve their customers because front-line workers are not being enabled by their supervisors, mid-level managers, and executives.  Business fundamentals such as measuring work, planning tasks, budgeting time, and decision-making techniques such as checklists, if/then tables, and decision trees should be used whenever such efforts will improve the quality of employees’ performance.  These basic fundamentals are important building blocks because: 

q       Relevant measurements are important because meaningful measures add value to work by emphasizing what matters most and leading honest employees to accomplish more relevant work than what distantly related measures emphasize. 

q       Planning is important because worker productivity should be so supported that it meets or exceeds customers’ expectations and leaders’ requirements. 

q       Management (acquisition, distribution, and use) of knowledge is important because plans must be realistic and workers must know what’s going on. 

q       Budgeting of manpower is necessary to help teams keep pace with consumer demands. 

q       Checklists, if/then tables, decision trees, and other visual aids enable employees to make more appropriate decisions more consistently. 

q       Flowcharts help people follow processes more consistently while feeling more comfortable and in control. 

 

The treatment of risk

Loss prevention is any effort put forth to pre-empt a damage or destruction of a property or reduction in the value of a property or business activity.  Risk prevention performed by a home builder should differ in style and substance from risk prevention performed by a hospital but not in results.  Both the home builder and the hospital should have fewer disruptions, distractions, and delays.  Both should be more customer friendly and financially profitable.

 

Risk transfer is accomplished when any action is taken or device is used whereby someone or a group agrees to indemnify or hold harmless another party which may suffer a loss.  Selling a property or purchasing accounts receivable* insurance are two illustrations of transferring risk.

* Transferring risk by purchasing accounts receivable insurance is recommended when duplication cannot be used.  Keeping duplicate accounts receivable records in a separate location may be a less expensive alternative to transferring risk associated with accounts receivable records (not being able to collect receivable income).

 

Spread of risk is a principle used when risk exposures (e.g., trucks in a freight yard; homes in a city) are separated by space or barriers in such a way that the likelihood of damage and destruction to multiple properties is reduced significantly. 

 

Duplication of property for reduction of risk is an option to be considered when risk exposures (e.g., accounts receivable records) can be replicated in some efficient and effective manner enabling stakeholders^ to reduce their losses when things go wrong.  If the primary property (e.g., computer data saved on a server) is damaged, destroyed, or taken, then the duplicate property can be used with little or no loss of income, production, etc.

^ The term stakeholders as used here includes all persons holding any interest in the profitability or sustain ability of an organization using risk management techniques.  When properly trained and supported, all employees recognize they are stakeholders along with managers, executives, and owners/shareholders. 

 

Like any other business initiative (e.g., marketing, underwriting), efforts to prevent and transfer risks must be effective and efficient.  Efforts to manage risk must help mitigate financial loss when it cannot be prevented.  Costs incurred to prevent and transfer financial loss must be less than the financial impact of going without insurance policies, safety programs, etc.  An effective and efficient risk management program produces a reduction in unscheduled expense and work uncertainty.  More specifically, good risk management produces the following benefits:

q      Costs of accidental losses, legal liability, and related fees not reimbursed by insurance or some other outside source are reduced or eliminated.

q      Costs of insurance premiums and/or other risk management techniques are managed if not lowered. 

q      Management teams’ fears are alleviated or reduced, thereby increasing the perception of ventures’ feasibility. 

q      The organization appears to be a safer investment, and. therefore, more attractive to suppliers of investment capital through which the organization can expand. 

 

The financing of risk 

The financial impact of risk may be transferred or retained depending upon property owners’ financial condition and risks associated with our people, our organization, our community, and our industry. 

 

The assessment of risk

Risk prevention and risk transfer should follow risk assessment.  Risk assessment is a set of actions performed with the intent of identifying, analyzing, and examining in ways stakeholders can learn and react to risk exposures profitably. 

 

The risk management process

There are six steps common to most risk companies’ management programs.  These steps include:

1.      Identifying Loss Exposures

2.      Analyzing Loss Exposures

3.      Examining the Feasibility of Relevant Risk Management Techniques

4.      Selecting the Appropriate Risk Management Techniques

5.      Implementing the Selected Risk Management Techniques

6.      Monitoring Results and Revising the Risk Management Program

 

Implementation of the traditional risk management process should result in learning the answers to questions such as:

1. What properties and people pose risks for our organization?  How should those risks be documented?  What are our goals, objectives, and mission/purpose?
2. How should we learn about each type of risk our organization faces?  What can be learned from our loss history?  How do we make sure everyone feels the need for participation in our risk management program?
3. What can realistically be done to avoid, transfer, insure, etc. our risks?  Who can help us?  What is typically done in our industry?  What is recognized as “best practices” in our industry? 
4. What should we plan to do to better avoid, transfer, insure, etc. our risks now and in the future?
5. What should we begin doing now, soon, and in the future to accomplish our risk management objectives?
6. How should we compare our results to our plan so we know how effective we become and discover what should be improved? 

 

When implemented, a good risk management program should identify, analyze, examine, and treat an organization’s loss exposures thoroughly and economically.  The following matrix shows how loss exposure types and risk management steps can be combined in one view to illustrate how they can be coordinated.

Forecasting the impact of effective risk management

Planning to manage an organization’s risk is a theoretical exercise which may have a positive impact if the effort is planned realistically and implemented as planned.  There are working models which show risk management efforts’ impact persuasively.  Protocol for theory that is taken seriously must include some sort of application framework so it can be applied and have a positive effect.  That means that at the very least, those offering theoretical guidance should include in their presentations some sort of worked examples so learners will be more likely to implement what they learn.  These examples should be suitable for easy translation into the user’s domain using computer models, visual illustrations, or other means. 

 

An even better approach, for risk management experts, would be to offer interested users the ability to obtain some sort of computerized sample of how the authors would suggest their theoretical work applies in the real world.  Readily available, portable desktop spreadsheet programs provide an excellent vehicle for this exchange.  The basic computer spreadsheet program provides a wide array of functional forms, including financial, statistical, and a variety of scientific formulas and functions “built in.”  These basic functions allow most if not all of even the most sophisticated financial models to be run in this environment.  Spreadsheets also provide very powerful and expressive graphic abilities, to display financial data, loss details, and risk management results. 

Reference material:

Risk Assessment First Edition by Barnoff, Harrington, Niehaus

American Institute for Chartered Property Casualty Underwriters/Insurance Institute of America

 

A Consultative Framework Based on “Working Models” by Mark Jablonowski, CPCU, ARM

CPCU eJournal August 2006  

 

Greenberg: Musings on the Buy Side by Jack Roberts & Cyril Tuohy

Risk & Insurance May 2007

 

http://www.iqpc.com/cgi-bin/templates/singlecell.html?topic=545&event=13814  risk mgt template for oil drilling & production organizations

 

http://www.nhsla.com/RiskManagement/  risk mgt templates for medical organizations

 

http://www.rims.org/home.aspx?AliasKey=a2efbd93-01af-4f9a-91bb-c9bab7221c96   the main portal for the Risk & Insurance Management Society “RIMS” organization

Exhibit A

– an example of a standard risk management policy statement document

 

 

 

Exhibit B

– a request for proposal template

 

 

(Insert date sent)

 

(Insert contact information for Broker/Agent Firm recipient)

 

Dear __________:

 

Re:  Risk Management & Insurance Broker/Agent Selection Proposal Invitation

 

Our company is in the process of selecting a firm specializing in risk management to improve upon our program and begin managing our safety, employee insurance, and loss control programs.  A committee has begun inviting a number of brokers/agents who we believe have the capability of providing us with these services.  We hope you will participate by gathering information and providing us with a proposal. 

 

The primary goal of our risk management committee is to select the broker/agent who will be the most effective and proactive partner in assisting us to: 

q       Define our overall risk management needs

q       Reduce our overall risk management cost

q       Enable us to better protect our corporate assets and future profitability

q       Provide a high level of customer service to our stakeholders in helping us assess and manage risk

q       Provide an efficient and cost effective means of processing  information and/or claims

 

Our process is formally structured and will require that any broker/agent/firm complete the attached Broker/Agent/Firm Qualification Form to be considered.  Your completed responses to the questions on the Form must be returned to me no later than 30 days after the date of this letter.  Responses received after the due date will be disqualified.  We will evaluate the responses within 30 days of receipt and narrow the list to no more than three firms to continue face-to-face discussions and negotiations.  Ten days subsequent to the final face-to-face meetings we will select the broker/agent/firm we will be working with us on our property/casualty and employee benefit renewals.  

 

To assist you with your proposal, an Information Packet is available for your request.  This packet will provide you a brief background on the history and services offered by our company.  The current levels of coverage and historical loss information will also be provided in the packet. 

 

Do not contact insurance markets on our behalf at this time!  At this point in time, we are only seeking background information regarding your firm with indications of how you would approach improving and managing our insurance and risk management program.  Your response to this invitation should be developed solely on the basis of your firm’s knowledge and experience as feedback to this invitation and our information packet. 

 

If you have any questions concerning this letter or the packet we offer you, please submit them in writing to me at the letterhead address on this letter or by e-mail at (insert e-mail address) and followed by phone calls to me at (###-###-####).  We look forward to receiving your response by (insert date 30 days after the date of this letter).

 

Sincerely,

 

(Insert our contact information for the sender)

The information packet mentioned above includes information listed below:

 

 

 

Description of Our Company’s Operations

 

·          Brief description of our business operations

·          Nature of our business

·          Primary services we provide

·          Proposed services being considered/planned

·          Projection of our annual sales for 20__ 

·          Estimated annual sales with source information

·          Our locations

·          Number of employees...by location

·          Payroll dollars

·          Listing of our insurable assets...detail by location

·          Our company brochure with our marketing materials, internet web page, etc. 

 

 

 

 

Copies of Current Insurance Policies (Excluding Premiums)

 

 

 

 

 

 

Historical Losses (Last 5 years)

 

·          Currently valued...summary of paid & reserved amounts by period and by line of coverage

·          Detailed explanation of all losses of $__,000 or more

·          Copies of loss runs

 

 

 

 

Broker/Agent/Firm Qualification Form

 

All participants must complete this Qualification form to be eligible to participate in our selection process.  Please provide answers to the following questions in the table that follows.

 

Exhibit C

– an outline of a typical risk management program’s document

 

 

COMPANY NAME

INSURANCE AND RISK MANAGEMENT POLICIES AND PROCEDURES

 

 

A.        PURPOSE

 

The purpose of this document is to establish policies, procedures and responsibilities for the Insurance and Risk Management activities for Company Name its divisions and subsidiaries.  The goal is to avoid losses that will significantly impact the financial condition of the Company and to reduce claims costs for both past and future claims.

 

 

B.         POLICY RESPONSIBILITIES

 

1.       This policy is issued and maintained by the Treasurer who is responsible for its interpretation and revision. 

2.       The policy will be communicated by the Treasurer to appropriate personnel, made available to Treasury staff on the G:/Treasury/Insurance directory, and revisions will be communicated by e-mail on a timely basis.

3.       Exceptions and changes are reviewed and, if appropriate, approved in writing.

4.       The Treasurer will review these policies and procedures at least annually.

 

 

C.         ENFORCEMENT The Director of Risk Management and Treasurer are responsible for reviewing compliance with this policy.

 

 

D.        AUTHORIZATION LEVELS All authorizations for contractual commitments and payments will be in compliance with the Corporate Financial Policies and Procedures Authorization Policy (“Authorization Policy”).

 

 

E.         DUTIES AND GENERAL RESPONSIBILITIES The Corporate Risk Management function has authority, within the limits of the Company’s Authorization Policy, and responsibility for directing and coordinating all risk functions. It is responsible for:

            ·   Risk Analysis

            ·   Purchase of Insurance

            ·   Claims management

            ·   Selection of Insurance agents and brokers

            ·   Coordinating information and acting in an advisory capacity with regard to Risk

     Management matters (fire protection, safety, security, contracts and legal documents).

·   Communicating with Senior Management concerning all Risk Management matters.

·   Corporate Risk Management does no accounting activity.  All accounting activity for

     Corporate Risk Management is done by the Stamford General Accounting Group. 

 

F.         CORPORATE RISK MANAGEMENT FUNCTION ACTIVITIES

 

I.                    Risk Analysis

                  

a.       Maintain close communications with all operating and staff functions to keep abreast of Company activities to ascertain the nature and extent of potential loss.

b.       Analyze frequency and types of losses to determine the Company’s claim experience.

c.       Advise operating and staff functions on insurance and loss prevention measures, administrative techniques (training), and development of information on risk situations.

 

 

II.                 Control Exposure to Loss

 

Working closely with other Company functions (Safety, Facilities, the property insurance company(s) and property loss consultants) advise the most suitable and economic arrangement of property protection and safety, both in building design and operating procedures.

 

 

III.               Insurance Protection

 

a.       Determine, on the basis of Company policy and approved budget, analysis of loss exposures and in discussion with Senior Management, those exposures to be insured and those to be retained at the time of insurance renewals. This includes a determination concerning the appropriate limits of coverage for liability and financial protection insurance to be purchased, the financial condition and business practices of insurance companies under consideration and the concentration of insurance company risk.

b.       The Company’s insurance program is a global program managed by the Director, Risk Management.  No insurance may be purchased outside of this global program.

c.       Work with other corporate and operational personnel in developing insurable values for property.

d.       Select qualified Insurance Broker(s) (See Client Service Agreement).

e.       Gather exposure/renewal information, which is provided to the insurance companies through the Insurance Broker. (See Client Service Agreement)

f.        Work with Insurance Broker to assess and monitor each insurance company’s financial condition both at renewal and on an on-going basis.  (AM Best) (See Client Service Agreement)

g.       Advise Senior Management of changes to an insurance company’s financial rating.

h.       Work with the Insurance Broker to review the current insurance program, identify weaknesses, and monitor concentration of risk.

i.         Evaluate acceptability of insurance premiums. (See Client Service Agreement)

j.         Immediately notify the Insurance Broker and all relevant insurance companies of any major changes in the business (example: acquisitions or divestitures).

k.       Develop, communicate and forward the company approve Insurance Section language for use in all third party contracts (leases, service, etc.) to all appropriate functions (Real Estate, Purchasing, Marketing, etc.).  Only exceptions are to be reviewed by Corporate Risk Management.

IV.              Claims Management

           

a.       The Corporate Risk Management function selects and negotiates all Third Party Administrator (“TPA”) agreements and general liability Claims Handling Procedures.

b.       Claims Reporting:

1)       Appropriate department (Fleet, Safety, HR, Legal) will call and report general liability (Auto, General and Workers’ Compensation) claims to TPAs;

2)      All other claims (Financial Protection, Crime, Property, etc.) will be reported to Corporate Risk Management for further processing with the insurance Broker and/or appropriate insurance company.

c.       The TPAs will report the status of all open claims either monthly or quarterly, depending on the year of loss.  Older claims will be reported quarterly.

d.       Open claims reports will include at a minimum: new claims, current status of prior existing claims, and claims payments.

e.       Corporate Risk Management working with the Insurance Broker will meet with and audit the company approved TPAs’ activity at least annually.  The audit will verify that the TPA’s claims management activity is in compliance with the company’s      Special Handling Instructions. (See attached).

f.        Review all open claims reports provided by TPA when presented; immediately address and reconcile any issues of concern.

g.       At least annually, audit all open claims in excess of $25,000 and a random sample of claims under $25,000 and loss reserves,

h.       Participate in investigation of major losses, and authorize settlement of non-litigated claims (within Company Financial Policies and Procedures).  Litigated claims are managed jointly with the Legal Department.  The Legal Department has claims settlement authority on all litigated claims.

i.         Review insurance company loss settlements and recoveries.

j.         Claims payments:

1)      Self-insured FTR claims – Under the existing services contract, the TPA has direct access to a company bank account and makes all claims payments from said account.  Sr. Financial Analyst, Rochester, NY reconciles payments with bank statement on a monthly basis. TPA has full discretion to make an individual payment of up to $25,000 on any qualified claim or loss.

2)      Self-Insured and Insured Citizens Claims – Company will fund a claims reserve account at the beginning of the year.  TPA will make all payments from the claims reserve and reports all activity on a regular basis (monthly or quarterly).  TPA will request reserve replenishment when it falls below a predetermined amount.

k.       Work with other Company departments (Fleet, HR, Safety, Legal) on pertinent claims matters.

 

 

V.                 Annual Budget

 

a.       Obtain and review insurance cost estimates from the Insurance Broker (see Client Service Agreement) and other sources (network groups, insurance industry publications, professional associations).

b.       Work with Treasury and Accounting to develop the Insurance/Risk Management annual budget, including an allocation basis of costs to different business units.

c.       Meet with Senior Management to review and obtain approval for the Insurance/Risk Management annual budget including expected insurance coverages, premiums and loss reserves for self-insured risks.

d.       Provide the approved budget and allocations to General Accounting to set up the Insurance/Risk Management accruals.

e.       Track actual Insurance/Risk Management premium expenses, claims payments and changes in loss reserves against budget and cumulative accruals.

 

 

G.         LIST OF INSURANCE POLICIES

            Automobile Liability
            Commercial General Liability
            Workers’ Compensation
            Excess/Umbrella Liability
            Owners’ Contractors Protective Liability
            Non-owned Aircraft Liability
            Railroad Protective Liability
            Property Insurance
            Directors & Officers Liability
            Outside Directors Liability
            Fiduciary Liability
            Blanket Crime
            Special Contingency
            Bonds

---