Posts by: Alex Tillman

ERM – Moving beyond enterprise risk assessments and risk heat maps

Enterprise risk heat map

Risk assessments and heat maps remain central components in most enterprise risk management (ERM) programs. Yet there is considerable debate about their effectiveness and both tools have no shortage of critics. In 2011 Howard Sklar, a Forbes contributor, outlined one of the most popular criticisms regarding companies that viewed risk assessments as a document instead of a risk management process. He noted, “Companies that fail in this way are often trying to check the risk-assessment box on their program. That’s fine, as far as it goes. At first glance, a risk assessment seems like a low-ROI effort. You put in time and potentially money, and you get back a piece of paper laying out what you already know.

Similarly, others deride heat maps as nothing more than “colorful guesses.” Brian Priezkalns, in the not-too-subtly titled article, Why I hate Heat Maps, says “Heat maps are just a terrible terrible terrible way to understand, communicate about, and decide how to respond to risks. They either mess up what you already knew, or they hide the fact you are too ignorant to make a rational decision. Everything that can be done with heat maps would be done better with actual numbers.”

If these tools have such fierce critics, then why are they still central to most ERM programs? In this article, we’ll examine what drives the limitations, and the key missing ingredient that turns them into powerful assets. read more

RMIS tricks to avoid your own Groundhog Day

Another Groundhog Day has come and gone. Or has it?

In the movie Groundhog Day, weatherman Phil Connors (played by Bill Murray) is forced to relive the same day, over and over again, no matter how he tries to change the outcome. The Environmental, Health and Safety Newsletter recently compared the latest release of the Census of Fatal Occupational Injuries with previous years and observed a similar phenomenon.

The article notes, “The latest census is remarkably consistent with the previous reports. People continue to die in numbers, proportions and circumstances much as they did the year before, and the year before that and the year before that. There are a lot of Groundhog Days in how we’re getting killed on the job.” Even worse is the fact that these factors are no secret. “The same hazards keep killing workers,” the article continues. “What’s most likely to kill someone is not a trick question. It’s an open-book exam.”

If something as critical as lowering workplace deaths can get trapped in an endless cycle of no progress, it shows just how immovable some of these challenges can be. Lack of desire or effort isn’t always to blame.

read more

Complexity kills: How a single platform solution simplifies implementations

When insurance carriers undertake the process of upgrading critical IT systems, project timelines can drag on for years. Such a long project not only is disruptive and daunting, but also poses considerable risks. An analysis of a Gartner survey on the root cause of failed IT projects indicates, “[B]y ensuring that projects are kept small, and as a rule of thumb, not exceeding six months in duration, a much lower failure rate can be achieved.”

What contributes to longer implementations?

While every implementation faces a unique set of challenges, there are several common factors that can push out the go-live date.

Complexity

A multi-vendor architecture, layered with isolated legacy systems and a patchwork approach to quick fixes, breeds a complex environment where any change may be difficult. The Cognizant white paper Reducing IT Complexity to Accelerate Digital Business notes, “IT complexity has become a critical imperative — requiring businesses to fundamentally rewire and simplify their IT estate.”

read more

How to avoid the new OSHA “culture penalty”

Creating a strong safety culture can be challenging for any organization. Recent regulatory changes are placing an organization’s safety culture under additional scrutiny. In the EHS Today article The Risks of Using Injury and Illness Reporting as Measurements of Success, Mark Kozeal discusses how an OSHA rule change penalizes those with cultures that discourage reporting.

“Under OSHA’s update to its 2016 rule on recording and reporting workplace injuries and illnesses, such programs would be in violation of the law,” Kozeal notes. “Whether this incentivized culture was purposeful or inadvertent doesn’t matter. What matters is that any practice that incentivizes employees for not reporting an injury or illness or denies employees incentives if they report an illness or injury, can now be cited by OSHA.” This means that a poor safety culture can now affect the bottom line.

First steps to avoiding the “culture penalty”

Now that there is the possibility of additional regulatory costs associated with failing to create a strong safety culture, the importance of near-miss reporting is multiplied. As we discussed in Using RMIS technology to improve incident and near miss reporting, two factors are essential to developing a healthy safety reporting culture:

There is no quick fix when it comes addressing the factors that inhibit reporting. However, taking a number of practical steps that include making it easier to submit reports (addressing practicality) and allowing for anonymous reporting (reducing fear) can be a foundation upon which to build an effective safety program. With more data to draw from, the ability of risk managers and safety professionals to identify, analyze, and take strategic action to reduce the likelihood of injury is vastly improved. Over time, this can contribute to a breakdown in perceptions of uselessness and acceptance of risk.

read more

How to prepare for 2019 data breach trends

Data Breach Today offers predictions in What’s Ahead for Health Data Privacy, Security in 2019? While the article focuses primarily on health data, a few key trends apply more broadly and are likely to resonate with all types of organizations.

Prediction: Disruption from regulatory changes is likely

Rebecca Herold, author of 19 books on information security and CEO of The Privacy Professor consultancy, begins the list of predictions by examining the potential for agency updates to HIPAA. “Based on continued pressure from local, state and federal government agencies, law enforcement, researchers and others to ease the sharing of patient and mental health data by removing the need to obtain patient consent, I expect to see OCR issue proposed HIPAA updates,” she notes.

read more

What does it mean for you if Amazon offers claims management?

One of the Claims Journal’s most popular articles of 2018 covered the Altus report that investigated the possibility of Amazon entering the claims management sector. The fact that Amazon tried to poach employees from Lemonade and recruit for a new product manager position certainly provided enough circumstantial evidence to fire up the rumor mill.

The report highlights some of the advantages Amazon brings to the table. The customer-facing infrastructure — from Alexa and Echo devices to an online juggernaut offering an expansive consumer marketplace and digital media center — is unlike anything currently in the insurance space. In addition, Amazon Home Services, which offers on-demand repairs and potential assistance with installing large replacement goods; its array of supported smart home devices; and its direct access to customer purchase history make the company poised to completely transform the claims management process.
read more

Protect your career by thinking like a risk manager

On November 26th 2018, GM announced plans to close five plants and lay off 15,000 employees. Given the ongoing expansion of the US economy, the announcement came as a surprise to many. Speculation as to what GM’s move and other flagging economic indicators might suggest for the future of the economy at large serves an unwelcome reminder: No matter how steady the economy or how secure we feel in our current positions/careers, uncertainty is always with us.

Risk managers work to ensure organizations achieve their objectives as they operate in environments full of uncertainty. Risk management involves the practice of identifying the potential threats and opportunities an organization faces, asking “what if” questions to decide on the optimal response, then taking the appropriate actions based on that exercise.

read more

Looking back at 2018 — Five RMIS trends

The risk management industry certainly had an eventful 2018. As the calendar closes out another year, we’ve picked five prominent trends that may impact your organization in the upcoming year.

1. Increasing Damage from Natural Disasters and Extreme Weather

The 2018 list of major natural disasters is notable for its scope and intensity. From Japan’s flooding and mudslides to California’s wildfires to an unprecedented global heatwave, records for severity and damage were shattered throughout the year. One article noted that, “Nationwide, 8.5 million acres, an area larger than Maryland, have burned this year to date.” Unfortunately, extreme weather and increased natural disasters are becoming more commonplace.

In the article Step up your disaster preparedness, don’t wait for the news report, we discussed how to combine audit technology with weather alerts to develop a preparedness solution that works in real-time and ensures your organization is tested and ready when the next emergency hits.

2. Telematics Emerging in Fleet Management

Consumer adoption of telematics continued at a strong pace, particularly with drivers in the youngest age range, where some studies estimate four in five drivers have telematic-based policies. While the use of telematics to enhance fleet management programs has been underway for some time, the value of this data is becoming more clear.

read more

Industry Spotlight: Healthcare Risk Management

A healthcare risk manager can benefit from a risk management system.

Risk management in healthcare is a topic that is gaining increasing importance. A large driver of this attention is the shift from fee-for-service to value and outcome-based models. An article in the New England Journal of Medicine’s (NEJM) Catalyst blog notes, “For these reasons, hospitals and other healthcare systems are expanding their risk management programs from ones that are primarily reactive and promote patient safety and prevent legal exposure, to ones that are increasingly proactive and view risk through the much broader lens of the entire healthcare ecosystem.”

This demand for an expanded view of healthcare risks has fueled the demand for Enterprise Risk Management (ERM) solutions. The road to fully functional ERM programs, however, has proven to be a challenging one for most healthcare organizations. The NEJM Catalyst article cites a report from Healthcare Financial Management Association (HFMA) that states, “Despite the growing importance of programs today, and the raised awareness of their importance, many healthcare providers have been slow to adopt a more sophisticated approach… The current state for most providers falls between ‘basic’ and ‘evolving’ maturities for ERM programs.” read more

The data-driven risk manager

Despite the widespread ambition of organizations to create a data-driven culture, few seem to make the transition successfully. In the article Big Companies Are Embracing Analytics, But Most Still Don’t Have a Data-Driven Culture, the authors cite the results of this year’s annual New Vantage Partners survey on data issues. “Virtually all respondents (99%) say their firms are trying to move in that direction, but only about one-third have succeeded at this objective. This gap appears every year in the surveys, and the level of success hasn’t improved much over time.”

According to a Gartner study, a similar disconnect is found: 80% of CEOs claim to accept the concept of data as an asset, yet only 10% say their organization treats it that way. Given the fairly daunting odds, why are so many organizations still fighting the uphill battle to establish a data-driven culture? Because, as a TechCrunch article notes, “Being data-driven pays!” As proof, the authors cite an MIT study finding a 5-6% higher output in data-driven organizations and other research indicating a more than $13 payback for every dollar spent on analytics.

The importance of the risk manager

Given the potential payoff of a data-driven culture, the analysis-based role of a risk manager can be a linchpin in the effort to elevate the role of data in strategic decision-making across the organization. To make this transition, risk managers need to adopt an enterprise risk management (ERM) mindset, regardless of whether the organization actually has an ERM program in place. The core of this mindset relies on using data to influence decisions and direct actions.

read more