Category: GRC/ERM

Making “Remote” Risk and Insurance Technology Implementations Work

Over recent months, as a result of the COVID-19 pandemic, an estimated 50% of U.S.-based workers have been participants in a grand remote-work experiment. As Katherine Guyot and Isabel V. Sawhill point out in an article published by Brookings, Telecommuting will likely continue long after the pandemic, while the rapid switch to remote work has been driven by necessity, “COVID-19 may permanently change the way many of us work.”

Understandably, one of the most common questions we at Origami Risk have been answering during this period is related to what this change has meant—and what it might mean—for a complex, weeks-long project such as the implementation of a Risk Management Information System (RMIS), GRC technology, or insurance core system.

read more

Part Two: Location-Based Data in Crisis Response

In the second of a two-part series, we dive into what exactly location-based data can unlock, the reality that coronavirus may be here to stay, and what organizations can do if a data-overhaul is not an immediate, or near term, possibility.

Last week, in part one, we examined the critical role that location-based data plays in an organization’s response, planning, and reaction to crisis situations. One of the ramifications of the COVID-19 pandemic being that it is a location-by-location challenge, specific geographical information can be key in navigating the patchwork of the United States’ federal response to the outbreak.

This is the dark side of federalism: it encourages a patchwork response to epidemics. States and localities may decide to implement aggressive disease-mitigation measures, but need not do so. The defining feature of the U.S. response to Covid-19 therefore continues to be localized action against a threat that lost its local character weeks ago.—The New England Journal of Medicine

read more

Part One: Location-Based Data in Crisis Response

In the first of a two-part series, we examine the critical role that location-based data plays in an organization’s crisis response efforts and how compounding crises lead to an even more immediate need.

While initial outbreaks of COVID-19 hit densely-populated, urban areas of the United States the hardest, the coronavirus is now beginning to surge across less populated parts of America.

read more

Issue Management: What Happens When Everything Starts Going Wrong?

The economy is reopening whether organizations are prepared or not. What does restarting business operations look like in a world reeling from a pandemic outbreak and the problems that come with it?

A staggering 40% of businesses fail to reopen following a disaster and another 25% fail within one year following a disaster, according to a report published by Federal Emergency Management Agency (FEMA). Even organizations that survive disasters can remain fragile, experiencing disruption for years to come. While FEMA’s statistics were built upon “normal” disruptions—hurricanes, tornadoes, floods—we can see how impactful contained disasters are to businesses, leaving the world to wonder what impact the coronavirus outbreak will have on the global economy.

read more

The Solopreneurial Approach to Enterprise Risk Management (ERM) and Business Continuity Management (BCM)

Even with limited resources, ERM and BCM programs can still succeed.

“Boards are quickly creating risk committees focused on crisis planning and remote work data privacy—and they want a chief risk officer on speed dial,” writes Arianne Cohen in Risk Manager is Suddenly a Hot Job, a Bloomberg Businessweek article published in April that examines how the COVID-19 pandemic has brought the role (and responsibilities) of risk manager front and center. Interviewed by Cohen for the article, crisis management specialist Jonathan Bernstein sums the role up this way: “The job is about managing ‘wars you didn’t start, which will require immense resources to win, with domino-like consequences that contain a whole list of potential subcrises.’”

read more

How Companies Can Support Their Employees (and Clients) During COVID-19

Globally, we are seeing companies being pushed into having a remote workforce, whether they are ready for it or not, especially as more US states and countries issue shelter-in-place orders to slow the spread of COVID-19. While shifting to a remote workforce may seem like an impossible feat, there are steps you can begin taking now to help your employees transition, and by extension, improve the experience of your clients. Since our inception, Origami Risk has valued its remote capabilities and the talented team we’ve been able to curate because of it.

Whether you are a work-from-home veteran or not, we’re all facing unique challenges in this new environment—from learning to work alongside your spouse and kids, to dealing with the challenges of conferencing technology—there is always a learning curve when transitioning from office to home. As a company of “remote work gurus,” we’d like to help make that learning curve a little shorter by sharing what helps Origami’s dispersed team efficiently work from home, all while servicing clients without interruption.

Have Readily Available Resources and Training

Some employees have fully equipped home offices, while others may have difficulty adjusting to their new work environment for a number of reasons. From a lack of technological savvy, difficulty working without a second monitor, or simply the social adjustment that comes with telecommuting, there are a number of obstacles that can work against an organization that’s suddenly forced to shift to a fully-remote workforce. First and foremost, it’s important to check in with employees to make sure they’re equipped with the tools and resources needed to effectively work and service their clients.

read more

Demystifying ERM

Enterprise Risk Management (ERM) is all too often shrouded in ambiguous, confusing terminology that provides little clarity as to what, exactly, ERM programs do. It’s also not uncommon for an organization facing a barrage of evolving risks (cyber, reputational, supply chain, environmental, etc.) to create an ERM program with the hope/assumption that somehow — as if by magic — those risks will be mitigated. It is no wonder then, that many stakeholders remain confused or highly skeptical about the effectiveness of ERM programs, even as they recognize the pressing need to do something about emerging risks.

Proponents of ERM frequently point to heatmaps as a primary deliverable, which may only make the situation worse. While heatmaps can be a good tool when used properly, they aren’t necessarily the end goal. Furthermore, when used improperly, they simply highlight risks that the organization already knows about. The article Five Benefits of Enterprise Risk Management summarizes what this can lead to:

“Many organizations struggle with implementing ERM and identifying how, and at what level, to integrate it into their organization. Managers often say they are already aware of the risks for their respective areas of the business. In these situations, what value does ERM provide, and how does it enable better perspectives and management of risks and risk data?”

read more

What Risk Managers Can Learn from the Coronavirus Crisis

The alarming spread of the new coronavirus and its potential effect on the global business environment can be seen in recent financial market adjustments. The hyper-quick emergence of this risk is likely to spur a number of questions for risk managers whose organizations have international reach:

  • What happens if the coronavirus expands and becomes a pan-Asia crisis?
  • What do we do if our supply chain in large parts of Asia is threatened?
  • Does potential market upheaval have the potential to threaten critical capital projects?
  • Will this disrupt R&D that relies on technical research taking place in the region?

As troubling as these questions are, there is a wider view that is potentially even more unsettling.

The curse of living in interesting times

“May you live in interesting times” is a proverb that was supposedly intended as a curse upon enemy states. Recent events demonstrate why that should not be considered a blessing. Houston endured a 500-year flood three years in a row. Preemptive power shutdowns last year in Northern California illustrate the effects of colliding risks (wildfires from extended droughts and inadequate energy infrastructure) on the business environment. Geopolitical risks with far-reaching ramifications (from the unknowns of Brexit to the escalating tensions between the U.S. and Iran) are mushrooming.

Applying a traditional approach to enterprise risk management in such turbulent times could lead to disastrous results. Fortunately, the coronavirus crisis offers three valuable lessons that could help all organizations be much better prepared to face similar challenges.

read more

Three trends from the 2020 Origami Risk User Conference

Origami Risk users gathered in San Antonio from January 12-16 for our 2020 User Conference. The fifth such event hosted by Origami, this iteration of the conference was the largest to date, with more than 500 people representing organizations from across the risk and insurance industry in attendance.

Collaborative, hands-on learning opportunities led by members of the Origami service team ranged from “boot camps”—introductions to the system for newer users—to instruction on setting up dashboards and reports to more advanced topics such as system administration. Attendees also had the opportunity to meet with an Origami expert for one-on-one sessions for a closer look at specific features or areas of the system they wanted to know more about.

Client co-presenters led sessions covering a wide range of topics including GRC, underwriting, safety, audits, and claims administration, to name just a few. As in previous years, the delivery of actual use cases and the opportunity for those attending sessions to ask questions about the ways in which Origami Risk is being used to address “real world” challenges provided a unique opportunity for peer-to-peer learning. read more

Why the California Consumer Privacy Act (CCPA) may be the tip of the regulatory iceberg for compliance

On January 1, 2020, a new California regulation went into effect that may push many unsuspecting enterprises doing business in the state into costly noncompliance while also introducing reputational risk and threatening their brands. The California Consumer Privacy Act (CCPA) grants new consumer rights related to data storage, use, and protection. Companies failing to comply with these rules can be fined up to $7,500 for each violation. Despite the potential impacts, a recent survey by the IT security firm ESET shows how ill-prepared most enterprises are regarding this new compliance obligation:

  • Nearly half of all respondents had never heard of CCPA
  • More than 8 in 10 respondents did not know if the law even applied to their business
  • A third of executives were unsure if their organizations needed to change how consumer data was stored/processed
  • Nearly 1 in 4 respondents “didn’t care” about becoming compliant
  • More than half had not performed a risk assessment on cybersecurity within the past year

Given the stakes involved, this broad lack of urgency is concerning but not all that surprising. A DataGrail survey indicated that despite investing thousands of hours and being given a two-year head start, only half of the companies reported achieving compliance with the General Data Protection Regulation (GDPR), a similar data privacy regulation in Europe. Additionally, 70% of enterprises admitted the systems they were currently using to comply would not scale. When the pace of regulatory change is accelerating so rapidly, most enterprises are being caught flat-footed.

read more