Category: GRC/ERM

Wrestling with ERM’s ROI

Trying to determine the value of enterprise risk management (ERM) is a difficult challenge. A quotation frequently attributed to Albert Einstein (although more likely originally said by sociologist William Bruce Cameron) gets to the crux of the issue: “Not everything that can be counted counts, and not everything that counts can be counted.”

Issues with measuring ERM value

Donna Galer, writing for the Insurance Thought Leadership blog, summarizes the reasons why the value of ERM programs are not easily quantified:

  • It is extremely hard to know when a loss did not happen because of ERM.
  • It is just as hard to quantify the cost of loss that did not happen.
  • It is difficult to quantify the “soft” benefits of enhanced reputation because ERM is practiced or because of improved strategic alignment in the organization; ERM requires an understanding of the company’s strategic goals and objectives to identify the risks that might derail their achievement.
  • It is often hard to justify the time and expense of measuring something that is not easy to measure.

Determining the objective value of a prevented loss or improved strategic alignment is highly problematic. Despite the very real value associated with those activities, determining a specific value without having an actuary assess probabilities and amounts seems extremely difficult. Not everything that counts can be counted.

read more

Timing is thingevery—How rushing leads to embarrassing errors

The pressure to do more with less is constant. But delaying an honest evaluation of your risk management information system (RMIS), while an understandable temptation, can lead to compressed timelines, rushed decisions, cost overruns, and additional grey hair.

Industry consolidation is forcing changes both good and bad. Regardless of whether you elect to stay with your current system or make a move, the worst-case scenario is to find yourself boxed in because you ran out of time.

There are a few critical factors a risk manager should take into account to ensure they are in the driver’s seat. Your time is limited, but your options don’t have to be.

read more

Elevate to better outcomes: How the happiest clients in the business are solving real-world problems with Origami Risk

A flexible, intuitive interface. Software expertise combined with insurance and risk experience. A collaborative approach to implementation that’s different by design. When selecting a Risk Management Information System (RMIS) that meets your needs, each of these elements is important, but in today’s market, these are baseline requirements. The critical factor influencing the choice of a system should be the answer to the following question: Will this technology drive meaningful business results?

Measurable outcomes are what really matter. The right RMIS must prove capable of contributing to your team’s ability to more efficiently analyze risk and insurance data, prevent losses, control claim costs, streamline renewals, and reduce your organization’s total cost of risk. If it cannot, what’s the point?

For some examples of the impact that partnering with Origami Risk has had on the business results of a few of our clients, please read on.

read more

Creating a Successful ERM Program: Why Ditching Spreadsheets Isn’t Enough

Technology is often the first thing risk managers turn to when seeking to enhance enterprise risk management (ERM) programs. The appeal of leaving behind a jumble of spreadsheets and manual processes for a single, dedicated ERM workhorse is undeniable. Yet, without the right context to shape the selection process, a new technology solution may not help at all. In fact, it could even make matters worse. read more

Flood risk – Insurance update or enterprise wide risk management?

The impact of Flood risk has typically been managed by government controls (building flood barriers, managing release of water via dams, and determining the locations and types of structures that can be built). Owners of properties are then responsible for the financial impact of any remaining risk related to flooding. This is often handled through the purchase of insurance and, sometimes, through reliance on a government disaster payments.

This approach has not been perfect. The National Flood Insurance Program has been around since 1958 and has so far managed to incur a debt well in excess of $24 billion. And 2017 was certainly a bad year for flood victims and insurers. Premium increases can be expected and may not be available for locations where there have been multiple claims over the years. (One location, for example, is said to have been flooded more than 30 times in 50 years).

There are new options for some flood damage control, such as replacing sandbags with chemical filling such as silica, which is relatively light, doesn’t require the labor associated with filling bags, and may be reused if floodwaters contain no significant pollution. Additionally, new technologies are being deployed to prevent flooding. These include hydraulic powered water gates in Tokyo, surge barriers in the Netherlands, and the Fox Point Hurricane barrier, which protected Providence Rhode Island against the surge of Hurricane Sandy.

Insurance of own property and other various controls are, typically, the primary methods to reduce the impact on organizations. So, how is this related to Enterprise Risk Management? read more

Origami Risk announces GDPR compliance efforts

Origami Risk has seen a particular focus in the marketplace on the new General Data Protection Regulation (GDPR). The GDPR is a comprehensive data protection law in the European Union (EU) that will become effective on May 25, 2018. It expands the privacy rights of EU individuals and applies to any organization processing EU personal data, whether the organization is based in the EU or not. The main goal of the GDPR is to strengthen the security of EU personal data.

Origami Risk is pleased to announce that we are committed to GDPR compliance when enforcement begins on May 25, 2018. We are also dedicated to helping our customers comply with the GDPR with regard to our services, which includes providing GDPR-related assurances in our contractual commitments. In addition, our data center, Amazon Web Services, has confirmed that its services will comply with the GDPR once enforcement begins.

Data security has always been paramount at Origami Risk, as evidenced by our SOC 2 audits and FISMA (NIST) authorization, our compliance with the HIPAA security rule, and our EU-U.S. and Swiss-U.S. Privacy Shield certifications. You can find additional information about our data security at http://www.origamirisk.com/why-choose-us/technology/security/.