Calculating Total Cost of Risk (TCOR) for many organizations is a formidable task. Even agreeing on what the term means can be challenging. The Port of Houston Authority offered a concise yet effective definition in a 2016 presentation at Texas PRIMA, “A metric used to evaluate the success of your risk management process.” This definition underscores how critical TCOR is to understanding the effectiveness of risk management strategies across the entire organization.
The article “Total Cost of Risk (TCOR) – What Does It Mean to You?” notes that this valuable metric allows organizations to:
- Benchmark the costs (flexibly) against similar organizations
- Benchmark allocated risk expenses against other internal costs allocated to products and services
- Summarize risk management policies, procedures and appetites
Given the widespread acknowledgment of how essential this indicator is, why are most organizations unable to fully deploy it? Many organizations struggle to develop a sustainable process for generating TCOR component values. For example, one survey states that only 44% of respondents managed and tracked all components of TCOR. This post examines some of the barriers to more widespread adoption and outlines how the right RMIS can remove those roadblocks.
The benefits of TCOR
In its presentation at Texas PRIMA, the Port of Houston Authority outlined several key benefits they observed from using TCOR aside from the ability to benchmark externally. These include measuring progress towards risk management goals, communicating accountability to senior management, and developing a more focused risk and insurance strategy.
The feedback aspect of this metric encourages discussion and analysis of the most critical components of a risk management program. “TCOR is an invaluable communications tool”, said Carolyn Snow, director of risk management at Humana Inc., in a Risk and Insurance article. That same article likened the calculation to an engine warning light, signaling when “something is amiss, requiring further examination.” Others compare it to a barometer of health for your risk management program. What is clear is that without a comprehensive approach to TCOR, risk management efforts lose focus, isolate management actions from objectives, miss critical trends, and generally make progress more opaque.
What makes it so difficult
The data needed to generate TCOR is typically stored across multiple systems, often with no easy way to join it all together. This can require the time-consuming task of building and merging numerous spreadsheets, each adding one more layer to the result. “Full disclosure, [a TCOR analysis is] not an easy exercise to do right,” says Patrick Walsh, executive VP and chief claims officer at York Risk Services Group in the Risk & Insurance article “Capturing the Best Data.”
In addition to locating and exporting data from multiple silos, additional time is required to assess, update, scrub, and format each component, allowing disparate chunks of data to be stitched together. All of this must occur before any actual analysis even begins. The daunting scope of this administrative hurdle can be enough to derail a TCOR process before it even begins.
How a RMIS helps monitor and reduce TCOR
By centralizing all the relevant data in a single system, the need to chase data across multiple sources is greatly reduced or eliminated. In How to optimize your company’s total cost of risk while properly managing and measuring your risk data, Smart Business Magazine makes the case for a Risk Management Information System (RMIS) as the solution:
“A RMIS helps you obtain the right data and monitor performance of control mechanisms, which leads to improved governance. It also leads to more informed risk management decisions, which results in a targeted approach to reducing TCOR. A RMIS also gives you an enterprise-wide view of your risk exposure and delivers critical intelligence. Data from multiple external sources can be incorporated, as can data from internal systems, such as human resources and payroll.”
Origami Risk tracks loss related and risk transfer costs, associated fees, internal loss prevention project expenses, and any other data required to generate a TCOR calculation. Access to location information, claims figures, policy details, and other key data allows risk managers to focus on the analysis rather than pulling data together from multiple spreadsheets. With extensive integrations and data feeds available, all of the necessary data can be accessed through Origami Risk.
In the Texas PRIMA presentation, the Port Authority of Houston identifies some key points when considering how to implement a TCOR program:
Determine all of the elements of TCOR for your organization
Data collection (address quality/integrity issues)
How many years of data to include (balance responsiveness & stability)
Select benchmarks that
- Deliver the best value
- Capture true risk characteristics
- Relate to organization’s strategic goals/objectives
- Provide timely, relevant, concise information
- Are easily calculated & understood; measures progress
Why You Need to Understand Total Cost of Risk expands on this and cautions “it’s not just about premiums; TCOR also includes self-insured losses, internal administrative fees and outside vendor fees”. Regardless of how your organization determines which cost elements included, it is essential to make sure that the entire process is carefully aligned with your specific risk management goals and objectives. A one-size-fits-all approach potentially dooms the effort, turning it into an academic exercise instead of a critical component of risk management strategy evaluation.
The right RMIS system will eliminate the administrative roadblocks that prevent many organizations from realizing the benefits of TCOR analysis while offering the flexibility required to adapt to the unique risk management challenges your organization faces. In an upcoming post we will examine how to take the power of your TCOR analysis and transform it into unit level operational feedback through allocation models.