The impact of Flood risk has typically been managed by government controls (building flood barriers, managing release of water via dams, and determining the locations and types of structures that can be built). Owners of properties are then responsible for the financial impact of any remaining risk related to flooding. This is often handled through the purchase of insurance and, sometimes, through reliance on a government disaster payments.
This approach has not been perfect. The National Flood Insurance Program has been around since 1958 and has so far managed to incur a debt well in excess of $24 billion. And 2017 was certainly a bad year for flood victims and insurers. Premium increases can be expected and may not be available for locations where there have been multiple claims over the years. (One location, for example, is said to have been flooded more than 30 times in 50 years).
There are new options for some flood damage control, such as replacing sandbags with chemical filling such as silica, which is relatively light, doesn’t require the labor associated with filling bags, and may be reused if floodwaters contain no significant pollution. Additionally, new technologies are being deployed to prevent flooding. These include hydraulic powered water gates in Tokyo, surge barriers in the Netherlands, and the Fox Point Hurricane barrier, which protected Providence Rhode Island against the surge of Hurricane Sandy.
Insurance of own property and other various controls are, typically, the primary methods to reduce the impact on organizations. So, how is this related to Enterprise Risk Management?
Enterprise Risk Management is about enabling the organization to achieve its objectives – a lofty goal, but necessary. When the board sets out its strategic plan that outlines key corporate objectives for the coming year and beyond, it would be highly unusual for the board statement to have any reference to buying enough insurance. Typically, organizational management is delegated with the task of meeting these objectives (and the myriad sub-objectives that required for attainment of overall corporate objectives).
- The role of insurance analysis and purchase is delegated to the Insurance Department,
- the purchase of sandbags and the like to Procurement based on the recommendations from
- the Safety or Facilities Departments, and
- the staff trained in preparations prior to the flood by the Training Department, with
- the Business Continuity team activating the Business Continuity plans, while
- the Finance Department works out how to try to maintain cash flows so
- the Treasury Department doesn’t have to deal with the effects of debt covenants, as
- Customer Services handles the calls from customers who are waiting for the products they have ordered, as well as being tasked with helping the
- Sales Department, which is challenged to make sales when they have no realistic expectation of when the products will again be available, and
- Human Resource backtrack on efforts to hire more staff and seek replacement staff if necessary, while
- Investor Relations prepares the responses required by investors and regulators, with
- The Procurement group gearing up to replace the many vendors who were key suppliers but who weren’t well prepared for the flood…and so on.
All things considered – just about everyone in the company is impacted by floods and many other significant events. But the issues affect even more related parties – it is not just the building that is flooded, it goes across the organization, and often well beyond into customers and vendors, and even to investors and regulators and many other stakeholders.
Enterprise Risk Management (ERM), as stated earlier, is about achieving the objectives of the organization. To do this effectively the organization needs to see all the connections between many moving parts – its risk ecosystem. No part can exist in isolation (imagine an insurance department that doesn’t ask a factory for updated values to insure, or Procurement buying tools that are not to be used anywhere ever in the organization). All stakeholders must be able to have access to see any changes in these connected elements. This cannot be done effectively without technology – people take vacations, new people in roles may not know from their personal experience the meaning of key risk indicators, and the risks keep on changing.
ERM works and reduces the Total Cost of All Risks (TCOAR) through the use of technology to support the unique ERM framework of each organization. With so many moving parts, no off the shelf software can work as effectively as a system that is configured for and by the organization, with automated data feeds and action plans firing workflow so the decision makers are kept adequately informed.
Each risk, including the risk of flooding laid out above, needs to be evaluated in light of all these elements—not just the current pricing of insurance. All relevant decisions should be recorded and accessible, and compliance with governance verified. With these functions working effectively and relatively easily, ERM can be extremely effective in reducing the TCOAR and supporting the attainment of corporate objectives.