The responses to a recent Deloitte-commissioned survey of 300 in-house legal executives contain good news for those working closely with in-house legal departments on risk management and compliance-related issues. An executive summary of survey results, Going beyond risk and compliance: Enabling the Legal function to embrace digital transformation, indicates that a majority of respondents feel that in-house legal departments are aware of and open to the use of technology in efforts to make risk management and compliance more efficient and cost-effective.
While there is a willingness to move forward with the use of technology to automate repetitive tasks, improve collaboration, and proactively contribute to the overall strategy of their organizations, there is still work to be done. “Despite encouraging levels of awareness and signs of adaptability, survey respondents have revealed that there is still progress needed before the Legal function fully embraces digital opportunities,” write the study authors. “When they do this, Legal will be able to revamp its approach to risk management and compliance, thus becoming more agile, more integrated and more value-driven, playing an integral role in the delivery of corporate strategy.”
… read more
The risk management industry certainly had an eventful 2018. As the calendar closes out another year, we’ve picked five prominent trends that may impact your organization in the upcoming year.
1. Increasing Damage from Natural Disasters and Extreme Weather
The 2018 list of major natural disasters is notable for its scope and intensity. From Japan’s flooding and mudslides to California’s wildfires to an unprecedented global heatwave, records for severity and damage were shattered throughout the year. One article noted that, “Nationwide, 8.5 million acres, an area larger than Maryland, have burned this year to date.” Unfortunately, extreme weather and increased natural disasters are becoming more commonplace.
In the article Step up your disaster preparedness, don’t wait for the news report, we discussed how to combine audit technology with weather alerts to develop a preparedness solution that works in real-time and ensures your organization is tested and ready when the next emergency hits.
2. Telematics Emerging in Fleet Management
Consumer adoption of telematics continued at a strong pace, particularly with drivers in the youngest age range, where some studies estimate four in five drivers have telematic-based policies. While the use of telematics to enhance fleet management programs has been underway for some time, the value of this data is becoming more clear.
… read more
Risk management in healthcare is a topic that is gaining increasing importance. A large driver of this attention is the shift from fee-for-service to value and outcome-based models. An article in the New England Journal of Medicine’s (NEJM) Catalyst blog notes, “For these reasons, hospitals and other healthcare systems are expanding their risk management programs from ones that are primarily reactive and promote patient safety and prevent legal exposure, to ones that are increasingly proactive and view risk through the much broader lens of the entire healthcare ecosystem.”
This demand for an expanded view of healthcare risks has fueled the demand for Enterprise Risk Management (ERM) solutions. The road to fully functional ERM programs, however, has proven to be a challenging one for most healthcare organizations. The NEJM Catalyst article cites a report from Healthcare Financial Management Association (HFMA) that states, “Despite the growing importance of programs today, and the raised awareness of their importance, many healthcare providers have been slow to adopt a more sophisticated approach… The current state for most providers falls between ‘basic’ and ‘evolving’ maturities for ERM programs.” … read more
Despite the widespread ambition of organizations to create a data-driven culture, few seem to make the transition successfully. In the article Big Companies Are Embracing Analytics, But Most Still Don’t Have a Data-Driven Culture, the authors cite the results of this year’s annual New Vantage Partners survey on data issues. “Virtually all respondents (99%) say their firms are trying to move in that direction, but only about one-third have succeeded at this objective. This gap appears every year in the surveys, and the level of success hasn’t improved much over time.”
According to a Gartner study, a similar disconnect is found: 80% of CEOs claim to accept the concept of data as an asset, yet only 10% say their organization treats it that way. Given the fairly daunting odds, why are so many organizations still fighting the uphill battle to establish a data-driven culture? Because, as a TechCrunch article notes, “Being data-driven pays!” As proof, the authors cite an MIT study finding a 5-6% higher output in data-driven organizations and other research indicating a more than $13 payback for every dollar spent on analytics.
The importance of the risk manager
Given the potential payoff of a data-driven culture, the analysis-based role of a risk manager can be a linchpin in the effort to elevate the role of data in strategic decision-making across the organization. To make this transition, risk managers need to adopt an enterprise risk management (ERM) mindset, regardless of whether the organization actually has an ERM program in place. The core of this mindset relies on using data to influence decisions and direct actions.
… read more
Vendor management is becoming an area of increased focus for risk managers. The operational, financial, and regulatory risks third-party vendors and contractors pose to an organization continue to expand unabated. Despite the magnitude of the threat posed from lax vendor management programs, many risk managers do not feel their organizations have the technology and capabilities in place to properly face the challenge.
A Deloitte study notes that 94% of responding executives have only low to moderate levels of confidence in the tools and technology they use to manage third-party risk. Nearly 90% have similar lack of confidence in the quality of the underlying risk management process. Armed with dubious solutions and processes, risk managers fighting for effective vendor management assessment may find it an uphill battle.
The status quo may not hold
Recent New York Times coverage of the dire supply chain effects Hurricane Maria had on the availability of critical prescriptions in the U.S. illustrates how quickly vendor management issues can escalate. The article notes, “Federal officials and major drugmakers are scrambling to prevent national shortages of critical drugs for treating cancer, diabetes and heart disease, as well as medical devices and supplies, that are manufactured at 80 plants in hurricane-ravaged Puerto Rico.”
… read more
Trying to determine the value of enterprise risk management (ERM) is a difficult challenge. A quotation frequently attributed to Albert Einstein (although more likely originally said by sociologist William Bruce Cameron) gets to the crux of the issue: “Not everything that can be counted counts, and not everything that counts can be counted.”
Issues with measuring ERM value
Donna Galer, writing for the Insurance Thought Leadership blog, summarizes the reasons why the value of ERM programs are not easily quantified:
- It is extremely hard to know when a loss did not happen because of ERM.
- It is just as hard to quantify the cost of loss that did not happen.
- It is difficult to quantify the “soft” benefits of enhanced reputation because ERM is practiced or because of improved strategic alignment in the organization; ERM requires an understanding of the company’s strategic goals and objectives to identify the risks that might derail their achievement.
- It is often hard to justify the time and expense of measuring something that is not easy to measure.
Determining the objective value of a prevented loss or improved strategic alignment is highly problematic. Despite the very real value associated with those activities, determining a specific value without having an actuary assess probabilities and amounts seems extremely difficult. Not everything that counts can be counted.
… read more
As discussed in previous posts, the manufacturing skills gap is a critical risk that demands effective risk management strategies. The real world impacts that can be felt from this risk include:
- Increased wage costs
- Production inefficiencies
- Increased workers’ compensation expenses
- Inability to meet customer demand and potential loss of market share
- Inability to expand
- Decreased R&D effectiveness
In addition to the skills gap, manufacturers face numerous other risks arising from factors that include new regulations, geopolitical shifts, supply chain vulnerabilities, and environmental impacts. Added on top of that are the traditional risks that face all industries such as market risk, disruptive competitors, technology obsolescence, and health/safety risks. Collectively, manufacturers must address a larger number of risks, that change more frequently, and are more interconnected than most industries.
… read more
Risk assessments and heat maps remain central components in most enterprise risk management (ERM) programs. Yet there is considerable debate about their effectiveness and both tools have no shortage of critics. In 2011 Howard Sklar, a Forbes contributor, outlined one of the most popular criticisms regarding companies that viewed risk assessments as a document instead of a process. He noted, “Companies that fail in this way are often trying to check the risk-assessment box on their program. That’s fine, as far as it goes. At first glance, a risk assessment seems like a low-ROI effort. You put in time and potentially money, and you get back a piece of paper laying out what you already know.”
Similarly, others deride heat maps as nothing more than “colorful guesses.” Brian Priezkalns, in the not-too-subtly titled article, Why I hate Heat Maps, says “Heat maps are just a terrible terrible terrible way to understand, communicate about, and decide how to respond to risks. They either mess up what you already knew, or they hide the fact you are too ignorant to make a rational decision. Everything that can be done with heat maps would be done better with actual numbers.”
If these tools have such fierce critics, then why are they still central to most ERM programs? In this article, we’ll examine what drives the limitations, and the key missing ingredient that turns them into powerful assets. … read more
Technology is often the first thing risk managers turn to when seeking to enhance enterprise risk management (ERM) programs. The appeal of leaving behind a jumble of spreadsheets and manual processes for a single, dedicated ERM workhorse is undeniable. Yet, without the right context to shape the selection process, a new technology solution may not help at all. In fact, it could even make matters worse. … read more
Given the continuing discussion on the new ISO and COSO updates, and the lively “Great Debate,” we recently sat down with Michael Yip, Vice President, Risk Management with DFW International Airport to get his thoughts about the new Enterprise Risk Management (ERM) framework updates. With over 20 years of strategic management consulting experience, his frequent speaking engagements and thought leadership on ERM, and his extensive history of domestic and international assignments implementing corporate governance and compliance initiatives dating back to first generation COSO and ISO, he is an ideal choice for this topic.
It quickly became apparent, however, that merely adding to an ever-growing collection of “Which framework is right for you?” articles was not something that he was entirely interested in pursuing. In fact, he found the situation that the industry is still wrestling with frameworks, after all this time, “problematic” as it entirely circumvents the strategic conversation about ERM. So, we had that discussion instead.
… read more