Detail-Oriented

Whether inputting data into a catastrophe model or designing a risk management program, the more detail you include, the better. Delegates at the Risk and Insurance Management Society (RIMS) annual conference in Boston in April 2010 heard how including the appropriate amount of detail in cat models can lower premium dollars and ensure against being caught under-insured when disaster strikes.

These are practical, tactical considerations. But on the theoretical side, it’s also important to consider an appropriate level of detail. For example, with the recent release of ISO 31000, an interna- tional risk management standard, experts are suggesting its broad — and sometimes vague — language leaves risk managers with little to sink their teeth into when it comes to using the standard as a guide to develop their own programs.

DETAILS AND THE BOTTOM LINE

Risk managers should make a point of including secondary loss characteristics on an insurance portfolio, RIMS delegates heard. This is not only potentially to reduce aggregate exposure, but also to reduce premium significantly.

Bruce Norris of Edgewood Partners Insurance Center, Marian Ivan of RREEF and Michael Horvath of Simon Property Group each delivered presentations at the seminar ‘CAT Modelling: Science or Art, Risk Management Opportunities or a Trap Door?’

Norris suggested that including secondary loss characteristics in an insurance portfolio might result in major premium reductions. Examples of these characteristics include whether a building has tuck-under parking; whether a building has a bolted foundation; and, if a building is in a wind zone, the age of its roof and how that roof is fastened to the structure.

His advice came with a caveat: “There are some givens you should know, but if you don’t have your primary characteristics — address, construction, year built or occupancy — then all of the secondaries in the world are useless,” Norris said.

He stressed the importance of ensuring that even the primary characteristics are as accurate as possible, since cat model estimates are only as good as the information entered into the modelling programs.

“If you don’t have your basic information, you are shooting yourself in the foot one of two ways,” said Norris.

“If you don’t have [accurate] data, and that [accurate] data when entered would make probable maximum losses go down, then [when you enter the inaccurate data and you get a higher probable maximum loss] you’re buying too much insurance.”

On the other hand, if improving the quality of data forces the probable maximum losses up, that’s even more important, he continued. “I would rather tell my management that they have to pay $500,000 more for insurance in the year than explain to them they are underinsured by $50 million. Having the right data is critical.”

Ivan said when she included secondary characteristics in a recent renewal, it reduced the aggregate loss exposure for the Lloyd’s syndicate by $150 million.

Horvath had a similar experience. When he included 68 additional secondary characteristics at renewal, “not only did it bring down our aggregate loss exposure, but the premium reduction was almost $6 million.”

Risk managers can obtain this data by hiring a third-party firm to confirm current primary data and collect secondary data at a cost of approximately $200 per location, the panel said. “It is mind-boggling that not everyone is doing it,” Norris said. “On a $250-million building, just spend the $200.”

SETTING THE STANDARD

ISO 31000, the international standard for risk management, still has room for development and improvement, said Paul Hopkin, technical director of the Association of Insurance and Risk Managers in the United Kingdom.

Hopkin spoke about ISO 31000 at a RIMS Conference panel discussion.

ISO 31000 was published in 2009. It is essentially the amalgamation of several risk management standards from around the world, primarily those of Australia, the United Kingdom and South Africa.

The fledgling standard still has room for development, in that it tends to have broad language and lacks detail. Specifically, it lacks a clear definition of the principles of risk management and fails to address areas of risk reporting and risk disclosure, Hopkin said.

He pointed to the introduction of ISO 31000 that essentially poses the question: ‘What are the principles of risk management?’ The introduction then goes on to outline the potential gains from a risk management program.

“When I read it, it confuses me somewhat because I think that statement is a combination of what risk management is and what it delivers,” Hopkin said. “I’m not intending to split hairs, but I think if you say something like ‘risk management adds value,’ well, that’s what it’s supposed to do. That’s fine, you need to understand what risk management is going to do for you. But you also have to understand what your approach should be.”

By adding more detail, the standard would also be able to address “specialist areas of risk management,” he continued. These specialist areas include project risk management, treasury risk management, tax risk management and operational risk management in banks and financial institutions.

“It would be nice if the over-arching standard formed stronger links to those specialist areas that are developing,” he said. “Very often, risk management standards don’t pay enough regard to the role of internal auditors, the role of auditing the objectives [of the organization’s risk management program] or auditing the assumptions that underpin those objectives.”

Hopkin noted there is only one reference to risk reporting in ISO 31000. “But if you look at something like the Sarbanes Oxley Act, and new regulations for financial institutions, then reporting how you undertake the governance of risk in your organization is becoming increasingly important for companies.

“I would argue the [ISO 31000] standards as they are currently formulated don’t have enough to say about auditing, reporting and disclosure.”

Some of these shortfalls will likely be addressed in an implementation guide to be developed and released in the near future, Hopkin said. “It’s in the implementation that perhaps you would expect to find the more detailed information.”

———

I would rather tell my management that they have to pay $500,000 more for insurance in the year than to have to explain to them that they are underinsured by $50 million. Having the right data is critical.