Risk Ready

There is no argument, no doubt. The risk landscape is changing – and both organizations and their risk managers would do well to remain in step.

Risk management has always been an evolving thing, but why has the pace of change ramped up?

“I think with the advent of ERM (enterprise risk management) that risk managers really broadened their scope of responsibility. Obviously not all risk managers do enterprise risk or strategic risk, but many more are than were in the past,” says Carolyn Snow, president of RIMS and director of risk management for Humana Inc.

“In some ways, people look at ERM and say, ‘Well, it’s been around for a while,’ – and it has. But it’s really caught hold in the last few years,” she points out.

Driving that profile higher are a number of developments, not least of which is that risk managers and others have done a good job of educating people about enterprise risk, additional tools are available to help develop enterprise risk frameworks, and there are more training and development opportunities.

Maybe the biggest contributor, though, is the influence that comes when rating organizations – more are requiring analysis of a company’s ERM program – and regulatory areas take notice. When they start talking about enterprise risk, “then, obviously that moves up on the radar screen for organizations,” Snow says.

PART OF THE CONVERSATION

The extra notice is welcome, since it helps risk become a larger part of both everyday and strategic conversations. That said, a seat at the table comes with expectations that risk managers will be well-versed and well-prepared.

“It’s great to talk about strategic and enterprise risk and all those things, but then you have to bring those skills along with you,” Snow emphasizes. For risk managers to continually broaden their skills and their expertise in these areas, she suggests it is a matter of education, training and developing expertise in bigger areas, such as strategy, that “traditionally risk managers really didn’t get involved with.”

Snow says she believes that there will be more and more people coming into risk management who understand strategy and who understand claims management. “Fifteen, 20 years from now, I think the backgrounds of some of the people in risk management will be very interesting.”

Risk managers today are “more articulate about the value they bring and the other things they can do,” Snow comments. But to fully realize that value, she says, they need more access to the C-suite and the senior leadership of an organization or a company.

Leadership, in turn, must provide support and resources for initiatives that, ultimately, are for the organization’s protection and benefit.

“The whole time you’re talking about strategic risk or enterprise risk, you’re also probably asking for more resources and more opportunities to do those things,” Snow says. Being comfortable to do so is also likely part of a transformation going on with risk management.

As risk management evolves, risk managers will work not only with traditional areas like workplace solutions and safety, Snow says, but also functions such as IT, strategy, and mergers and acquisitions. Those relationships will provide a view of not just current risks, but those that may develop down the road as an organization and its objectives change.

Noting she has been with Humana for 14 years, Snow says she is still learning about the company. “The reason is because we’ve changed as a company,” she says. “As your company grows and as your industry changes, you’ve really got to keep up with all of that. So it’s a continuous learning process.”

And that is where building relationships with different departments and functions within a company or organizations will pay off. “If you sit behind your desk all day long, you probably don’t have a clue what’s going on in your organization,” she ventures.

Really good risk managers get out into the company and are known, says Snow, a member of RIMS for 14 years, including seven years on its Board of Directors.

“When things happen, or even before things happen, when people are thinking about doing something different, they call you up.”

VALUE OF EXPERIENCE

Snow would likely agree there is value in many types of work experience. In her current role at Humana, she manages the corporate insurance program, including its captive and RMIS system, serves on the corporate acquisition team and the legal entity committee, and is a member of the core advisory group for ERM.

Previously, she served as vice president of marketing at Aon Risk Services and in underwriting and marketing management positions with Fireman’s Fund and Cigna P&C. At Cigna, “I learned a lot about analysis in terms of really analyzing risk,” says Snow, a skill that, no doubt, can be applied in today’s fast-changing environment.

When developing a risk management program, “you try to analyze and measure, you try to gauge all of the exposures that you’re faced with,” she says. “Risk management programs should never be filed away or put away. You should always be working on it, adjusting it.”

At Aon, Snow gained a much broader view of things. “I saw things more from the customer’s point of view because as a broker, you’re all about service,” she says.

As a risk manager in an organization, “my customers are the other departments.”

The idea is that both experience and relationships can work together to help risk managers identify issues before they become concerns.

Consider how cyber risk, which Snow views as the most pressing risk management issue, has transformed.

“It’s hard to measure, it’s hard to know what your exposures are,” she points out. “You can put all the mitigating things in place, but the people who do the cyber attacks are very, very sophisticated,” she says, making it difficult “to do everything you need to do in a mitigation landscape.”

Cyber is unlike damage to, for example, a building, where replacement costs can be calculated fairly easily, Snow says. Boards of directors are becoming very concerned about the issue, she says. “It’s something that senior leadership no longer says, ‘Well, I’ve got a good IT staff and they’ll take care of that.'”

But there are some positives.

“I think organizations and companies are doing a much better job of analyzing their risk and learning from mistakes of other organizations,” Snow says. “I also think the individual is doing a better job of taking care of their information when they can and being a little bit more diligent,” she adds.

Diligence, though, is needed whatever the risk.”We are such a small world and we are so closely interconnected in ways that we don’t even think about it,” Snow comments. The world seems more complex, as do the risks, she notes. As “that risk becomes more complex, then we have to think broader and maybe think about things that are risks that we never thought were in the past.”

WIDER VIEW

Adopting a wider view marries well with RIMS’s focus areas for 2014. RIMS 2020, the goal of which is to develop a long-range plan for the society, has three main areas: supporting tomorrow’s leaders, knowledge and expertise, and globalization.

“What are risk managers going to look like five, 10 years from now? What are risks going to look like? And what do we need to do as an organization to support those risk managers in their role, whatever it is?” Snow asks.

There is negative risk, but there is also opportunity risk. “It’s really easy to always just be focused on the negative side of risk, but I think what strategic risk does and what enterprise risk does is moves you more into looking at opportunities, because really at the end of the day, my job, in risk management, is to support my company’s business plan.”