Is Risk Management Obsolete?
Oh, the plight of today’s risk managers. Often viewed as little more than buyers of insurance, they have struggled to deliver value and needed oversight to business operations in a way that would improve results and maybe even earn them some desired attention from upper management. However, risk management has historically operated with one figurative hand tied behind its back. In practice, recognition by management and inclusion in the important project planning processes has been rare.
Then the glimmer of hope: back when the calendar turned to the 21st century, enterprise risk management (ERM) was being bandied about as risk management’s golden opportunity to shine. There was hope that the position was finally going to get some face time with the C-suite, something that had evaded the profession for far too long. Risk management, they said, was about to hit its stride. The excitement within the profession was palpable.
So much for that.
A decade later, risk management is in the same place doing the same job (times 10) and getting the same recognition (little to none). Despite all the promise and opportunity, risk management has remained in the unenviable position of buzz killers brought in at the tail end of project planning: that necessary evil, required by law in some cases, that is there to throw cold water on a hot project.
“We need risk management, but not the way it’s currently operating.” – Henry Good
It is that scenario, among others, that has people like Henry Good believing the crazy notion that risk management should not be a profession at all. Strange words coming from Good, a career risk manager who now serves as an independent insurance risk consultant after a 33-year stint with Rohm and Haas, a manufacturing company in Philadelphia. Good believes the risk manager’s actions—or lack thereof—have created an unhealthy vacuum within which the profession now lives. “We need risk management, but not the way it’s currently operating,” said Good.
In his opinion, only 20% of today’s risk managers are functioning as what he calls true risk managers—being involved in decision making, planning and elevating the goals of the company. “The other 80% are functioning as insurance buyers,” he said.
How ineffective is risk management? Enough that almost every U.S. executive surveyed is reconsidering the position; 91% intend to reorganize and reprioritize their risk management approaches within the next three years, according to a 2012 Deloitte and Forbes Insights study. The same study reveals that 77% of companies now have a centralized risk management model to deliver ERM, and the risk management responsibility has shifted to the CEO and CFO, at 26% and 23% respectively.
Where Risk Managers Go Wrong
To Good, risk managers do a few things wrong that are killing their careers. He believes they are stopping themselves from making an impact in the company. Most risk managers, he says, are recommended by brokers to management. Once they’re hired, Good says they then “wait for the invitation from senior management.”
That is something risk management struggles with, say the experts. In Richard Meyers’ estimation, risk managers do not socialize enough. “It’s all about visibility,” he said. Meyers, chairman and CEO of Richard Meyers & Associates, a talent acquisition and management firm in New Jersey, relates the story of a firm that decided to adopt an ERM strategy. Instead of appointing its risk manager to head ERM, the company brought in someone else. Why? He blames what he calls the perception of insurable risk management. “While companies are recognizing that there is a value and an importance of risk management, many traditional risk managers do not have a very clear business mentality,” said Meyers.
David Rogers holds a slightly more positive view of risk management’s current state. Rogers, global product manager for risk at Cary, North Carolina-based SAS, thinks risk management as a function is not dead. However, new realities across financial and non-financial business units are forcing a change, and it is one that risk managers may not be ready for or adapting to quickly enough.
For Rogers, risk management is integrating itself into business decision making in a more regulated environment. He thinks that as business groups see how risk management can impact their ability to deliver value, the need for good risk management will increase. “The critical word is ‘management,’” he said. “If the risk function is to have a future, it needs to be seen as a partner in delivering the management’s decision dashboard.”
“While companies are recognizing that there is a value and an importance of risk management, many traditional risk managers do not have a very clear business mentality.” – Richard Meyers
Therein lies the challenge. Rogers says that risk management has to learn to be relevant and accessible to the decision maker. That relevancy comes from stepping outside the bubble and learning the business functions. “What I heard on a panel recently was until you’ve actually run a P&L, you often don’t appreciate the difficulties of the issues you’re presented with.”
Jeff Triplette says that risk managers need to shift their focus. In his opinion, it’s not about the profession, but about what constitutes a professional. Triplette, who is principal of Triplette Advisors in Memphis and a referee crew chief for the NFL, says too often risk managers are not engaged in what the C-suite is concerned about. He thinks many risk managers can turn it around just by shifting their perspective.
Triplette relates the story of one of his NFL crew members who was a player in the league for 13 years. During his third year, the player was approached by a coach, who explained what it was to be a professional in the league. The coach made him commit to arriving early and training more intensely. Perhaps most importantly, he was expected to learn the organization. That’s when Triplette says the player’s mind-set shifted and he began elevating his level of play. “That’s when he said he started learning what it really meant to be a professional.”
Triplette says that is exactly what risk managers need to be doing. “Start thinking, ‘What is my boss thinking about? What are the things they’re concerned about that I might be able to find a solution to?’ Be willing to help identify the problem, but be willing to offer viable solutions.”
Anatomy of a Risk Pro
Some risk managers understand this by nature. When Lance Ewing was hired as risk manager at Park Place Entertainment, he admits to knowing “very little about riverboat casinos.” But Ewing, now regional industry practice leader for insurer AIG in Memphis, took the time to not only learn about all the risks the gaming company operated under but also to get to know the business. “Risk managers have to push themselves mentally out of their comfort zone and get the resources they need to respond to the company’s growth and risks,” said Ewing.
When Ewing left risk management in 2010 for an expanded role with AIG, he left behind more than 20 years of experience managing risks. It is a career that has gained him widespread industry recognition and awards, including a year as president of the Risk and Insurance Management Society (RIMS, publisher of this magazine) and a few Risk Manager of the Year titles, which are handed out annually by the industry publication Business Insurance.
How did he rise so high? For him, it all started with lunch.
That is where Ewing says the relationships among all departments and risk management are formed. He says lunch works because “very few people will turn down a free meal.” That lunch is where he would learn the top three challenges his colleagues were facing.
From there, Ewing would take those concerns back to his team, which included the insurance carrier, broker and any third-party administrator. The team discussed everything about a potential loss: how to prevent it, how to mitigate it, how to deal with any fallout if it occurred. “We then went back with a solution.”
He says the solution part was critical to the success of both the company and the risk management function. It was how he and his team were able to elevate the importance of risk management throughout the company.
Ewing relates the experience of one company where risk management gives each department an hour-long presentation on what risk management is and how to file claims. Building that into the front end of the hiring process, he says, goes a long way in developing that professionalism internally.
It’s also not a bad idea, he says, to introduce each department to the team—the carrier, broker, third-party administrator, the claims handler, even the underwriter. “Risk management needs to be a much more collaborative spirit than it has been.”
One way Ewing kept senior management aware of the comings and goings of his risk team was to provide them with a report a few times per year. He kept it brief: three pages of bullet points and bar graphs highlighting only the activities, risks and concerns of the team along with a list of ways the team was managing them.
In times of crisis, risk managers must want to be part of the decision-making process. They must find solutions, not hunker down while top executives do all the work. “We don’t dig foxholes,” he said. “We’re always moving forward.”
Ewing disagrees that risk management is no longer relevant, but he admits it’s struggling. The profession, in his opinion, has not yet embraced what the role really means. “As board members, shareholders and stakeholders begin to see risk more as an internal fabric of how they do business, the risk manager has to be able to step up and get a seat at the larger table.”
“Risk management needs to be a much more collaborative spirit than it has been.”
It’s something Ewing believes that those in the profession have talked about for years, but few actually do. “A way to get that attention is spending time with not just the CEO, CFO and treasurer, but reaching out to the legal side,” he said. “When that claim happens, if legal gets involved, that relationship and rapport has to be there.”
Ewing says that risk managers have to build similar bridges with human resources and the benefits side. Look for an opportunity to collaborate with the benefits side when responding to workers compensation claims. That comes from raising awareness of how risk management can be incorporated into each department.
In some instances, the interactions are already occurring. Rogers says that government regulations are beginning to pull risk management and finance departments together more often. “Especially with regulations such as Basel III and Dodd-Frank, risk and finance can’t sit on its own,” he said. “The information has to be brought together to see a much more consistent picture of how the organization plans and utilizes its capital.”
Education, say the experts, is integral to a risk manager’s career. Meyers’ frustration is evident when he talks about how many risk managers drop the ball. “How many risk managers do you come across that are in the middle part of their careers and have not gotten their degrees?” he asked. “If we were to interview 10 of them, six or seven will say it was really never important to my employer. What a grave perception.”
Meyers says risk managers have no one but themselves to blame for the lack of opportunity. Risk managers are a commodity, and they have to be cognizant of how they want that commodity to be perceived. Without commitment to self, he says, risk managers will be ill-equipped to rise within an organization. “How good is a carpenter without having the proper tools?” Part of that tool chest, he says, is the daily exercise of continually improving self.
Without risk management professionals at the helm of their own careers and training, experts believe talk about risk management becoming obsolete will continue—or perhaps worsen—as business complexities evolve. Triplette believes the key to risk managers rising in their companies is contained in one word: professionalism.
“Learn to be a professional,” he says. “You can keep buying insurance and those kinds of things, or you can figure out how to take things to the next level.”