Like many risk managers, Julie Pemberton, the 2016 RIMS president, has followed a circuitous path through her career. Fresh out of high school, Pemberton started her first job in the tax department and was later transferred to risk management. She was initially dismayed at the prospect of working in insurance, which she saw as a once-a-year endeavor, but soon learned was much more. As she learned about identifying risks and exposures and translating them into insurance products, her interest blossomed and a risk manager was born. She went on to work in progressive roles at Aon and Chiquita Brands and is now the director of enterprise risk and insurance management at Outerwall Inc., which provides products and services to consumers through self-service kiosks including Redbox, Coinstar and its new ecoATM/Gazelle. Pemberton spoke to Risk Management about the challenges she faces in developing and implementing her company’s ERM program and what she is looking forward to as RIMS president.
RM: What is a typical day in risk management like at Outerwall?
Pemberton: It’s always different, which is one thing that I love. Sometimes it’s being an advisor to a team launching a new product initiative, working with a response team to review processes or test current plans, or partnering with my various enterprise risk owners to find creative solutions to challenges they are facing. I am constantly building relationships with not only my internal customers, but with third parties, including customers, insurers or other business partners, and bridging information gaps to make sure we are aligned on needs, expectations, risk transfer concepts and designing unique risk retention processes.
RM: How does ERM impact your day-to-day responsibilities?
Pemberton: As part of the ERM function, I am involved with all parts of the business, such as supply chain and vendor management, where I have helped to design risk identification tools to be sure we are focusing on the suppliers that may be key to the business, and helping develop ideas to effectively manage those risks. I can get involved in new product launches, advising the team about risk management processes and facilitating risk assessment workshops to consider all the risks they are facing in their initiatives and discuss mitigation or contingency plans for those identified risks. I can be a part of every aspect of the business, from interaction with product teams to sitting in the boardroom.
RM: What do you consider your biggest challenges?
Pemberton: A key area today is cyberrisk. This is a highly technical area that requires a certain level of subject matter expertise. I’m staying tuned in to the ever-evolving external landscape by reading industry articles and white papers, attending webinars and educational sessions, and also working with my internal business partners to ensure I understand my company’s risk profile and the potential impacts an incident could have on our organization. Knowing that helps me consider insurance products being offered in the market. This is such a volatile area in the insurance market right now, as underwriters are still refining their risk modeling and fine-tuning the products and pricing they are offering. Continuing to understand and align potential insurance products to the risk and risk transfer philosophies of the organization is an area I believe many risk leaders are challenged to manage today.
RM: What is your advice for integrating ERM?
Pemberton: The key is to embed it within existing processes already in place in the organization. I try to balance the timing of my annual risk assessment work so that it occurs on the heels of strategic planning. I work with the strategy team to understand risks identified within that process and build on them in my annual risk assessment. As we identify our top-tier risks and their respective risk owners in that process, we ensure mitigation plans also consider related resource needs as part of the annual operating planning cycle. This timing is important as the risk owners refine their risk mitigation plans and build resource needs into their budgeting process.
Education is important as well. I typically have one-on-one discussions with the risk owners about the ERM process. In discussing the risks and aligning on mitigation plan development, I talk to them about what it means to be a risk owner—the roles and responsibilities and accountability issues—and the role the executive sponsor plays.
RM: What are your goals for your RIMS presidency?
Pemberton: The RIMS organization has a very strong strategy in play and we are well prepared for the future. I would like to build upon that—the networking, the advocacy and all the things RIMS has to offer. RIMS is also venturing out into new geographic areas. For example, we held our first risk forum in Dubai last year and we continue to develop key partnerships around the world. We had a delegation visit China in March. We are making important connections with governments, various universities and risk professionals across the globe to better understand the risk in their regions.
There are also new products like Opis, the RIMS information network that provides members with access to content and networking opportunities. For established risk professionals, RIMS is launching a new Certified Risk Management certification. The first exam will take place at the annual conference in San Diego. In the future, risk professionals will be able to take the exam online.
The important thing is to get connected, whether you are a rising risk professional or changing careers to risk management. Risk professionals are so willing to share and help each other, so I encourage up-and-coming risk professionals not to be afraid to reach out and ask for insights and guidance.