Excellence in Risk Management III The Changing Face of Risk Management
April 27, 2006
Marsh 2
Excellence in Risk Management Series
“Excellence in Risk Management I” studied the risk managementpractices of 30 top-performing risk managers in North America (2004)
“Excellence II” examined the characteristics and practices of organizations that are implementing an enterprise-wide risk management program (2005)
Using “Excellence I” and “Excellence II” as a foundation of understanding, “Excellence III” examines the changes occurring in risk management in the face of a dynamic risk environment
Marsh 3
Rapid Evolution of Risk Management
Marsh 4
The Risk Manager—New Skill Set
Risk managers need to navigate through an increasingly wide
array of new risks, requiring broader skill sets. New risks like terrorism,
pandemics, energy, and supply-chain shocks are coming out of the
woodwork; and management is looking for answers. Ability to
communicate in simple language across functions and cultures on the
potential of nontraditional risks, as well as handle the traditional world of
hazard risk and insurance, is the key to success.
Marsh 5
Excellence in Risk Management Series
A quantitative study
Interviews with 866 RIMS members of mid- to large-size organizations
Interviews were conducted by Greenwich Associates from December 2005 through January 2006
– Greenwich Associates is a leading research-based consulting firm serving the insurance and financial services industries
Marsh 6
Who We Interviewed:Annual Revenues
Marsh 7
Who We Interviewed:Annual Revenues
Marsh 8
Who We Interviewed:Industry/Sector Affiliation
Transportation (34)
Construction (22)
Oil & Energy (21)
Mining, Metals, & Minerals (18)
Automotive (17)
Aerospace & Defense (17)
Hospitality & Gaming (17)
Professional Services (15)
Sports, Entertainment, & Media (13)
Nonprofit/Charitable/Religious (12)
Agriculture (11)
Marsh 9
Who We Interviewed:Years of experience in the RM field
AVERAGEAVERAGE: : 19 19
YEARSYEARS
Marsh 10
Strategic, Progressive, and Traditional Risk Management
Level of risk management was determined by responses to adoption of various practices
Methodology for defining Traditional, Progressive, and Strategic:
Using reported implementation of various risk management practices, we divided the sample into four quartiles
– The bottom quartile represents traditional
– The middle two quartiles represent progressive
– The top quartile represents strategic
Marsh 11
Correlation Analysis
Risk management is a key priority for company
Company formally reviews risk management issues on a regular basis
Company allocates sufficient resources to manage risk effectively
Impact of SOX on risk management
Company understands the risks facing the company
Size of company
Experienced a previous loss
Years of experience in risk management
Company revenue
Strong correlation to advanced risk management
Less than expected correlation to advanced risk management
Marsh 12
Levels of Risk Management
Risk Identification
Loss Control
Claims Analysis
Insurance and Risk-Transfer Methods
Traditional Risk Management
Alternative Risk Financing
Business Continuity
Total Cost of risk
Education and Communication
Traditional +
Progressive Risk Management
Enterprise-wide Risk Management
Indexing of Risk
Use of Technology
Traditional +
Progressive +
Strategic Risk Management
Marsh 13
Comfort, Current State, and Importance Measures
Reflect input from 866 respondents and are quantified using a normalized point score
– Comfort: We measured relative comfort for 19 different risk areas
– Current State: We measured the level of implementation of 11 key risk management practices
– Importance: We measured the relative importance of 19 different risk areas
Marsh 14
Risks that are high in importance and low in comfort represent key opportunity areas
Comfort Level With and Importance of Risks
Marsh 15
Comfort vs. Current State of Risk Management ProgramIndustry View
Comfort Level Versus Current State of Risk Management by Industry
Marsh 16
Company size is not a strong determinant of risk management sophistication
Company Size Versus Level of Risk Management
Marsh 17
Sophistication is related to the experience of the risk manager
Years of Experience Versus Level of Risk Management
Marsh 18
“Strategic” enables more aggressive risk-financing approach
Firms’ Orientation Towards Risk Financing
Marsh 19
Organizational support is key to embracing a strategic risk management approach
Strongly Agree & Agree
“Our company will keep analyzing risk. There is no doubt about that. It is not our highest priority right now, but it is important.”
Marsh 20
A strategic approach is supported by strong communications with senior management
Strongly Agree & Agree
“It is crucial to have senior management buy-in and understanding for any risk management function to be successful.”
Marsh 21
Risk Management Practices
Emergency response, crisis management, business continuity plans
Risk identification, assessment, prioritization
Risk mitigation and loss control
Communications and education
Claims analysis coordinated with loss control
Process to evaluate insurance and other risk-transfer methods
HIGH FUTURE IMPORTANCE RATING
MID-LEVEL FUTURE IMPORTANCE RATING
ERM program
Technology platforms to facilitate the risk management function
Measurement of the total cost of risk (TCOR) and benchmarking
Benchmarking of risk
Alternative risk financing
LOWER FUTURE IMPORTANCE RATING
Marsh 22
Risk Management PracticesSignificant Gaps—Current vs. Future Importance
Emergency response, crisis management, business continuity plans
Risk identification, assessment, prioritization
Risk mitigation and loss control
Communications and education
Claims analysis coordinated with loss control
Process to evaluate insurance and other risk-transfer methods
HIGH FUTURE IMPORTANCE RATING
MID-LEVEL FUTURE IMPORTANCE RATING
ERM program
Technology platforms to facilitate the risk management function
Measurement of the total cost of risk (TCOR) and benchmarking
Benchmarking of risk
Alternative risk financing
LOWER FUTURE IMPORTANCE RATING
Marsh 23
Risk Management PracticesTransparency
Strongly Agree & Agree
Request full disclosure of commissions paid to broker
Increase reviews of correspondence to verify pricing integrity
Place more emphasis on checking the price provided by brokers directly with insurers
Increase the number of buying relationships
Seek more quotes from multiple brokers
Marsh 24
Emerging risks will drive risk management evolution
Marsh 25
Outside PerspectivesChief Financial Officers
Build trust with investors, risk competence as buy-side attraction
Ability to respond to complex, rapidly changing risks before they emerge
Translating pain of SOX to gains in risk understanding, organizational efficiency
Address board interest in broader risk management understanding
Fill advisory vacuum due to changing role of auditor
Increased risk-based decision making
High certainty in command and control of reporting of numbers and disclosures
CFO Challenges
}CFOs Looking for Strategic Risk Leadership
Source: Mercer & Russell Reynolds Associates study, How CFOs are managing changes in roles and expectations
Marsh 26
Positive Impact of Sarbanes-Oxley
There have been a lot of negatives, mostly related to the excess
workload; but in the end, Sarbanes is all positive.
Marsh 27
Positive Impact of Sarbanes-Oxley
Marsh 28
Positive Impact of Sarbanes-Oxley
SOX has had a positive impact because once people have gotten
beyond the internal controls issues, they (CEO/board members)
are asking questions about broader risk management issues of
the company.
Marsh 29
Outside PerspectivesInstitutional Investors
Risk management not “top of mind” with buy-side institutions, however…
…When discussed, importance resonates strongly, and there is recognition that an effective risk management program can improve company performance and earnings
Major opportunity to improve communications with buy-side investors
Marsh 30
Excellence in Risk Management Series
Does the firm’s senior management level know how much it is prepared to lose from all sources of risk over a given horizon (often a reporting period, but also over shorter horizons) to achieve its overall long-term financial objectives?
Risk Framework:
Is the organization able to answer the following questions at all times?
Does the firm’s senior management level know where the top exposures are (both in terms of measured risks and non-measured uncertainties)?
Is there an adequate understanding of the profile and mitigation of the potential losses from the top exposures?
Marsh 31
Enhanced Risk Communication
Marsh 32
Enterprise-wide Risk ManagementImplementation Status
Marsh 33
Conclusions
Risk management “demand curve” is driven by emerging risks, changing environments, executive and financial stakeholder interest
– Profession is poised to fill this need or lose risk management market share to other functions….
Demand for leadership in nontraditional risk areas is recognized by the profession and by executive/stakeholder leadership. It will help define the risk management value proposition. The profession will continue to handle traditional hazard/insurance risks as well
– e.g., terrorism, brand, intellectual property, business-continuity plan, pandemics, human capital
Strategic risk management—ERM—shows tremendous potential with great expected benefits, but it is still in its infancy of implementation
Marsh 34
The Risk ManagerNew Skill Set
Risk managers today are not going to be able to sit in that seat five or ten
years from now unless they have a totally different educational and skill-
set background. The financial background will have to be much stronger.
If they don't have the strategic and financial background, they are not
going to make it because they won't fit in the boardroom.
Marsh 35
Putting This Survey to Practical Use!
Use this survey as a discussion, education tool to draw out C-suite and board members on risk management direction and risk appetite
Conduct a self-evaluation or internal focus group with risk management function and key partners to discuss the current state and direction of your risk management program relative to survey findings as part of your strategic-planning process
– How is your company-specific “risk/demand curve” developed?
– What are your emerging risks?
– What are the gaps between current capabilities and likely future needs?
Begin preparations for more inquiries by third parties (Moody’s, S&P, investors, boards) on risk profile and response capabilities
– How well is your leadership prepared for these questions?
The Risk and Insurance Management Society, Inc. (RIMS) is a not-for-profit organization dedicated to advancing the practice of risk management, a professional discipline that protects physical, financial and human resources. Founded in 1950, RIMS represents nearly 4,000 industrial, service, nonprofit, charitable, and governmental entities. The Society serves over 9,600 risk management professionals around the world.
Marsh is part of the family of MMC companies, including Kroll, Guy Carpenter, Putnam Investments, Mercer Human Resource Consulting (including Mercer Health & Benefits, Mercer HR Services, Mercer Investment Consulting, and Mercer Global Investments), and Mercer specialty consulting businesses (including Mercer Management Consulting, Mercer Oliver Wyman, Mercer Delta Organizational Consulting, NERA Economic Consulting, and Lippincott Mercer).
Copyright 2006 Marsh Inc. All rights reserved. Compliance # MA6-10322
RIMS and Marsh are proud to have sponsored the Excellence in Risk Management III Survey
Thank You!