English Appendix
The role of insurance is a key risk management tool for private companies of all sizes
JOHN HURRELL
CEO of the Association of Insurance and
Risk Managers (AIRMIC)
Companies need to have greater
clarity about risk management
and what it means, says John
Hurrell of AIRMIC, the UKbased
risk management association.
One of the positive business developments of the past decade has been the increased importance that boards attach to risk management. For this to become the force for good that it should be, it is important that directors and other senior executives have a shared understanding of what it means and what it can do for their firms. Risk management has become such a hot topic that the concept is overused and, frankly, often misunderstood. Ask ten different directors what they mean by the term and you might well get ten different answers.
A key challenge, therefore, for businesses everywhere is to arrive at a common understanding about risk management, who is responsible for it, what it should set out to achieve and what constitutes best practice. Risk management is commonly defined as a strategic process involving the systematic identification of the risks an organisation faces so that it can mitigate them, work with them and exploit the opportunities they provide.The purchase of insurance and the use of other risk transfer mechanisms remain a very important part of the process, but should be seen in the wider context.To be truly effective, risk management has to be embedded in the culture of the organisation, starting with the board, and must be everpresent at all levels from corporate strategy down to routine decision making.
AIRMIC has a membership of nearly 1,000
and represents the insurance buyers for about
75% of the FTSE 100, as well as very substantial
representation in the mid 250 and other
smaller companies. AIRMIC members control
about £5 billion annually of insurance premium
spend.
www.airmic.com
That, at least, is the theory. In practice, very few organisations outside financial services (and even here there are many exceptions) can claim to have employed genuine Enterprise Risk Management. Often it is a misleading term, applied to health and safety or regulatory compliance or internal audit or business continuity planning or any number of other important functions that are part, but only part of ERM.
In some instances, «risk management» means little more than someone trying to protect themselves in case things go wrong. And in far too many situations it is seen as risk avoidance, whereas we believe that it is neither possible nor desirable to eliminate risk.The aim must be to understand risk, control it and take advantage of it. Just as a car’s breaks make it safe for the driver to accelerate, a strong understanding of a firm’s risk profile will give senior management the confidence to be more enterprising.
Against this background my association AIRMIC, whose theme this year is «communicating risk management», has commissioned some research in an effort to bring greater definition to these big issues. We are working with researchers at Det Norske Veritas and some major UK and international organisations, both private and public sector, to understand the practicalities of implementing ERM.We believe it to be a unique piece of work because it concentrates on what happens on the ground rather than on the views of board members.
The findings, to be published later this year, will provide a clear and workable definition of Enterprise Risk Management. They will highlight the hallmarks of good ERM, analysing what appears to work and what does not, and provide guidance as to best practice.And, while the research will not measure the cost-effectiveness of risk management, it will assess the exposures that ERM addresses and its capacity to reduce those exposures.This information will take us one important step towards the ultimate goal, which must be to put a value on ERM.
The research will also put into context the role of insurance, which remains a key risk management tool for private companies of all sizes.The best proof of this is the fact that AIRMIC’s members spend more than £5 billion annually on insurance, including captives.
There is no doubt that there is considerable room for improvement in the service provided by the insurance industry, even though it has made pleasing strides in the right direction in recent years.There is particular concern over insurers’ performance when it comes to paying claims, with widespread agreement that claims departments are under-resourced and underskilled. Equally, contract wordings are often ambiguous and, when it comes to making a big claim, this can lead to disagreement and litigation.
A big current project for AIRMIC is to work with insurers and commercial buyers to create a claims performance index that would make it possible to compare the records of different companies. It is, of course, a very complex exercise and we see it as a long-term goal.We have, however, identified the areas where we think we can deliver credible results, and have agreed on a way forward.We expect to unveil a pilot project later this year. Our initiative has already moved claims and the way they are processed up the insurance agenda.
Another long-standing complaint of buyers has been the reluctance of some underwriters to take good risk management into account when setting policy terms, which leads us neatly back to the question of ERM.We are moving rapidly into an era of risk-based underwriting where the insurers themselves are required by the regulators to demonstrate good risk management.
In these conditions they will inevitably look more favourably on corporate clients who can demonstrate good ERM. Indeed, they are already starting to do so, and the ratings agencies are moving in the same direction. All the more reason, therefore, for companies to embrace ERM. But first of all we need to have a clear, agreed understanding of what it is.