Anda di halaman 1dari 10

EIGHT GREAT RISK

MANAGEMENT
PRACTICES

At a recent sponsored forum, we asked nearly 200


of our clients, hailing from a wide array of industries, to indulge in an important exercise. We asked
them to identify the most critical risk management concepts, discuss them in detail, and then
develop a blueprint that every resilient organization should follow.
Many of our clients share our philosophy of resilience. The core of resilience is the knowledge
that the majority of loss is preventable. We recently convened a group of nearly 200 risk management leaders from several large, well-known firms across a spectrum of industries to discuss
best practices in risk management. These professionals offered their experience and expertise on
the benefits of resilience. Together they identified a handful of key focus areas for every organization intent on creating, or maintaining, a tangible culture of resilience.

While we assembled this group, we did not influence the proceedings. Rather we allowed
our clients to dictate the discussion and determine its outcomes. What follows is the result of this
candid forum, the eight crucial risk management components that every resilient organization
should focus on.

ISSUE 2 : 2015 REASON

41

1.

DEVELOP A
PROPERTY
CONSERVATION
POLICY

My philosophy is that I have


to know the risk, I have to
examine the risk and I have to
mitigate the risk. Also, I know
that I must have partners who
buy into that philosophy and
will assist me in doing those
three things.
MARIFRANCES MCGINN
VICE PRESIDENT, GENERAL COUNSEL
AND RISK MANAGER
PROVIDENCE COLLEGE

Hersheys risk management


program walks in stride with
our strategic plan of the
organization.
MEGAN MARSHALL
DIRECTOR OF RISK MANAGEMENT
THE HERSHEY COMPANY

Developing a property conservation policy is one


of the first best practices our risk management leaders recommend. A property conservation policy is
a risk managers philosophy on why, and ultimately
how, to protect business assets and revenue streams.
This philosophy must align with the fundamental tenets
of the organization in terms of strategy, corporate culture,
and current practices and policies. For a property conservation policy to be effective, it also must be documented and
supported by senior management.
A property conservation policy should be customized to address
the precise nature of a companys business. It should identify common
hazards and mitigation techniques in the industry. Moreover, it should reveal
interdependencies within an organization, contain a vulnerability assessment of the
companys supply chain and include contingency plans for critical customers and suppliers. It
should contain new acquisition procedures, project management standards for managing change
and information on how losses and claims will be handled.

It should include plans for gaining and sustaining support from the highest levels of management and for implementing effective training programs so employees have the knowledge
they need to use this policy. The policy should not be one-size-fits-all. Local facilities should
have the opportunity to adapt the policy in a way that best suits their particular circumstances.

A well-developed property conservation policy is a risk managers playbook. It ensures
that the company fully understands the risks its facing, how best to mitigate those risks and how
to minimize business disruptions in the event of a loss. Fellow risk managers, industry groups,
and FM Globals field engineers and client service teams are great resources for developing a
property conservation policy. And, a good policy wont sit in a drawer and be dusted off every
few years; it will be a living document that drives the risk management and loss prevention of an
organization.

Insurance alone is not enough to manage business risk. In fact, insurance


is a means of managing risk for relatively few corporate risks. From a business standpoint, risk processes and controls need to be embedded in business process from strategy through business operations into regulations
and business ethics. For the insurers there is a large amount of regulation
and compliance requirements. Controls are part of the day job.
PAUL TAYLOR
PRESIDENT, RISK MANAGEMENT OPTIONS LIMITED

42

REASON ISSUE 2 : 2015

We put a step-by-step game plan together to overhaul the sprinkler system. Clearly, top management
and shareholders in the company believed in the sprinkler program because our people were at stake. For
me, that was very satisfying. We never even talked about money, they just said we have to do it, and we
went ahead and plotted the entire program, put in the budget and proposal, and did it. It demonstrated
real commitment from the corporation, top management and shareholders, that they care about our
people sitting in our part of the world, thousands of miles away from them.

SWEE LEONG LIM


PRESIDENT, LEVITON CHINA

Changes managed proactively and continuous risk improvement will help to ensure
that the business is robust
in the face of materializing
threats. This will translate into
the protection of the revenuegenerating operations and,
hence, the bottom line.
ANDY BRYSON
GROUP INSURANCE AND RISK MANAGER
COBHAM PLC

2.

Risk management is not an academic exercise, our panel warns. A quality risk management
program continuously works to lower the risks a company faces. Risk improvement begins with
identifying key risks and hazards and then making a compelling case for proposed improvement
measures. If a risk manager has been successful in gaining upper management support and driving a culture of loss prevention, then implementing individual risk improvement programs will
be a much easier task.

Increasing the sensitivity to loss exposures helps build a loss prevention culture throughout
the company. Publicizing case studies of real losses, prominent industry losses and the companys own loss history or near misses can help pave the way for investments in risk improvements.

In establishing priorities, our panel of experts recommends attacking easily accomplished
improvements first. This can establish risk improvement as an achievable goal. It also helps to
widely convey the results of a risk improvement program, share success stories and recognize
those involved in the program.

Creating incentives for risk improvements is also important. This can be done by offering financial incentives for risk improvements or fostering healthy competition between
plants or facilities. This can be accomplished via benchmarking using a simple
internal grading system, a program like RiskMark, safety incident rates
or other applicable tools.

A risk manager should be able to detail how risk
improvements will positively impact revenue, market share,
reputation or environmental concerns. The risk manager should also identify needed benchmarking data
and establish success metrics so the impact of the
improvements can be quantified.
Continued support from upper management
will help maintain risk improvement as a priority. Anticipating obstacles and objections, setting expectations with senior officers, project
managers and loss control personnel, and
obtaining executive sponsors for top priorities are proven ways to keep risk improvements on the front burner.

ACHIEVE
RISK IMPROVEMENT

ISSUE 2 : 2015 REASON

43

3.

LEVERAGE INTERNAL
AND EXTERNAL
RESOURCES

Our common goal is to mitigate losses and make the process as


smooth and cost-efficient as possible. Its easier to convey that message within the organization, to ensure that a risk control program
is in place. We want to engage the entire organization, not just the
engineering group, or safety and security, but general management,
local management as well as financebecause ultimately an event
will have financial ramifications and impact across our organization.

FABRICE FUENTES
DIRECTOR, TREASURY PENSION AND INSURANCE, PHILIP MORRIS INTERNATIONAL

The one thing I absolutely love is how hands-on FM Global is with our
properties, through inspections, through walking the sites, especially
during construction. They are such an asset to what we do. Brandywine is really moving forward in construction and development, and
there are a lot of unique challenges were coming up against. Brandywine has always been a commercial real estate company, but now we
are dabbling in student housing, luxury residential, multifamily, pools
on rooftops, green roofs and automated parking. So there have been
a lot of unique things weve started that FM Global has come in and
helped with.

KIRSTEN SHAWN
RISK MANAGER, BRANDYWINE REALTY TRUST

Relationships are extremely valuable to Hershey, and I am most


proud of the relationships weve forged. We look to build strong
partnerships that cross multiple years, so that as the insurance
marketplace or other emerging risks ebb and flow, we can make sure
our program also remains dynamic.
MEGAN MARSHALL
DIRECTOR OF RISK MANAGEMENT, THE HERSHEY COMPANY

44

REASON ISSUE 2 : 2015

Effective risk management cannot be


achieved in a vacuum. The best practices of
the top risk managers involves tapping a variety of resources, both internal and external,
and when appropriate, sharing experiences
and expertise with trusted advisors and networks.

Top risk managers pull together internal
groups to ensure business continuity and resilience. A multi-department team representing key areasaudit, facilities management,
legal, human resources, operational health
and safety, security and ITcan ensure risk
management is a companywide endeavor.
Tapping internal departments helps ensure
that a risk management plan is comprehensive
and all vital operations are involved in contingency planning and disaster recovery. Internal
experts can also identify risks that a risk manager hasnt accounted for, ensuring the companys risk assessment is all-encompassing.
Enlisting senior management sponsorship is another good practice, according to
our panel. Ask senior management to promote
risk management in stewardship meetings,
and to help integrate risk management goals
into key performance indicators.
Top risk managers also look beyond
their internal resources. Our panel recommends tapping outside experts, including
FM Global. FM Globals engineering and
client service departments allow clients to
leverage FM Globals expertise and research.
FM Globals risk service testing and Risk
Reports are excellent resources for identifying key risks and hazards.

Other third-party resources include brokers and policy reviewers, adjusters and risk
consultants who can help a risk manager conduct the proper due diligence. Best practices
includes obtaining peer guidance at safety
and insurance conferences, risk management
forums and policy workshops.
For instance, systemic threats to a
global supply chain mean that an individual
business can be affected by outside forces. In
such cases, by coupling your knowledge of
risk with your supply chain experts knowledge, you will improve the resilience of your
company.

Im a little outspoken and have very high energy. Im extremely direct


and I do a lot of hands-on training. The more I can communicate to my
team, the more they can communicate to their team. Communication is
key for me. If I can get in their heads, they will remember what I
said and better communicate with our tenants. Its really
important to make sure everybody is on the same
page, because you never know when youre going
to have a true emergency situation.
KIRSTEN SHAWN
RISK MANAGER
BRANDYWINE REALTY TRUST

4.

Communication is the key to almost any initiative.


The goal of top risk managers must be establishing a strong risk management culture throughout
the organization by effective communication.
Doing so demands buy-in and ongoing support
from the highest levels of management. Once
that is gained, organizations must then avoid
complacency by paying meticulous attention to
the objectives and time frames established.
To strengthen the risk management case and
encourage continuous improvement, risk managers
must develop metrics to prioritize and report to the
company leaders and at the operations level.
Consider a business impact analysis, which will help
frame the risk management message in financial terms.
Quantifying exposures in terms of cost of potential loss versus cost of risk improvement will help hold the interest in risk
improvement initiatives. At the operational level, focus on the threat
of unplanned production outages.
Successful risk managers are able to communicate across the organization
that managing risk is of the highest priority and should be top of mind for every
single employee. Encourage buy-in from top managers by sharing risk assessments with senior
executives.

Our panel recommends looking for clever solutions for overcoming global issues, as well
as language and time zone barriers. In addition, they recommend careful examination of the
communication methods that work in each organization. Todays workers are inundated with
email and many plant workers dont have continuous daily access to computers. Consider communicating via text, intranet, company magazine or other vehicle.

The best practices of our expert panel include weekly or monthly e-bulletins with the latest
company-focused risk management news and co-worker driven reward programs for an individual risk improvement effort. Other best practices include central communications stations that
serve as gathering spots for departments to share risk management information and constantly
monitoring communications and any feedback provided by users.

COMMUNICATE
AND IMPLEMENT
A PLAN EFFECTIVELY

ISSUE 2 : 2015 REASON

45

5.
An insurance and risk management program
must be global. It cant only be focused on
domestic offices or ignore remote locations.
A worldwide program, with all its complexities, is a must, our experts agree. Once
again, support from top levels of management is vital in mandating worldwide compliance with an insurance and risk management program. Be sure your constituencies
understand the expectations, as well as the
benefits, of a global program.
Our panel recommends employing
strong corporate policies to centrally place
insurance and assign responsibility. These
policies will ensure local entities will not
establish their own policies. Risk managers
should nurture solid relationships with local
entities and convey to them that premium is
not necessarily the most important attribute.
Our panel explains that consistent terms and
conditions are often whats key.
Risk managers should also cultivate
relationships with controllers, as they usually have the pulse of an organization. Risk
managers can then leverage these relationships when managing acquisitions and
divestitures globally.
Our experts recommend protecting
stakeholders by gaining senior management
sign-off for any activities that go beyond
corporate risk management. They recommend using brokers and insurers to augment
the companys internal capabilities. Brokers
and insurers can help deliver the companys
risk management message and ensure the
program is compliant and has adequate
capacity. They can also stay on top of regulatory changes and conduct annual reviews
of global risk management programs.

Finally, our panel recommends sharing
claims stories internally with all stakeholders, no matter their location, so everyone can
learn from a loss experience and feel ownership in the risk management function.
46

REASON ISSUE 2 : 2015

MANAGE GLOBAL INSURANCE/


RISK MANAGEMENT
PROGRAMS

The underwriting challenges are different. We comply with all local


regulations, currency regulations; billing and paying premium can
be a challenge. We consider compliance to be nonnegotiable. There
are so many regulations in place all over the world. But that can be
resolved by working with your WorldReach partners. Local issues
come from having a global program.

JON KING
MANAGER, RISK CONTROL AND LOSS PREVENTION, PHILIP MORRIS INTERNATIONAL

We have one main objective: to ensure we understand our exposures


so that they can be adequately managed. One challenge is to ensure we use a uniform yardstick, while recognizing local constraints.
Circumstances vary from big markets to small markets, high-volume
production to specialized production, highly automated to largely
manual processes. The same solution cannot necessarily be applied
everywhere. That means everyone has to have the same awareness
of risk in order to drive continuous risk improvement. To deal with this
challenge we need to constantly communicate. Weve created a training program to share fundamental risk engineering and methodologies to a broad audience across PMI. Weve been very pleased with
the outcome of those trainings, with high satisfaction rates from the
attendees. We also see increased activity to implement risk recommendations in areas where we have presented in our seminar.
FELIPE DANTAS
MANAGER, RISK MANAGEMENT AND INSURANCE, PHILIP MORRIS INTERNATIONAL

Good risk management practices enhance shareholder


value. You dont have to think in terms of disasters
happening or their adverse effects being avoided.
Effective supply chain risk management should be
embedded in a well-run business and I think, overall,
this will positively affect the share price.
ANDY BRYSON
GROUP INSURANCE AND RISK MANAGER
COBHAM PLC

6.

MEASURE AND
REWARD SUCCESS

We made a significant upgrade to sprinkler


protection in our Kleve, Germany, facility. The
project was not cheap. To justify the project,
we took a look at the value of the property
and, more importantly, the business interruption cost to that facility to see how that
would impact AMETEK. The impact on us
for not completing this recommendation in
the event of catastrophic failure or fire at this
facility would greatly outweigh the cost of the
installation. The overall impact on AMETEK
shareholder value was a critical factor that
helped sell this project.
MARK SCHEUER
DIRECTOR, COMPLIANCE
AMETEK, INC.

An important best practice recommendation of our panel is measuring


success. It is key to gaining upper managements support, as well as an
ongoing commitment to risk management throughout the organization.

To measure success, risk managers need to understand the total
cost of risk, which includes premium, claims below deductible, internal
costs, external vendor costs and reputational risk. Risk managers need
to establish appropriate tracking metrics, and then consistently measure
the programs progress.

There are several metrics our panel recommends for tracking success, including FM Globals RiskMark. RiskMark is a fact-based analytics tool to help companies quantify and manage property risks. It
enables risk managers to precisely understand the risk of major property
loss at each facility, the potential business impact and the best solutions
to address these vulnerabilities.

Other metrics to measure success include claims closure and recommendation completion rates. Measurement could also include tracking movement in percent of highly protected risks and tracing progress
on established risk improvement plans or on a current vulnerability that
risk management is looking to improve.

These metrics should be presented to management and key stakeholders. This can be done through communication vehicles like a scorecard or annual report. The reporting should use succinct prose and
persuasive quantitative data, such as premium savings, costs vs. expenditures, and positive reports from regulators.

When presenting this type of information, take care to tie risk to
sustainability, and if appropriate tie achievements in the areas of environmental health and safety (EH&S) and life safety.

External auditors, loss control specialists, insurers and brokers can
help measure risk management success as well as help present on the
results favorably.

Our panel recommends communicating basic expectations across
the entire organization and providing recognition when significant milestones are reached.
ISSUE 2 : 2015 REASON

47

[What keeps me awake] is mitigating losses, ensuring business continuity and running cost-efficient
programs. Theres a tendency to feel at ease, to be
complacent. You need that spark to stay abreast of
changes, constantly improving processes and use
of our resources. Its a complex environment, so we
need to keep pace with those changes and make
sure we can respond in a most effective manner.

FABRICE FUENTES
DIRECTOR, TREASURY PENSION AND INSURANCE
PHILIP MORRIS INTERNATIONAL

Supply chain risk and reputation are intrinsically


linked to share price. Consider the companies
who were impacted in 2008 when a ships anchor
dragged through some of the subsea communication cables in the Indian Ocean, which in turn disrupted operations in India and the Middle East. The
event also affected offshoring operations for many
organizations. It is clear that reputation affects
share price. My view is that an organizations share
price is best managed by its reaction to a crisis. The
way you handle your public relations, staff communications and the actual incident will all have an
effect on share price.

EDWARD SHERLEY PRICE

To leverage trends, you first must identify them. Our panel recommends expanding an organizations risk horizon to investigate risks
that are typically beyond insurance, such as geopolitical concerns or
brand reputation.

Identifying important trends and understanding the issues relevant to them can help a risk manager develop appropriate ways to
mitigate these new risks. To be successful, risk managers must be
integrated into the business phases of the planning process, which
will require establishing credibility with senior executives and operations leaders. Risk managers should seize every opportunity to gain
the ear of these most influential audiences, and use that access to
explain the most compelling risks and offer mitigation measures.

Risk managers should look two to three years ahead, and recognize core and noncore risks. Among the fastest-growing trends
concerning todays risk managers are cyber risk, political risk and
climate change (specifically, the effect of a dwindling water supply
on business continuity and resilience).
Risk executives should view all new technology through a
prism of risk management. For instance, privacy concerns are currently top of mind as large-scale information breaches are rampant.
The widespread use of cloud computing is fueling such concerns.
Risk managers should ask, What risk does this technology present
to my organization? and Which suppliers hold critical data relative
to my business?

Risk managers also need to manage supply chain risks. They
should critique the business continuity plans of suppliers, and their
suppliers, and look for gaps. The same should be done for critical customers. Risk managers should execute detailed analyses in
cases where a supplier or customer will significantly impact
the companys business. Just-in-time supply chains
require exceptional resiliency.

HEAD OF BUSINESS CONTINUITY


EXPERIAN

Once an organization has outsourced elements of its manufacturing operations to third parties, it reduces the influence it has
on the risk management process. If theres an effective business impact analysis (BIA) conducted, it will highlight the most
significant of these outsourced nodes, but once you get to tier
two or three, even an effective BIA will struggle to achieve that
granularity.
ANDY BRYSON
GROUP INSURANCE AND RISK MANAGER
COBHAM PLC

48

REASON ISSUE 2 : 2015

7.

STAY ON THE
LEADING
EDGE OF TRENDS

8.

BEST PRACTICES
FOR THE PART-TIME
RISK MANAGER

Many organizations have only part-time risk


managers, meaning their daily work involves other
responsibilities, such as treasury or operations. Though
challenging, this situation does not necessarily mean the
risk management program has to be any less effective than
with a full-time risk manager. Still, a part-time risk management function typically demands a smaller-scale, more easily managed program.

To ensure even a part-time risk management program is top-notch, our
panel recommends the following best practices:
n 
Get support from the top. Nothing will make the risk management job more effective
than getting that support before a significant loss occurs.
n Make site visits to locations with critical operations to understand their vulnerabilities
and raise awareness of risk management. These visits go a long way toward ensuring
the acceptance of a risk management program throughout the organization.
n Develop a simple, deliverable risk management policy, establishing processes or procedures to address frequent challenges, and adapting practices that work well in one part
of the business and replicating them in other areas.


Part-time risk managers should also utilize internal and external resources whenever possible. Brokers, insurance carriers and FM Global account engineers can be valuable resources. Our panel also recommends utilizing benchmarking and Risk Reports to
highlight risk, influence decision-making and prioritize risk improvement capital expenditure allocation.

Esterline looks for partnerships with our brokers and our different
carriers to match our needs across the world. Its really important for
us because we have a very small risk department, so we push a lot
of that out to the business units. We partner with different carriers like
FM Global that can help. They can be there to guide us, be there as a
sounding board, and be there to help us when we build or remodel.
We use our partners a lot.
KRISTEN CARNEVALI
DIRECTOR OF TREASURY AND RISK
ESTERLINE CORPORATION

ISSUE 2 : 2015 REASON

49

Anda mungkin juga menyukai