Evolution and Current Status of The Risk Manager

“We have met the enemy, and he is us”

                                      ……. Walt Keely

“Risk Managers are in the business of managing the future…..” said Tony Burlando (Risk Manager of Hillman Company  in Pittsburgh while Chairing a RIMS Task Force).

Risk managers advise organizations on any potential risks to the profitability or existence of the company. They identify and assess threats, put plans in place for if things go wrong and decide how to avoid, reduce or transfer risks.

Although, the term Risk Manager is quite known there has been strenuous efforts for about past 75+ years to professionally isolate and upgrade the status of that individual who is responsible to protect the firm from a sudden and unexpected financial downturn as a result of loss by a natural disaster or negligence.

Earlier, little thought, whatever, was given to static risk as a specialized problem worthy of high top level management concern or programs. Companies bought whatever insurance policies were considered necessary by their peers who happened to be in the sales aspect of the insurance industry. Mowbray says that “those otherwise intensely practical executives abdicated their authority when questions on risk and insurance arose and left decisions to their brokers or agents, keeping some control over amounts expended in premiums.” He adds that what records were kept and what planning was done were usually assigned to some minor individual in the office of the treasurer or the controller.

There was but little analysis of the risk problems and little planning on any except to transfer the risk to an insurance carrier for a seemingly reasonable premium. How this was done can only be assumed to have been generally haphazard.

The Evolution of the Risk Manager

The risk manager has evolved through four stages and

  • Insurance Clerk
  • Insurance Buyer
  • Insurance Manager, and
  • The Risk Manager

Insurance Clerk

He serves the role of maintaining policies sent to him the Chief Executive Officer or an insurance salesman. He pays authorized bills, sends in the claims and really neither wants, nor can have, any say in the determination of what is insured, or  what is not, or who writes the business or how.

The Insurance Buyer

His source of insurance may be an agent or broker writer but the choice of whom probably still remains with top management. He cares little about the insurance market conditions, nor the insurance carriers nor his own claim experience. What is important is that each renewal is bid by three or more companies and the lowest net price gets the business regardless of any other factors.

He also believes that for every amount of premium spent there should be a claim amount returned and that the insurance carrier is obliged to live on its investment income. He cares little about safety or insurance company inspection recommendations. His is a world of companies and coverage only.

The Insurance Manager

A skilled insurance technician, he knows coverage, markets and insurance programs. He design plans to fit the needs of his organization using what markets are available. Although, he may believe in deductibles and some approaches to self-insurance, he tends toward one big package at the lowest possible price, all things considered. His choice of broker or agent or any other intermediary is probably dictated from above although he may be able to express a limited opinion in some firms. His approach to safety and property preservation is limited. Instead he develops his savings through tough premium negotiations He tends to protect his own position through broad all-inclusive policies with high limits (referred to in the trade as “sleep insurance”) which will protect the firm and his job from any known and most unknown happenings.

The Risk Manger Evolution

Responsible for determining potential fortuitous loss to corporate personnel and assets. And, after analysis of the effect on the corporate position, fiscal and otherwise, recommends the proper approach to protecting these personnel and assets from loss. His tools are Contracts (insurance and other); Retention (full and partial); Reduction (loss control and parties).

His knowledge of the purse of the insurance community is fine-honed and he is well-educated his field. (His background will include a speaking knowledge of insurance, finance, business administration, industrial engineering, human relations, labour relations, loss control, construction engineering, and fire protection.) He must have access to top management planning at an early stage and have full backing of management to cross corporate lines with his recommendations. As his is a staff function, he can ony recommend steps to be taken by line personnel, thus, he must have corporate stature. His risk management responsibility includes all lines of coverage, on a worldwide basis, over all corporate personnel and assets. His authority toward insurance includes choice of insurance intermediary, coverage and premium negotiations and settlement of claims and power to implement his programs.

He may or may not insure; the choice of Contracts or Retention must be his. Following his analysis and identification of risk, he decides whether to assume, control, eliminate or transfer the risk. It is also necessary that he be vitally concerned with the reduction of risk through loss control and Property Preservation and the Recovery of loss through his claims control program.

Risk Manager, Responsibilities

Risk managers are responsible for managing the risk to the organisation, its employees, customers, reputation, assets and interests of stakeholders. They may work in a variety of sectors and may specialize in a number of areas including:

  • Enterprise risk;
  • Corporate governance;
  • Regulatory and operational risk;
  • Business continuity;
  • Information and security risk;
  • Technology risk;
  • Market and credit risk.
  • Responsibilities

Specific tasks depend on the industry in which a Risk Manager is working, how specialized his role is and the level at which he is working. However, key activities may include:

  1. Planning, designing and implementing an overall risk management process for the organization;
  2. Risk assessment, which involves analyzing risks as well as identifying, describing and estimating the risks affecting the business;
  3. Risk evaluation, which involves comparing estimated risks with criteria established by the organization such as costs, legal requirements and environmental factors, and evaluating the organization’s previous handling of risks;
  4. Establishing and quantifying the organization’s ‘risk appetite’, i.e. the level of risk they are prepared to accept;
  5. Risk reporting in an appropriate way for different audiences, for example, to the board of directors so they understand the most significant risks, to business heads to ensure they are aware of risks relevant to their parts of the business and to individuals to understand their accountability for individual risks;
  6. Corporate governance involving external risk reporting to stakeholders;
  7. Carrying out processes such as purchasing insurance, implementing health and safety measures and making business continuity plans to limit risks and prepare for if things go wrong;
  8. Conducting audits of policy and compliance to standards, including liaison with internal and external auditors;
  9. Providing support, education and training to staff to build risk awareness within the organization.

Risk Manager : The Current Status

Risk managers work with companies to assess and identify the potential risks that may hinder the reputation, safety, security and financial prosperity of their organisation.

Once these risks have been identified, assessed and evaluated, risk managers are then tasked with implementing processes and procedures to ensure that their client is fully prepared to deal with any potential threats.

A risk manager’s job is inspired by the mantra, “prevention is better than cure.” It’s all about avoiding threats and mitigating the effects of those which are essentially unavoidable.

Risk management careers are highly analytical and a large part of your time will be focused on conducting detailed risk assessments. This process involves analysing documents, statistics, reports and market trends. You’ll also be required to assess the organisation’s previous risk management policies and protocols.

Risk management is also about understanding an organisation’s business objectives. You’ll need to gather information about your client’s outgoings, legal responsibilities and environmental policies, and then evaluate the effects of any proposed risks against these current processes.

Life as a risk manager, however, is not just about going through information with a fine tooth comb: you’ll also need to have the ability to build relationships with your clients and their stakeholders. For instance, based on your analysis, you’ll have to produce risk reports, attend meetings and present your proposals to senior members of staff.

The kind of solutions which risk managers suggest and implement are likely to include insurance, health and safety policies, disaster recovery measures and business continuity plans. Once these have been put in place, risk managers will often return to organisations again in the future to conduct additional audits and assessments.

Position level/Reporting Structure

This person typically reports to the Executive Director, President or CEO. They are identified as the top Risk Officer in the company and may be the CFO or COO if these positions are identified as the person responsible for all activities relating to risk within the organization.

Salary and Benefits

Depending upon the nature and set up of an organization Risk managers can earn a handsome salary and benefits.  However, it’s likely that the organization will allow a new Risk Manager to start career as a risk assistant or risk analyst. Risk assistants tend to earn between Rs.3,00,000 and Rs.5,00,000 per annum, while risk analysts are usually on around Rs.5,00,000 to Rs.10,00,000. Once the individual eventually progresses into a risk manager position, he could earn anywhere between Rs.10,00,000 to Rs.1,00,00,000 a year.

Working Hours

Risk managers tend to work nine-to-five, although as one reaches more senior levels, one may be required to put in extra hours in the evening and at the weekend from time to time. For the most part, he will be working in an office environment, but occasionally he will be required to travel to other locations for client visits.

Many risk managers eventually choose to become freelance contractors. Ironically, this career path has a lot more risk involved, though self-employed risk managers can earn a lot more money.

Conclusion

Professor Yacov Haimes, Director of the Center for the risk Management of Engineering Systems at the University of Virginia in a write-up titled “Total Risk Management” defined the role of Risk Manager as :

“A systematic, statistically based, and holistic process that builds on a formal risk assessment and management and addressed the set of four sources of failure within a hierarchical multi-objective framework :

  1. Hardware failure
  2. Software failure
  3. Organizational failure
  4. Human Failure

Roy Amara and Andrew Lipnski illustrated why the role of Risk Manager is becoming an essential discipline in an uncertain society :

“The environment the Corporation faces today-and will face increasingly in the future – is markedly different from the past. The most important difference is the much higher levels of uncertainty at which they operate. Corporate Risk Managers are now confronted with a much wider variety of economic, social, regulatory and competitive factors influencing performances. At the same time, the level of understanding of how these factors, singly and jointly, influence achievement of corporative objectives is not keeping pace with management needs.”

The trick for the Risk Manager is to discover not how to avoid risk, for this is impossible, but how to use risk to get more of the good and less of the bad. The search for safety is a balancing act.

The best suggestion came from Christ Best, the editor of Foresight, who once wrote :

“Why should a business whih plans its activities no more than five years ahead, at the most, be concerned about the latent disase responsibilities which it might be incurring but which are unlikely to manifest themselves for ten, twenty or more years?????? Or about the accidents which have a one in 150 years probability ????? This the essence of the role the Risk Manager faces…………”


Author : Lajpat Ray Chandnani


Published : The Insurance Times, August 2018 issue