After Edward Snowden’s escapades, how could any company fail to take simple measures to reduce its exposure to insider data theft? Yet large enterprises remain all too vulnerable to insider threats, as evidenced by the Morgan Stanley breach. And many small and medium-sized businesses continue to view insider data theft as just another nuisance piled on to a long list of operational challenges. “I suspect too many companies are fixated on outsider threats, like malware infections and external hacking, to the extent that insider threats get overlooked,” says Stephen Cobb, senior security researcher at anti-malware vendor ESET. More: 3 steps for figuring out if your business is secure A low-level Morgan Stanley financial adviser with sticky fingers allegedly tapped into account records, including passwords, for six million of the Wall Street giant’s clients. He got caught allegedly attempting to peddle the stolen records on Pastebin, a popular website for storing and sharing text files. The financial services sector has long been very proactive defending against all forms of data breaches for obvious reasons, and Morgan Stanley was able to nip this particular caper early on. Big banks and investment houses typically have highly trained teams, using a variety of detection tools and monitoring regimes designed to flush out any indication of a breach. “Often you have analysts in a security operations center hunting for abnormal activity,” says Scott Hazdra, principal security consultant at risk management firm Neohapsis. “They can often spot suspicious data movement based on quantity, destination or classification level and react in hours versus discovering data out in the wild when it’s much harder to limit exposure.” Organizations outside of the financial services industry, however, are still on the lower end of the curve understanding this exposure, much less taking even basic steps to reduce it. Given the nature of the exposure, security and privacy experts say human resource officials need to be on the front lines of mitigating insider data theft. In particular, HR department heads should be integrally involved in working with a company’s tech and security teams to define and deploy access rights to sensitive company data. “With this collaboration and the right tool sets, companies can apply access controls that restrict employees to just the information they need to perform their jobs,” says Deena Coffman, CEO of IDT911 Consulting, which is part of identity and data risk consultancy IDT911. (Full disclosure: IDT911 sponsors ThirdCertainty.) It’s a balancing act, of course. Quick and flexible access to company records drives productivity gains. At the same time, it creates fresh opportunities for granting unnecessary access privileges — and for theft. “Building data and network security policies to thwart the likely approaches to steal information is a foundation for limiting possible damage,” says Steve Hultquist, chief evangelist at security analytics firm RedSeal. “Using automation to analyze and ensure compliance with a security policy is essential for protecting customer and corporate data assets.” There should also be a structured process for communicating changes quickly to ensure that a terminated employee or departed contractor does not retain access privileges, Coffman says. “Many of the inside attacks are IT employees with elevated privileges and little oversight on how and when those privileges are used,” Coffman says. “The use of privileged accounts should be monitored and logged. Separation of duties should be required on certain functions, and an annual outside review is a good idea.” Cutting off terminated employees and partners should be swift and sure. Better safe than sorry. “Too often, organizations don’t have a complete picture of what access each employee has, particularly if they have been there a while,” ESET’s Cobb says. “Getting employee departures right involves a coordinated effort from HR, IT and legal.” A disgruntled employee, who’s not planning on going anywhere, is another type of exposure that should be addressed. American Banker is now reporting that the alleged perpetrator of the Morgan Stanley breach was promoted to financial adviser from sales assistant about a year ago and gained access to records by manipulating the bank’s wealth management software. The lawyer representing the accused adviser insists in the American Banker report that his client did not post any of Morgan Stanley’s data on Pastebin. “All managers need to be aware of morale among reports, and there needs to be a process for taking concerns to HR in a discreet way while increasing monitoring of use of IT resources,” Cobb says.

Your physical therapy (PT) costs may be $15 to $19 per visit higher than they should be. Here’s what’s going on: It’s common for therapists to perform multiple procedures at the same time on a single body part. Under nationally accepted standards (under the Centers for Medicare and Medicaid Services (CMS) National Correct Coding Initiative), the therapist is to be reimbursed for only one of these procedures. Sometimes, it is appropriate for the PT to bill for multiple procedures -- for example, if two procedures commonly done simultaneously are performed at separate times. But, unless the therapist adds a special modifier to the procedure code, only one will be reimbursed. If multiple procedures are to be reimbursed, the "59 modifier" is added to the end of the CPT code, and the treating provider documents the reason for the variance in coding in the medical notes. The 59 modifier should be on about 11% to 15% of lines on PT bills. But some payers are seeing 59 modifiers on almost ALL BILLS. It appears the 59 modifiers were not added by the therapist; they were added by a PT network company. There’s no explanation in the treatment notes for this billing practice; no evidence the affected procedures were actually performed at separate times; no indication the PT network company reviewed the treating provider’s notes prior to upcoding. No documentation, no record, no history. It appears that the intermediary was adding the 59 modifier as an automated system edit without reviewing the treatment notes. The systemic upcoding has resulted in higher costs for payers. You should look at bills processed between 2009 and 2014:

• If more than 20% of lines on your PT bills have the 59 modifier, you MAY have a problem.
• If more than 40% of the lines on your PT bills have this modifier, you DO have a problem.

For the full blog from which this is excerpted, click here.

This is the conclusion to the series of articles on whether baseline testing is worth the effort. The first two articles dealt with baseline testing from an employer's point of view and from an injured worker's point of view. We believe that those case studies were compelling. This final article will examine the statistics and, we believe, prove that baseline testing is truly worth the effort. The concept of baseline testing for soft-tissue injuries began for us when requirements for set asides were established to protect Medicare from future medical expenses for workers’ compensation and general liability claims. ln 2011, the Centers for Medicare and Medicaid Services (CMS) mandated that all workers’ compensation  and general liability claims be reported in electronic format. This change enables CMS to look back and identify if it has ever made any work comp-related payments on a patient. Section 111 of the Medicare, Medicaid and SCHIP Extension Act of 2007 establishes Medicare's status as a secondary payer under 42 U.S.C. 5 1395y (b), and this creates a right to reimbursement for any future claims related to a past workers’ compensation settlement. Therefore, this act has the potential to impose a possible risk of future liability against all parties indefinitely. Soft-tissue injuries are the leading cause of claims and costs in this challenging system. They account for at least one third of all claims and are the primary reason for lost time at work. So, we  began baseline testing for soft-tissue injuries for the transportation industry in October 2011. Since that time, we have expanded our baseline testing  program to other industries: manufacturing, retail, warehouse and construction. Our initial testing  was in Georgia and quickly expanded to Texas. Now, our program is being conducted in California, Arizona, Utah, Florida, Oklahoma, Colorado and Indiana. Since the inception of the program, we have conducted more than 15,000 baseline tests. Of those we tested, 27 have attempted to file a workers' compensation soft-tissue claim. Only five of those 27 were found to have a change in condition. ln other words, only five had a pathology that arose out of the course and scope of employment (AOECOE). No claim was accepted for the remaining 22 cases. Of the five claims that were accepted, all resolved with the appropriate treatment. Of the cases where there was no change in condition and the claim was not accepted, three went on to litigation. These cases are summarized in the following vignettes. Litigated case 1: A 54-year-old truck driver underwent the post-loss electrodiagnostic functional assessment (EFA) to compare with the baseline. She alleged incapacitating pathology to her neck, shoulder and back. But the comparison between the post-loss test and the baseline actually demonstrated improvement. It was found she had 25 prior workers' compensation claims related to the same body part. Her case ultimately went to arbitration. This complicated case settled for less than $6,000. There was a full release with language to prevent future medical care from CMS, thereby protecting the employer from the unpredictable expenses of future claims to the same body part. Litigated Case 2: A truck driver who was employed for less than a month experienced an unwitnessed fall from a truck and alleged injuries to his back, plus cumulative trauma. When the comparison tests were done, it was revealed that he had substantial pathology on the baseline that was unchanged in the EFA post-loss test.The claim remained denied based on the EFA-STM program, but he continued to receive treatment. No payments were made for the patient's care, and he continued to pursue the issue through the legal process. The employer agreed to an independent medical exam (IME) appointment to review the status of the EFA comparisons and help establish AOECOE. The IME doctor, based on the EFA reports, found no work-related injury, leading to an uncomplicated resolution of this case. Litigated Case 3 was detailed in Part 1 of this series. In summary, the results of the EFA-STM program demonstrated no change in condition, and the findings were affirmed in court. In these three case examples, no unnecessary medical care was permitted; paid time off work was shortened; and litigation was resolved earlier in the process, reducing costs. Even though people will sometimes still litigate, the baseline testing gave objective medical evidence for AOECOE conditions and supported the defense of the case. A review of the history of claims in businesses also shows that utilization of EFA –STM program significantly reduces the frequency of workers’ compensation injury claims. In summary, the EFA program leads to more accurate diagnoses and ultimately better site-specific care to the injured worker. There are far fewer litigated cases, and even these cases are less costly because the objective evidence leads to more rapid, accurate and favorable results. ls baseline testing worth the effort? Indubitably, yes!

When most people in workers’ compensation hear the term “detox” they think of chemical detox, the process of removing or reducing the prescription drugs patients are taking to deal with their pain. Indeed, injured workers on drug regimens with questionable clinical efficacy (low function, low quality of life) need to go through a process to lower the dosage and number of drugs they’re taking or eradicate them entirely. Chemical detox can be very complicated; a benzodiazepine like Valium or Xanax can take as long as 18 months to wean and should typically be the final drug weaned because of how this category of drugs complicates the medication regimen and causes side effects. Methodone or Suboxone might be added to help facilitate the weaning, but they come with their own issues -- significant clinical complications for Methodone and becoming a long-term maintenance drug for Suboxone. However, if you think of detox only as a chemical weaning process, you can miss the most important component in affecting permanent change: the psychosocial aspect. Removing dangerous drugs without any plan for addressing how claimants can physically and mentally cope with their pain can lead to relapse. Folks in the functional restoration field say that 75% of patients remain off 75% of their original drugs after 12 months if they are involved in a best-practices clinic. I’ve researched this issue over the past two years, visiting many detox and functional restoration programs. Functional restoration and detox facilities are not created equally, and not all physicians are knowledgeable or proficient in weaning. I am absolutely convinced that best practices involve an interdisciplinary treatment approach. If you do not have a team composed of a licensed MD/DO to manage the medical and addiction issues, a licensed physical therapist to increase function, flexibility and stamina and a licensed psychologist to address psychosocial issues, the injured worker won’t make all the behavioral and mental changes required to stay off inappropriate drugs. Work comp is deathly afraid of a psych-compensable diagnosis because it can open doors well beyond vocational, but we cannot ignore what happens in a patient’s conscious and subconscious mind. If you ignore the psychology behind addiction and dependency and neglect to address things like low self-esteem, catastrophizing and perceived injustice, the patient isn’t likely to truly and permanently change. Two to three months after being discharged as clean, the patient is likely to resume old habits of overusing or abusing prescription drugs. Relapse may also occur if the patient fails to learn non-pharmacological pain-coping skills like yoga, Pilates, stretching and other physical exercise. It is tempting to try to close a claim upon receipt of a clean discharge from a detox facility. After all, the drug regimen will look as good then as it ever will, and it would be naïve to think that isn’t a driver in some cases. But if the goal is to truly restore claimants to as close to pre-injury condition as possible for the long term, do your homework on those conducting the weaning and take into consideration the body-mind connection.

Whenever we're faced with a challenge or an opportunity, we tend to respond with thoughts about what should we do and how should we do it. We seldom think to ask the who questions. Who is likely to be an ally, an obstacle or an unknown? In my decades of studying strategic relationships for return on impact, it's rare to find executives investing time in truly understanding the flow of influence in their own or target organizations they seek to work with.

The result of overlooking this strategic step can be costly. Let me give you an example.

A few years ago, I flew to Chicago for a meeting with a group of executives. We had done our preparation, in light of the importance of this multiyear, multimillion-dollar project. Reviewing the attendee list, I saw one name I didn't recognize-who was this individual? When the meeting began, everybody introduced themselves with a briefing on their goals. One person chose not to sit at the conference table, but in one of the chairs against the wall. While everybody else talked, he quietly, very diligently, took notes. I became more and more curious. At the end of the meeting, the obligatory exchange of business cards took place. Everyone else had titles on their cards, VP and EVP and so forth. This one person's business card was the only one without a title. By that time, I just about couldn't contain my curiosity. I asked around and learned he was the "special adviser to the chairman of the board."

Apparently, the project we were working on was not only a priority for the executives at the table, but of interest to the board, as well. The chairman had sent this fellow to the meeting to report back directly to him. Three months later, a number of the people who had been around that conference table were no longer with the firm.

Mr. Special Adviser could be found nowhere on that organization's org chart, but his political clout is self-evident. The moral of this little story is that you ignore influence in an organization at your peril.

If I'm putting a $10 million project in front of a decision-maker, the last thing I want is someone I don't know, someone I haven't even known existed, influencing that project. I've learned from experience that, as bizarre as it sounds, too often the greatest political power or influence in an enterprise has nothing to do with the titles on its org chart.

Map the political influence structure

 

I've developed tools to help me avoid surprises from unacknowledged flows of influence, and I suggest you do, too. Create for yourself, for each organization or initiative in which you invest your relationship capital, a political road map.

Here is the shocker! It's not an app, it won’t run on your smartphone or tablet, and it doesn't use a satellite orbiting the planet. In our hyperconnected digital world, we're losing sight of the fundamentals. Think of this recommendation as learning how to write cursive when everyone else is working with Siri! (By the way, I've also researched a dozen or so called "enterprise relationship management" technologies - most are myopic at best, moronic at minimum. They're so busy trying to give you fancy graphics that their assumptions are flawed, for instance about the quality of a relationship.

Here is what you will need for this exercise: three colored markers, a straightedge, a whiteboard, some index cards and tape. Start by drawing sources of information flow. (For each individual, draw a rectangle the size of your index cards: You will add information here in the next step, using cards to keep your roadmap flexible.) Do not map the explicit power structure, but what you've observed about the influence structure so far.

Next, use your colored markers to color-code each relationship on your chart:

• Green: This person is an ally who has been visibly supportive in the past and "gets" what you are trying to do;
• Yellow: This person is neutral to your initiatives or is an unknown. Is he on the fence? Could she be swayed? Try to capture some aspect of his or her position from observable behavior;
• Red: For whatever reason, this person opposes what you are trying to accomplish. I'm also curious here whether he can be neutralized or eliminated to minimize my risk profile with the specific initiative or project.

Use your index cards to write comments and impressions about the individuals you have just color-coded. Note your questions as well as your observations. If something they've said gave you these impressions, write their words as accurately as you can recall them.

When done with this step, tape the cards to the whiteboard next to individuals' names.

At this point, your influence chart should begin to generate insights. Step back and listen to what it is telling you. Who do you need on your side? Who can you ignore? Who is already an advocate who puts wind in your sails? Add index cards with your observations.

This is the time to apply a process I referred to as strategic relationship triangulation in my book, Relationship Economics. For any piece of information critical to your political success with these relationships, you must find three independent sources to verify, validate or void the critical assumptions you are making about each person or piece of information. It's homework time. Use your relationship network and other "biz-intel" sources to triangulate the assumptions on your influence road map. Rework the position of individuals in relation to each other as new insights emerge or old ones are voided.

Relationship triangulation can help you understand the most influential sources within a team, a department, an organization or an entire industry. Who are the real decision-makers, and who works most closely with them? Knowing this enables you to much more effectively customize how you develop relationships and add value for each individual.

Does this process take a lot of effort? Yes. Is it necessary? It would be naive to think you don’t need to build a political road map based on solid research. Could your time and effort be better spent focusing on outcomes? Only once you have a solid understanding of the relationships you need to help you achieve those outcomes. Don’t treat this task as a "one and done." The chart need will frequent updates as the situation evolves.

This political roadmap allows you to quickly visualize your relationships and, specifically, your relationship assets and liabilities. Further, it helps you see whether you have enough support to accomplish your goals, or where you need to invest time and effort to build that support. When you can see who is an ally and who is an enemy, you can plan your next steps. "What can I negotiate? What can I exchange? Do I have something of value that they want?" It’s called "politics" for a reason—this kind of “horse-trading” is what our elected officials do.

Any kind of organizational sea change—a merger or acquisition, a large-scale restructure, any new line of business, any succession planning any geographic expansion requires a political road map at this level of detail. These are all highly disruptive events to most businesses.

Frankly, I see too many people blindsided by disruption because they simply failed to maintain an accurate road map of the political terrain they are trying to navigate.

By the way, if you're looking for the science behind these ideas, Google "social network analysis." You may be surprised to learn that it has nothing to do with Facebook, Twitter or YouTube!

Nour Takeaways:

1. Because influence doesn't show up on org charts, you need to invest the time and effort to visualize that information for yourself.
2. You are welcome to use my system of color-coding and notes, or develop a system that works for you that shows the flow of influence we call "office politics."
3. Rigorous triangulation allows you to trust your insights-which are invaluable when dealing with disruption.

Independent medical exams (IMEs) are widely used throughout the workers' compensation insurance industry. However, as with any tool, you generally need a good carpenter or mechanic to get the best results. Because of the time required to arrange these medicolegal exams and because of the complexities of determining causation, pre-existing conditions, degree of impairment, etc., most insurance companies and third-party administrators (TPAs) outsource this function, which generates findings that can be used in the formal claims adjudication process.

The problem with outsourcing IMEs is that it typically removes from the process the only stakeholder who actually knows the injured worker: the employer.

The employer can make better decisions about whether to request IMEs -- which are very expensive -- by looking for red flags that, in many cases, only the employer could know about.

The most basic reason is if there is a legitimate question as to whether an injury or illness was caused by a work-related accident or industrial exposure. Red flags that might indicate the need for an IME include: The accident/injury wasn't witnessed by other employees; reports of how the injury occurred are vague; or the injury was not promptly reported. Other triggers that only the employer would know include: a history of disciplinary, attendance or other HR issues; prior work history and the possibility that the employee is working a second job; or participation in sporting and recreational activities outside the workplace.

Other flags could be: Healthcare providers indicate that the employee may not be able to return to work, based on subjective complaints, or have proposed treating plans that are open-ended, with no clear-cut goals.

Other key issues that should be identified early in the claims process are: pre-existing conditions; any unauthorized medical treatment; any treatment by known "provider mills"; all litigated or potentially litigated claims; any potential subrogation opportunities; any doctor shopping; prescriptions for opioids; recommendations for elective surgery, such as on the back or for carpal tunnel issues; and any plain, old-fashioned tips from other employees.

IME providers often miss three fundamental questions: Can this injury or illness be caused by the workplace? Under what circumstances? Did these circumstances exist in this case?

Medical providers performing IMEs often make decisions in a vacuum, with little, if any, input from the employer. Leading medical experts who routinely perform IMEs state they are often "flying blind" and would have conducted a whole different physical exam or diagnostic testing if they only had more information. They tell me that they often have no idea why an IME has been scheduled. Miscommunication is common, and prior medical reports are often delayed or even lost.

IMEs should be conducted within a well-planned strategy at both the local level and the corporate level, between an employer and its insurer or TPA. The success or failure depends on active involvement and strong communications by all involved, including employers, IME providers, injured workers and insurance carriers and claims administrators.

As noted in previous articles, employers may consider using an OSHA-sanctioned "contemporaneous" medical exam - conducted at the moment of injury/illness notification but done outside the workers' compensation system. Employers may consider this approach when they suspect a difficult or potentially litigated claim in states where they have little control over the choice of medical provider or face other jurisdictional or claim-specific challenges.

Employers, whether they are fully insured or self-insured, should ask detailed questions about how IMEs are handled on their behalf. Most insurers and TPAs outsource some, if not all, of the process of scheduling and arranging IMEs. There are dozens of questions I would ask about IME panel selection and quality assurance, including; credentialing, board certification, training, continuous education, experience, expertise, reputation, affiliation with university-based teaching hospitals or sports teams, along with knowledge and utilization of AMA impairment guidelines, evidence-based treatment protocols and application of disability guidelines from state workers' comp, the Americans with Disabilities Act  (ADA) and others.

The only true stakeholder in what can be a very expensive, time-consuming and frustrating process to obtain quality IMEs is the employer. It is the employer that should be asking about "other" workers' compensation costs and whether IMEs, which often include "hidden" costs, are actually having a positive outcome in successfully denying, closing or settling difficult and contentious workers compensation claims.

The 80/20 rules applies in both workers' compensation and healthcare -- 20% of claims will generate 80% of the costs. Employers need to have strategies in place both early and often to help confirm the relationship between reported injuries and illnesses and the workplace.

The employer's ability to obtain credible and authoritative medical opinions is key to containing workers' compensation costs from medical, indemnity (lost-wage replacement), permanent disability awards and administrative, legal and other fees.

Employers need to take a much more active role in ensuring high-quality healthcare while addressing waste, fraud and abuse in the system. Employers should avoid fishing expeditions but rather use these expensive tools wisely and put them in expert hands. If you are going fishing, make sure you have the right bait, deck hand and captain.

IMEs can be a great tool or waste of time and money. It's more up to you than you think.

Dr. Ezekiel Emanuel wrote a contrarian opinion piece in the Jan. 8, 2015, issue of the New York Times titled, "Skip Your Annual Physical." Dr. Emanuel is an oncologist at the University of Pennsylvania and was an adviser to the Obama administration regarding the design of health reform. He is also the brother of Rahm Emanuel, a former presidential chief of staff.

As you can guess from the title of the opinion article, Dr. Emanuel believes that annual physicals are not worth having because they do not reduce mortality. He cites a Cochrane Review study to back up his statement. Click here to read a summary of the study by the American Association of Family Practice.

Dr. Emanuel's comments bring the following question to mind: How is one to have the evidence-based screenings recommended by the U.S. Preventive Services Task Force (USPSTF) without an annual physical?

Here is a list of some of the USPSTF screenings and interventions that studies have shown to be of value by reducing morbidity or mortality that could be accomplished at an annual physical:

1. Screening for Type II diabetes
2. Screening for hypertension
3. Screening for lipid disorders (e.g. high cholesterol)
4. Screening and counseling for alcohol abuse
5. Screening for cervical cancer every 3-5 years
6. Screening for obesity
7. Potential use of aspirin for the prevention of heart attack
8. Counseling on folate vitamin supplements for all women capable of pregnancy to prevent neural tube defects
9. Counseling overweight and obese patients to improve their diet and exercise habits

Source: American Association of Family Practice

Many of these conditions are not rare.  For example:

• 9.3% of the U.S. population has diabetes-of whom, 9 million are undiagnosed (Click here for ADA source). Assuming a U.S. population of 300 million, 9 million is 3% of the population, so three in 100 screenings would find undiagnosed diabetes. In a company with 1,000 employees, screening for diabetes would result in identifying 30 new cases of diabetes.
• 29% of the adult U.S. population has hypertension-17% are undiagnosed (Click here for CDC source). 17% of 29% is about (again) 3% of the adult U.S. population, so three in 100 screenings would find undiagnosed hypertension. In a company with 1,000 employees, screening for hypertension would result in identifying 30 new cases of hypertension.

An annual physical is a great way to address these nine proven screening tests and interventions that will lengthen life and reduce suffering. This is only a representative sample from the USPSTF.  There are actually more than nine. You would not "technically" need an annual physical, but you would have to have some other mechanism for having these screenings and interventions performed.  A similar point is made by the American Academy of Family Physicians in its review of the Cochrane study. However, the use of the doctor's office as the setting for the screening means that if an abnormality is found (i.e. diabetes, hypertension, etc.), then the doctor can prescribe an intervention.

To skip an annual physical and to not have the screening performed some other way-and followed up on-is hazardous to your health

"What do you want to be when you grow up?" I used to get that question all the time. I would say I wanted to be a doctor, a lawyer, a successful businessman. I always had an answer, but I never had a plan. I would have benefited a lot from having the person follow up and ask me, "How are you going to get there?"

"How did you get into the insurance industry?" If you ask 10 insurance agents that question, nine times you get the same answer, "I just fell into it. I had no plan to be in the insurance business."

I've spent most of my insurance career working and dealing with agents, and, while they have action items to grow their businesses, almost all of them don't have a formal planning process. Instead, they react to issues the day they are confronted by them.

It's natural to wait and react. But the best organizations in any industry always have a plan. They don't react; they act with discipline and focus.

This article can provide you with a road map for designing your current-year business plan and your long-term plan.

A plan has to be something basic that you can live by during the year -- not a 25-page document that gets put in a desk drawer and forgotten. Instead, it's a short document that sets forth the path you want to take for your agency in a given year. Plans change. They always do, based on what actually happens. But having a plan allows you to be in control of your business.

Is it too late to have a plan this year? No. There is still plenty of time. Here’s a model I've used to develop several successful business plans.

1.         Start with an assessment of your business year-to-date. How's your year going compared with last year? Is production up? How about profitability? Spend time analyzing your book of business and understand the difference between your results for the year-to-date period this year vs. last year. This shouldn't take too much time.

2.         Identify your gaps. Profitability might be up but new business production down. Why is new production down? Is it taking more leads to generate a sale? Is a new competitor pulling business away from your agency? Understand your situation. Focus on the big issues.  Nothing is ever going to be perfect, including your business.

3.         Develop solutions. This is the toughest part of any planning exercise. It's usually easy to identify a problem. It takes a lot more thought to come up with a solution, especially one that requires you to change the way you conduct your business. Try to identify little changes you can make. Pick a new lead source and experiment with it first. If it works, then incorporate it into your day-to-day operations. Implement several small changes at once. I call them "initiatives." They are more like experiments. If they don't work perfectly, that's okay, because can always learn something new about your business that you can apply to your next initiative.

Let's say new business production has fallen. It is taking your agency more leads to close a sale. One way to increase production is to increase the number of leads. That will probably increase costs because you have to purchase more leads or need additional staff to generate new leads. That will hurt your agency's profitability.

Yet, that's what most people do. I call it the "Do What You're Doing, Just Do It Better" strategy. It typically fails.

Instead, focus on new tactics. Change the way you are conducting your business. Experiment, experiment, experiment! Try different initiatives. You will typically know if they are working fairly quickly. Don't be afraid to stop doing something if it is not working. Move to the next idea and continue to iterate.

In our example, a new initiative might be to target a specific group of potential customers based on criteria you develop that makes them attractive customers. Another initiative might be to develop an affinity group that you can then target for new business. If the initiative works, you can incorporate it into your business. If it doesn't -- and you will typically know within 30 to 60 days -- move on.

4.         Create check points. You can't expect what you don't inspect. Track your agency's results on a daily, weekly and monthly basis. Meet with your staff consistently. You want to create a culture of accountability.

5.         Be transparent. You need to share your plan with everyone at your agency. Make sure your team is incorporating the overall plan into their day-to-day duties. Have you properly communicated and delegated specific initiatives to your staff? Is your customer service rep up-selling? Is your receptionist setting appointments when the office is quiet? If people don't know what you are trying to do, they will just do what they think you want them to do.

6.         Stay focused. Plans fail when people lose focus. Your job as the leader of the organization is to keep the organization on the right path. A well-defined plan provides the framework to make sure you are staying the course. It enables you to make sure everyone is doing what needs to be done.

Nothing lasts forever. Yet it is surprising how few agency owners have a long-term plan for their business. Most agencies die a slow death, keeping the agency owner a prisoner of her own business as the staff leaves and she tries to hold on to renewal commissions as long as possible.

I attribute this common situation to the fact that most agency owners don't have a long-term plan for their agency and for their personal life. In the early years of an agency, everything is focused on producing new business. As the agency matures, the service requirements of operating a P&C agency create daily challenges that keep the agency owner's attention occupied. It's easy to procrastinate until it's too late.

Stop reading this article. Grab a pen and paper and answer the following question: How do you want to leave your business? As a thriving organization that survives you? A business you can pass on to your children? To your junior partners? A business that you can sell? What's your vision for the future of your agency?

Spend some time today and put together your plan for the long-term future of your agency. Knowing where you want to be tomorrow, today, will make it more likely you will end up where you want to be.

In January 2014, SMA published the research report, Google and Insurance: Far-Reaching Implications, which hit a nerve in the industry. We followed up in August 2014 with the research report, The Shifting Competitive Landscape: A New Breed of Industry Challengers, which generated even more discussion. We noted in both reports that the future of insurance is changing more rapidly than we expected. And for those insurers operating with the long-standing, wait-and-see attitude, we cautioned that ignoring the pace of change and putting off the use of emerging technology would put companies at risk. We strongly encouraged insurers to track and assess these trends, along with other outside industry influences, and to put together a strategy that would move them toward their vision as a Next-Gen Insurer.

Now it is January 2015, and our expectations for Google have come to pass. Google is getting approval for selling insurance on its Compare site in a large number of states via a number of different insurance partners. As we predicted in the reports, companies like Google would not underwrite the risk, but they would be the primary point of contact for the customer relationship, making insurers the providers of the insurance product within Google's ecosystem.

Some in the industry may discount this as just another aggregator site from which to search, compare and select insurance, but that would be foolish. This move has much bigger implications for insurance. It represents a major disruption by a recognized innovative giant that brings an outside-in approach to customer engagement and empowerment. And the move demands that insurers re-imagine and reinvent a technology-enabled future.

This is just the beginning. Other industry companies from retail, automotive, technology and more are looking to leverage their influence, their offerings and their platforms to extend their customer relationships and experiences, which will either force traditional companies out – or force them to change. In particular, the technology companies have critical business attributes that are underpinning their rapid growth and influence:

• Customer Engagement. They are leading the re-imagination of customer engagement models across all industries, setting higher bars for customer expectations.
• Customer Demographics. These companies are part of the daily lives of customers from baby boomers to Millennials, representing a merging of the traditional with the future to create a new generation of insurance customers.
• Digital Businesses. The companies all emerged as digital-based businesses, creating customer-driven, user-friendly business and operational models that have now become the table stakes in the digital revolution.
• Innovation Leaders. Innovation is also table stakes. The investment and commitment of resources to innovation dedicated to driving new products, services and partnerships are redefining industries.
• Data Masters. These companies have enterprise data management strategies and capabilities that position them as market leaders equipped with game-changing insights.
• Capital-Rich. They have access to internal and external capital for acquiring or investing in new technology companies that can expand market reach, deepen customer engagement and put them at the leading edge of the digital and technology revolutions.

In a world of rapid change, the new competitors, emerging technologies, advancing innovation and fading industry boundaries are intensifying the challenge to traditional insurance business assumptions. How insurers respond to these changes - with a fresh set of views that combine both inside-the-industry and outside-the-industry perspectives - will very likely influence their future.

Google and other industry challengers are moving at breath-taking speed and on a high level, with innovations and capabilities emerging regularly, either through their own development or through acquisitions and partnerships. With each new capability, they are redefining everyday lives by how technologies are used and then creating products and services that leverage those technologies. And more companies outside insurance will follow, not only to compete but to capture the customer relationship and thrive in this new technology-enabled world.

While Google's move was expected, it is the coming, unexpected moves from unexpected challengers that will intensify the challenge to traditional insurance.

The future continues to unfold before our eyes. We must assess the influencers of change and develop vision and strategies for a new future. We must begin to break down our legacy assumptions and open our eyes wide to the possibilities of a very different future - a future with new competitors and blurred lines between industries. A future that re-imagines and reinvents the business of insurance.

ISO 31000 (Risk Management) and its supporting publications encompass an impressive to-do list of risk management guidelines for organizations. However, if an organization selectively pursues some of the ISO guidelines and ignores others, highly undesirable events -- even tragedies -- can occur. This is what happened with the Titanic.

ISO 31000, section 4.2, suggests we align risk-management efforts to our objectives. White Star Lines, the Titanic's builders, fulfilled this requirement. The objectives were to create a luxury liner at the lowest costs, in the least amount of time, and maybe even break the speed record for an Atlantic crossing. These were admirable goals. The Titanic also followed ISO 31000, Section 5.5.1.b., by "taking or increasing the risk in order to pursue an opportunity." The builders did so because they believed their risks were not extraordinary and could be controlled. This is a common judgment error.

THE PURSUIT OF OPPORTUNITIES, NOT AN ICEBERG, SANK THE TITANIC

The individual risk opportunities that Titanic pursued were not terribly unusual, but collectively they created a perfect storm fueled by three main, linked, cascading risks:

1. Ship design shortcomings influenced by cost-cutting efforts
2. Flaws in rivets
3. Mistakes in the operation and evacuation of the vessel

ISO 31000, Section 5.4.2, warns us that "Risk identification should include examination of the knock-on effects of particular consequences, including cascade and cumulative effects." The World Economic Forum, in its 2014 Annual Global Risk Report, highlights cascading and connected risks many times as a serious threat. The report also stated the need for better efforts to deal with such threats by supplementing traditional risk management tools with new concepts, methods and tools.

What are cascading risks?

Cascades can be beneficial, neutral or destructive. We define cascading risks as a series of interacting risks that emanate from leadership (aces) through the work culture (kings) and work processes (queens) that create bad performances (jacks) and negative feedback loops (jokers) back to leadership. Leaders then either apply learnings in creative ways or ignore the cascade signals, which can lead to disasters. Detailed cascading risk analysis can aid in minimizing such risks.

Cascade #1 That Threatened the Titanic - Inadequate Design

The Titanic’s design was not unsinkable, as was widely publicized at the time. It had many "watertight compartments," but they were open at the top, like an ice cube tray. It had far too few lifeboats, a result of cost-cutting efforts during the design phase. It had a double bottom, but that did not extend up to the waterline, where the iceberg sideswiped the ship. This design flaw was quickly corrected on the Titanic's sister-ship, Britannic, which was still under construction at the time of the Titanic's sinking.

The Titanic's builders claimed that it was constructed considerably in excess of the Lloyds registry safety requirements. Therefore, they never saw the need to seek Lloyd’s registry approval. However, Lloyds disputed that claim publicly after the Titanic sank.

Cascade #2 That Threatened the Titanic - Bad Rivets

The Titanic required 3 million rivets to hold her together. Archives tell us that, at that time, there was a shortage of riveters and the necessary materials to create high-quality wrought iron rivets. White Star's competitors converted to 100% steel rivets, which were much stronger.

The Titanic used steel rivets in the straight section of the hull but not in the front, where the iceberg hit -- wrought iron rivets were easier to rivet by hand than steel rivets in those sections. The recovery of the Titanic's wreck from the sea floor confirmed the low quality and brittleness of the rivets in the impact areas. Higher-quality rivets would have kept Titanic afloat longer and saved more passengers.

Cascade #3 That Sank the Titanic – Operation and Evacuation Errors

The Titanic was cruising near top speed, which was very risky on a moonless night through an area with active iceberg warnings. Just hours before the disaster, the captain canceled a lifeboat drill for no apparent reason. It was suspected that the captain was attempting to break a cross-Atlantic speed record. That recklessness and the collision with an iceberg sealed the Titanic’s fate. Her brittle rivets in the impact area popped off and allowed water to rush into the hull. The Titanic sank in less than three hours. 1,502 people perished after a disorganized evacuation filled the far-too-few lifeboats to just 61% of capacity.

Conclusion

Although ISO 31000 attempts to protect us from ourselves and the outside world, we cannot be selective in what we implement. We need to follow all of the guidelines and even test areas that we believe are safe. We must also heed ISO's challenge to examine cascading and cumulative effects. Effective risk-based thinking must include cascade effect thinking.