Tag Archives: mandel

How to Manage Claims Across Silos

The long-minimized and largely untapped synergy between casualty claims and benefit programs may offer opportunities for both industries.

Some argue that these worlds are just too different and distinct to bring together, whether through simple alignment or partial to full integration. Managers are often more comfortable in their own functional areas, and sometimes crossing over can stretch expertise and focus. Fundamentally, however, claims are claims.

There’s been a shift in thinking and a growing interest in a more collaborative, aligned and even fully integrated services approach – one that takes many forms but that at its core incorporates a more combined strategy from date of incident through claim closure. The targeted goals for this approach are:

  • Ensuring an appropriate employee experience throughout the life of the claim
  • Targeting and delivering optimal outcomes
  • Minimizing the cost of risk associated with the reasons employees are under medical care or unable to contribute productively to their employer’s mission

Shared Goals

On its face, the value of collaboration seems obvious. From both an employee benefits and risk management perspective, providing care for the individual is of the utmost importance. One of the main objectives is ensuring the right outcomes, which includes leveraging the basic skills of investigation, verification, documentation and equitable resolution that are common between these two realms.

The nuances and distinctions that exist between them are not insignificant, but the key goals are the same – caring for people under medically related distress (regardless of source), minimizing disruptions to workforce productivity and closing claims efficiently and effectively with fairness to all parties and their respective goals and objectives.

Although these objectives have varying levels of importance in each field, they are fundamental to process effectiveness in both. This is not to say that there aren’t peculiar and unique aspects of each that require certain expertise and skills to achieve specific goals.

However, while blending skill requirements among a common group of claims professionals can be challenging, it is not rocket science. Defining and filling positions to enable successful claims handling in both worlds is eminently doable. The biggest hurdle may in fact be the necessary collaboration between these typically distinct functional areas and their leaders.

Many employers are already effectively managing employee injury and disease exposures. There are discernible trends emerging toward fewer silos and more performance-oriented measurements that are focused on short- and long-term strategies. Those companies taking a more collaborative approach can benefit from key elements such as:

  • Compassionate care that puts employee interests first
  • Integrated reporting and measurement across departments
  • Robust analytics that result in prescriptive actions with impact
  • Innovative tools targeted to specific process opportunity areas
  • A more holistic focus on the care of affected employees
  • The over-arching goal of a healthy, productive workforce

So whether or not you have direct responsibility for both functional areas, I urge you to lead the charge that would leverage this opportunity for the benefit of your organization.

How Much Cyber Risk Should You Take?

I have been spending a fair amount of time over the last few months, talking and listening to board members and advisers, including industry experts, about cyber risk.

A number of things are clear:

  • Boards, not just those members who are on the audit or risk committee, are concerned about cyber and the risk it represents to their organizations. They are concerned because they don’t understand it – and the actions they should take as directors. The level of concern is sufficient for them to attend conferences dedicated to the topic rather than relying on their organizations.
  • They are not comfortable with the information they are receiving on cyber risk from management – management’s assessment of the risk that it represents to their organization; the measures management has taken to (a) prevent intrusions, (b) detect intrusions that got past defenses and (c) respond to such intrusions; how cyber risk is or may be affected by changes in the business, including new business initiatives; and, the current level and trend of intrusion attacks (some form of metrics).
  • The risk should be assessed, evaluated and addressed, not in isolation as a separate IT or cyber risk, but in terms of its potential effect on the business. Cyber risk should be integrated into enterprise risk management. Not only does it need to be assessed in terms of its potential effect on organizational business objectives, but it is only one of several risks that may affect each business objective.
  • It is impossible to eliminate cyber risk. In fact, it is broadly recognized that it is impossible to have impenetrable defenses (although every reasonable effort should be made to harden them). That recognition mandates increased attention to the timely detection of those who have breached the defenses, as well as the capability to respond at speed.
  • Because it is impossible to eliminate risk, a decision has to be made (by the board and management, with advice and counsel from IT, information security, the risk officer and internal audit) as to the level of risk that is acceptable. How much will the organization invest in cyber compared with the level of risk and the need for those same resources to be invested in other initiatives? The board members did not like to hear talk of accepting a level of risk, but that is an uncomfortable fact of life – they need to get over and deal with it!

The National Association of Corporate Directors has published a handbook on cyber for directors (free after registration).

Here is a list of questions I believe directors should consider. They should be asked of executive management (not just the CIO or CISO) in a session dedicated to cyber.

  1. How do you identify and assess cyber-related risks?
  2. Is your assessment of cyber-related risks integrated with your enterprise-wide risk management program so you can include all the potential effects on the business (including business disruption, reputation risk, inability to bill customers, loss of IP, compliance risk and so on) and not just “IT-risk”?
  3. How do you evaluate the risk to know whether it is too high?
  4. How do you decide what actions to take and how much resource to allocate?
  5. How often do you update your cyber risk assessment? Do you have sufficient insight into changes in cyber-related risks?
  6. How do you assess the potential risks introduced by new technology? How do you determine when to take the risk because of the business value?
  7. Are you satisfied that you have an appropriate level of protection in place to minimize the risk of a successful attack?
  8. How will you know when your defenses have been breached? Will you know fast enough to minimize any loss or damage?
  9. Can you respond appropriately at speed?
  10. What procedures are in place to notify you, and then the board, in the event of a breach?
  11. Who has responsibility for cybersecurity, and do they have the access they need to senior management?
  12. Is there an appropriate risk-aware culture within the organization, especially given the potential for any manager to introduce risks by signing up for new cloud services?

I welcome your thoughts, perspectives and comments.

10 Building Blocks for Risk Leaders (Part 5)

Important things in life are not easily reduced to 10 steps. Nevertheless, this series provides a list of 10 building blocks to achieving long-term success in risk management from someone who has spent more than 25 years striving to carve out the most satisfying career possible, while never losing sight of the attributes attached to the bigger picture. Part 1 is here, Part 2 here, Part 3 here and Part 4 here. This is the fifth and final part.

9. Advance the Profession by Finding or Creating Personal Vision

The concept of innovation is directly and explicitly tied to risk and risk management. Put simply, there is no innovation without risk. Part of this paradigm is taking personal risk to move the discipline forward to places others may not have imagined. In the realm of risk management, settling for the status quo is to be avoided at all costs . Nothing stays the same for long, and a core competency of a true risk leader is having the gumption to push back on owners, which sometimes means questioning authority.

Just as the overall business environment is ever-evolving, the myriad internal and external drivers that can affect the risk profile of organizations must be carefully monitored. It is in this monitoring where the willingness to challenge conventional thinking and the status quo can lead to change, and risk-taking behaviors can be shifted to be more in line with risk appetite and tolerances. A vision for more innovative processes, tools and techniques can be developed, as well as an enhanced view into the murk of risk itself. Importantly, this demonstration of risk leadership will lead to the evolution of risk leaders’ personal vision for more effective risk management for their organizations.

If we haven’t learned anything else since that fateful day on Sept. 11, 2001, we’ve learned that new risks emerge with increasing regularity and seem to have increasing relevance to enterprise success. Furthermore, these new and emerging risks often fall into the strategic category, so they are often not easily measured or mitigated. All this speaks to the need for continuous improvement and innovation in how risk management is practiced and how it affects the design and execution of the organization’s risk framework and model. While personal vision for risk management is necessary — for personal satisfaction and the long-term success of the firm — no two frameworks or models are exactly alike, just as no two firm risk profiles are identical.

By crafting risk strategy, framework and model around the continuously evolving needs of the firm, risk leaders’ vision for risk management will take shape. As it is successfully implemented, this vision will also drive the risk profession forward, through benchmarking, networking and professional external collaborations, allowing all risk practitioners to improve, as well. This is the perfect segue to the last element of a personal risk leader success profile.

10. Give Back

Giving back to the next generation and to communities and nonprofit organizations (some of which can’t afford the cost of risk expertise, e.g., churches and civic organizations) is essential to developing a well-rounded leader and person. But giving back goes well beyond even service to the community and to nonprofits. In the larger context, giving back includes various strategies to help others. Examples include employing interns on a regular basis and taking the time to coach and mentor them well. Too often, intern programs are mismanaged or even abused as sources of raw labor out of which no real development or education occurs. This destroys the attraction to enter the risk profession. Because these programs—done well—can be the source of exceptional talent, it behooves all risk leaders to take advantage of intern sourcing when feasible and include it as a key component of long-term resource planning.

Giving back is also accomplished by bringing the risk leaders’ considerable knowledge to various forums, such as at conferences and industry meetings, through presentations and participation in efforts to discover new solutions to problems. While the primary goal should be to help others, it almost always includes mutual benefit. Many of my colleagues say they actually get more out of this effort than they put in. That has certainly been true for me.

Another example of giving back is the Spencer Educational Foundation’s Risk Manager in Residence Program. This program provides funding for risk experts to bring that expertise into higher educational institutions through a series of lectures and teaching done with the collaboration of selected professors whose goal is to bring diverse experiential learning to students pursuing risk and insurance degrees. This program has been instrumental in highlighting for students the opportunities available in the risk discipline.

There are many opportunities to serve other organizations through volunteer board and advisory positions, where risk experience and expertise is made available to help these organizations, particularly with risk governance. A residual benefit of this activity is broadening the network of contacts and relationships outside the industry, where a clear demand for risk expertise is almost always needed, but infrequently recognized or acted upon.

Last, but certainly not least, is the ever-present opportunity to mentor and coach others to help them achieve their career goals. This is a fundamental responsibility of every manager of people. But it really gains traction with others when those outside the immediate work circle ask for mentoring or coaching, as they recognize and value the deep and broad expertise they can learn via a mentoring program. Usually accompanying that is a keen understanding of the political, social and cultural aspects of work life that those with less experience often find challenging to navigate. One benefit of this activity is a deep and lasting gratitude that is too infrequent in day-to-day business interactions. The related personal satisfaction is often immeasurable and certainly lasting. Personal brands are enhanced, and those being mentored can close the loop on what a true risk leader profile looks like.

Conclusion

There you have it—my list of 10 building blocks for long-term success in risk management. All functions need great leaders to achieve high performance, and risk leaders have more than their share of hurdles to overcome in the process. And yet, those who stick their necks out and take the personal risk associated with doing extraordinary things often succeed in doing so. I urge you to think big about the possibilities of a career in risk and consider these 10 important things that can help define the correct path to take.

After all, no risk, no reward.

10 Building Blocks for Risk Leaders (Part 4)

Important things in life are not easily reduced to 10 easy steps. Nevertheless, this series provides a list of 10 building blocks to achieving long-term success in risk management from someone who has spent more than 25 years striving to carve out the most satisfying career possible, while never losing sight of the attributes attached to the bigger picture. Part 1 is here, Part 2 here and Part 3 here. This is Part 4 in the series.

7. Developing the Bench

While all managers are expected to develop their employees, this aspect of management is harder in risk management than in many other disciplines or functions, if only because of the often smaller teams. But getting the right bench strength established is essential to getting the risk management fortified for the hard times that will inevitably arise. The right bench will also improve the chances of sustained success.

Just finding great people is hard enough. In the risk management world, keeping them can be more challenging for a variety of reasons, including limited upward mobility because of the small team size. However, there are ways to deal with this limitation. For example, GE is well-known for running talented managers though the audit function, where managers have opportunities to gain a broader and deeper understanding of what makes the business tick.

Taking a similar approach with risk management accomplishes the same goals and argues for a regular rotation of talent through both risk management and operations. This allows talented people to be exposed to other leaders and their functions, perhaps opening doors of opportunity. Doesn’t that detract from developing long-term risk leaders? At first blush, it may look that way. In reality, the approach furthers another goal all risk leaders should have; namely, to make every employee into a “little risk manager” for the specific risks for which they are accountable.

While the actual direct report bench of the average risk department will often appear shallow, it can be deepened by considering all employees as a part of the risk team and emphasizing risk stakeholders who can be rotated through risk management to help build a risk culture. Be sure to consider vendor/supplier partners to be part of the team. As we’re all in the risk game together, it behooves every risk leader to look at teams in this broader, more inclusive fashion.

Finally, don’t forget interns. Many view interns incorrectly, as a drag on an already small team, requiring time-consuming training, coaching and direction that fully trained employees may not. Others think interns are only good for mundane tasks and end up underutilizing their skills. But if there is a good intern recruitment strategy—recruiting from the “right” schools and presenting an attractive case for why students should intern in risk management—great interns will be discovered who can materially contribute to the success of both the team and its mission. The key is to not think of them as “temps” but as those who lend themselves to being developed over time for full-time roles. This approach will demonstrate commitment to a solid intern program, which in turn will attract the best and the brightest and broaden the recruitment and team effectiveness strategy.

8. Supplement Value Preservation With Value Creation

While protecting and preserving is job one for risk leaders, the bigger opportunity is helping others understand what it means to exploit risk for gain. This is a foreign concept to many because they don’t think in terms of risk when they’re stress-testing a strategic plan and its component parts . Therein lies the tremendous opportunity to find a way into the planning process, by helping planners make this connection, and understanding the relationship between risk and success.

Because every risk represents the possibility of failure for organizations, the ultimate challenge for all risk leaders is getting a seat at the planning table, to educate, inform and contribute to the thinking of those charged with plan development and measurement. Don’t be fooled into thinking , however, that acceptance in this realm is a slam dunk. Just as the value proposition for enterprise risk management has been difficult for many to articulate and sell, so planners are naturally skeptical about allowing risk managers to participate directly in their process. Part of this reluctance comes from the reality that, in many organizations, the C-Suite is not sold on risk management as a strategic contributor to helping define success for the enterprise. This stems from the dated perception of risk managers as “just insurance” managers. But, as entrenched as that perception may be in many organizations, it is changeable. That is the challenge.

Central to changing this perception is helping educate key management on how risk can and should be leveraged for gain—the upside of risk. Every risk leader needs to educate and make organizations more aware of risk “opportunities” and be willing to take the personal risk associated with doing so. This personal risk is one reason many risk leaders have not evolved into the strategic advisers that can be the pinnacle of the profession. Don’t assume that, just because someone is adorned with the title of chief risk officer, that she is actually acting as strategic adviser. Many are just high-level risk owners with accountability for some related processes, rather than truly “enterprise-wide” risk leaders.

10 Building Blocks for Risk Leaders (Part 3)

Important things in life are not easily reduced to 10 easy steps. Nevertheless, this series provides a list of 10 building blocks to achieving long-term success in risk management from someone who has spent more than 25 years striving to carve out the most satisfying career possible, while never losing sight of the attributes attached to the bigger picture. Part 1 is here, and Part 2 is here. This is Part 3 in the series:

5. Racking Up Points with Senior Managers

The points that risk managers offer up are not always creditable “points” in the eyes of senior managers. To be so, they should be tied to the things that matter most to the organization and that can be traced, at least indirectly, to mission accomplishment. In other words, what matters most is contributing to the success of the enterprise—not just reducing the cost of risk, which is the longstanding focus of many traditional risk managers. That is not to say that reducing the cost of risk is not important or that it doesn’t contribute to organizational success. It does, especially where the total cost of risk (TCOR) is a material factor in total expense. Yet, to be recognized as making a significant contribution to the success of the enterprise, risk management practitioners must find a way to connect more directly to the successful delivery of strategic priorities, by supporting the objectives that underlie them. It’s about putting the right points on the board and, as a result, being seen as more relevant to strategic imperatives.

This is often easier said than done. Among the challenges are questions about whether the risk management employee has the qualifications and expertise to successfully contribute. The risk management employee often faces retorts like these: “Don’t we already account for risk (often called business challenges by planners) when we set the plans?” “This risk input is not translatable for purposes of plan development and is therefore not helpful.” “There is no time to conduct the assessments and measurements of relevant risks that would allow risk inputs to be properly considered.” “Our C-Suite sees no substantive reason to open the process up to more contributors when time is often of the essence and the dialogue is reserved for only the true strategists in the enterprise.”

Untitled.pdf

The chart above, from The Global CFO Study 2008: Balancing Risk and Performance Within an Integrated Finance Organization, reflects that risk managers, even chief risk officers, are perceived by chief financial officers as more tactical in mindset than strategic.

Never fear: Perceptions can be changed .

This article is not intended to provide all the answers to barriers to entry and success in collaborating with planning. However, it is intended to emphasize the importance of this collaboration and the critical need for all risk leaders who aspire to true relevance and influence to spend the political capital necessary to knock these barriers down or at least minimize them. The bottom line is that the only reason corporate goals and objectives are not met is that one or more risks have not been properly identified and managed. That makes risk management a critical component of organizational success.

6. Establishing Yourself as Essential to Others’ Success

Risk management stakeholders can’t succeed without the right risk strategy and, most particularly, the right risk leader who understands their priorities and knows how to build relationships of mutual benefit. And, risk leaders can’t succeed without successful stakeholders. Unfortunately, relationship-building has not generally been a strong suit of many risk managers, myself included (early in my career). Risk employees who move out of their comfort zone will discover this is the key tactic to use in building these relationships. Staying in traditional roles is ultimately a strategy doomed to keep you in a rut.

Even when dealing with hazard or traditional risks, it is no longer possible to do the job with excellence while staying in that comfort zone. All the many forces of culture and the challenges of the business will eventually shine a bright light on risk management personnel and their contributions, or lack thereof, to the organiza- tion’s success.

While reducing the cost of risk and bringing home expense reductions is important to most competitive enterprises, it is less important for those that are flush with profits and cash. So, it is important not to get myopic about the cost of risk as a key measure of success. Consider what others things define and drive organizational success, and figure out how to connect to them.

It is only through collaborating with risk stakeholders and showing them the value that risk leaders bring to the table that long-term success will be achieved. Spend the time to reach out to stakeholders, learn their exposures and gain sufficient knowledge about how they manage these exposures and their priorities. That way, risk leaders learn when to challenge an assessment that doesn’t look quite right and can do so with the risk intelligence and personal gravitas necessary to earn confidence. By helping owners effectively manage the risks that directly affect their own success, risk personnel will be welcomed to the team as their “street cred” is established and acknowledged.