Tag Archives: rmi

Let’s Sponsor a Free Online RMI Course

The average age of an insurance professional in the U.S. is around 60 years old. Estimates place the giant wave of retirements coming our way at around 50% by 2020. The U.S. Department of Labor estimates that between retirements and growth we’ll need to hire 400,000 people in the next decade. That’s a lot of people!

Risk Management and Insurance (RMI) programs at colleges and universities have become more popular over the last few years, but they still only exist at fewer than 100 out of the 3,000-plus institutions in the U.S. RMI programs produce amazing graduates, but they only feed 15% of our hiring needs each year! So 85% of our new hires come without any sort of insurance background or education. Each company has to take the full expense of training these new insurance pros, and retention is lower because those people haven’t committed to a career in insurance; they might still be testing the waters.

See also: A New Paradigm for Risk Management?  

At the same time, college has gotten more expensive, and total student loan debt stands at around $1.3 trillion! That debt is very scary to potential college students, and many are choosing to forego going to college to avoid going into debt. This is bad for their future employment, but it’s also a waste for us; we could use their talents if we just played our cards right.

This is where today’s crazy idea comes in. We should come together as an industry and ally ourselves with an online education provider such as Coursera. Coursera offers massive open online courses (MOOCs) from world class universities in video format, with intra-video quizzing, group projects, automated grading of multiple choice tests and student peer grading of papers. You can take almost any Coursera class for free, or you can pay a small fee to get a certificate proving you passed the class. Coursera even has cool technology to verify you’re doing your classwork yourself instead of paying someone else to take tests for you.

Currently, there is not a single insurance and risk management class on Coursera. The only classes that come up in a search have to do with health insurance exchanges or with product and portfolio financial risks.

See also: The Sad State of Continuing Education  

We should come together as an industry and sponsor a free (or almost free) risk management and insurance program on Coursera, available to ANY student who is interested. We would work with the school to make sure the curriculum teaches them the things employers in the industry need them to know, and we could even split it into an “associate” type program meant to train customer service rpepresentatives (CSRs) for agencies and a more in-depth “bachelor” type program meant to train future underwriters, agents and claims and other industry professionals.

This could be a cost-effective way to make big strides toward solving our talent crisis, and it would help us improve our image overall. Who’s in?

This article originally appeared on InsNerds.com.

7 Reasons to Major in Insurance

1. 100% Employment: One of the big reasons to go to college is to make sure you’re employed in a good career after you graduate. The insurance industry is predicted to continue growing for decades, and the existing risk management and insurance (RMI) programs only feed 15% of its needs each year, which means if you graduate with an RMI degree you’ll be a hot commodity! RMI programs had 100% employment, even through the 2008-2012 recession.

2. An RMI degree is basically a focused business degree: Majoring in business is a very popular choice already, but it’s a very general degree that usually takes a few years to really get you a solid career. RMI degrees are usually housed by a university’s school of business and have all the usual classes you’d get in a business degree (accounting, finance, marketing, statistics, management, etc) with the addition of a few RMI specific classes. What this means is that even if you change your mind and decide you don’t want to work in insurance (which you won’t), you can still easily get the same jobs that you would have been getting with a general business degree.

3. It is preparation for a career making a difference: If you love making a difference in the world, you’ll absolutely love the insurance industry! Even though we get a bad name in the press sometimes, the reality is that we are here to help people and businesses get back on their feet when unexpected things happen, and being a part of that is very rewarding. Also, many carriers offer time off to volunteer and to study for insurance designations.

4. Insurance is an incredibly stable career: The economy will continue in its ebbs and flows, and that means every few years people will lose their jobs when the economy contracts. Some very popular careers like banking, consulting and real estate are usually among the worst-hit when the economy slows. Insurance is incredibly stable because pretty much regardless of what happens in the overall economy, people and businesses continue to need insurance. This means career stability for you!

5. You’ll have more vacation than most of your friends: Most insurance carriers start you up with around 18 days of vacation a year. That means much more time off than most employees just starting careers in other industries.

6. Your senior year will be a LOT less stressful: RMI majors are expected to continue to be in high demand and feed only a portion of the insurance industry’s need for new talent, which means that a lot of RMI majors have accepted great job offers by December of their senior year, a good five months before graduation, and senior year is a lot more fun when you don’t have to worry about finding a job afterward.

7. You’re pretty much mathematically guaranteed to be in demand: The current makeup of the insurance industry workforce is very mature, meaning that 1 million insurance professionals, 43% of the workforce, are expected to retire in the next 10 years. In addition, the industry is growing and is expected to create 400,000 jobs. RMI majors are already pretty much immune to unemployment; they will be in increasingly high demand right around the time you graduate!

You pretty much can’t go wrong by majoring in RMI! There are not a lot of RMI schools out there, so click on the map below to open an interactive map of RMI schools. Schools marked in red have a full RMI major while schools marked in green have an RMI minor or concentration.

Risk Appetite

How to Link Risk and Strategy

This is Paper 5 of a series of five on the topic of risk appetite and associated questions. The author believes that enterprise risk management (ERM) will remain locked in organizational silos until boards comprehend the links between risk and strategy. This is achieved either through painful and expensive crises or through the less expensive development of a risk appetite framework (RAF). Understanding of risk appetite is in our view very much a work in progress for many organizations, but RAF development and approval can lead boards to demand action from executives.

Paper 1 is the shortest paper and makes a number of general observations based on experience working with a wide variety of companies. Paper 2 describes the risk landscape, measurable and unmeasurable uncertainties and the evolution of risk management. Paper 3 answers questions relating to the need for risk appetite frameworks and describes their relationship to strategy. Paper 4 answers further questions on risk appetite and goes into some detail on the questions of risk culture and risk maturity. This paper, Paper 5, describes the characteristics of a risk appetite statement and provides a detailed summary of how to operationalize the links between risk and strategy.

What are the characteristics of an effective risk appetite statement?

The purpose of a risk appetite statement (RAS) is to provide clear guidance to people, at all levels, of the ranges of risk within which they are required to operate in pursuit of objectives. An RAS exists within a risk appetite framework (RAF). The RAF is the ‘’overall approach including the policies, controls and systems, through which risk appetite is established, communicated and monitored.’’[1]

As a particular RAS is devolved down through an organization, its content will change based on the intended recipients. For example, a RAS at:

  • Group executive level will be high level and inclined toward expressing appetite for risks to objectives that deliver value and increase performance. The RAS will describe objectives, risks, expected returns and control(s) requirements,
  • Middle management level will articulate levels of tolerance that, if breached, will require escalation and “circuit breaking” reports, with priority given to immediate interdictions and a review of internal controls,
  • Business unit level will be more detailed and inclined toward expressing risk limits and internal controls.

A RAS that is not explicit and clearly communicated has limited value. For this reason, a RAS exists within a compendium of (risk appetite) statements that take their root at the intersection between a particular group-level objective and its associated subsidiary objective(s).

The RAF, like the strategic plan, is explictly approved by the board. Properly crafted and implemented, it has powerful utility to directors in that the RAS approval process requires a series of linear RAF discussions. Wisely conducted, these discussions can result in a peeling back of the many layers of complexity  associated with operational drivers and the business model. Independent, non-executive directors (INEDs), in particular, can find this immensely useful as most INEDs will typically only possess a relatively superficial understanding of the principal operational exigiencies that drive performance.

The RAF discussions will include discussions on:

  1. Explictly stated objectives[2] and where they reside on the risk appetite continuum,
  2. The associated subsidiary objectives[3] and where they reside on the risk appetite continuum,
  3. First RAS drafts at group and subsidiary levels,
  4. RAS approvals, once operational and business model implications are fully understood and satisfied.

RAF template headings:

RMI offers frequently used headings that we use in helping organizations develop their RAFs.

  1. Mission/purpose/mandate:

a. Large, privately held companies will have clearly established and communicated mission statements, etc.

b. For a large number of regulated entities in Ireland, this will reflect the goal set by the parent for the subsidiary,

c. For public companies, this will be reflected in the legislation establishing the entity,

2. Strategic initiatives:

a. Very many organizations will not have a board-approved, 10-15 year strategic plan. Rather, they will have business plans within which various strategic initiatives are either implied or explicitly stated,

b. The development of a strategic plan is outside of the scope of a RAF, but each document informs the other,

3. Board (risk committee) statement of risk assurance requirements: This is a prescriptive statement addressing a wide range of requirements and would include the following, among others:,

a. Objectives that are clearly articulated, aligned with strategy and performing to expectations,

b. Risks to objectives that are identified, assessed and evaluated against approved risk criteria,

c. Risk treatment plans that are executed efficiently and effectively, increasing the likelihood of achieving objectives,

4.Objectives: As discussed above,

5. Risk appetite continuum: five-level continuum against which company (group and subsidiary) objectives are mapped relative to appetites for risk (from very high to very low)

6. Risk appetite statements:

a. Overall group RAS

b. Objectives level RASs’

c. Risk treatment level RASs’[4]

7. Risk criteria tables (risk tolerances and limits)

a. Five levels (substantial, down to negligible impacts),

b. Measurable risk limits[5]

c. Measurable risk tolerances.

How can organizations ensure that RAFs are both actionable and measurable?

The RAF is to the board of directors what risk management is to the rest of the organization. As such, there is a direct correlation between the efficacy of the RAF and the efficacy of the risk management framework. Ensuring that RAFs are both actionable and measurable requires an understanding of how boards work in this particular context.

When RMI converses with board members and the executive, we share what we call the RMI “Tell me, Show me, Prove it to me” questions.

Questions will vary from company to company, but broad results in terms of an informal scoring that we would thereafter apply do not vary greatly.

For example:

  • Tell me: (Score: 3/10)
    • How you relate your strategic plan to critical objectives and their associated key performance indicators (KPIs),
    • About your board audit/risk charter,
    • Risk management framework.

We are told about external attestation (sometimes exemplary), policies, board committees and rich processes.

  • Show me: (Score: 5/10)
    • Your strategic plan/objectives statements,
    • Your risk register and how it links to objectives, KPIs and threats/risks to the enterprise,
    • Your risk appetite statements,
    • Your risk treatment plans,
    • Your top five contingency plans.

We find that most of these documents do not always exist and that the Excel spreadsheets, word documents and Power Points (invariably with differing formats for different parts of the organization) make no consistent reference to objectives, other than obliquely. In addition, we find that original risk reports are edited on multiple occasions as they travel from original risk owners to the executive and the board.

  • Prove to me that: (Score: 2/10)
    • Your risk register is not just a list of risks,
    • Top 10 risks are the real top 10,
    • Risk owners actually provide input to the flow of information and ultimately to the risk register,
    • Known issues and risks on the ground can be escalated to decision makers, without jeopardy to the originators of information,
    • Dynamic risks can be aggregated in real time and with confidence because of your data governance practices,
    • Your crisis management team (CMT)[6] is developed and capable.

We find that risk data governance is so poor that answers to these questions can only be determined after manual searches over a number of days. This is compounded when, invariably, we also find that managers have not been adequately trained in the use of common language, risk management processes or board risk-assurance requirements. Furthermore, we find that  ‘’risk culture’’ is such that people are disinclined to speak up with regard to matters giving them cause for concern lest they jeopardize relationships with colleagues and their next reports.

We therefore recommend that fundamental questions for the CEO and INEDS should include:

  1. What demonstrable evidence do you have that your top five group risks are the right top five?
  2. Can you monitor threats and risks to objectives in real time, and what kind of dynamic tests can you run on your red flags?
  3. What proofs do you have that management is capable of switching from business as usual, to delivery of credible solutions to stakeholders under abnormal/adverse conditions?
  4. Where are you in terms of risk maturity, and how do you know?

RMI also recommends the following framework, which summarizes how to ‘’Operationalize the links between Risk and Strategy,’’ ensuring that RAFs are measurable and actionable.

The framework is summarized as follows:

  1. Reporting to the CEO:

Strategy/Risk Program Office reporting to the CEO and Board Audit/Risk Committee, with:

  • Focus 1: Defend operations, reputation, business model,
  • Focus 2: Exploit opportunities faster than less adaptive competitors.

2. Board Audit/Risk Committee:

Executing responsibilities with regard to risk in the manner described earlier in this paper and in particular as described in the RMI answer to the FAQ: “What are characteristics of an effective risk appetite statement?”

3. Data Governance: Putting System to Process:

Understanding the significance of integrating:

  • Executive and management (risk) training;
  • Inclusion of risk management KPIs in annual appraisals, and
  • Deployment of a database solution designed and specified to the ISO 31000 series

(Note: Lessons learned from the global financial crisis include that database solutions, by themselves, are not the solution. The adage, “poor information input, misinformation output,” is appropriate and reminds us that tools and techniques in the wrong hands can precipitate disaster.)

4. Library of Responses to Top 5-10 Threat/Opportunity Rehearsals

Seminal works that have been undertaken include:

  • 1996: The Impact of Catastrophes on Shareholder Value: Rory F. Knight & Deborah J. Pretty, The Oxford Executive Research Briefings, Templeton College, University of Oxford, Oxford OX1 5NY, England[7].

What contributed to catastrophic failure?

  • Poor crisis management,
  • Failure to recognize the significance of the event early enough in the crisis,
  • Poor stakeholder communications, including with news and social media,
  • Lack of awareness of the potential for reputational damage,
  • Failure to appreciate the importance of transparency early enough,
  • Failure to learn from prior experience (even with the same company).

Resilient Companies:

  • Have exceptional risk radar,
  • Build effective internal and external networks,
  • Review and adapt based on excellent communications,
  • Have the ability to respond rapidly and flexibly,
  • Have diversified resources.

These separate and unrelated studies similarly conclude that management’s capability to defend operations, the business model and reputation are mission-critical to sustainable performance in the 21st century

In conclusion, it is our view that operationalizing the links between risk and strategy in the manner outlined above will, with positive CEO and board endorsement, fulfill the role of the board as concluded by the Financial Reporting Council (FRC) report:  Boards and Risk: A Summary of Discussions with Companies, Investors and Advisors, September 2011.

References

[1]http://www.financialstabilityboard.org/publications/r_131118.htm.

[2] Strategic plans and business plans without explicitly stated objectives have no meaning.

[3] Theoretically, objectives are devolved from group to subsidiary boards. In reality, what happens is that group and subsidiary executives and directors (the latter through respective risk committees) engage in operational discussions directed at ensuring understanding, thus increasing likelihood of success.

[4] Properly constructed risk treatments are the leading indicators of the future state of health of objectives. As such, risk treatments are at the cutting edge of the management of risks to objectives.

[5] Dr. Peter Drucker: ‘’ If it can’t be measured, it can’t be managed.” As with determination of leading indicators in balanced score cards, these can often be difficult to establish.

[6] CMTs are activated when issues and events that threaten to overpower operations, the business model or reputation arise.

How to Understand Your Risk Landscape

This is part two of a series of five on the topic of risk appetite and its associated FAQs.

The author believes that enterprise risk management (ERM) will remain locked in organizational silos until boards are mobilized in terms of their comprehension of the links between risk and strategy. This is achieved either through painful and expensive crises or through the less expensive development of a risk appetite framework (RAF). Understanding risk appetite is very much a work in progress for many organizations. The first article made a number of observations of a general nature based on experience in working with a wide variety of companies. This article describes the risk landscape, measurable and unmeasurable uncertainties and the evolution of risk management.

The Risk Landscape

Lessons learned following the great financial crisis (GFC) include the importance of establishing an effective risk governance framework at the board level. In essence, two key questions must now be addressed by boards.

First, do boards express clearly and comprehensively the extent of their willingness to take risk to meet their strategic and business objectives?  Second, do they explicitly articulate risks that have the potential to threaten their operations, business model and reputation?

To be in a position to provide credible answers to these fundamental questions, we must first seek to understand the relationship between risk and strategy.

It is RMI’s experience that risk and strategy are intertwined. One does not exist without the other, and they must be considered together. Such consideration needs to take place throughout the execution of strategy. Consequently, it is vital that due regard is given to risk appetite when strategy is being formulated

Crucially, risk is now defined as “the effect of uncertainty on objectives.”

It is clear, therefore, that effective corporate governance is strategy- and objective-setting on the one hand, and superior execution with due regard for risks on the other. This particular landscape is what we in RMI refer to as the interpolation of risk and strategy. For this reason, RMI describes board risk assurance as assurance that strategy, objectives and execution are aligned. Alignment is achieved through operationalization of the links between risk and strategy, which will be described in the final article in this series.

Before further discussion, however, we would like to draw attention to observations based on our practical experience that give cause for concern, namely:

1.  Risk appetite: While we now have a globally accepted risk management standard3 and sharper regulatory definition of effective risk management for regulated organizations, there is as yet much confusion, and neither a consensus nor an internationally accepted guidance, as to the attributes of an effective risk appetite framework.

2.  Risk reporting: In relation to risk reporting, two significant matters arise:

Risk registers that are primarily generated on the basis of a compliance-centric requirement, as distinct from an objectives-centric4 approach, tend to contain lists of risks that are not explicitly associated with objectives. As such, they offer little value in terms of reporting on risk performance.

Note: RMI supports the adoption of a board-driven, objectives-centric approach5 to reporting and monitoring risks to operations, the business model and reputation.

Risk registers and other reporting tools detail known risks and what we know we know. They tend not to detail emerging or high-velocity risks that have the potential to threaten the business model. As such they tend to be of limited value in terms of reporting or monitoring either unknown knowns6, or unknown unknown7 risks. This is a matter that should give boards cause for concern given pace of change, hyper-connectivity and the disruptive nature of new technologies.

3.  Risk data governance: The quality, rigor and consistency in application of accounting data that is present in well-managed organizations does not equally exist in those same organizations in the risk domain.

The responsibility of directors to use reliable accounting information and apply controls over assets, etc. (internal controls) as part of their legally mandated role extends equally to information pertaining to risks that threaten financial performance. The latter is not, however, treated in an equivalent fashion to accounting data. Whereas the integrity of accounting data is assured through the use of proven and accepted accounting systems subject to audit, information pertaining to risks typically relies on the use of disparate Excel spreadsheets, word documents and Power Points with weak controls over the efficacy of copying and pasting of data from one level of report to another.

Weaknesses and failings in risk data governance can be addressed in much the same way as for other governance requirements.

For example:

a.    Comprehensive training for business line managers and supervisors on:

  •  (Risk) Management Processes,
  •  (Risk) Vocabulary,
  •  (Risk) Reporting,
  •  Board (Risk) Assurance Requirements

b.    Performance in executing (risk) management roles and responsibilities included in annual performance appraisals,  

c.   System8 put to process through the use of database/work flow solutions, providing an evidence basis of assurance that:

  • The quality, timing, accessibility and auditability of risk performance data is as rigorously and consistently applied as that for accounting data,
  • Dynamic management of risk data (including risk appetite/tolerance/criteria) can be tracked at the pace of change
  • Tests can be applied to the aggregation of risks to objectives at the pace of change and prompt interdictions applied when required,
  • Reports, or notification, of significant risks are escalated without delay, and without risk to the originator of information.

4.  Lack of understanding of the nature of the risks that need to be mastered in the boardroom:

Going back to our definition of risk as the effect of uncertainty on objectives: There are many types of objectives — for example, economic, financial, political, regulatory, operational, customer service, product innovation, market share, health safety, etc. — and there are multiple categories of risk. But what is uncertainty?

Uncertainty9 is the state, even partial, of deficiency of information related to understanding or knowledge of an event, its consequence or its likelihood.

There are essentially two kinds of uncertainty:

1.   Measurable uncertainties: These are inherently insurable because they occur independently (for example, traffic accidents, house fires, etc.) and with sufficient frequency as to be reckonable using traditional statistical methods.

Measurable uncertainties are treated individually through traditional (risk) management supervision, and residually through insurance.

Measurable uncertainties are funded out of operating profits.

2.   Unmeasurable uncertainties:  These are inherently un-insurable using traditional methods because of the paucity of reliable data. For example, whereas we can observe multiple supply chain and service interruptions, data breaches, etc. they are not sufficiently similar or comparable to be soundly put to a probability distribution and statistically analyzed.

Un-measurable uncertainties are treated on a broad basis through organizational resilience. For the top 5-15 corporate risks10 that are typically inestimable in terms of likelihood of occurrence, the organization seeks to maintain an ability to absorb and respond to shocks and surprises and to deliver credible solutions before reputation is damaged and stakeholders lose confidence.

Un-measurable uncertainties are funded out of the balance sheet.

The hyper-connected and multispeed world in which we live today has driven the effect of un-measurable uncertainties on company objectives to unprecedented, heights, and so amplified the risk potential enormously.

5.  Urgent need to recognize the mission-critical importance of building  and preparing management to always be prepared to offer credible solutions in the face of unexpected shocks and surprises  Figure 1 below describes the evolution of risk management as depicted within the red dotted line11 and the next stage of the evolution (resilience) as envisioned by RMI.

RMIFINAL

Figure 1: Evolution of risk and the emergence of “resilience” as the current era in the evolution of 21st century understanding of risk  

Resilience was the theme that ran through the World Economic Forum: Global Risks 2013, Eight Edition Report.  Resilience was described as capability to

  1. Adapt to changing contexts,
  2. Withstand sudden shocks, and
  3. Recover to a desired equilibrium, either the previous one or a new one, while preserving the continuity of operations.

The three elements in this definition encompass both recoverability (the capacity for speedy recovery after a crisis) and adaptability (timely adaptation in response to a changing environment).

The Global Risks 2013 Report emphasized that global risks do not fit neatly into existing conceptual frameworks but that this is changing insofar as the Harvard Business Review (Kaplan and Mikes12) recently published a concise and practical taxonomy that may also be used to consider global risks13.

The report advises that building resilience against external risks is of paramount importance and alerts directors to the importance of scanning a wider risk horizon than that normally scoped in risk frameworks.

When considering external risks, directors need to be cognizant of the growing awareness and understanding of the importance of emerging risks.

Emerging risks can be internal as well as external, particularly given growing trends in outsourcing core functions and processes.

table3

It is also interesting to observe the diversity in understanding of emerging risk definitions. For example:

  • Lloyds: An issue that is perceived to be potentially significant but that may not be fully understood or allowed for in insurance terms and conditions, pricing, reserving or capital setting,
  • PWC: Those large-scale events or circumstances beyond one’s direct capacity to control, that have impact in ways difficult to imagine today,
  • S&P: Risks that do not currently exist,

The 2014 annual Emerging Risks Survey (a poll of more than 200 risk managers predominantly based at North American re/insurance companies) reported the top five emerging risks as follows:

  1. Financial volatility (24% of respondents)
  2. Cyber security/interconnectedness of infrastructure (14%)
  3. Liability regimes/regulatory framework (10%)
  4. Blowup in asset prices (8%)
  5. Chinese economic hard landing (6%)

Maintaining business defense systems capable of defending the business model has become an additional fiduciary requirement for the board, alongside succession planning and setting strategic direction15.

References:

Influenced by COSO (Committee of Sponsoring Organizations of the Threadway Commission, Enterprise Risk Management (ERM)  Understanding and Communicating Risk Appetite, by Dr. Larry Rittenberg and Frank Martens

2 Source: ISO 31000 (Risk Management 2009). ISO 31000 is now the globally accepted risk management standard.

3 The new globally accepted risk management standard (ISO 31000) is not intended for the purposes of certification. Rather, it contains guidance as to risk-management principles, a framework and risk management process that can be applied to any organization, part of an organization or project, etc. As such, it provides an overarching context for the application of domain-specific risk standards and regulations — for example, Solvency II, environmental risk, supply chain risks, etc.

4 Risk Communication Aligning the Board and C-Suite: Exhibit 1 Top Challenges of Board and Management Risk Communication by Association for Financial Professionals (AFP), the National Association of Corporate Directors (NACD) and Oliver Wyman

5  The Conference Board Governance Centre, Risk Oversight: Evolving Expectations of Board, by Parveen P. Gupta and Tim J Leech

6 An unknown known risk is one that is known, and understood, at one level (e.g. typically top, middle, lower level management) in an organization but not known at the leadership and governance levels (i.e. executive and board levels)

7An unknown unknown risk is a so called black-swan (The Black Swan: The Impact of the Highly Improbable, Nassim Nicholas Taleb)

8 Specified to the ISO 31000 series

9 Source: ISO 31000 (Risk Management 2009). ISO 31000 is now the globally accepted risk management standard

10 More than 80% of volatility in earnings and financial results comes from the top 10 to 15 high-impact risks facing a company: Risk Communication Aligning the Board and C-Suite, by the Association for Financial Professionals (AFP), the National Association of Corporate Directors (NACD), and Oliver Wyman

11 Source: Institute of Management Accountants, Statements on Management Accounting, Enterprise Risk Management : Frameworks, Elements and Integration

12 Managing Risks: A New Framework

13 Kaplan and Mikes’ third category of risk is termed “external” risks, but the Global Risk 2013 report refers to them as “global risks.” They are complex and go beyond a company’s scope to manage and mitigate (i.e. they are exogenous in nature).

14 Audit and Risk, 21 July 2014, Matt Taylor, Protiviti UK,

15 The Financial Reporting Council has determined that it will integrate its current guidance on going concern and risk management and internal control and make some associated revisions to the UK Corporate Governance Code (expected in 2014). It is expected that emphasis will be placed on the board’s making a robust assessment of the principal risks to the company’s business model and ability to deliver its strategy, including solvency and liquidity risks. In making that assessment, the board will be expected to consider the likelihood and impact of these risks materializing in the short and longer term;

Good Ergonomics Is Good Economics: Computer Workstations Need Not Be Hazardous to Your Health

Introduction
Two thirds of employees in industrialized countries use a computer on a daily basis. One in five interact with a computer at least 3/4 of the total work-time1. This usage of the technology ushered in an epidemic of work related ailments known as musculoskeletal disorders (MSDs). They are also known as repetitive motion disorder (RMD), repetitive motion injury (RMI), repetitive strain injury (RSI), ergonomic related disorder (ERD) and cumulative trauma disorder (CTD).

Though these disorders may as yet not be household terms, the patent effects of substantial computer use reveal themselves in terms of increased morbidity and declining productivity. In short, in the absence of ergonomic practices, employee efficiency in the American workplace takes a substantial hit.

Chart 1

Chart 1

In fact, according to the United States Bureau of Labor and Statistics (Chart 1), the prevalence rates for these types of disorders increased 1200% from 1982 to 1994 for all standard industry codes; however, those who employed good ergonomic safety management strategies enjoyed a 27% decline through 2000. Even though the rate reached a plateau for office or knowledge workers (computer workers) the wane may have occurred as a result of skewed interventions (e.g., training, workspace design and layout, equipment and accessories, work organization, etc.)2.

In addition, according to the Liberty Mutual Workplace Safety Index, injuries due to repetitive motion disorders from using computers were the #4 cause of work injuries in 2001 and 2002. The bottom line? A $2.8 billion price tag in 2002 for haphazard ergonomics3.

The Good News
According to OSHA, work related musculoskeletal disorders are the most prevalent, most expensive, and most preventable injuries in the American workplace today 4. The Center for Disease Control and Prevention's Injury Control Division reveals that injuries follow the same principles as infectious diseases and are just as predictable and therefore, just as preventable5.

Historical Sketch Of Computer Usage
Twenty years ago, computer workstations typically adjusted easily; however, they were relatively uncomfortable. Over time, they have morphed into rather complex devices with myriad levers and buttons that allow an uneducated user too many options for damage. Position (user may sit or stand), chair interfaces that move in multiple directions, numerous viewing angles of the monitor and fancy keyboard constructions that are split in half and look like accordions supply bells and whistles that may end up delivering harm unless organizations provide training. For those in the know, today's desktop computer were not necessarily designed to cooperate with the body; the user's natural alignment and paths of motion need not become contorted or required to engage in movements that never were designed to become repetitive nor prolonged. Modern fixed computer workstations beg accommodation to the body's motion flow.

Unfortunately, just when we are getting accustomed to our cubicles and other workstation environments, and are making gains in users' ergonomic awareness, some large computer companies have stopped making these computers and amazingly, are forecasting the death of the personal computer. Over the last 10 years, advances in technology have brought us a smorgasbord of new miniaturized devices or gadgets that provide us with faster communication — in essence what amounts to a handheld mobile computer workstation. Ironically, with this enhanced portability comes additional risk exposure for injury, particularly for the hands and neck.

These smaller devices foster awkward postures such as hands twisted into claws, and unnatural neck and shoulder angles — in short, resulting in increased discomfort and less than-efficient performance6. The root cause appears to be poor design — keyboarding areas, pointing devices (mouse) and a monitor-to eye interface that work together to produce a non-accommodating interactive work station. In particular, laptops (notebooks), tablets, I-phones and various PDAs unwittingly draw an unaware user into muscular and skeletal distortions.

Are the gadgets themselves to blame? Arguably, what is most important is the method by which we interact with them: the duration of exposure (how much is too much?), work organization and flow-process stress that occurs at less-than-optimal locations for usage. For example, many users must often conduct business in places such as coffee shops, airport waiting areas, planes, trains, and automobiles — places not designed for anyone to remain effectively postured.

Several primary physical risk and causation factors come into play between the computer user and all computer workstation environments, whether large or small. Three interfaces must be negotiated: the support interface (chair and floor), the manual interface (keyboard and mouse) and the monitor interface (distance from user, luminance, height). In addition to physical risk factors, behavioral variables commonly emerge: individual keyboarding and mousing techniques and style, excessive work pace without a break, prolonged sitting, and awkward forward head and wrist postures complicate the risk. What should be done about this trend?

The Spectrum Of Prevention
Fortunately, there are several easy-to-use methods to implement an effective ergonomics program. Once incorporated, they have prevention potential. A good ergonomics program can minimize computer-related musculoskeletal disorders by utilizing a more proactive and comprehensive approach to the potentially disabling conditions computer users in various workplace settings encounter. The answer lies in numbers.

It has been well documented that an integrated model of ergonomics safety management is critical for developing a healthy, effective workforce provided the company emphasizes a grassroots participatory approach in order to maximize collaboration and communication. The first step is to dedicate an ergonomic team. A successful group should comprise: an ergonomist, risk manager or loss control specialist, health service provider, company management representative (e.g., human resources, CFO, general manager, etc.), and a pre-designated employee ergonomics team trainer (leader)7.

This model efficiently capitalizes company resources and makes the best use of opportunities for surveillance and behavior change. It has been particularly effective in various organizations where the majority of employees consist of office and biotechnical workers typically tethered to their desktops 4-16 hours; all the while engaging in forceful/repetitive/awkward keyboarding and mousing whether interacting with desktop computers or hand-held devices. This extended risk exposure without appropriate rest cycles invites subsequent unwieldy neck and constrained back postures. The inevitable result? Discomfort at best or an actual recordable MSD at worst.

Nevertheless, these disorders have been shown to respond significantly to surveillance and behavioral change interventions such as job-task-specific ergonomics team training that provides information about strategies to maintain neutral work postures and movements when interacting with computers (Table 1).

Table 1: Team Intervention Recommendations

Have A Seat
  1. While adjusting your chair, make sure that you are sitting on the seatpan.
  2. Maneuver the backrest so it supports the low back curve and the shoulder blades at a 90 -105 degree angle (upright and lever should be located at very back of chair on the right or ratcheting it up and down for the Office Masters).
  3. When keyboarding, recline to 120 degrees for surfing the net or telephoning and decline at 60 – 90 degrees for writing.
  4. Use sit-to-stand options (available now for alternating 30 minutes standing and 30 minutes for sitting).
Watch Your Hands
  1. While keyboarding/mousing, keep your arms, wrists and hands in a neutral work posture, as if playing a piano.
  2. Avoid flexing wrists downward, sideways or extending upwards.
  3. Place hands on lap or armrest when paused or resting.
  4. Wrist rests are to be used when resting only!
Feast Your Eyes
  1. Rest your eyes by placing hands in your lap for 30 seconds while looking away from your screen at another object 20 feet away. Repeat every ten minutes, as you really do deserve a break today … a small one now will give your body a big one later!
Ring A Bell
  1. Consider installing software that reminds you to take short breaks every 10 -15 minutes. While seated, stretch hands, neck and shoulders using helps such as the ForgetMeNot Online Reminders that can be found at the following link www.remedyinteractive.com> (microbreaks).
Stretch Your Day
  1. Get up from your desk or table and walk to the water cooler or perform some simple stretches near your workstation at least once every 50 minutes or so (macrobreaks) that can be found at the following link www.netergonomics.net (wallet-sized stretching cards).
Heads Up
  1. Pay close attention to head posture. Draw an imaginary line so that it begins at the top of your head, extends over your ear to the shoulder, ending at the hip.
  2. Head posture should be maintained suspended, like a puppet, with an imaginary line drawn from the top of head, over the ear, aligned directly over the shoulder and hip as viewed from the side. This avoids forward head posture or craning (for every inch the head moves over the shoulder, the neck bears 30 additional pounds of pressure per square inch … yikes!
No Foot Faults
  1. Plant feet firmly on the floor at a 90-degree angle to the knees.
  2. Avoid resting feet on the pedestals of the chair.
  3. Order a footrest if you are less than 5'2″ or have a medical condition that elicits edema (swelling) in the legs/feet. See www.ergoanywhere.com.
Arms Distance
  1. Place your computer monitor/monitors directly in front of you at an arm's length away or 18 – 28 inches with the top of the screen or tool bar at your eye level.
  2. Tilt the screen back 15 degrees, much like you would hold a book you are reading (unless you use bifocals/trifocals-then lower it slightly).
  3. Make sure you have had an eye exam within the last year.
  4. There are specialized accommodation products for mobile computer laptops, tablets, e-readers and smart phones found at www.ergovue.com that will make life a little easier while on the go!
Make It Happen
  1. Communicate with clients in easy-to-understand messages.
  2. Underscore the benefit to both the worker and the company that employs these practices.
  3. Emphasize the long term effects of increased production, increased efficiency, and improved personal health.
  4. Utilize specific and customized approaches such as the OccuCom Ergonomic Team Training Program package that is available at www.netergonomics.net, which also provides Cal-OSHA and Fed-OSHA compliance.

If your employees are experiencing any discomfort, have them contact their supervisor or designated ergonomics-team leader for a possible ergonomic evaluation of their workstations. Also, these same principles and practices will apply to employees with material-handling tasks of transferring mail, printed materials, folders, bins, etc. in the office area. Any employee whose tasks include lifting should be trained to use correct lifting postures, personal protective equipment, and employ stretching and strengthening recommendations for maintaining neutral work postures, especially in the wrists, shoulders, and low back.

Moreover, as ergonomists, health and safety professionals, human resources personnel, loss control and risk managers, and managers of various workplace settings, we must provide a solution to the question of how much exposure for those workers interacting with various computer devices is too much. Employees who must use a workstation are ever exposed to potential harm through extra strain or forces from the repetitive motions and awkward postures while keyboarding mousing, or staring at a monitor screen for hours on end. Further, we must be on the lookout for the important question in terms of what is good ergonomics vs. voodoo ergonomics. We must be adept at identifying the potential smokescreens of unsuccessful products and advice given to companies with real problems in their workplace. White collar environments are especially at risk for unqualified vendors … be careful out there when selecting an intervention program8.

References

1 Brandt, LP. Neck and shoulder symptoms and disorders among Danish computer workers. Scand J Work Environ Health 2004, 30:399-409.

2 Sherrod, C. Johnson, D. The modulation of upper extremity musculoskeletal disorders in a knowledge worker population with chiropractic care and ergonomics. ACC-RAC Washington, DC. Journal of Chiropractic Education, 58;2007.

3 Liberty Mutual Safety Index of 2002. Liberty Mutual Insurance Company Seminar. 2003.

4 Sherrod, C. The relationship between an ergonomics team training program and the compression of repetitive motion injuries in a bus operator population. ErgoCon Conference Proceedings, 4; 2000.

5 Cotton, P. Preventive medicine extends to injuries, too. Journal of American Medical Association 1990, 263:19-2097.

6 Korkki, P. So many gadgets, so many aches. New York Times. 2011; 12.

7 Sherrod, C. The relationship between an ergonomics team training program and the compression of repetitive motion injuries in a bus operator population. ErgoCon Conference Proceedings, 4; 2000.

8 Chong, I. Prioritize office workstation goals and watch out for voodoo ergonomics. Occupational Health and Safety. 1993, pg. 55-57.