Tag Archives: tcor

How to Measure the Value of ERM

When the question of whether ERM is a success or failure comes up, it raises a further question: Why aren’t companies doing a better job of measuring the value it generates?

The reasons that the value of ERM is not quantified by companies include:

  • It is extremely hard to know when a loss did not happen because of ERM.
  • It is just as hard to quantify the cost of loss that did not happen.
  • It is difficult to quantify the “soft” benefits of enhanced reputation because ERM is practiced or because of improved strategic alignment in the organization; ERM requires an understanding of the company’s strategic goals and objectives to identify the risks that might derail their achievement.
  • It is often hard to justify the time and expense of measuring something that is not easy to measure.

Having acknowledged some of these obstacles, the only way that companies will know if their ERM efforts are successful is to create some measurement scheme that makes sense for their particular situation. Without measurement, how would a company know not only if it wants to continue an ERM implementation but also how much to invest in it.

Let us look at a few possible approaches to measuring the value of ERM:

Before-and-After Approach

Once an ERM process has gained some level of maturity in an organization, this approach would take the form of looking at fairly common and reliable metrics on a before-ERM and after-ERM basis. (There are ERM maturity models, developed by experts, that can be used to evaluate how far along the path to full or optimal implementation a company has progressed.) In fact, each of the approaches described would only be reasonable if the ERM process had been in place and well-executed for some period.

Naturally, there will multiple variables, not just the practice of ERM, that play into these metrics, but that is true for most metrics, and explanations can and should accompany the numbers to explain such variables.

Such metrics would include: 1) number of insurance claims, 2) number of worker injuries, 3) number of lawsuits related to a risk/loss events, 4) number of days or hours production is lost because of a risk/loss event, 5) cost of insurance and 6) total cost of risk (TCOR). Thus, when reviewed before and after ERM, the metrics can be charted to show absolute changes in value as well as trend lines. It might even be possible to notice on a relative basis that there are fewer risk-related surprises brought to management’s attention because ERM effectively identified risks while there was still time to deal with them.

Each company will be able to come up with its own unique metrics based on what it is currently capturing, what it could capture and what is important to its business operations.

The value of ERM would be evident or could be computed from the before-and-after metrics.

“What If” Approach

In the “what if” approach, one or more of the most significant risks in the risk register, which did not materialize when expected because of mitigation by the company, would be selected. Perhaps this was a regulatory change that would have harmed a product line, but the company took lobbying efforts or did product redesign because the risk was appropriately identified, prioritized and mitigated.

The amount of the loss that the risk would have likely have produced would be computed. Even if it were an insured loss, the estimate would take into account such things as the potential increase in insurance rates, management time and all other attendant expenses not covered.

Since the risk did not produce a loss, the amount of the “what if” loss is the value of ERM.

Alternatively, a significant loss event that affected key competitors but did not affect the company using ERM could be used to assess value. Perhaps it was a natural catastrophe that the company was better protected for or a demographic shift that the company anticipated and reacted to because of ERM.

To get at ERM’s value, the company would have to approximate what the risk, if ignored, would have cost.

Lacking Any Other Explanation Approach

In “The Valuation Implications of Enterprise Risk Management Maturity,” a wholly independent and peer-reviewed research project conducted by Mark Farrell of Queen’s University Management School and Dr. Ronan Gallagher of University of Edinburgh Business School, pub­lished in The Journal of Risk and Insurance, using data from the RIMS Risk Maturity Model, the case is made that, failing any other explanation, the companies with greater maturity have higher valuations because of it. Specifically, the study found that there was “clear and significant statistical correlation between mature enterprise risk management practices and a firm’s value.” Organizations exhibiting mature risk management practices-as assessed with the RIMS Risk Maturity Model-realize a valu­ation premium of 25%.

Discretionary Approach

Yet another approach that does not rely on metrics, per se, is a discretionary approach. In other words, the board, CEO or C-suite could attribute a value to ERM that is based on the recognition that the ERM process has, for example: 1) created a risk aware culture, 2) helped to identify and ameliorate risk, 3) made recovery from risks that have materialized much faster and more efficiently and 4) enhanced the brand among stakeholders.

The discretionary approach does require that management is involved in the ERM process, has an open mind about its contribution and will articulate its conclusions about ERM’s value so that the entire organization is aware of this assessment. Without management’s giving voice to its success, the question of whether it is a success or failure will haunt ERM.

Conclusion

There are undoubtedly other approaches that could be used. The key point is that companies that have invested in introducing ERM should do so in a vigorous way and should measure and communicate its value. This will ensure that the entire organization maintains a commitment to this important process.

Updating Your Models for Hurricane Season

June 1 opened the North Atlantic hurricane season, with this year marking the 10th anniversary of one of the costliest storms to make landfall in the U.S. — Hurricane Katrina. Each year, hurricane season puts catastrophe (CAT) models to the test, with potentially millions of dollars riding on their accuracy. The loss estimates calculated by CAT models can play an important role in protecting your organization from financial loss.

The models have changed a lot over the past several years. For example, Hurricane Andrew in 1992 exposed the shortcomings of traditional actuarial methods that insurers use to model risks. And the billions of dollars in insured losses from Hurricane Katrina in 2005 helped lead to today’s CAT modeling rigor and its universal acceptance and use by the industry.

New Storms Change CAT Models
CAT models use algorithms to estimate potential losses stemming from a catastrophic event. Over the 10 years since Katrina, CAT modeling has become more complex because of technology improvements and the greater availability of data. After a significant storm, the models are updated based on the new data and a larger body of knowledge. These changes could considerably affect your property insurance and risk management strategies.

Here are some CAT modeling factors — which for U.S. hurricane exposures have changed several times in the last few years. You should consider the items below as you prepare for this year’s hurricane season:

  • Check your policy, including deductibles, coverage limits and sublimits, to ensure they’re adequate and realistic; check that exclusions are acceptable.
  • Ensure the quality of your CAT modeling data. Incomplete data causes more uncertainty for insurers; improving the data enables more accurate loss estimates and reduces the uncertainty for the underwriters.
  • Take a big picture view of your CAT exposures. By modeling your worldwide portfolio, you can identify regional drivers, which can help put U.S. hurricane risks in perspective. Also, using actuarial resources after a CAT or non-CAT claim can help evaluate your organization’s total cost of risk (TCOR), which can better inform how you use your risk management resources.

If you have locations in CAT-prone areas, you can fine-tune their CAT loss estimates with an understanding of how they’ve changed with each model update. Aligning your risk data with CAT modeling changes can yield better outputs for insurers to underwrite your risks.

To register for a webinar on June 17, 2015, on the lessons from Hurricane Katrina, click here.

10 Building Blocks for Risk Leaders (Part 3)

Important things in life are not easily reduced to 10 easy steps. Nevertheless, this series provides a list of 10 building blocks to achieving long-term success in risk management from someone who has spent more than 25 years striving to carve out the most satisfying career possible, while never losing sight of the attributes attached to the bigger picture. Part 1 is here, and Part 2 is here. This is Part 3 in the series:

5. Racking Up Points with Senior Managers

The points that risk managers offer up are not always creditable “points” in the eyes of senior managers. To be so, they should be tied to the things that matter most to the organization and that can be traced, at least indirectly, to mission accomplishment. In other words, what matters most is contributing to the success of the enterprise—not just reducing the cost of risk, which is the longstanding focus of many traditional risk managers. That is not to say that reducing the cost of risk is not important or that it doesn’t contribute to organizational success. It does, especially where the total cost of risk (TCOR) is a material factor in total expense. Yet, to be recognized as making a significant contribution to the success of the enterprise, risk management practitioners must find a way to connect more directly to the successful delivery of strategic priorities, by supporting the objectives that underlie them. It’s about putting the right points on the board and, as a result, being seen as more relevant to strategic imperatives.

This is often easier said than done. Among the challenges are questions about whether the risk management employee has the qualifications and expertise to successfully contribute. The risk management employee often faces retorts like these: “Don’t we already account for risk (often called business challenges by planners) when we set the plans?” “This risk input is not translatable for purposes of plan development and is therefore not helpful.” “There is no time to conduct the assessments and measurements of relevant risks that would allow risk inputs to be properly considered.” “Our C-Suite sees no substantive reason to open the process up to more contributors when time is often of the essence and the dialogue is reserved for only the true strategists in the enterprise.”

Untitled.pdf

The chart above, from The Global CFO Study 2008: Balancing Risk and Performance Within an Integrated Finance Organization, reflects that risk managers, even chief risk officers, are perceived by chief financial officers as more tactical in mindset than strategic.

Never fear: Perceptions can be changed .

This article is not intended to provide all the answers to barriers to entry and success in collaborating with planning. However, it is intended to emphasize the importance of this collaboration and the critical need for all risk leaders who aspire to true relevance and influence to spend the political capital necessary to knock these barriers down or at least minimize them. The bottom line is that the only reason corporate goals and objectives are not met is that one or more risks have not been properly identified and managed. That makes risk management a critical component of organizational success.

6. Establishing Yourself as Essential to Others’ Success

Risk management stakeholders can’t succeed without the right risk strategy and, most particularly, the right risk leader who understands their priorities and knows how to build relationships of mutual benefit. And, risk leaders can’t succeed without successful stakeholders. Unfortunately, relationship-building has not generally been a strong suit of many risk managers, myself included (early in my career). Risk employees who move out of their comfort zone will discover this is the key tactic to use in building these relationships. Staying in traditional roles is ultimately a strategy doomed to keep you in a rut.

Even when dealing with hazard or traditional risks, it is no longer possible to do the job with excellence while staying in that comfort zone. All the many forces of culture and the challenges of the business will eventually shine a bright light on risk management personnel and their contributions, or lack thereof, to the organiza- tion’s success.

While reducing the cost of risk and bringing home expense reductions is important to most competitive enterprises, it is less important for those that are flush with profits and cash. So, it is important not to get myopic about the cost of risk as a key measure of success. Consider what others things define and drive organizational success, and figure out how to connect to them.

It is only through collaborating with risk stakeholders and showing them the value that risk leaders bring to the table that long-term success will be achieved. Spend the time to reach out to stakeholders, learn their exposures and gain sufficient knowledge about how they manage these exposures and their priorities. That way, risk leaders learn when to challenge an assessment that doesn’t look quite right and can do so with the risk intelligence and personal gravitas necessary to earn confidence. By helping owners effectively manage the risks that directly affect their own success, risk personnel will be welcomed to the team as their “street cred” is established and acknowledged.

The Evolving Metric: Cost of Risk

Measuring the effectiveness and impact of risk management remains a challenge, and it is difficult to convince many C-suite leaders that the discipline is more than just buying insurance. Central to this question is how effective workers’ compensation reporting is and whether anyone has a truly helpful view into workers’ comp’s cost of risk (COR) and its related trends.

Based on numerous meetings with key risk and HR leaders throughout the U.S., I can confirm that many need more insightful risk reporting in many areas of exposure, most particularly employee injury and disability. They want to go beyond what most consider the “standard” risk metrics to those that truly reveal the trends.

Arguably, depending on your industry and the size of your company, employee injury costs may be the largest component part of the total cost of risk (TCOR). Because most risk managers measure their hazard-based risk costs using TCOR (among other techniques), it seems logical to look more closely at how worker’s compensation costs are specifically measured and how effective those data points are.

We should start with that very question: What is success in this realm, and how do we get key stakeholders to care more about these costs and their impact?

Hint: Think strategic priorities.

In my experience, senior management in many companies pay scant attention to this area of expense, even in larger companies with lots of employees. While it may be that the entirety of risk management gets similarly limited attention in these companies, we’ll leave that debate for another time. Let’s proceed on the assumption that TCOR matters to stakeholders and that workers’ comp is often the largest component driver of this measure for many risk managers. Can companies afford to ignore the direct costs of workers’ comp — an expense that may represent anywhere from 1% to 5% of revenue? One would hope not, but we should not stop there.

What about the cost of lost productivity from employees not available to perform their jobs, in whole or in part? It’s been estimated that this “indirect” cost component represents anywhere from two to nine times the “direct” costs in question. Translating that to more meaningful dollars, and using just the midpoints of those two estimated direct and indirect ranges, we’re working with 3% of revenue, with a multiplier of five and a half, giving us an estimated “total” cost impact of 16.5 cents per revenue dollar.

Let’s stretch out that math and apply it to both ends of the range. On the low end, we can use an estimate of 1% of revenue in direct costs and an indirect cost multiplier of two, for a total of 2 cents per revenue dollar. But now let’s look at the other end: an estimated 5% of revenue in direct costs with a multiplier of nine — a total of 45% of revenue.

The tail of this range may seem absurd to many observers, but that is the point; we don’t often take into account the full impact (direct and indirect) of disabled employees and by extension the potential maximum impact their absence has on companies’ performance.

I would further suggest that key senior stakeholders, whether the C-suite, the board or operations management, often have limited understanding of the true cost of the worker’s compensation exposure risk, regardless of how often they see the typical workers’ comp metrics. Clearly, they need more information to make better decisions related to this risk.

While there are, of course, those who do a fine job of parsing and reporting on a lot of workers’ comp data and allowing for some comparison and benchmarking, some of these efforts reflect a more dated historical view and focus more on how states are performing against each other, rather than how companies are performing relative to their own short- and long-term strategies for maintaining a motivated, productive workforce.

Getting more to the specifics, let me suggest that the big opportunity may be to not only take full account of the indirect costs typically related to lost productivity but to find a more focused way to marry the myriad of workers’ comp cost data with the various exposure data so that, when paired and analyzed effectively, there is a more comprehensive and useful story.

For example, one large national retailer has achieved much success in telling its workers’ comp story to management through a selected group of metrics that include the standard traditional measures such as ultimate, incurred or paid losses as a percentage of gross revenue or payroll coupled with more progressive metrics such as claim frequency per 10,000 hours worked (excluding claims without payments). These and other metrics are developed on an enterprise-wide basis, a regional basis and a store-by-store basis with historical comparisons for each to show trend. This approach allows for focusing on controlling frequency and severity on a specific and targeted basis, as each focus would call for distinct reduction and control techniques. The approach also enables a drill-down into significantly underperforming units and specific causes of loss that may be aggravating trends.

There are many ways to measure workers’ compensation performance, and obviously the approach and design should be driven by the needs of the company, the type of industry it operates within, the culture of the company and, of course, the needs of management for information to make decisions that would support both their short- and long-term goals. This nexus between metrics and goals is often overlooked as risk managers can easily get distracted by micro-tactical issues that may not be significant to decision-makers.

A claim director client recently asked me how to respond to her risk manager boss about how managing the workers’ comp unit relates to managing risk strategically. The answer is as simple and as complicated as knowing what the strategic imperatives for her company are and then assessing and informing management on those elements that most affect those goals. Keeping this sight line will minimize the risk of risk-management irrelevancy.