Risk managers adapt to changing timesReprints
Risk managers are striving to tackle the increasingly complex nature of their jobs, which involve addressing new risks as well as effectively using the vast amounts of data now available to them.
Sometimes forced to learn on the fly when a crisis hits, risk managers are developing their skills and becoming more adept at analyzing complex risk just as their profile in the executive suite has become much more prominent, due at least in part to cyber security concerns, experts say.
Meanwhile risk management programs at universities are also adapting to meet the new challenges facing the sector.
“It’s an interesting dynamic,” said Bruce Zaccanti, a partner with Ernst & Young L.L.P. in Chicago. “Years ago, risk managers were primarily focused on technical knowledge of insurance products and then learning the different markets and the execution of those coverages, and it was incumbent on them to have deep technical coverage skills.”
Since the 2008 financial crisis, there has “been kind of a pullback, where the risk manager has moved back into the treasury and finance suites,” and, with the significantly larger amounts of data now available, he or she is much more financially oriented and sophisticated, he said.
“Certainly, enterprise risk management hadn’t been introduced a generation ago, and now I think it’s becoming the accepted standard for a risk manager to look at risks of all types” that could negatively impact a company, said Michael A. Rodman, principal at Albert Risk Management Consultants in Needham, Massachusetts.
George Haitsch, chief operating officer of global risk solutions for Willis Towers Watson P.L.C. in Philadelphia, said the risk manager’s role is becoming “more and more strategic,” and he or she is “wellserved to have a broad perspective on both the firm’s and the external factors that can impact their business.”
“Clearly, the demands on risk management have increased and are changing,” driven by the acceleration of new risks, said Brian Elowe, Boston-based U.S. client service leader for Marsh L.L.C.
There are increasing demands from the executive suite, which expects risk managers to be on top of known risks and manage them effectively, as well as to be alert to “what’s ‘round the corner,” Mr. Elowe said.
Also significant are advancements in data analytics, which continue to create new opportunities, both in terms of risks inside the organization as well as in taking advantage of optimizing risk financing mechanisms, he said.
Cyber risks are a particular risk management concern, Steven A. Coombs, president of La Grange, Illinois-based consulting firm Risk Resources Inc., said: “There are many different exposures to loss that can arise” from cyber, and “historically, risk managers are not trained in that area, and so it takes more effort, more work and more analysis in collaboration with colleagues to understand exactly what the risks are, and how they impact the organization.”
James F. Smith, risk manager at Chicagobased W.E. O’Neil Construction Co., who is investigating buying cyber insurance for the first time, said: “We’re kind of going through, do we buy it or not, what does it protect or not, what limits do we want or not, what does it cover.” Also challenging is “you’re trying to protect something that you can’t quantify,” he said. All this “wasn’t even on the radar 10 years ago,” he said.
“We had a ransomware attack last May, and it had a significant impact. I learned a lot on a very steep learning curve about ransomware cyber risk,” said Janet Stein, director of risk management at the University of Calgary in Alberta.
“We also used this opportunity to share information with our peers about how we handled it and what we did from a risk management perspective,” she said, noting the university paid about CA$20,000 ($14,982) to receive its encryption key from the hackers.
Keith Yager, manager of insurance risk management at Alcoa Inc. in Pittsburgh, said guidance on dealing with cyber comes from “online interacting with colleagues and the industry that you’re in. There’s a wealth of resources out there.”
Meanwhile, the New York-based Risk & Insurance Management Society Inc. has been active in educating risk managers.
Carol A. Fox, RIMS’ vice president of strategic initiatives, said efforts include the organization’s professional certification program, which requires successful passage of a test, that was introduced at RIMS’ annual conference last year.
Passing the test requires expertise in five domains: analyzing the business model, designing organizational risk strategies, implementing the risk process, developing organizational risk competence and supporting decision-makers, she said.
Organizations must also “continue to push their brokers and markets around process and product innovation,” said Steve Keogh, president of Aon Risk Solutions’ U.S. retail division in San Francisco.
In addition, they “need to bring great passion to what they do every day, a passion around using data” in innovative ways to solve problems, Mr. Keogh said.