BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

The challenges of uncertainty

The challenges of uncertainty

Deborah M. Luthi is president of the Risk & Insurance Management Society Inc. She also is enterprise risk manager for the San Francisco Public Utilities Commission. Speaking recently with Business Insurance Associate Editor Mike Tsikoudakis, Ms. Luthi described many uncertainties facing risk managers today, key steps for risk managers to help their organizations confront those challenges and the New York-based society's strategic initiatives in 2012.

2011 was a year full of the unexpected and known/unknown occurring. Financial uncertainty…and natural disasters, areas of cyber terrorism—I think those are the types of issues that have been challenges for risk managers and for the organizations for which they work.

I think, more than ever, risk managers are facing, “How do I help my organization to be prepared and/or ready to respond to those unexpected issues and events and uncertainty in general?” We've seen with earthquakes and tsunamis and the outcome of that, things that we could have never really anticipated, and so it falls to risk managers to facilitate for their organizations the process of thinking outside of the box for what are those “black swans.”

If you look back, say, 10 years ago, risk managers may have been dealing more with hazard-type losses (where they said), “We know that we can purchase insurance to help our organizations be able to respond to a catastrophic event. Now, we are looking at issues and situations for which there may not be coverage,” and so it really is about helping our organizations get their arms around those issues and grapple with how to manage those risks.

I think risk managers (need) to help their organizations, whether it's regulatory compliance or not, to be able to quantify…what those issues are, and ensure that risks are being mitigated. As we look at enterprise risk management and strategic risk management, not only is it the mitigation, but how do we leverage that to become an opportunity for our organization?

I think the process that risk managers can take their organizations through to really identifying what those uncertainties are and then looking at what's the probability and what's the likelihood and the impact of those things occurring—I think that's a way for risk managers to help their organizations reach consensus about their risk.

We've just issued a couple of reports on ERM best practices in the cyber world. This was a report that we partnered with Identity Theft 911 L.L.C. and the USLAW Network Inc.

Also, another executive report that we just put out explores risk appetite and tolerance; that, I think, goes to that quantification question that we were talking about earlier to help risk managers who are undertaking ERM and (strategic risk management)….As our organizations look to risk managers—probably now more than ever—the value that we bring. We just released a case study from our quality assurance committee on ethics and the risk manager.

Last July we undertook a…strategic planning process and, out of that, we came out with a redefined mission statement, which is: “To advance risk management for your organization's success.”

To support that and to accomplish that, we have five strategic goals that touch on membership growth, chapter strength, thought leadership and also our profile influence out in the marketplace, and operational efficiency. That's really where we are focusing our efforts; helping our chapters to grow and be able to bring in new members.

We're looking at redefining the term “risk manager” and focusing on the “risk practitioner,” which we know may be the traditional risk manager, but may also be others in our organization that help us to manage risk, such as audit, compliance, strategic planning and security. In all of this, helping the risk managers and risk practitioners just be as relevant as we possibly can.