BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.
To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.
To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.
To Grace Crickette, chief risk officer of the University of California, Office of the President, enterprise risk management means saying “yes” rather than “no” to most potentially risky activities.
For example, when researchers from the University of California, San Diego's global conflict department said they needed to go to Afghanistan, the Office of the President made it possible for them to enter the Middle Eastern war zone and get out safely.
“Unlike a private company, we don't necessarily have restrictions on such travel,” said Cheryl Lloyd, director of liability and property in the Office of the President. “We just need them to tell us where they are going, and we use our travel partner to provide tools like real-time travel alerts and maybe a security process to get them out of the country, if necessary. But we don't tell them that they can't go.”
“Grace came in with that mantra, basically pulling us all in a room and saying we are not going to say no, we're going to say, "How can we help you?' and provide tools to help them be successful, because then you are really valued by those who serve and they will tell you more. You can't manage risk you don't know about,” Ms. Lloyd said.
Since 2004, when Ms. Crickette began implementing this ERM philosophy, which she has dubbed “Everyone Is a Risk Manager,” the university has lowered the cost of risk by $493 million by reducing losses, raising awareness of insurable and uninsurable risk, and successfully implementing numerous loss-prevention efforts. At the same time, ERM has helped to support the university's ongoing mission to provide education, research and public service.
Ms. Crickette's successful implementation of ERM also has earned her a spot on the 2012 Business Insurance Risk Management Honor Roll®.
“One of the first things I noticed within days of coming to the University of California was that other members of the risk management team were constantly saying "no,' which is the usual response most organizations expect from risk managers,” Ms. Crickette said. “I brought them all in my office and said, while I'm not a micromanager, from this day forward you're not allowed to say "no' unless you come and ask me first.”
For example, “when you get a request from a campus, student, faculty or staff member asking to do something, the answer has to be "yes,'” Ms. Crickette told her team. “There can be a "yes, but,' as in, "Yes, you can get in the car, but you have to put your seat belt on.' But you can't say "no.'”
“For enterprise risk management to be effective, you have to be yes people with solutions. You've got to help the organization to move forward, for people to be entrepreneurial and take risks. Our job as risk managers should be to help keep them out of trouble, but to be facilitators,” Ms. Crickette said. “ERM means providing everyone in the organization at all levels the information and tools they need to identify, manage and monitor their risks so that they can meet their objectives.”
“You know, in Chinese, it takes two symbols to make the word "risk': danger and opportunity,” Ms. Crickette said. “The saying is, "Where there is danger, there is opportunity.'”
Coincidentally, Ms. Crickette said the Chinese symbol was displayed prominently in the office of her boss, Peter Taylor, when she first met with him shortly after he joined the university as executive vp and chief financial officer in 2009.
At the time, she informed him, “See, you're a risk manager, too,” she said.
“I always thought of ERM as a financial strategy. But there also has to be an investment strategy that allows you to get in front of that constant cycle of putting in place insurance and paying claims that allows you to drive down the overall cost of risk and improve the quality of the worker experience and, in our case, the student experience and the patient experience, too,” said Mr. Taylor.
“Grace, through her extensive experience, her ability to leverage technology and, frankly, through her force of personality, has put in place a culture that says mistakes are going to happen, like at any other $22 billion organization, but let's make sure we're learning from them with a mindset of constant improvement to make sure we're not making the same mistakes over and over again,” he said.
For example, when an analysis of workers compensation costs showed that 32,593 of the university's 187,201 faculty and staff had filed repeat claims, Ms. Crickette introduced Be Smart about Safety, an environmental health and safety program that shifted the focus from compliance to prevention, driving down workers compensation costs by more than half to $40 million from $90 million (see related story).
And when underwriters were hesitant to tackle the university's cyber liability risks because the data was being housed on too many servers, many off-site, Ms. Crickette persuaded them to implement a process she called “reverse underwriting.” If the university met all the data security protocols set by underwriters, then the policy would respond to any losses that might occur; if not, the university would be left to fend for itself.
Just having the policy in place helps raise the awareness of data security throughout the university and is driving loss prevention efforts. After a year of good experience, underwriters agreed to double coverage limits to $10 million from $5 million per occurrence (see related story).
To coordinate and track the results of the university's ERM strategy, Ms. Crickette forged an enterprise risk management information system comprising numerous campus risk information management systems that automatically assembles data collected from these numerous internal sources to create “dashboard” reports that are updated monthly or quarterly, depending on how often the information changes (see related story).
“At the end of the day, whether it's ERM or any other program you're trying to implement, you need to know where you are today, where you're heading,” she said. “A side benefit was we saved money on IT redundancy. Groups were spending a great deal of administrative time to create reports. For example, we saved $48,000 by creating a custom dashboard from existing data for one team at UC Irvine. Now $48,000 to the whole university isn't that much, but if you repeat that with the number of dashboards we have, and it ends up becoming quite material.”
And as word spreads about the potential efficiencies and savings that can be generated by the university's ERM program, demand is increasing for Ms. Crickette's consulting services, internally and externally. In fact, she is working with the Singapore Health System to develop an ERM program for the island nation's largest health care group.
“As the program grew, and people find out that we have this system, they want to leverage it. It's been one of the entries to getting people engaged in ERM. Once they start using the ERMIS, they become aware of the risk assessment tools. I'm constantly getting emails and calls asking for risk assessments,” she said.
After an analysis of the University of California's workers compensation claims experience showed that 32,593 of the university's 187,201 faculty and staff had filed repeat claims, Chief Risk Officer Grace Crickette decided it was time to focus on prevention.