Quo Vadis, Risk Management?
May 3, 2018

Three new reports provide some serious insight into what's happening inside risk management departments. In short, pay is up but so is complexity. First up, let's look at National Underwriter P&C's annual Risk Manager Compensation Survey. Overall, compensation continues a modest uptrend with 64% of RMs reporting an improvement in base salary year over year and most RMs appear to be happy with their pay and benefits. The Waring blender average total pay nationwide, for RMs for all sizes and types of companies, came to $104,000.

Of course, all is not rose petals and Devonshire cream. Running the risk management mill for government and educational organizations still pays much less than for financial services and manufacturing. Risk management is inching closer to gender parity. In 2017 58% were male and 41% female. (National Underwriter did not explain the missing 1%, by the way. Maybe they're shy.) Some 45% of respondents reported that their areas of responsibility had increased recently as well. You can read all about it here.

Meanwhile, another new report, The Future of Risk, from Deloitte, looks at new developments under the risk management umbrella. You can pull down the PDF here. This report focuses on ten trends shaping the future of risk. The trends are grouped into three categories, each one worth exploring:


How are organizations’ responses to risk changing?


How are the consequences of risk for organizations changing?


How is the onslaught (the word choice is Deloitte's) of risk changing?

For example, under the first bullet the authors look at how artificial intelligence and other new computational, data driven processes now augment human judgment in defining and estimating risk and appropriate responses.

In short, this is not your grandfather's risk management. Risk is changing and the tools to control risk are changing just as dramatically. Whether you’re in the 45% of RMs who saw their responsibilities increase last year or the 55% who will see the same thing this year or next, seriously consider the Deloitte report as your must have summer read.

Last, consider the Marsh survey of RMs released at the RIMS conference just concluded (great summary here). Marsh's 15th annual Excellence in Risk Management report delves into risk professionals' knowledge of and role in managing technology innovation such as artificial intelligence (AI), blockchain and the Internet of Things (IoT). The short take is that most risk managers and other high level risk professionals do not feel that they have the knowledge or technical experience to deal effectively with these areas of corporate risk. These subjects are expanding so rapidly that applications are running ahead of deep understanding.

The report suggests a more focused and extensive use of cross functional risk committees. While that is certainly an obvious and urgent step, it leaves open a basic question facing RMs on many fronts - how do we encompass the risks inherent in things we've never done before?

The Changing Face of Risk: Exhibit #1

Just when you think you've seen it all: now we have industrious employees stealing, borrowing, hijacking (verb of your choice) company servers to... mine bitcoin. Nicole Eagan, the CEO of Darktrace (interesting company in a new line of business), told attendees at the Wall Street Journal's CEO Council event last week: "We have seen 1,000 crypto-mining cases in the last six months in the US alone with employees taking over company infrastructure for crypto mining. This is becoming a big problem." One truly enterprising young banker in Italy managed to spirit away twelve company servers for some number of months before he was apprehended. The report doesn’t tell us how many bitcoins he harvested or whether he made enough to see him through a nice, long period of unemployment.

Not only does this kind of activity represent serious misappropriation of company resources, it can also create major weak points for cyber attacks. How do you put safeguards on an illicit IT system - and any external connections that might be involved? And this is not just an issue down on your own server farm. Last year security intelligence group RedLock found at least two companies that had their AWS cloud services compromised by hackers who wanted nothing more than to use the computer power to mine bitcoin.

Are any damages caused directly or indirectly by this kind of internal malfeasance covered by your cyber damage and liability policies or other covers? Are you sure? We know that employees - that good old Homo sapiens app V 1.0 - are the weakest link in cyber security, but crypto currency mining can take it to a whole new level.

Where do Effective Safety Programs Come From?

The NIOSH Science Blog published a short, very readable summary of an important recent research report. In 2016 and 2017, RTI conducted a study on behalf of the National Institute for Occupational Safety and Health (NIOSH) to find out what motor vehicle safety topics and products would be of greatest use to small businesses. While the NIOSH focus was on smaller firms, the resulting research casts a great deal of light on motor vehicle safety programs for all employers.

The research involved actually talking to a significant number of employers and those conversations revealed that vehicle safety programs are often lopsided. Some are all about driving safely while others emphasize equipment maintenance. Most canned programs are "text heavy" and do not recognize the time constraints involved in getting the message out and they are not specific to the different challenges of, say, emergency first responders as opposed to local delivery route drivers. The best programs, according to NIOSH, are "highly visual" and result from incorporating real world input from all participants to capture the issues particular to the company. As the reports says, "An understanding of employers' industry, workflow, and culture can help inform the development of better communication products."

Vehicular accidents in a recent year caused 1252 deaths, 155,000 lost work days, and cost about $25 billion in total claims. You have a built-in group of experts - drivers, mechanics, dispatchers, safety officers - if you have vehicle operations in your company. Ask them about the current safety programs. Do they need upgrading? Are they specific enough to your business? Are they visual enough? What could be better? According to NIOSH, there's probably room for improvement. Which leads us to...

A Neat Graphic for Everyone with A/L

Our friends at Risk & Insurance have put together a very nice graphic that shows the top 12 risks that face every fleet manager today. You can probably think of all 12 yourself, but the graphic puts them all on one page with a few nice numbers to demonstrate the relative magnitude of each risk component. For example, speeding was a factor in 27% of recent crashes. Speeding? Aw, com’on, that’s basic safety training and easy to monitor. But that’s the point. Are we really addressing all 12 effectively, every day?

This all on one page summary can be a useful training tool, something to talk about at your next safety committee meeting (are we doing enough about each of these exposures?) and with a little rethinking, you might make it part of your annual stewardship or C-Suite report.

For a legible, full-sized version, click here.


Share This
* Required Fields