What the world needs now is ERM
Are current approaches to risk up to the task? A leading specialist provider of insurance and risk management solutions explains why organisations may be asking themselves the wrong questions
RISK IS CHANGING and old approaches are proving shaky, but a new model is ascending.
Enterprise risk management (ERM) is about taking a holistic organisation-wide approach to risk that focuses on strategy, decision-making and creating a positive culture. This ensures that an organisation’s risk management approach is fit for their purpose, taking into account their specific sector and risk environment.
It rejects focusing on one risk type or using an off-the-shelf solution and achieves a whole-of-enterprise approach to risk management by focusing on these key questions: What makes us vulnerable, and what should we know more about? How will this impact our plans, and do we need to recalibrate? What could go wrong, and how prepared are we?
Addressing these points allows organisations to navigate uncertainty, understand the impact of risks and comprehend how resilient they really are. It’s a dynamic, future-focused approach.
Ansvar Insurance Australia general manager for risk solutions Anthony Black says this approach takes the job of managing risk out of the hands of risk managers solely and gives it squarely to the directors. Directors must maintain a clear line of sight to the risks in their organisation and operating environment and be accountable for an effective risk management framework.
“Risk management is the accountability of boards,” says Black. “The ultimate accountability for the outcomes of risk management sits with directors.”
ERM also requires continuous improvement to support ongoing risk maturity, and constant assessment as to whether risk management is adequate.
The sea change quietly happening in risk management is something that’s been building for a number of years. This can be seen in the range of royal commissions over the last decade that drew back the curtain on everything from a lack of oversight to inappropriate risk cultures.
Risk management approaches have not generally kept pace with an increasingly complex world or been given the attention they require. They have focused on the known risks and existing risk control environment and not dealt with the big, complex risks.
Too often organisations put complex people risks in the too-hard basket, pushing responsibility for managing them to those who are least resourced, equipped or empowered to do so. Royal commissions and inquiries into aged care, disability and child sexual abuse have highlighted how harmful this ‘head in the sand’ approach can be to the most vulnerable in society.
“Communities expect organisations to manage risks well,” says Black.
For care, community and education organisations, this must also extend to addressing risks that create vulnerability and can result in harm.
“Are the human rights of the people accessing our services respected? Are they safe from preventable harm, physical and sexual abuse?” asks Diana Borgmeyer, Ansvar’s safeguarding risk practice lead.
Staying up to date with all the changes that affect risk is a Herculean task for organisations that want to protect their livelihood. Being well informed needs to start with an understanding that institutions are more fragile if systems don’t keep pace with a more complex environment.
Another side to the equation is the growing realisation that some risks just can’t be controlled as they once were.
“The times of risk management being all about risk control have passed,” says Black. This was amply illustrated by the pandemic, because organisations that had inadequate risk frameworks really suffered. “
Those that had better risk management frameworks were either able to withstand the shock of the pandemic or are actually thriving because they took advantage of the fact that their risk frameworks were sufficiently mature, so risks were already being managed effectively,” says Black.
Black says it’s important to realise that being impervious to everything on the event horizon is no longer possible.
“This is about not being bulletproof any more,” he says. “We can’t; we’re not. Things are going to happen. The climate is changing; the world is changing. Geopolitically, it’s different now.”
How organisations respond to events is more important than trying to thwart them.
“So aged care, disability, childcare, education – when something goes wrong, it harms vulnerable people first,” says Black. “Some of the off-the-shelf products are so general that they don’t speak to the specialist risk nature of the sectors we insure.”
General risk products are broadly based around financial risk management and their derivative approaches. ERM, on the other hand, helps boards to implement good governance across the whole of the organisation.
“We’re experiencing growth in markets and aged care, disability and childcare,” says Black.
When critical events like floods with devasting environmental impacts occur, the onion is peeled back on which organisations are still reliant on traditional risk management. For insurers, doing things the old way is rapidly becoming a risk in itself.
“Insurers have become much wiser to the fact that organisations without effective risk management frameworks may now not be a good-quality risk, and they’re looking for genuine commitment and evidence from boards to improve and embed their risk management frameworks,” says Black.
This makes insurability a risk, a concept that’s familiar to property owners in Northern Queensland but perhaps new to the average enterprise seeking to adjust to the post-pandemic economy.
“There’s no guarantees for a customer any more around getting insurance,” says Black. He points to the fact that there are certain lines of insurance related to physical and sexual abuse that are increasingly difficult to obtain. This is a trend that underpins the broker’s fundamental role.
“As a broker, you’ve got to help your client be insurable. That’s your responsibility to keep them insurable. Ansvar has led the way to help brokers make that happen with market-leading risk management solutions.”
With the traditional approach to risk management on its way to becoming obsolete, Black sees ERM as the answer to this conundrum.
A granular understanding
Because the ecosystem is more complex now, bespoke solutions are needed at different touchpoints. But to create a bespoke solution, a detailed, almost insider level of knowledge of an organisation is needed. This is where Ansvar excels.
“Our risk consultants are also experts from the sectors we insure, bringing a deeper understanding of contexts, governance and risks,” says Black.
A generalist parachuting into an organisation is rarely going come up with an appropriate solution.
“That specialist knowledge… let me tell you, that makes a huge difference, and it’s the most common source of compliments we receive.”
Many organisations have had the experience of bringing in outside consultants to tackle a problem, only to find that the solutions offered up were putting square pegs into round holes. Having within-discipline experts leading the process helps avoid such unproductive outcomes.
“There is nothing else like it on the market, and there is something for all Ansvar customers and the brokers we work with,” says Black.
As the backwash of a more connected and less predictable world sloshes ever higher onto Australian shores, educating organisations on the need to change and recalibrate is a key challenge.
“The customer has to recognise that they do need to improve their risk and that there is great value in doing so,” says Black.
“Historical success is not an indicator of future success, because the risk environment has changed so drastically.”