Risk Insider: Dorothy Gjerdrum

ERM’s Language Problem

By: | May 18, 2017 • 3 min read
Dorothy Gjerdrum is senior managing director of Arthur J. Gallagher & Co.’s Public Sector Practice and managing director of its Enterprise Risk Management Practice. She can be reached at [email protected]

ERM has a language problem.

Many of us moved from risk management to enterprise risk management (ERM) without updating our lexicon.  We now focus on taking a broader approach to managing risk while we continue to use terminology that limits our ability to implement that approach.  Two of the most important words that need deeper understanding and better articulation are “risk” and “uncertainty.”

It’s not hard to find writing that equates “risk” with negative outcomes.  Indeed, in a quick perusal of “Risk Insider” columns on ERM, there are numerous examples that describe “risk” as a threat and use the terms “risk” and “uncertainty” interchangeably.

It takes awareness and perseverance to update our language when it comes to risk; without that, we tend to fall back on common usage.  Dictionary definitions don’t help, since they typically rely on historic, common usage and that doesn’t support the evolving approach to managing risk.  Insurance dictionaries define risk as a probability or threat of damage, injury, liability, loss or negative occurrence.  Merriam-Webster offers four options: 1) “possibility of loss,” 2) “someone or something that creates or suggests a hazard,” 3) “the chance of loss” (and a few variations on that) and 4) “the chance that an investment will lose value.”  All of these definitions tie risk to negative outcomes.

ISO 31000 defines risk as the effect of uncertainty on your objectives.  It is not the effect alone, or the uncertainty alone, it is the intersection of those uncertainties with your objectives that creates risk.

Some practitioners try to get around that by adding words.  Examples include “risk and reward” or “risk and opportunity” (the connotation of “risk” is still negative in both) or the clumsy terminology “upside and downside” risk.  (The problem is that “upside and downside” describe potential effects or outcomes, not the risk itself.)  These expressions can be confusing and problematic and they do not help change the narrative.


However, even in common language, there are opportunities to expand our understanding.  To “take a risk” or say that something is “risky” acknowledges that the outcomes are uncertain.  Outcomes can be positive or negative, and are often a mix of both.  That starts to sound more like ERM, doesn’t it?

When we drafted the international standard on risk management, risk experts from around the globe spent an enormous amount of time working to get this right.  We knew that the definition itself would expand our thinking and refine our approach.

ISO 31000 defines risk as the effect of uncertainty on your objectives.  It is not the effect alone, or the uncertainty alone, it is the intersection of those uncertainties with your objectives that creates risk.  It’s an incredibly important distinction from the common usage definitions.  It keeps organizational objectives at the heart of the process and recognizes that not all uncertainties will have an impact upon strategy or objectives.  And the uncertainty that does affect strategy, goals or objectives doesn’t always affect the organization in negative ways; the ISO 31000 definition is neutral about the effects of uncertainty.

As our ERM programs evolve and we consider a broader range of uncertainties and outcomes, it is imperative that we become more exact in our use of language.  That will help us (and our clients) view risk – with clarity and precision – from a broader lens.

More from Risk & Insurance

More from Risk & Insurance

Risk Management

The Profession

This senior risk manager values his role in helping Varian Medical Systems support research and technologies in the fight against cancer.
By: | September 12, 2017 • 5 min read

R&I: What was your first job?

When I was 15 years old I had a summer job working for the city of Plentywood, mowing grass in the parks and ballfields, emptying garbage cans, hauling waste to the dump, painting crosswalk lines.  A great job for a teenager but I thought getting a college degree and working in an air-conditioned office would be a good plan long term.

R&I: How did you come to work in risk management?

I was enrolled in the University of Montana as a general business student, and I wanted to declare a more specialized major during my sophomore year. I was working for my dad at his insurance agency over the summer, and taking new agent training coursework on property/casualty risks in my spare time, so I had an appreciation for insurance. My dad suggested I research risk management for a career, and I transferred sight unseen to the University of Georgia to enroll in their risk management program. I did an internship as a senior with the risk management department at Sulzer Medica, and they offered me a full time job.

R&I: What could the risk management community be doing a better job of?


We need to do a better job of saying yes. We tend to want to say no to many risks, but there are upside benefits to some risks. If we initiate a collaborative exercise with the risk owners — people who may have unique knowledge about that particular risk — and include a cross section of people from other corporate functions, you can do an effective job of taking the risk apart to analyze it, figure out a way to manage that exposure, and then reap the upside benefits while reducing the downside exposure. That can be done with new products and new service offerings, when there isn’t coverage available for a risk. It’s asking, is there anything we can do to reduce the risk without transferring it?

R&I: What emerging commercial risk most concerns you?

Cyber liability. There’s so much at stake and the bad guys are getting more resourceful every day. At Varian, our first approach is to try to make our systems and products more resilient, so we’re trying to direct resources to preventing it from happening in the first place. It’s a huge reputation risk if one of our products or systems were compromised, so we want to avoid that at all costs.

We need to do a better job of saying yes. We tend to want to say no to many risks, but there are upside benefits to some risks.

R&I: What insurance carrier do you have the highest opinion of?

I’ve worked with a number of great ones over the years. We’ve enjoyed a great property insurance relationship with Zurich. Their loss control services are very valuable to us. On the umbrella liability side, it’s been great partnering with companies like Swiss Re and Berkley Life Sciences because they’ve put in the time and effort to understand our unique risk exposures.

R&I: How much business do you do direct versus going through a broker?

One hundred percent through a broker. I view our broker as an extension of our risk management team. We benefit from each team member’s respective area of expertise and experience.

R&I: Is the contingent commission controversy overblown?


I think so. The brokers were kind of villainized by Spitzer. I think it’s fair for brokers and insurers to make a reasonable profit, and if a portion of their profit came from contingent commissions, I’m fine with that. But I do appreciate the transparency and disclosure that came out as a result of the fiasco.

R&I: Are you optimistic about the US economy or pessimistic and why?

David Collins, Senior Manager, Risk Management, Varian Medical Systems Inc.

While we might be doing fine here in the U.S. from an economic perspective, the Middle East is a mess, and we’re living with nuclear threat from North Korea. But hope springs eternal, so I’m cautiously optimistic. I’m hoping saner minds prevail and our leaders throughout the world work together to make things better.

R&I: Who is your mentor and why?

My Dad got me started down the insurance and risk path. I’ve also been fortunate to work for or with a number of University of Georgia alumni who’ve been mentors for me. I’ve worked side by side with Karen Epermanis, Michael Rousseau, and Elisha Finney. And I’ve worked with Daniel Dean in his capacity as a broker.

R&I: What have you accomplished that you are proudest of?


Raising my kids. I have a 15-year-old and 12-year-old, and they’re making mom and dad proud of the people they’re turning into.

On a professional level, a recent one would be the creation and implementation of our global travel risk program, which was a combined effort between security, travel and risk functions.

We have a huge team of service personnel around the world, traveling to customer sites to do maintenance and repair. We needed a way to track, monitor and communicate with them. We may need to make security arrangements or vet their lodging in some circumstances.

R&I: What do your friends and family think you do?

My 12-year-old son thought my job responsibilities could be summed up as a “professional worrier.” And that’s not too far off.

R&I: What about this work do you find the most fulfilling or rewarding?

Varian’s mission is to focus energy on saving lives. Proper administration of the risk function puts the company in a better position to financially support research that improves products and capabilities, helps to educate health care providers and support cancer care in general. It means more lives saved from a terrible disease. I’m proud to contribute toward that.

When you meet someone whose cancer has been successfully treated with one of our products, it’s a powerful reward.

Katie Siegel is an associate editor at Risk & Insurance®. She can be reached at [email protected]