Sponsored Content by Riskonnect

Integrate Data to Harness its Risk Management Power

Risk managers should take the lead in implementing an integrated data system for all parts of their organization.
By: | February 17, 2017 • 5 min read

Risk management isn’t what it used to be.

Risk managers, CFOs and corporate boards no longer have the luxury of focusing on a defined, static set of risks. Global risks proliferate in number, type and complexity, and the risk environment is changing at an ever-faster pace.

In this environment, organizations must preempt if they can, and be able to adapt and react quickly if they can’t. Efficiency and proactivity aren’t just desirable, they’re essential.

“The approach to risk management needs to change. In addition to responding quickly as events unfold, risk managers need to have the tools to see what’s coming, and the voice to get the attention of senior leaders,” said Quin Rodriguez, Vice President, Strategic Marketing, Riskonnect.

Often, businesses already have what they need to speed up their reaction time and whittle out inefficiencies in risk management: data. Data can provide insight into a company’s key vulnerabilities, and clues for effective risk management strategies. The problem is that the data is siloed in separate administrative systems. Sharing data among different teams and corporate functions allows an organization to take a more integrated approach to risk management. Risk managers just need the tools to do it.

“Integrated Risk Management involves converging data from different sources within the business to provide the C-suite with a strategic view of its exposures. It’s opening windows in the silos to create communication channels and enable data-sharing,” Rodriguez said.

When data is presented in an integrated way, it reveals the totality of risk exposure and provides a top-down view of operational risk data including claims and incidents, which may allow executives and senior managers to identify systemic, organization-wide risks that previously went unrecognized due to departmental silos.

To understand the full scope of risk, organizations need data from all business units and risk and compliance functions, as well as from business partners, suppliers and outsourced vendor services.

“It’s hard to see and appreciate the impact of any risk, much less do anything about it, when you’re only looking at them individually and over a short period of time,” Rodriguez said. “Integrated data enables strategic, real-time decision making with the long view in mind.”

A Platform for Data Sharing

Gartner defines Integrated Risk Management as “a set of practices and processes supported by a risk-aware culture and enabling technologies, that improves decision making and performance through an integrated view of how well an organization manages its unique set of risks.”

Quin Rodriguez Vice President, Strategic Marketing

Despite the benefits of streamlining data systems and sharing information across an organization, a 2015 survey conducted by Gartner revealed that nearly 40 percent of its clients were not using software for governance, risk and compliance, or what is now referred to as IRM. Sixty-five percent of clients were not even familiar with the term GRC. And yet, a separate survey of global executives revealed that 65 percent of execs saw investment in risk management as “falling behind.”

Why aren’t more organizations investing in updated risk management practices and taking an integrated approach? Rodriguez said there are shortfalls in both organizational cultures of risk awareness, and in the availability of enabling technologies.

“The technology hasn’t quite been there,” Rodriguez said. “Many vendors have built one-off and niche solutions to meet demands as they arise, resulting in different apps for claims management, safety reporting, internal audit, etc. But there has been no one solution where the data is all accessible at once.”

Riskonnect offers the platform and data services that can unify these separate and siloed solutions. Consolidating claims data, safety reporting, training documents, compliance reports, and other risk management information under one unified hierarchy eases data-sharing without compromising data integrity. It allows risk managers to see the full impact of each risk and understand them in context.

Take the example of a fast food restaurant. A patron comes in for lunch and discovers a bone in his chicken sandwich, which is a safety risk for the customer and a liability risk for the restaurant. The customer complains to the manager, who files an incident report. Then the unhappy customer goes home and shares his experience on social media, denigrating the restaurant for its poorly prepared food. Now that bone is a reputational risk that could affect other restaurant locations as well.

“What we’re seeing is these risk managers are having greater visibility into these risks, and they’re starting to ask us for more information,” Rodriguez said. “They want to be able to see the operational impact of a reputational risk and determine how to mitigate it.”

Rodriguez described another client who was seeing a lot of claims tied to environmental health and safety, but couldn’t determine where the common vulnerability was that was allowing things to slip through the cracks. Part of the problem was that the claims management team and the safety team weren’t communicating.

If there was an injury, the safety team would file a report, but the claims team did not have access to their system and thus could not see the report. They would not know about the incident until the injured employee filed a workers’ compensation claim.

“Safety reporting should be tied to claims, which should be tied to safety auditing,” Rodriguez said. “The injury report should be filed in the same system as claims so that the claims team can identify that report as a potentially insurable risk. When data is integrated, they know what’s coming.”

“Any time you can break down the silos and create common sources of data, normalize them, and ease communication, you achieve an integrated risk management approach that ultimately helps to create efficiency and mitigate losses,” Rodriguez said.

Implementing Integrated Risk Management

Switching to one unified system works best when there is support from all departments. Managers of different business units will need to expand their view outward and look to synchronize their data collecting and reporting with their counterparts throughout the organization.

But there are also needs to be an appetite for integration at the executive and board level, Rodriguez said.

“We have clients that use five, six, seven different solutions of ours and may not have the required appetite to really normalize that data at the C-suite level. There needs to be a desire at that level to really put data to work and develop a purpose for it,” he said. “Otherwise, they’re just going to get another dashboard.”

This is where risk managers can take a leading role and elevate their strategic contribution to their organization.

“Risk managers already collect so much information, but with an integrated risk management approach they can bring better data to their bosses that has a clear purpose,” Rodriguez said. “Harnessing shared data can get risk managers a seat at the table.”

To learn more about integrated risk management solutions, visit https://riskonnect.com/.

SponsoredContent

BrandStudioLogo

This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Riskonnect. The editorial staff of Risk & Insurance had no role in its preparation.




Riskonnect is the only global provider of Integrated Risk Management technology solutions. Built on the world’s leading cloud platform, Riskonnect finally allows you to break down the silos and unite your entire organization.

2017 RIMS

Resilience in Face of Cyber

New cyber model platforms will help insurers better manage aggregation risk within their books of business.
By: | April 26, 2017 • 3 min read

As insurers become increasingly concerned about the aggregation of cyber risk exposures in their portfolios, new tools are being developed to help them better assess and manage those exposures.

 One of those tools, a comprehensive cyber risk modeling application for the insurance and reinsurance markets, was announced on April 24 by AIR Worldwide.

Scott Stransky, assistant vice president and principal scientist, AIR Worldwide

Last year at RIMS, AIR announced the release of the industry’s first open source deterministic cyber risk scenario, subsequently releasing a series of scenarios throughout the year, and offering the service to insurers on a consulting basis.

Its latest release, ARC– Analytics of Risk from Cyber — continues that work by offering the modeling platform for license to insurance clients for internal use rather than on a consulting basis. ARC is separate from AIR’s Touchstone platform, allowing for more flexibility in the rapidly changing cyber environment.

ARC allows insurers to get a better picture of their exposures across an entire book of business, with the help of a comprehensive industry exposure database that combines data from multiple public and commercial sources.

The recent attacks on Dyn and Amazon Web Services (AWS) provide perfect examples of how the ARC platform can be used to enhance the industry’s resilience, said Scott Stransky, assistant vice president and principal scientist for AIR Worldwide.

Stransky noted that insurers don’t necessarily have visibility into which of their insureds use Dyn, Amazon Web Services, Rackspace, or other common internet services providers.

In the Dyn and AWS events, there was little insured loss because the downtime fell largely just under policy waiting periods.

But,” said Stransky, “it got our clients thinking, well it happened for a few hours – could it happen for longer? And what does that do to us if it does? … This is really where our model can be very helpful.”

The purpose of having this model is to make the world more resilient … that’s really the goal.”Scott Stransky, assistant vice president and principal scientist, AIR Worldwide

AIR has run the Dyn incident through its model, with the parameters of a single day of downtime impacting the Fortune 1000. Then it did the same with the AWS event.

When we run Fortune 1000 for Dyn for one day, we get a half a billion dollars of loss,” said Stransky. “Taking it one step further – we’ve run the same exercise for AWS for one day, through the Fortune 1000 only, and the losses are about $3 billion.”

So once you expand it out to millions of businesses, the losses would be much higher,” he added.

The ARC platform allows insurers to assess cyber exposures including “silent cyber,” across the spectrum of business, be it D&O, E&O, general liability or property. There are 18 scenarios that can be modeled, with the capability to adjust variables broadly for a better handle on events of varying severity and scope.

Looking ahead, AIR is taking a closer look at what Stransky calls “silent silent cyber,” the complex indirect and difficult to assess or insure potential impacts of any given cyber event.

Stransky cites the 2014 hack of the National Weather Service website as an example. For several days after the hack, no satellite weather imagery was available to be fed into weather models.

Imagine there was a hurricane happening during the time there was no weather service imagery,” he said. “[So] the models wouldn’t have been as accurate; people wouldn’t have had as much advance warning; they wouldn’t have evacuated as quickly or boarded up their homes.”

It’s possible that the losses would be significantly higher in such a scenario, but there would be no way to quantify how much of it could be attributed to the cyber attack and how much was strictly the result of the hurricane itself.

It’s very, very indirect,” said Stransky, citing the recent hack of the Dallas tornado sirens as another example. Not only did the situation jam up the 911 system, potentially exacerbating any number of crisis events, but such a false alarm could lead to increased losses in the future.

The next time if there’s a real tornado, people make think, ‘Oh, its just some hack,’ ” he said. “So if there’s a real tornado, who knows what’s going to happen.”

Modeling for “silent silent cyber” remains elusive. But platforms like ARC are a step in the right direction for ensuring the continued health and strength of the insurance industry in the face of the ever-changing specter of cyber exposure.

Because we have this model, insurers are now able to manage the risks better, to be more resilient against cyber attacks, to really understand their portfolios,” said Stransky. “So when it does happen, they’ll be able to respond, they’ll be able to pay out the claims properly, they’ll be prepared.

The purpose of having this model is to make the world more resilient … that’s really the goal.”

Additional stories from RIMS 2017:

Blockchain Pros and Cons

If barriers to implementation are brought down, blockchain offers potential for financial institutions.

Embrace the Internet of Things

Risk managers can use IoT for data analytics and other risk mitigation needs, but connected devices also offer a multitude of exposures.

Feeling Unprepared to Deal With Risks

Damage to brand and reputation ranked as the top risk concern of risk managers throughout the world.

Reviewing Medical Marijuana Claims

Liberty Mutual appears to be the first carrier to create a workflow process for evaluating medical marijuana expense reimbursement requests.

Cyber Threat Will Get More Difficult

Companies should focus on response, resiliency and recovery when it comes to cyber risks.

RIMS Conference Held in Birthplace of Insurance in US

Carriers continue their vital role of helping insureds mitigate risks and promote safety.

Michelle Kerr is associate editor of Risk & Insurance. She can be reached at [email protected]