Risk Insider: Jean Nkamdon

Lessons From The Trenches: Lesson #2

By: | July 7, 2017 • 3 min read
Jean Nkamdon is the Risk Management and Compliance Manager at The Washington Post & Companies, which publishes the Washington Post. Nkamdon, a CPA, CFE and a RIMS-CRMP, has both domestic and international cross industries audit, attest, and risk consulting advisory experience. He can be reached at [email protected]

In my years in risk management I couldn’t help but find three constant lessons that keep popping up for me and every time I ignored one of them I paid for it. In my last post, I addressed Lesson #1: Know the Odds.

Now the second lesson: Never take too much risk for very little reward

It is well understood that risk is intrinsic to any business undertaking, but the true quandary of threading the risks vs. reward equation comes down to understanding how much risk can an organization realistically afford to bear in the accomplishment of its objectives. To this point, it is often said that according to Warren Buffet, the first rule of investment is capital protection and the second asks to refer to rule number one. In risk management parlance, the Buffet rule would equate to the risk management mission to first and foremost protect their organization’s value.

Advertisement




Organizations are confronted in every aspect of their businesses with the decision as to what amount of risk they could reasonably retain, transfer or avoid altogether. Because risk professionals are in the business of protecting their organization’s value, they would be better served when evaluating risks and potential risk treatment options to heed the oracle of Omaha advice.

As an illustration, organizations of all sizes are now confronted with the decision of whether to buy cyber coverage or not. In considering whether cyber coverage is an option, risk managers would have to understand the amount and nature of data held by their organization (Personal Identifiable Information, Personal Card industry information, Private Health Information).

My own observation in this area is that renewal discussions seem most often centered around premium or benchmark with peers. While these are valid data point in the analysis, in themselves they are not the magic bullet…

With a good understanding of their organization’s data, risk professional can enlist their brokers and or carriers to understand the kind of solutions available in the market for the type of information at risk. Savvy brokers would know and understand what solutions the markets can provide. This is where it would be a good idea for those in charge of risk with the help of brokers and or carriers to compare the solutions available and see whether there could be a solution tailored to their specific risk.

My own observation in this area is that renewal discussions seem most often centered around premium or benchmark with peers. While these are valid data point in the analysis, in themselves they are not the magic bullet. If risk transfer is ultimately considered merely on the basis on these without considerations to actual risks facing the organization, then the organization might end up buying too much or too little coverage which in either case are ultimately detrimental to the organization.

The worse scenario would be to find out after a loss that there is not sufficient coverage or that the existing policy has little to no coverage for the type of claim at hand. The key takeaway is that those in charge of risk are to help their organizations take calculated risks rather than assuming risks by default.

I’ll cover lesson #3 in a future Risk Insider article — stay tuned.

More from Risk & Insurance

More from Risk & Insurance

The Risk List: Presented by Travelers

6 Emerging Risks for Manufacturers

Drag and drop the tiles below to arrange them in your prefered order of most concerning risk (#1) to least concerning risk (#6). Then press "Submit Rankings" to see the summary results.

1
Drones
2
Driverless Cars
3
Internet of Things
4
3D Printing
5
Design Flaws
6
High Tech Equipment