Zachry: A Secret to Success in Being a Risk Manager
Tuesday, March 3, 2020 | 670 | 0 | min read
As a risk manager, it is helpful to educate the senior management not only on the risk transfer programs but also on the potential impact that the uninsurable risks may have on the company.
This way, adequate resources (financial and operational) will be allocated to avoid the “uninsurable” risks.
I found that outside events were very helpful in educating senior management on the fundamentals of our risk program.
For instance, when there were a severe earthquake and tsunami in Japan (which also caused $44 million in losses in the Santa Cruz docks), I sent a short note to senior management saying we had not suffered a loss in that event but if any of our stores which were facing the Pacific Ocean had been hit, here was how our property insurance would have responded.
Most senior executives are interested in cyberexposure. The risk management team organized a tabletop exercise practicing how we would respond to a blue screen of death that had hit the company. After the event, I sent a one-page note to the CFO, CEO, head of internal audit and chief operations officer telling them that we had just completed our tabletop program, and the top three lessons that came out of the exercise. I also used the event as another excuse to explain how our cyberinsurance would respond to the event.
Insurance never makes the organization whole. If data is stolen it can be both a financial and reputational loss.
It is important to educate management on what is not covered by insurance. For instance, we will not get the data back and it might be used in the marketplace to reduce our competitiveness.
- Use catastrophic events that are in the news as an opportunity to educate senior management.
- Do not overdo it. Senior management wants to know but also has limited time.
- Make the note interesting. For instance, if you are aware that one of your competitors took a loss from the event, include that information in the update.
- Always use the same format. It is easier for executives to read when they are used to a standardized format.
- Be sure to target a variety of exposures (property, casualty, directors and officers, cyber) rather than hit the same exposure again and again.
- Educate the management on what may not be covered as well as how the insurance will respond.
- Include the retention level information so there are no surprises that even if there is insurance in place, there will still be some type of loss.
- When appropriate, also include commentary about the insurance market. For example: “This being the fifth hurricane to hit this season will probably put pressure on the market to increase their rates.” It is easier for you at budget time if senior management is mentally prepared for a potential increase in your risk transfer insurance costs due to global catastrophic events.
Bill Zachry is a member of the California State Compensation Insurance Fund board of directors and chairman of State Fund's Audit Committee. He's the former vice president of risk management for Albertsons and Safeway, and a former senior fellow of the Sedgwick Institute.