Tapping in to risk
Written by Deborah Ritchie
Deborah Ritchie examines how risk software is responding to businesses in evolving and competitive global markets
Risk managers across both the public and private sectors are well acquainted with the pressures of operating in a tough economic environment. Resources are harder than ever to come by; but the number of risks no less. Added to the reality of budgetary constraints is the extra burden posed by reduced headcount in risk management teams, making an already difficult job that much harder. On top of the external drivers bearing down on the risk function, organisations are dealing with enormous and growing amounts of risk data. Making use of that data reliably and accurately is vital. Most organisations must now also grapple with increased auditing and reporting requirements – often a result of governance or compliance demands. What may once have been a monthly requirement may now be asked of weekly; weekly demands may now even be made daily.
Remaining competitive and at the same time continually improving risk management processes and being able to prove that it is doing so adds to the seemingly insurmountable task of today’s risk management imperative.
It is no surprise, then, that recent years have brought about an increasing interest in adopting a rigorous process of automation to manage and reduce risk.
It takes extraordinary functionality in a software product to deliver a truly integrated approach to automation of risk management approaches, principally driven by methodology and which is flexible and adaptable over time. So how are some of the key players achieving that?
Ian Abrahams, of Australia-based CorProfit Systems is currently overseeing a project in Botswana on an Australian-owned copper mine, recently commissioned into production. Their work with the mine started some four years ago, with a series of bankable feasibility studies.
“About 20 months ago the professional services we had been providing became a purchase of the KnowRisk software, and since then there has been a planned and structured approach to implementing a range of different risk strategies, from business risks, safety and environment including incident reporting and investigations, community management and project risks.
Designing and implementing an ERM solution takes effort, especially when moving ERM into day-to-day operations. “My visits to Botswana span 14 months, roughly every six weeks for up to two weeks at a time. The last two visits were at an exploration camp, sleeping in a tent. In the real world of work it is remarkable to see the extent to which it is necessary to be risk-aware; certainly the list of incidents is remarkable, scorpion stings, snake bites, the lack of communications when out of range, breakdown of equipment, dealing with the elements, dealing in places where there is not the depth of medical knowledge needed,” he explains. Abrahams worked with his client to develop a risk framework, along with documentation, procedures and training material.
“In looking at the options we did not provide a web-based solution, as we foresaw that ERM needed to be tailored for department and individual needs, which is more intuitive and follows the way people think, rather than producing a one-size-fits-all solution. This has paid off when you’re in an exploration camp with no comms with the outside world and need to perform all the risk management locally. A few years ago, in some cases we were excluded due to the lack of a web-based offering, though in at least the last couple of years this has not been the case. The growth of virtual computing has been a game changer,” he says.
CorProfit are now, however, working on a web-based product, which corresponds with current thinking in this market. But with data security risk so high on the agenda, are market participants not concerned?
In its recent survey of the risk technology market, Aon eSolutions found that on the topic of ease of access to data, familiarity with cloud computing and confidence in the security of products operating from the cloud, confidence was impressively high. More than 74 per cent of respondents to their survey were confident that the products they used are secure.
Aon’s Global Risk Technology Survey also found that for users of risk software, being able to quantify return on investment related to a risk management information systems purchase is essential for an organisation’s ability in using technology to support its enterprise-wide risk management programme. How long that takes, however, is less clear, with about half of respondents unable to say how long it is expected ROI to be seen. As for the remainder, the majority (15 per cent) felt that in one year, ROI would be clear, up from 14 after 18 months, and 10 per cent after two years. What was clearer however, was that of the 400 risk and insurance professionals asked, 63 per cent achieved risk transfer cost savings with almost 20 per cent reducing risk transfer costs by almost a fifth. Furthermore, 56 per cent achieved a risk retention cost saving, with over a tenth saving over 10 per cent.
Aon’s study also highlighted a considerable drive away from using spreadsheets. In a world with so much information, risk managers need a tool that performs the consolidation and analysis for them – whatever the information type. Data consolidation and management helps the different stakeholders share knowledge
and make faster, better informed decisions, rather than having to spend valuable time building reports from multiple data sets, files and systems.
Angus Rhodes, a product manager and consultant from Aon eSolutions, explains that as an organisation’s risk maturity progresses, siloed spreadsheets no longer provide the transparency and connectivity required. This is where spreadsheets are being replaced by more sophisticated risk technology solutions to avoid the pitfalls related to using spreadsheets.
Ayaz Merchant, of NTT DATA Figtree Systems, believes risk managers want to focus on that 20 per cent of events that cause 80 per cent of the problems. Their software strives to provide a 360 degree view of an organisation’s risk landscape. Instead of trading data between safety, insurance and risk management departments, these groups of users can now collaborate in real-time.
“The risk manager’s role is to advise the CEO on threats to the business, potential disruptions in relationships with key suppliers and customers, and how the changing business environment affects their organisation. The job is knowledge-driven and the last thing the risk manager wants is to keep searching for the correct information or second-guess the data.”
Even with a relatively small team of risk professionals, well-defined processes for risk management are firmly embedded at the Crossrail project, for instance, with ERM reporting that is consistent and integrated with other management reporting and KPIs. This interconnectivity is essential on a project of this magnitude, explains Peter Robertshaw, a senior-vice president at Active Risk, whose ARM software has been implemented across the entire mega project. With this approach, Crossrail is also bringing together its many suppliers, supporting the drive towards a more risk-aware construction industry that is long overdue. It is Robertshaw’s hope that this emphasis on better risk management in construction and engineering can become a lasting legacy, where projects underpinned with effective risk management contribute to a better environment in which to do business.
The London 2012 Olympics could be considered as a similar achievement. After a successful Olympics, the vast majority of firms surveyed by the latest CBI/KPMG London Business Survey say the Games will help promote London internationally and a quarter say they have benefited directly.
“The Olympic Delivery Authority (ODA) used ARM with their supply chain partners seeking to identify common risks across the project and to find the best place to mitigate those risks,” says Robertshaw. “Being able to take an overall view, rather than having various organisations fixing their own part of the problem in multiple places, it’s easy to see that it’s more cost effective to put mitigation resources in at the right place without duplication.”
Active Risk has recently launched ARM 6, with the main aim of making risk management more simple, valuable and personal. “We think risk management has got too complicated, because software companies and analysts like to make it complicated.”
“Instead, we think more people should get more involved in the risk process, and ARM 6 has apps and offline capabilities, say for when you are travelling, to enable collection of data from right across the business and supply chain. Then there are visualisation and analysis tools to take managers way beyond traditional top ten risk lists so that stakeholders can see the connections between risks. This reflects the reality and connectivity of risks much more accurately.”
This mature approach to risk management has created a market of savvy buyers and intelligent providers. “2012, our most successful year so far, has been driven by much higher demand for companies looking at managing risk in a more proactive and professional way and improving data accuracy and automating processes around the capture, consolidation and management of information,” explains Steve Cloutman, managing director, EMEA, Aon eSolutions.
And as the year draws to a close, positive sounds from the CBI survey suggest that businesses in London expect to start hiring as normal again in the next six months, after a period of only taking on essential recruits in the first half of 2012.
While a tough economy is no time to cut back on risk management, the tools for the task are readily available in a vibrant market with the technical knowledge and adaptability to get the job done, and done well.