As insurance procurement becomes more difficult, the industry is inherently requiring an organization to be more thoughtful and responsible for managing its own risk. Gone are the days when underwriters will broadly accept risks that are not well understood or managed by an organization.
The concept of risk and insurance is not a “one-dimensional” purchasing strategy but rather a process that an organization should embrace to determine what the most material risks are that could affect their organization and what the financial impact could be of those risks. The result can provide a basis for an organization’s risk appetite1 and how accepting or avoiding risks aligns with the organization’s strategic plan. Risk and strategic planning have been spoken about in the same sentence many times now.
The concepts of Enterprise Risk Management (“ERM”) are becoming more important for an organization to appreciate the totality of risks across their organization. This broader awareness leads to an organization being able to qualify and quantify the financial impact of these risks. With this greater awareness comes a need to measure the Total Cost of Risk (“TCoR”) that an organization is exposed to and can impact its ability to meet its strategic goals.
I wanted to provide some generic guidance over the next few months that will help an organization better integrate Enterprise Risk Management (“ERM”) and Total Cost of Risk (“TCoR”) concepts into the strategic planning process for the executive team. My goal is to allow the executive team to mature their 2025 business planning process to consider these concepts in their strategic plan.
When thinking about risk and the financial impact (cost) of that risk, we also want to think about how to avoid or “mitigate” that risk and the costs associated with the same. The cost of risk mitigation should be viewed from a Return on Investment (“ROI”) basis as spending $100 should reduce some amount, say $1,000 of potential self-insured risk. If you were going to spend money to reduce the risk, that is, in ERM terms, sometimes called management influence.
Coupling Enterprise Risk Management (“ERM”) and Total Cost of Risk (“TCoR”) together is a natural concept so that the leadership team for an organization can raise awareness of risks and how those risks translate into the financial impact that will ultimately influence the realization of their strategic goals.
ERM and TCoR are two intertwined concepts crucial for businesses navigating today’s complex risk landscape. ERM involves a comprehensive approach to identifying, assessing, and managing risks that could affect an organization’s objectives. It’s about proactively addressing uncertainties to enhance decision-making and protect value.
TCoR, on the other hand, quantifies the total financial impact of risks on an organization, encompassing not just insurance premiums, but also direct and indirect costs like deductibles, claims administration, and risk control measures. Understanding TCoR allows businesses to grasp the full extent of their risk exposure and make informed decisions about risk financing and mitigation strategies.
To implement or enhance ERM and TCoR frameworks, businesses should start by systematically identifying potential risks using tools like risk assessments, interviews, and industry analysis. Risk quantification is then used to measure the potential impact of identified risks, prioritizing which risks to address first based on their potential to affect organizational objectives.
These two concepts are deeply interconnected. By implementing robust ERM practices, organizations can systematically identify and prioritize risks, leading to more effective risk management strategies. Consequently, this can drive down TCoR by reducing the frequency and severity of losses and optimizing risk transfer mechanisms such as insurance. Strategies to manage prioritized risks, such as risk avoidance, mitigation, transfer, or acceptance, should be developed and aligned with the organization’s overall risk appetite and capacity. Implementation of these strategies through policies, procedures, and controls is essential, with clear communication and training for all stakeholders. Financial analysis is also crucial, capturing all direct and indirect costs associated with managing risks, including insurance premiums, potential losses, and expenses related to risk mitigation activities.
Moreover, a focus on ERM can also help uncover hidden costs that contribute to TCoR, such as operational inefficiencies or potential reputation damage. By addressing these underlying issues, businesses can further reduce their overall risk burden and enhance their resilience in the face of uncertainty. A reporting system should be developed to enhance transparency and support better decision-making.
In essence, ERM and TCoR work hand in hand to empower organizations to navigate risks more effectively, ultimately safeguarding their sustainability and success in an ever-evolving business environment.
Over the next few months, we will provide guidance in both concepts that will allow for an increase in awareness and afford businesses a more structured approach to establishing a process to better qualify and quantify the risks under these broad subjects.
If you need more information on Total Cost of Risk or ERM or need help with any risk-related issue, please contact me at 732.395.4251 or [email protected].
1 Risk Appetite: The types and amount of risk, on a broad level, an organization is willing to accept in pursuit of value.