Druml Group, Inc.

TRANSFORMING RISK INTO OPPORTUNITY

Menu

Archives

Ignore Construction Risk Factors at Your Own Peril

Ignore Construction Risk Factors at Your Own Peril

“These don’t apply to my business.” We had just presented a client with a proven list of 75 risk factors that can impact a construction company’s ability to make a profit. He circled 20 and said the rest were of no consequence. If we hadn’t previously run a number of construction companies and closely observed hundreds more, his words may have cast doubt. But we knew better. Some risk factors are certainly less important than others, but they all can play a roll in causing business failure; even seemingly unimportant risk factors can interact with one another to have a large impact. With respect to business, a risk factor is defined as an action, condition or event that can cause loss or harm performance and profitability objectives. Risk factors vary by industry. For example, smoking is a risk factor in the medical world, specifically related to the health of an individual. It does not apply to a construction business. Likewise, failing to have a job cost system in place is a risk factor related to a construction business, but certainly is not a risk to an individual. Risk factors are also different across businesses. A risk factor related to overstocking perishables in a restaurant due to poor inventory control does not apply to construction. Poor humidity control is a risk factor in a flower shop but not in a restaurant. As you can imagine, there are many different types of risk factors and for the most part they are specific to an industry. Some are really important because the harm they can cause is great. Others are of lesser importance because the harm they can cause is not so great, thus having a smaller impact. To actually determine the impact a risk factor can have (its importance), takes years of case study. But suffice it to say, importance varies. What also varies is a contractor’s perception of the importance of various risk factors. Interestingly, the risk factors that a contractor usually thinks are important are the ones which it has experienced. While those the contractor thinks are unimportant are the ones it has yet to experience, and some of those can actually be very important. Focus on Expertise Now a case in point: The particular contractor mentioned at the beginning of this article was a General Contractor (the word “was” is telling). One of the risk factors he determined was of no consequence was taking on new types of work without prior experience. Another was estimating without historical data. In the months to come, this contractor decided that it could make more money by doing the rough carpentry work (framing) of buildings by itself rather than using subcontractors. In California, there are separate companies that do framing and that is all they do. It is very competitive and the cost is simply driven by how fast carpenters can put lumber in place. This GC proceeded to bid three large school projects. Now it had done schools before, but never the framing. We personally advised against the approach indicating that the estimating staff did not have experience bidding framing work, that the estimating staff did not have any historical information on hand to rely upon, that the personnel were not in place to do the framing, and that the company had no prior experience doing the work. Well, this particular contractor looked at themselves as a risk taker. Indeed they were. The net result was as follows: This particular GC was in business for over seven years and had been quite successful. However, GCs work on very tight margins. The contractor could ill afford to lose large money on the framing, but they did, and it cost them their business. That was all based upon risk factors that the contractor did not consider of importance. Contract Review Let’s look at another case in point: A contractor performed steady work in a niche market and historically made good money, however it didn’t have a contract review procedure in place. In fact, this contractor had signed a contract without having reviewed it completely and was unaware of the insurance requirements. One of the requirements was for $5MM of pollution coverage, but the contractor only had $1MM in place. The contract was for repair of 450 balconies on a 40-story apartment complex. It had done this type of work on large structures before, but never for a building that did not have air conditioning. During the summer months it became unusually hot while work was underway and many of the 450 residents had to keep their windows open because of the stifling heat, even while the contractor was chipping and grinding out the old concrete that needed repair. Concrete dust invariably drifted into some of the apartments. Simultaneously, the owner had given notice of eviction to a lawyer. To get back at the owner, he banded a bunch of the residents of the apartments together convincing them of great rewards, and proceeded to file a lawsuit against the owner for allowing cancer causing silica dust to harm the health of all of the residents. Since a lot of the residents were old, having little funds, and had little to do with their time, they had nothing to do but listen to an evicted attorney. Once the thought of cancer causing dust was put in their minds, even the invisible bothered them. During that time, one of the residents who had chronic respiratory problems was hospitalized even though work was not being performed at the time near her apartment. This just fueled the claim that all the residents were being exposed to a major health hazard, even though open windows were being covered with a filter cloth. Unfortunately, the court approved the suit as a class action with all 450 residents represented. The owner in turn tendered the suit to the contractor only to find out that the contractor did not have $5MM of pollution coverage in place as called for in the contract.... Read More
 
Contractors: Adopting Enterprise Risk Management or Falling Behind?

Contractors: Adopting Enterprise Risk Management or Falling Behind?

In this post, we’ll give some background on the growth of Enterprise Risk Management and how it relates to the construction industry, and explain why adopting an Enterprise Risk Management philosophy for running your construction business is a wise decision. We say philosophy, because at its core, ERM is a shift in thinking, a shift in managing your business. It applies best in high risk industries, like construction, which have high failure rates due to persistent failures to recognize and mitigate risk across the entire business. Enterprise Risk Management Growth In a 2001 survey, Enterprise Risk Management: Implementing New Solutions, it was noted that 41% of the public companies surveyed indicated that they were currently implementing some form of ERM program.  As a result of Sarbanes-Oxley Act (aka SOX, the compliance requirements set forth after the Enron debacle), that number has been climbing ever since.  Why?  Quite simply, the rules of the game have changed for public companies.  They must now prove they have strong internal controls, complete intregrity and systems to manage all risks they face.  Unexpected “surprises” are no longer accepted; they now have swift consequences.  Given this environment it’s no wonder that Enterprise Risk Management (ERM) is being adopted by public companies at an ever increasing pace. In the United States, the Securities and Exchange Commission, as well as the U.S. Federal Reserve and the American Institute of Certified Public Accountants, are demanding more accountability from corporate directors in terms of identifying risks and developing systems for managing them.  The National Association of Corporate Directors is encouraging audit committees to expand their scope of risk management reviews. Dunn and Bradstreet has released software to provide ERM Solutions. Standard & Poors, one of the largest credit rating companies of businesses worldwide, has announced that it is now including questioning about a company’s ERM practices to determine ratings for credit.  This rise in expectations requires a level of risk management knowledge and capability not found in many organizations, so companies are scrambling and reacting to institute risk-based controls. But how does all this apply to private companies that don’t have to worry about compliance issues brought forth by SOX? Plainly stated, ERM is not just for the “Big Guys” anymore.  As Tim Ling, president and chief operating officer of Unocal, stated: “I think you will see almost all companies over the next few years moving in the same direction [as we are], really trying to integrate the notion of risk management with the notion of just business management. To me, running a business is all about managing risk.”  Essentially, managing risk is really about properly managing a business, and therefore managing risk can create shareholder value if done correctly.  Thus, ERM is now seen less as a reactionary requirement to regulations, and more as just plain old good business practice. In fact, according to the RIMS 2011 ERM Benchmark Survey, over 75% of the 14K public and private companies in the survey had active ERM programs or were investigating ERM adoption:   Why Contractors make good Candidates for ERM Does ERM apply to contractors? Yes, more than ever. Since ERM best fits companies in high risk fast moving industries, contractors are prime candidates for adoption. Here are some reasons why: All of these characteristics make contractors great candidates for ERM. So let’s talk about the how ERM can actually overcome the challenges for implementing risk controls as stated above, namely: the abundance of construction risk, the time constraints upon management, the insufficient knowledge about ERM and unstable controls. How ERM overcomes the challenges for implementation of risk controls Takeaways In short, ERM addresses an abundance of risk by following a systematic process that educates the workforce on elements of risk within their area of responsibility, empowers them to individually install risk controls which are then monitored within the process to make sure the controls remain fully in place, thus creating a “no surprises” management environment.  Without an ERM framework, the failure to recognize risks or to mitigate known risks can make it difficult to compete, financially weaken the company, and potentially jeopardize its future. So there you have it. ERM is being adopted worldwide and it is a perfect fit for construction. It will just be a matter of time before you will be expected to run your business with a risk-based approach. In fact, banks and sureties are already asking contractors, “Who handles enterprise risk management for your company?” Do you want to be the company that lags behind in understanding and taking action on business risks, or do you want to be a survivor in today’s fiercely changing and competitive environment? As to the ultimate question: “Should I personally get engaged in a risk-based mindset and adoption of ERM,” we leave you with some final questions: To learn more, contact Druml Group for construction enterprise risk management solutions.
 

Construction Failure: Why Contractors Fail

The construction industry is full of unending challenges, requiring high energy and constant problem solving.  The company owner is like a juggler with 50 balls up in the air (potential problems); if any drop (actual problem) it could cause all the rest to drop as well (total problem i.e. business failure). The large amount of potential problems, combined with low industry margins, is undoubtedly a major reason the construction industry has one of the highest failure rates (right up there with restaurants). Unlike companies in most industries, though, contractors usually don’t fail because of poor products or service. Why Contractors Fail Sure there are some cases, but in general, contractors don’t fail because of poor construction. Most contractors build a decent building. After all, they have to follow rigid design specifications and plans and have to undergo inspections. So if they don’t fail because of poor building practices, then why do contractors fail? In simple terms, it is because of poor business practices. Many construction companies are started by project managers without specific schooling in running a business. They know how to run a job, but haven’t been taught to run a construction company. To compound matters, there isn’t really much formal education offered in running a construction company. Frankly, there should be a college major for it. Finding the Root Causes of Failure Every company has a bunch of business practices, and if those business practices are properly in place, the company will maximize its ability to make a profit. All those business practices (or things you need in place) are called risk factors. That is the heart of Enterprise Risk Management: Every process, practice, system, procedure, or activity that takes place in a company must be working perfectly to maximize profitability. Obviously, this sort of perfection is impossible, but it is (or should be) a goal for every company. So, we started on a quest to uncover the root causes of business failure. We began by identifying all of the major contributing causes for loss based upon our years of experience and sought out publications and other professionals who could serve as resources for further adding to the list. We knew that all causes of loss could be fixed by putting a business practice or control in place and that if those controls or practices weren’t in place, it could cause a business to fail. Conversely, having all the necessary controls and practices in place would provide a business with the greatest ability to generate profits (to maximize profitability). With a greater understanding of how controls impacted profitability, it became clear that the effectiveness of existing controls at a company had to be assessed to determine the degree the company was at risk of failure. This is, in fact, what the Enterprise Risk Management process does and what risk management was intended to be long ago. Reactive Management Just like financial advice is sought after a portfolio has shrunk or a financial dilemma has occurred, and business analysts are brought in after a company has lost money, we spent our early days as consultants patching up systems or procedures in construction firms that were disheveled. In fact, a large amount of our time was spent on complete turn-arounds. It made us feel like lawyers, always looking in the past at what went wrong rather than looking toward the future and preventing problems from occurring. That really isn’t the best business philosophy… that is, to bring in an expert after something is messed up. A much better business philosophy is one that prevents “mess-ups” from occurring in the first place, which is why Enterprise Risk Management is so well suited to construction. Proactive Management Enterprise Risk Management identifies potential causes for loss well in advance so they can be addressed before harm occurs. This is a large shift from the thinking of fixing problems once they occur. That is the beauty of ERM. It prevents problems by recognizing weaknesses while they can still be corrected. That said, most contractors continue to unknowingly risk profits by failing to inspect systems and controls that could cause future problems. Let’s get back to our project manager turned business owner. Without the proper educational tools or experience actually running a company, his chances of survival are low, which is exactly what the statistics show. To increase his odds, he should study the business practices (risk factors) necessary to run a construction company effectively; there are at least 79 which are important to a company’s success. We encourage any contractor interested in preventing problems rather than patching them to consider adopting an ERM process and the philosophy of enterprise-wide risk management. It’s a sure way to strengthen business fundamentals and maximize potential profit.
 
Will the Real Risk Manager Please Stand Up!

Will the Real Risk Manager Please Stand Up!

Today I met an individual who asked what I did for a living. I was somewhat distracted and mumbled the word “risk management.” As I regained my focus this gentleman said “Oh, you’re a risk manager. I’ve had trouble with my Workers’ Compensation…” and he began to talk about insurance. This was a prime example of the perception surrounding the terms “risk management” and “risk manager,” and how they’ve been equated solely to insurance coverage and insurance professionals in the past. I’ve witnessed this misrepresentation of the terms so many times that I felt not just inspired, but a public obligation, to write this article and help clear the confusion with the terminology that began long ago. PASSING THE SMELL TEST In the early 1960’s, two professors, Robert Mehr and Bob Hedges, developed the concept of Enterprise Risk Management. These two could easily be called the Godfathers of Risk Management. They published the first text to fully address the subject of business risk, “Risk Management in the Business Enterprise.” The book introduced how risk management of an entire business could maximize efficiency, which would result in greater productivity. The basic premise was that all business risks should be managed, not simply those that could be “insured.” Suffice it to say that over time, the term “risk management” began to take on a more limited meaning, referring just to insurable risks (for a slightly more elaborate outline see history of enterprise risk management). Now, some 45 years later, many large public firms are finally returning to the original roots of risk management. The Risk Managers of these firms manage the risk exposures of the entire business, not just those risks that are insurable. Mehr and Hedges would be very happy about this if they were here with us today. And, I might add, this helps put my mind at ease as well. You see, having been heavily involved in construction for much of my lifetime and having witnessed many different construction business failures, it became evident to me that the causes for each failure all boiled down to risk. However, it never seemed to make sense that insurance brokers and agents called themselves risk managers, especially since they only provided a form of management that addressed insurable risk. It just never sat right with me. First of all, they really didn’t address anywhere close to all of the business risks that exist. Second, out of all the business failures I had witnessed, none were the result of having too little insurance or poor loss control procedures. When I finally came to understand how risk management evolved over the years it was somewhat of an awakening. THE ENTERPRISE RISK MANAGEMENT PROCESS Robert Mehr and Bob Hedges came up with the steps for the risk management process, and the basic form is still in practice to this day: As originally intended, risk management would encompass management of the entire business enterprise; hence, the field became known as Enterprise Risk Management (ERM for short). ERM requires examination of all risks that an organization faces and applies directly to four distinct types of risk: Operational Risk, Financial Risk, Strategic Risk, and Hazard Risk. For the most part, only hazard risks are insurable. Thus, insurance brokers should have called themselves hazard risk managers instead of just “risk managers.”  Now, with the reemergence of ERM, traditional insurance-based “risk managers” are being pushed into a wider arena of risk management, one that incorporates all other areas of business risk, many new forms of risk analysis, and a wider array of risk control mechanisms. The primary challenge of expanding risk management across the enterprise is that, because it involves so many different aspects of an organization’s operations, traditional insurance-based risk managers (who focus only on hazard risk) are simply not qualified as enterprise risk managers. They simply don’t have the experience or expertise necessary to have a firm grasp of all aspects of a business, and there are already signs they are losing their hold on the “risk manager” title. In fact, the fastest growing position in the business world today is that of Chief Risk Officer (CRO). As ERM continues to filter down from public companies to smaller and smaller private companies, you can expect a CRO type individual to become part of every management team. In order for risk managers to evolve from insurance-minded professionals to ones who understand the risks of an entire business enterprise, they will have to learn the language and the approach of each business area, either alone or as a team. If they are to act as a team, the team leader will need to have a basic understanding of all the steps involved in the entire process of risk management and the methodology used in each business area. Clearly, traditional risk managers will need to obtain additional skills to be involved with enterprise risk management. TYPES OF RISK MANAGERS There is no doubt Enterprise Risk Management is making its way from large public firms to firms in the private arena. It is being dictated by credit providers of large public firms as a result of Sarbanes-Oxley and, given the current credit environment, is commonly expected of private firms too. It may not be long until ERM becomes an expected and necessary way for all companies to operate. Since risk management has expanded to cover risk across the entire enterprise, one of the largest challenges has been finding individuals capable of understanding and managing such risk. Since insurance agents or brokers who only provide insurance advice to their clients do not fit the bill, corporate decision makers only have a couple options: Salaried employees who can learn to manage a wider scope of risk for their company than traditional risk managers (often chief financial officers or treasurers); and Independent consultants who provide comprehensive Enterprise Risk Management services. Individuals who perform at this level are called CRO’s. They are in very high demand today and typically are drawing salaries even higher than... Read More