A few days ago I met a fellow after doing laps in the pool, ala Michael Phelps! (I’d like to think we know as much about construction as Michael knows about swimming.) We began talking and sure enough he was the proud owner of a thriving construction company… but it wasn’t always that way. In fact, he shared with me the trials and tribulations he had experienced in the construction business. We laughed about the scrutiny his work received when doing custom mansions for the very wealthy. And then we talked more seriously about a dramatic change in his career. You see, this strong willed Irishman was a victim of a key risk factor: Mismanagement of cash flow. He shared with me how cash flow had put him out of the construction business. His claim to fame was the installation of high end custom wood work in plush offices and homes. As he became bigger, he just was not prepared for the cash flow crunch that he would experience. He shared with me his frustrations at getting paid from General Contractors who always had an excuse for not paying, and he used a few choice words. It was obvious that he had experienced what has put so many companies out of business, a cash shortage. He indicated he was making good money, and I believe that because custom millwork brings a good margin and there is not a lot of competition for highly specialized woodwork. He had different types of wood shipped in from all over the world and he shared with me how even though he was profitable, when he pursued the bigger work, cash flow became too much of an issue and he was forced to reinvent himself. This certainly is a familiar story.
Today I met an individual who asked what I did for a living. I was somewhat distracted and mumbled the word “risk management.” As I regained my focus this gentleman said “Oh, you’re a risk manager. I’ve had trouble with my Workers’ Compensation…” and he began to talk about insurance. This was a prime example of the perception surrounding the terms “risk management” and “risk manager,” and how they’ve been equated solely to insurance coverage and insurance professionals in the past. I’ve witnessed this misrepresentation of the terms so many times that I felt not just inspired, but a public obligation, to write this article and help clear the confusion with the terminology that began long ago. PASSING THE SMELL TEST In the early 1960’s, two professors, Robert Mehr and Bob Hedges, developed the concept of Enterprise Risk Management. These two could easily be called the Godfathers of Risk Management. They published the first text to fully address the subject of business risk, “Risk Management in the Business Enterprise.” The book introduced how risk management of an entire business could maximize efficiency, which would result in greater productivity. The basic premise was that all business risks should be managed, not simply those that could be “insured.” Suffice it to say that over time, the term “risk management” began to take on a more limited meaning, referring just to insurable risks (for a slightly more elaborate outline see history of enterprise risk management). Now, some 45 years later, many large public firms are finally returning to the original roots of risk management. The Risk Managers of these firms manage the risk exposures of the entire business, not just those risks that are insurable. Mehr and Hedges would be very happy about this if they were here with us today. And, I might add, this helps put my mind at ease as well. You see, having been heavily involved in construction for much of my lifetime and having witnessed many different construction business failures, it became evident to me that the causes for each failure all boiled down to risk. However, it never seemed to make sense that insurance brokers and agents called themselves risk managers, especially since they only provided a form of management that addressed insurable risk. It just never sat right with me. First of all, they really didn’t address anywhere close to all of the business risks that exist. Second, out of all the business failures I had witnessed, none were the result of having too little insurance or poor loss control procedures. When I finally came to understand how risk management evolved over the years it was somewhat of an awakening. THE ENTERPRISE RISK MANAGEMENT PROCESS Robert Mehr and Bob Hedges came up with the steps for the risk management process, and the basic form is still in practice to this day: As originally intended, risk management would encompass management of the entire business enterprise; hence, the field became known as Enterprise Risk Management (ERM for short). ERM requires examination of all risks that an organization faces and applies directly to four distinct types of risk: Operational Risk, Financial Risk, Strategic Risk, and Hazard Risk. For the most part, only hazard risks are insurable. Thus, insurance brokers should have called themselves hazard risk managers instead of just “risk managers.” Now, with the reemergence of ERM, traditional insurance-based “risk managers” are being pushed into a wider arena of risk management, one that incorporates all other areas of business risk, many new forms of risk analysis, and a wider array of risk control mechanisms. The primary challenge of expanding risk management across the enterprise is that, because it involves so many different aspects of an organization’s operations, traditional insurance-based risk managers (who focus only on hazard risk) are simply not qualified as enterprise risk managers. They simply don’t have the experience or expertise necessary to have a firm grasp of all aspects of a business, and there are already signs they are losing their hold on the “risk manager” title. In fact, the fastest growing position in the business world today is that of Chief Risk Officer (CRO). As ERM continues to filter down from public companies to smaller and smaller private companies, you can expect a CRO type individual to become part of every management team. In order for risk managers to evolve from insurance-minded professionals to ones who understand the risks of an entire business enterprise, they will have to learn the language and the approach of each business area, either alone or as a team. If they are to act as a team, the team leader will need to have a basic understanding of all the steps involved in the entire process of risk management and the methodology used in each business area. Clearly, traditional risk managers will need to obtain additional skills to be involved with enterprise risk management. TYPES OF RISK MANAGERS There is no doubt Enterprise Risk Management is making its way from large public firms to firms in the private arena. It is being dictated by credit providers of large public firms as a result of Sarbanes-Oxley and, given the current credit environment, is commonly expected of private firms too. It may not be long until ERM becomes an expected and necessary way for all companies to operate. Since risk management has expanded to cover risk across the entire enterprise, one of the largest challenges has been finding individuals capable of understanding and managing such risk. Since insurance agents or brokers who only provide insurance advice to their clients do not fit the bill, corporate decision makers only have a couple options: Salaried employees who can learn to manage a wider scope of risk for their company than traditional risk managers (often chief financial officers or treasurers); and Independent consultants who provide comprehensive Enterprise Risk Management services. Individuals who perform at this level are called CRO’s. They are in very high demand today and typically are drawing salaries even higher than... Read More
