According to Swiss Re, in 2011 there was approx. $350B in worldwide losses. What is more interesting is that of the $350B, only $105B, or 30%, were insured! So why then do so many companies still feel that insurance is equal to risk management?
Clearly insurance provides a valuable aspect of any risk management program, but it is part of the process that you hope you never need. Why? Because if you are relying on insurance to manage risk, then you are only managing the risk AFTER it has occurred, and as Swiss Re suggests, you aren’t really managing all of the risk anyway.
Organizations of all shapes and sizes, across all industries are being subjected to more and more scrutiny of their risk management capabilities. Whether it’s a regulator, a ratings agency, a major customer or a potential customer, how risk is managed is becoming more and more a area of interest, and an area where companies can set themselves apart. Relying purely on your insurance policies to manage risk is clearly an out-date approach.
If you look at any measure currently available on the state of risk management capabilities of companies around the world, we see that despite the increasing interest in the subject, and increasing demands for better, more mature risk management processes, companies still significantly lag what the world wants.
Whether is’t S&P, COSO, ISO, PwC, Accenture, E&Y, or any others…they overwhelmingly point out the same issue; most organizations are still immature in their approach to risk. Many have policies, many review risk on a yearly or even quarterly basis, and many talk about risk as a strategically important topic. But when you get down to the nuts and bolts, few have made risk management a core activity of their business, or have implemented enterprise-wide, integrated approaches to risk management, focused on providing them the ability to effectively and pro-actively identify, assess, mitigate, monitor and report on risk.
Companies who lead their industries in the implementation of comprehensive ERM benefit greatly from their efforts. Higher profit, lower costs, better ratings, better relationships with regulators, better reputations, and even lower costs associated with insurance. All of these benefits have been suggested by consulting firms, regulators and ratings agencies as the value you get from an integrated, mature process for risk management. The best companies, the best managers know they get huge benefits from managing risk better. They know that insurance, alone, just doesn’t cut it.
Combining next-generation risk management capabilities with sound insurance programs helps you stay covered, but less reliant on your coverage to save you.
Are you overly reliant on insurance to manage risk in your business?