Improving Risk Management Drives Better Business Performance
By Stephen Paulin
Turns out they’re two sides of the same coin
In the past, insurance risk management was often an exercise in avoidance, with organizations focused primarily on completing necessary, compliance-driven activities. The Pandemic was a major inflection point that rapidly changed this notion. Today, forward-thinking leaders have dug deeper to view risk in terms of their potential to drive performance and value. That’s because the link between organizational performance and risk management is increasingly evident.
The impact of improved risk management
Better financial performance
The Wharton School of the University of Pennsylvania has been tracking the relationship between risk maturity and business performance since 2011. Risk maturity refers to the level of quality and integration of an organization’s risk management practices. It measures how well an organization identifies, assesses, manages and monitors risk.
The Wharton data includes 700 different organizations. The findings show a direct relationship between strong risk management processes and superior operating performance. A subset of the data also looked at 300 publicly traded companies over a two-year period and found significant correlations between risk management maturity and stock price performance. Consistent with the analyses and findings of previous years, researchers have continued to see a statistical correlation between risk maturity and reduced stock price volatility.
Other research studies support Wharton’s findings that companies that have implemented enterprise risk management perform better (Grace et al., 2015), have higher value (Farrell & Gallagher, 2015), and have a lower cost of capital (Berry-Stölzle & Xu, 2018). Learn more about the link between risk maturity and business performance in
Lower insurance costs
The Wharton research also shows a connection between risk maturity and insurance costs. According to study findings, “Organizations with lower insurance costs were found to have higher risk maturity. Common factors among this group were greater transparency of risk communication, stronger risk identification of existing and emerging risks, a more formal process of gathering risk information, as well as sophisticated methods of risk analysis.”
Improved decision making
New tools are making risk more tangible and measurable. This is helping organizations better analyze the upside value for risk and determine the right balance of risks and rewards. The better leaders understand the upside of risk, the easier it becomes to make the difficult strategic choices that drive organizational success.
Greater resilience
Effective risk management helps organizations detect patterns that can indicate and even predict risk and help contain and reduce the impact of risk events. By assessing and prioritizing risks, organizations can make better decisions about where to invest in vigilance and resilience.
More predictability
Our unpredictable business environment makes it challenging for organizations to forecast earnings. Risk-based forecasting and planning provide a potential mechanism for organizations to improve forecasting and planning.
Factors that contribute to higher levels of risk maturity
- Commitment from the top (including the board of directors if applicable). People at the senior-most levels of the organization understand and are committed to risk management as a critical factor for making decisions and driving value. There is a senior-level executive who drives and facilitates risk management processes and development. This person has the influence and people skills to ensure successful buy-in. See The CFO as the Chief Risk Officer.
- An opportunistic mindset. These organizations see risk differently. Instead of focusing on risk avoidance and mitigation, managing and financing risk is viewed as providing a competitive advantage with an emphasis on optimizing risk-reward trade-offs, such as assuming more risk through large deductible or captive insurance programs. When properly implemented, this approach can turn a liability into an asset, thereby creating a new profit center. There are clear statements that quantify risk appetite and tolerance and guide decision-making. Read about Alternative Strategies for a Hard Market.
- Managing risk is in the organization’s DNA. Risk management is part of everyday business practices. It is built into planning and performance management. By linking risk to the business planning and strategic planning cycle, the organization prioritizes and links the key risks to its operations and performance indicators.
- Risk assessment and activities are coordinated across all functions. There is a clear understanding of the key risks and strategies for managing those risks across the organization. Risk assessment, control and compliance are not fragmented or siloed. This keeps costs under control and eliminates duplication and overlap of risk activities. Consistent monitoring and reporting methods and practices are applied across the organization to ensure all the risk functions speak the same language.
- Strong financial controls and processes. Management has controls and processes that balance cost with risk. These controls must be optimized to improve effectiveness, reduce cost and support increased business performance.
- Data and analytics. Organizations have a well-developed ability to identify, measure, manage and monitor risks. Risk management processes are dynamic and can adapt to changing risks and business cycles.
- Engagement at every level. The culture and business practices encourage involvement and accountability for all employees. Key stakeholders participate in risk management strategy development and policy setting.
Under-leveraged opportunity for performance improvement
The number of risks impacting business continues to grow every year, and so does the list of risk management failures. The most recent report published by the Enterprise Risk Management Initiative at North Carolina State University shows that only 24 percent of organizations have a mature or robust enterprise-wide risk management process in place, 36 percent have an evolving process in place, while 40 percent have a developing or very immature enterprise-wide risk management process in place.
Today’s volatile business environment and the relentless pressure to accomplish more with less are compelling leaders to anticipate and manage risk better and find new opportunities for cost efficiencies. Find out how our proven strategies for improving performance can help you meet today’s challenges and positively impact your organization’s bottom line.
Stephen Paulin
Workers Compensation Practice Leader & Cyber Risk Specialist
Steve has over 35 years of experience helping businesses reach their profit goals by improving risk management outcomes that optimize the insurance program’s financial efficiency to produce better business performance. Using his strategic, long-term approach, exacting research and diagnostic process, Steve delivers measurable results to help organizations capture more profit while being safer with increased productivity.
He has extensive experience working with publicly held entities and organizations with national and international operations. He brings this expertise to his privately held clients and specializes in structuring innovative workers’ compensation large deductible placements and captive insurance formations, and holistic cyber risk programs.
While highly proficient in his knowledge of all business insurance policies, Steve has the distinction of honing his cyber risk expertise over the past 20 years to become highly regarded for his insight and solutions to this quickly expanding and evolving area of risk. During this time, Steve has been advising clients on implementing his holistic cybersecurity best practices and insurance protection approach. Ultimately, his clients are viewed by cyber insurers as preferred risks, thereby obtaining programs with better terms and conditions and appropriate limits of coverage at the most cost-effective premium.
Steve is a prolific writer on many insurance-related topics. He has authored and contributed his thought leadership to Business Insurance, Insurance Journal and California Workers’ Compensation Enquirer, among others. He is a Certified Insurance Counselor (CIC). A graduate of the USC Marshall School of Business, Steve continues his involvement with the university as a member of Marshall Partners, an Emeritus Member of the USC Alumni Association Board of Governors and active in the Swim With Mike Foundation. Steve is a 28-year Vistage member, serves on the Association for Corporate Growth Orange County Board of Directors, and is an active community volunteer. He is a founding member of The Lott IMPACT Foundation®, which annually presents The Ronnie Lott IMPACT Trophy to the college football defensive IMPACT player of the year. IMPACT is an acronym for Integrity, Maturity, Performance, Academics, Community, and Tenacity.
You can access additional thought pieces here: https://www.orionrisk.com/news/
You can reach Steve at: SPaulin@orionrisk.com.
Latest News
Improving Risk Management Drives Better Business Performance
October 27, 2023Managing the hard insurance market: Time for an alternative approach
October 26, 2023Managing Risk to Increase Profit: The CFO as Chief Risk Officer
October 26, 2023