Enterprise Risk Management (ERM) represents a fundamental shift in the way

businesses must approach risk. As the economy becomes more service driven
and globally oriented, businesses cannot afford to let new, unforeseen areas of
risk remain unidentified. Currency fluctuations, human resources in foreign
countries, evaporating distribution channels, corporate governance, and
unprecedented dependence on technology are just a few of the new risks
businesses must assess.

This accessible book, aimed at the implementers and practitioners of ERM,

provides a highly structured approach so you can easily implement processes in
your own organization. You'll find a number of case studies and practical
examples from a variety of industries. The chapters are organized in a way that
leads you through ERM implementation and include risk identification techniques,
risk modelling methods, and the underlying statistics. Order your copy today!
This page isn't nearly complete but there are already some great articles and
links to check out. We intend to just add stuff as we find it. Definitely a "work in
progress".

RiskList – A Yahoo based Risk and Insurance Management forum. Maintained by

practicing Risk Managers.
You can sign-up ON-LINE for the RiskList mailing list. This is an electronic forum
populated by over 2,000 folks with an abiding interest in Risk Management. This
is NOT a chat group but, rather, a discussion list which is distributed to every
member's E-Mailbox - everyday. You can lurk or you can jump in with a comment
or question anytime you like. I suggest signing on for the DIGEST option so that
you receive one large message rather than endure the clutter that can be created
by 50 or 60 individual messages daily.
ABSOLUTELY FREE - and worth much more!
101 Rules of Risk Management
This old chestnut was compiled some years ago by the late Tom Hallett when he
was with the late Frank B. Hall and Co. The product of a group 'brainstorm' with a
number of pioneer Risk Managers, this still has real value today. While hardly
'leading-edge' (or particularly comprehensive), this is a document I often share
with clients. It gives some appreciation of the scope of a practicing Risk
Manager's concern. While your boss "doesn't need to know how they build a
clock" when he/she asks for the time - top management can appreciate a job
done SEAMLESSLY and well!
While I'd appreciate your comments on THE RULES, please post them on the
RiskMail bulletin board so others might benefit from your insight.
12 Common Mistakes Risk Managers Make
A blinding flash of the obvious? Could you be missing the forest for the trees?
This is required reading.
We are pleased to be able to post this essential article (again) through the
gracious cooperation of the author, Kevin Quinley, and the permission of the
publisher of The Risk Report, International Risk Management Institute. They
produce practical and provocative material.
The Future of Risk Management
Risk Management in the 90's (and beyond)? A wonderfully provocative article
compiled by Tony Burlando several years ago. Some risk managers are ahead of
the curve - others are well behind it.
How Risk Managers Can Add Value and Enhance their Career
former RIMS President – Chris Mandel offers excellent career advice.
Reflections on a Long Job Search
By Jerry Belfiglio - An article by a very accomplished and insightful Risk Manager
which originally appeared in the National Business Employment Weekly. A report
from the trenches.
Rites of Passage at $100,000
This is recommended THREE times for good reason!
How to Work with an Executive Recruiter
A good article and links by the publisher of The Directory of Executive Recruiters.
Fortune Magazine
Some great articles which should inspire you to take control of your career
management.
Businessweek.com
Check out the Archives
CFO and Treasury and Risk Management Magazine.
Thanks,

Jim Gunther

Call for Articles/Hyperlinks

We expect that this page of links and articles will be a dynamic resource
for risk managers. We intend (subject to applicable legal clearance) to
post articles and opinions and would appreciate your submissions. If you
have written, would like to write, or are aware of interesting article on
any aspect of management, feel free to submit it.

I'll be happy to scan articles not already in HTML format.

Subjects we'd like to cover:

• Risk Management for Dummies

• Opinion - (Where) Does Risk
Management fit in?
• The Risk Manager's Toolkit
• Presentations that work
• Annual Report Formats
• Speaking the language of your
organization
• Good career management books /
articles
• Favorite online resources

Please contribute your favorites!

An Invitation to Keep in Touch!

Home Page
Proactive Career Management - Prospective Client Information
About Harvard Aimes Group - Articles and Links
Essentials - Mistakes - Rules 101
TOP OF PAGE

Harvard Aimes Group

TEL: (203) 933-1976
6 Holcomb Street
FAX: (203) 933-0281
P.O. Box 16006
E-mail:
West Haven, CT 06516
JJG1@riskmanagementsearch.com
Note well...
Note well that these are 101 Rules of Risk Management, not THE 101 Rules.
They were pulled together by the late Tom Hallet when he was with the late Frank
B. Hall and Company. Our thanks to Tom and the group of pioneer Risk Managers
who collaborated in this effort.

Jim Gunther

General
1. An organization's risk management program must be tailored to its overall
objectives and should change when those objectives change.

2. If you are in a "safe" business (relatively immune from depression bankruptcy,

or shifts in product markets), your risk management program can be more "risky"
and less costly.

3. Don't risk more than you can afford to lose.

4. Don't risk a lot for a little.

5. Consider the odds of an occurrence.

6. Have clearly defined objectives that are consistent with corporate objectives.

7. The Risk Management Department as a user of services should award business

on the basis of ability to perform.

8. For any significant loss exposure, neither loss control nor loss financing alone
is enough; control and financing must be combined right proportion.

TOP OF PAGE

Risk Identification and Measurement

9. Review financial statements to help identify and measure risks.

10. Use flow charts to identify sole source suppliers or other contingent business
interruption exposures.

11. To more fully identify and assess risks, you must visit the plants and relate to
operational people.

12. A reliable database is essential to estimate probability and severity.

13. Accurate and timely risk information reduces risk, in and of itself.

14. The risk manager should be involved in the purchase or design of any new
operation to assure that there are no built-in risk management problems.
15. Be certain environmental risks are evaluated in mergers, acquisitions and
joint ventures.

16. Select hazardous waste contractors on their risk control measures and their
financial stability or insurance protection.

17. Look for incidental involvement in critical risk areas (i.e., aircraft and nuclear
products, medical malpractice, engineering design, etc.). RISK CONTROL

18. Risk Control works. It is cost effective and helps control local operating costs.

19. The first (and incontrovertible) reason for risk control is preservation of life.

20. A Property Conservation program should be designed to protect corporate

assets - NOT the underwriter.

21. Be mindful that key plants and sole source suppliers may need protection
above and beyond normal H.P.R. requirements.

22. Use the risk control services of your broker and carrier as an extension of
your corporate program. Don't let them go off on a tangent.

23. Quality control should NOT be a substitute for a full product liability control
program. Quality control only assures the product is made according to
specifications, whether good or bad.

24. Most of the safety-related "standards" of governmental agencies should be

considered as minimum requirements.

25. Duplicate and separately store valuable papers and back-up data processing
media.

26. Avoid travel by multiple executives in a single aircraft.

TOP OF PAGE

Risk Financing
27. Risk Management should focus on two separate zones of risk relative to the
maximum dollar loss the company can survive from a single occurrence:

a) below this level-optimize the use of insurance relative to current cost.

b) above this level-transfer risk (usually insurance) to maximum extent possible-

cost effectiveness is not a criterion in this zone; SURVIVAL is.

28. An entity with an unlimited budget can benefit from adopting all risk
management measures that have benefits to the entity with an expected present
value greater than the expected present value of cost of those measures to that
entity.

29. When, for budgetary or practical reasons, an entity must chose between
mutually exclusive risk management measures, the entity should chose that
measure which offers it the greater excess of benefits over costs, when both
benefits and costs are expressed as expected present values.

30. Competitive bidding which causes market disruption should be avoided.

31. Never depend solely on someone else's insurance.

32. Retrospective rating plans of more than one year hamper flexibility.

33. A tax advantage should be considered a "PLUS"-not a principal reason for a

risk financing decision.

34. Risk taking presents an opportunity for economic gain.

TOP OF PAGE

Claims Management
35. The risk manager should be notified immediately (within 24 hours) of any
major loss or potential loss.

36. Major liability claims should be reviewed for adequacy of investigation and
accuracy of the reserve.

37. Be careful of local plant involvement in property and liability claims. Local
personnel may be too defensive to properly review a major claim.

38. Request early advance payments on large Property and Business Interruption
losses.

39. Secure several estimates or an appraisal of self-insured vehicle physical

damage losses.

40. Aggressive claims subrogation (insured and self-insured) reduces costs.

41. A claim and disability management program directed toward getting the
employee back to work as soon as possible can save money even though the
employee cannot do all phases of the job.

42. Periodically audit claims reserves of insurers and T.P.A.'s.

43. The best claim is a closed claim.

TOP OF PAGE

Employee Benefits
44. The provisions and costs of Employee Benefit programs should be clearly and
frequently communicated to employees.

45. When installing a new benefit plan, it is harder to reduce benefits than to
improve them later on.
46. A poor employee benefit program can generate more employee relations
problems than no plan at all.

47. Employee contributions, even small ones, can help you assess the real
popularity of a benefit plan.

48. Know the benefit plans of the companies with whom you compete for labor.

49. Benefit consultants and brokers are not efficient replacements for in-house
staff functions.

50. Collective bargaining of employee benefits should involve corporate benefit

professionals.

51. Legislation and regulation are intensifying in the employee benefit field. Make
your company's opinions known to the government BEFORE legislation in
enacted.

TOP OF PAGE

PENSIONS
52. The ultimate cost of any pension plan is equal to the benefits paid, plus the
cost of administration, less any investment earnings of the fund.

53. For the most part, different actuarial methods and/or assumptions may alter
the incidence of cost, but seldom alter the ultimate level of cost.

54. Clearly identify your corporate objectives with respect to your Retirement
program. Recognize that Retirement plans are long-term obligations that will
span many political, economic, and social environments.

55. Recognize that retirement plans are long-term obligations that will span many
political, economic and social environments.

56. Identify the nature and extent of pension liability prior to any acquisition or
divestiture.

57. Establish formal investment objectives with respect to your pension funds
that define risk, diversification, and absolute performance parameters.

58. Monitor the performance of your pension fund in the context of your
investment objectives.

59. Identify and monitor your corporate exposure as a result of participation in

any industry-wide Multi-Employer Pension Plans.

TOP OF PAGE

International
60. Multinational organizations should step up to their international risk
management responsibilities.
61. Establish a worldwide risk and insurance management program; don't rely
totally on a Difference in Conditions approach.

62. A combination of admitted and non-admitted insurance usually provides the

best overall international program.

63. Avoid the use of long-term insurance policies overseas.

64. Be sensitive to and don't underestimate nationalism when implementing a

worldwide risk management program.

65. Don't ignore local objections to worldwide programs.

TOP OF PAGE

Administrative
66. Establish a level of authority via a management policy statement.

67. Prepare and universally distribute a Corporate Risk Management Manual.

68. Set up realistic annual objectives with your brokers, underwriters and vendors
and measure their accomplishments and results.

69. Verify the accuracy of all relevant information you receive.

70. Read every insurance policy carefully.

71. Keep program design simple.

72. Consolidate-where it makes sense to do so.

73. Develop record retention procedures.

74. Keep inter-company premium allocations confidential.

75. Establish administrative procedures in writing.

TOP OF PAGE

Technical
76. Insurance policy provisions should be uniform as to named insured, notice
and cancellation clauses, territory, etc.

77. The "notice" provision in all insurance policies should be modified to mean
notice to a specific individual.

78. Primary policies with annual aggregates should have policy periods that
coincide with excess policies.

79. Joint loss agreements should be obtained from Fire and Boiler & Machinery
insurers.
80. Add "drive other car" protection to your corporate auto insurance.

81. Eliminate coinsurance clauses.

82. Know the implications of and differences between "claims made" and "pay on
behalf of" liability contracts.

83. Risks accepted under contracts are not necessarily covered under contractual
liability contracts.

84. Add employees as insureds to liability contracts. Use discretionary language

to avoid defending hostile persons.

TOP OF PAGE

Communication
85. All communication providing or requesting information should be expressed in
clear, objective language, leaving no room for individual interpretation.

86. All communications and relationships should be conducted with due

consideration to proprietary information.

87. Communicate effectively up and down and avoid management surprises.

88. Don't TELL senior management anything-ask them, counsel them, and inform
them.

89. Communicate in business language; avoid insurance jargon.

90. Obtain letters of intent or interpretations regarding agreements (coverage or

administrative) which are outside of and/or in addition to actual insurance or
service contracts. Never rely on verbal agreements.

91. The immediate supervisor to the risk management function should be

educated in the principles of risk management.

92. Communicate every insurance exclusion and non-insurance implication to

your management.

93. In competitive bidding situations, advise each competitor that the first bid is
the only bid and stick to it.

94. Risk Managers should meet with underwriters rather than relying totally on
others for market communications.

TOP OF PAGE

Philosophical
95. The Risk Manager (and his corporation) should avoid developing the
reputation of a "shopper" or "market burner". This reputation can be detrimental
to the corporation's best interests and the Risk Manager's credibility.
96. Determine your personal level of risk aversion and temper intuitive judgments
up or down accordingly.

97. Program design will always be a function of CURRENT practicalities tempered

by management's level of risk aversion.

98. Everyone is in business to make a fair profit.

99. Long term, good faith relationships are not obsolete.

100. Integrity is not out of style.

101. Common sense is still the single most important ingredient in risk
management!

TOP OF PAGE

Public domain...
To the best of my knowledge this material is in the public domain and, as such,
may be freely distributed.

As I went to a fair amount of effort to transcribe and format this material, I would
appreciate an acknowledgment should you post it on your Web site.

Any comments, additions, suggestions, etc. - please post comments on Riskweb.

Of course, I can be contacted directly at JJG1@riskmanagementsearch.com.

Thanks,

Jim Gunther, Principle

Harvard Aimes Group
 12 Common Mistakes
Risk Managers Make

Not all risk managers succeed at their jobs of identifying and addressing
organizational risks. The external environment is a minefield of risks waiting to
ensnare the vigilant and unwary alike. Departments get downsized; risk
managers must do more with less. In addition, most risk managers occupy staff
positions, making them vulnerable to changes in the prevailing corporate winds
and whimsy. Top executives and even middle management may wonder just what
a risk manager does all day. And when belts are being tightened, the risk
management role appears to be one that could easily be consolidated with the
functions of the CFO, vice president of Finance, Controller, or Assistant Treasurer.

This means that today's risk managers must be quick, adept, and efficient.
Management isn't as forgiving as in years past. Mistakes by an errant risk
manager can spell the end of the department. This article examines common
mistakes made by risk managers and ways to avoid them.

Insufficient Attention to Loss Control

Many managers bemoan high insurance costs (particularly workers
compensation). However, skimping on safety and loss control can result in
higher-not lower-insurance costs. Investments in work hardening programs,
ergonomic studies of job duties, safety rewards, and modified duty job programs
can pay off in the long run. It's the risk manager's role to get the CEO to support
safety in a visible way. After all, anyone can buy insurance. Safety and loss
control, however, keep the costs down. And without safety and loss control, it can
be argued that a risk manager is just a high-priced insurance buyer who can
easily be replaced.

Often, a firm's loss control program does not receive the attention it needs and
deserves. Perhaps one reason is that it is not as glamorous as some of the other
realms of risk management. With its emphasis on sprinkler heads, lifting belts,
and materials, loss control may suffer from the perception that it is very
pedestrian and mundane, like the boiler room in the bowels of a luxury cruise
liner. Somehow the allure of risk financing techniques-cash flow management,
retention levels, captives-seem ever so much more highbrow, analytical, and akin
to what business schools teach.

In addition, many risk managers come from either the brokerage or finance side
of the insurance business, not from safety or engineering. This may explain the
preoccupation with risk financing, giving safety and loss control shorter shrift. The
latter is somehow not quite as glamorous as flying to the Cayman Islands to
explore that rent-a-captive! Could it be that loss control is just, well, not as sexy
as the risk financing side of risk management? Maybe, but many organizations
would be better off with the mundane and boring in lieu of the excitement of
accidents, crises, and fire drills.

Examine your daily agenda and activity calendar. Does it reflect a clear
commitment to loss control? Many folks talk the talk when it comes to loss
control, but only their daily calendars and to-do lists show whether they walk the
walk. In fact, it could be argued that the more risk managers invest in loss
control, the less time and money they will need to devote to risk financing. The
best way to manage risk is to prevent a loss so that risk-financing issues become
moot! Risk managers should spend at least half their time on loss control and
safety. It is truly a sound investment of time and resources.

TOP OF PAGE

Letting Inertia Drive Servicing Choices

Using the same service provider because it takes too much time or involves too
much hassle to change vendors is another common mistake risk managers make.
There may be many reasons for staying with the same provider: he or she is a
personal friend or relative of a key person in the organization, there may be
considerable panache associated with using a particular vendor, or simply
historical inertia. In corporate risk management, tradition can substitute for
thought. This can create situations where the same broker, actuary, insurer, and
third-party administrator are used year after year, their performance
notwithstanding. Complacent vendors may feel they have an institutional right to
your account.

This is not to say that risk managers should continuously shop around their
business or service needs. It does, however, imply that risk managers should
periodically "stir the pot" regarding outside vendors, evaluating each on the
criteria of (1) results, (2) service, and (3) cost.

Step back and objectively look at the service providers used. Ask, "Is my
organization deriving full value from the gamut of service providers we use?" The
answer may be, "Yes." You may feel like you are receiving adequate or even
superior service from your broker, safety engineer, actuary, or risk management
consultant. But without staging ritualistic beauty contests, without testing the
market periodically, how do you really know? Newer, more innovative service
providers may be able to do the job better and cheaper.

Risk managers should be discriminating shoppers for risk-related services. This

involves periodically reevaluating all relationships-even those that are long-term-
and appraise each vendor in the cold light of day. This is not to suggest that risk
managers pursue only short-term relationships with outside service providers.
However, keep in mind that as a risk manager and company employee, you
undergo an annual performance review. Why should outside vendors be any
different, especially when their fees often dwarf a risk manager's annual salary,
bonus, and benefits combined? The question virtually answers itself.

TOP OF PAGE

Risk Management "Blind Spots"

Failing to recognize loss exposures is a third frequently made mistake. One way
this can occur is by exclusively following "canned" exposure survey programs as
the sole means of risk identification. The problem with prefabricated checklists is
that they are not that helpful on an ongoing basis. As a result, there is a danger
that loss exposures which develop with operational or organizational changes,
new medical or scientific discoveries, legislative changes, new product or service
introductions, mergers, acquisitions, and similar events will be overlooked until
the next time the survey is updated. This often creates recognition "lag time" that
delays proper evaluation and control.

Also, off-the-shelf risk identification products are not customized to the needs of
your organization, which can lead to overlooked exposures. These tools represent
a starting point-not a terminus-for any hazard identification process. Risk
managers must develop their own methods for continuously monitoring changes
in the organization and its environment to quickly identify new exposures or
increases in the levels of existing exposures.

TOP OF PAGE

Inadequate Preparation for Consequential Losses

This mistake is related to the one above and involves the failure to consider and
plan for the possible "ripple" effects of the loss events. This includes items such
as hidden labor costs, loss of brand equity or reputation, market share loss,
contingent business interruption, effects of laws and ordinances, and financial loss
incurred from the death, disability, or departure of key employees.

Not all post-loss consequences are immediately apparent. For example, the cost
of a claim-even one covered by insurance-can be extraordinary. Aside from
retained claim costs via deductibles or self-insured retentions, there is the cost of
management time that could otherwise go toward making products or delivering
services. The hidden costs of a claim also involve the time wasted by
management in communicating with legal counsel, collecting documents,
answering interrogatories, preparing for and giving depositions, dealing with the
insurer, preparing for and attending trial, etc.

If you calculate the value of management time per hour and multiply it by the
number of hours a company may spend defending (or pursuing) a lawsuit, you
might find that these costs exceed the amount at issue. This calculation places
the wisdom of settling or perpetuating litigation in a different light. Such hidden
costs-in management productivity and fruitless downtime-are uninsurable, but
risk managers must assess and track them nonetheless. Failure to do so may
spell short-term success in litigation, but long-run failure in business.

TOP OF PAGE

Avoiding Instead of Managing Risk

Since risk managers are paid and judged on their ability to identify risks,
becoming a professional worrywart is an occupational hazard. The risk manager's
job involves looking at the darker side, to ask, "What if the following occurs...?"
This practice causes many to view risk managers as negativists, as naysayers
who always emphasize the downside of any proposed course of action. To an
extent, this comes with the territory. However, risk managers must guard against
the Chicken Little syndrome. If every new idea is greeted by the risk manager's
cry of "The sky is falling!" his or her credibility quickly erodes.

It is very easy for risk managers to become occupationally tunnel-visioned.

However, the job is to manage risk, not to avoid it unnecessarily. Every business
action involves risk. Even standing still and clinging to the status quo entails risk.
Risk is inherent in business as in life. The risk manager can always find a risk-
related reason to avoid undertaking some proposed organizational action,
whether it is a possible merger or acquisition, introduction of a new product line,
or revision of an employee handbook. The risk manager should identify the risks
of any proposed course of action and-this is critical-develop an action plan to
reduce or finance the chance of loss.

For example, when Eli Lilly, the pharmaceutical giant, began having lawsuits
involving Prozac: many patients also sued the doctors who prescribed the
medication. To prove, that it stood behind its product and behind its physicians,
Lilly took the unprecedented step of offering to defend any doctor named in a
lawsuit as a result of prescribing Prozac. Although few physicians actually took
the manufacturers up on the offer, the goodwill engendered by this gesture paid
dividends by physicians who saw that the company stood behind the product. In
this case, the bigger business picture-retaining market share and
customer/physician goodwill-overrode the risk and liability concerns.

A narrow risk management perspective would have argued against this course of
action. Why embrace defense of the doctors and expand the company's liability?
But avoiding the risk is not managing the risk, and the ongoing popularity of
Prozac reiterates the soundness of this risk management decision.

TOP OF PAGE

Failure to Communicate Effectively with Upper

Management
Inability to be on the same wavelength as upper management is a career-killer
and a common mistake for risk managers. Risk managers are seldom fired or
"outsourced" because they are not up to speed on the latest commercial general
liability (CGL) form or the most state-of-the-art policy wording. More commonly,
risk management career longevity is abbreviated by communication-not
competence-problems.

According to Jim Gunther of the Harvard Aimes Group, what gets most risk
managers in trouble is their unwillingness to learn to speak the language of their
boss and the language of the greater enterprise. Further, many risk managers
insist on speaking "insurance-ese," posturing behind the jargon of their craft.
CFOs don't compliment risk managers on their elegantly crafted manuscript
policy, but rest assured, they will condemn the risk manager who is unable to
explain basic concepts to front-line and middle managers (and, for that matter,
top management) in language they can understand. Many risk managers might
derive more benefit from Toastmasters or a Dale Carnegie course than a CPCU
designation. This is not to suggest that technical competency isn't important; just
don't expect a lot of recognition for these accomplishments.

Effective risk managers skillfully communicate their risk management goals,

challenges, and accomplishments. The following are just a few examples:

• Formal presentations to the board of directors

• Fluency in written reports and in business
correspondence
• Deft use of the telephone and of voice mail, on both
the giving and receiving side of messages
• Proper observation of "netiquette" in communicating
via E-mail
 • Questioning "facts," particularly when presented by
someone who has not questioned the source and asked for
simple backup or reviewed the source for accuracy
• Informal 5-minute hallway chats with the boss on a
tough insurance renewal
• Requesting and responding to an action plan or
proposal from an outside service vendor
• Don't forget the personal touch; it is vital and should
not be overlooked. Effective risk managers leave their
workstations and offices to go eyeball-to-eyeball with folks
outside their department and their organization. Becoming
too insular is a career danger.
• Having the technical excellence of a risk
management Einstein will do little good without the ability to
listen, empathize, and communicate effectively in a wide
range of forums, contexts, and media. Note that listening is
first on the list. As one pundit observed, "God gave us one
mouth and two ears, and we should use them in just that
proportion." The moral of this lesson is to listen and hone
your communication skills along with your technical risk
management expertise!

TOP OF PAGE

Failure to Develop Computer Skills

Since risk management speaks the language of finance, a key financial tool is the
computer and all of the nifty functions software can perform. Risk managers who
resist learning and adding computer skills are not only Luddites, they flirt with
becoming Neanderthals. One might as well travel to the annual RIMS Conference
by horseback.

Increasingly, the risk manager's function requires fluency in computer systems,

particularly spreadsheet applications such as Lotus or Excel. It also helps if the
risk manager has a working familiarity with databases, networks, and cruising the
Internet and World Wide Web. Using computers should be second nature and hold
no fear for current risk managers.

This does not mean that risk managers need programmer-level skills or be able to
dissect and reassemble a computer's internal circuitry. However, today's risk
manager should know the difference between Apple and IBM-compatibles, DOS
versus Windows, and realize a Pentium is not a Satanic symbol. In his book,
Empires of the Mind (William Morrow & Company, 1995), author Denis Waitley
says that in the 1990s, "You are either on-line or you are in a bread line." While
that may be overblown, the core idea has merit. Risk managers who are "too
busy" for computer training had better consider another line of work.

TOP OF PAGE

Inadequate People Skills

Risk managers cannot do their jobs alone. The Lone Ranger style of management
is out; teams and consensus building are in. Risk management-like other forms of
management-involves achieving results through the efforts of others. It is
essential that risk managers harmonize with other departments, especially
Finance, Safety, Legal, and Marketing, to execute their safety and loss control
plans. Risk management is not a one-person show. This places a premium on
people skills.

Look at the annual "Risk Manager of the Year" Award given by Business
Insurance. The issue profiling the winners typically has at least one article and
photo of the entire risk management staff, large or small. The message here is
that while only one person's face is on the cover, winning the recognition as "Risk
Manager of the Year" requires an effective team effort. Players win MVP awards.
Teams win Super Bowls.

Successful risk managers continually build "good karma" with other people and
departments. This implies generating a steady stream of non-self-promotional
communication to others about the activities, initiatives, and challenges of risk
management. This has many implications for how risk managers conduct
themselves on a daily basis. The following are some interaction suggestions.

• Include other people and departments in risk

management discussions which involve their functional
areas.
• Ask yourself how you can assist other people and
departments within the organization.
• Lunch with folks from other departments and solicit
their input and opinions.
Build bridges with other departments.
• Develop empathy.
• In general, be a team player.

In most organizations, risk management is a staff, not a line, function. The risk
manager does not make the goods or services on which the organization depends
for profit and existence. It is the risk manager's job to serve those who make the
products and services. When the risk manager becomes more of a hindrance than
a help toward the corporate mission, the pink slip may be forthcoming. No risk
manager is an island. The most technically brilliant risk manager with six
specialty designations after his or her name will be an abject failure unless he or
she can relate to other people as people.

TOP OF PAGE

Superman/Woman Syndrome
This common risk management mistake involves trying to do it all yourself.
Effective risk managers must learn to delegate, a tall order admittedly at a time
when downsizing is rampant. A risk management career is more like a 26.2 mile
marathon than a 1 00-yard sprint. Even the most talented and hardworking risk
manager will burn out if he or she tries to do it all himself or herself.

To avoid risk management burnout, risk managers must:

• Learn to delegate
• Achieve a sense of balance and perspective
• Possess a realistic view of their talents and
limitations
 • Periodically "sharpen the saw" by getting away from
the job and engaging in activities that provide a sense of
self-renewal

As Clint Eastwood's movie character Inspector "Dirty Harry" Callahan said, "A
man has to know his limitations." This holds true for risk managers. Don't try to
do it all yourself, and no matter how much you enjoy the job, get completely
away from it for 2 weeks a year. You will return with a completely new
perspective.

TOP OF PAGE

Failure To Document
One precept of medical malpractice risk management is to document everything;
as the saying goes, "if it was not charted, it did not happen." This axiom applies
to non-medical settings as well. Risk managers need to remember that failure to
document may get them into a bind from which they cannot recover. American
coins may say, "In God we trust," but for all other settings, get it in writing! This
can include situations involving a side-deal or understanding with an insurer
regarding claims-handling prerogatives, an understanding with the broker
regarding annual compensation, and proof in an E&O dispute that a particular
coverage or endorsement was requested.

It is always better to have this documentation and not need it than to need it and
not have it. Insurance is no longer done on a handshake. When a loss strikes, the
broker or underwriter may be long gone, transferred to some faraway branch
office or with another company altogether. If you have any side-deals or
understandings with your broker or underwriter regarding coverage, get them in
writing! Better still, explore having them incorporated as manuscript
endorsements to the insurance policy or at least incorporated by reference.

A related mistake is not documenting management's approval of self-insurance or

large retentions. Management loves to hear about the premium savings that
higher retentions will capture, but corporate memories are notoriously short. If a
big loss occurs, collective amnesia may arise. Indeed, top management may be
shocked to find out how much loss the organization has retained, and demand to
know what idiot arranged the scheme. Thus, at the risk of appearing to indulge in
a C.Y.A. maneuver, document. Risk managers occasionally need such maneuvers.
As one sage said, "Even the paranoid have enemies."

Discarding old insurance policies in the belief that they will never be needed again
is another common documentation-related mistake. Companies should keep their
insurance policies forever (especially liability policies), and the risk manager
should keep track of them. This is true for companies acquired by your firm as
well.

TOP OF PAGE

Lack of Creativity
Highly effective risk managers must "think outside the box" occasionally. This
means considering noninsurance, nontraditional options for treating risk
exposures. Today's risk manager must reach into every corner of the
organization, seeking ways to improve safety, efficiency, and profitability. Risk
managers work with legal, human resources, contracts, facilities, customer
service, safety, security, workers compensation, accounting, finance, information
systems, and senior management. The job is limited only by the risk manager's
appetite.

Creative solutions can be found by venturing into disciplines that pundits

traditionally consider far afield from the risk manager's conventional venue. This
terra incognita includes human resources, safety, legal issues, and employee
benefits. Looking outside the traditional boundaries of a corporate insurance
buyer was the transitional wave of risk management during the 1980s. In the
1990s, however, the risk manager must think like a corporate officer, with or
without that official designation. Creativity is key. Two examples follow of risk
managers who dared to think outside the box.

Nancy Chambers is the risk and insurance manager at the University of Guelph in
Ontario, Canada. For a campus open house, the student Outdoor Club wanted to
rappel down a building. After hearing that it was too dangerous and could not be
done, students showed up with ropes and pulleys to prove how it could be done
safely. University engineers inspected the building, the participants' equipment,
and their qualifications. The result is that every year there has been a rappelling
demonstration at the open house. Creativity has its limits, though. Other student-
proposed events that were considered and rejected include fire walking and riding
large ice-blocks down grassy hills!

Patrick Walker, risk manager of WatkinsJohnson Company of Palo Alto, California,

once baby-sat a stack of files on a pending real estate deal for his company's CFO
while the latter was vacationing. His orders were clear: if a call came in, he
should feel free to buy time and defer the topic for later action. Walker peeked at
the top file, phoned the agent and attorney for a status update, and energized
them to get moving. To his pleasant surprise, he got a call 2 days later with word
of a potential buyer. Creativity is one quality that can quickly set risk managers
apart and perhaps recession-proof their careers.

TOP OF PAGE

Inadequate Commitment to Continuous Learning

Highly effective risk managers regularly invest time to learn more about
insurance, risk management techniques, and the operation of their organizations.
This might involve formal education, such as for the CPCU and ARM designations,
seminars on actuarial methods, or courses in teambuilding or some other specific
management skill. This also means reading all you can about your industry,
whether construction, health care, or retailing. It even means picking the brains
of folks who know more about your specialty than you.

Risk managers err by thinking that they are too busy to pursue continuing
professional education. Life is a classroom. Effective risk managers are always
learning, continually supplementing their intellectual storehouse of knowledge,
skills, and ideas. Continuing education is the risk manager's own personal
research and development program. Like any business, it takes ongoing R&D to
avoid failure. Risk managers must find concrete ways to apply the knowledge
they glean from these continuing education efforts.
Yesterday's skill levels do not guarantee tomorrow's success for risk managers. In
fact, today's skills do not guarantee tomorrow's success. The learning process for
risk managers never ends. Highly effective risk managers are like sharks: if they
do not keep moving, they will-at least professionally-stagnate and die. Effective
risk managers keep studying and finding ways to apply what they learn. For
today's state-of-the-art risk manager, class is always in session.

TOP OF PAGE

Conclusion
The 12 common mistakes discussed above are admittedly incomplete and
subjective. To avoid most of these mistakes, risk managers must ask themselves
each day, "What am I doing right now to add value to this
organization/department/project or work team?" The list of career-killing
minefields is daunting; Figure 1 provides a list of other common risk manager
mistakes. Today's risk manager has a tough job indeed!

As the philosopher George Santayana said, "Those who ignore the past are
condemned to repeat it." Examine risk manager mistakes, not out of voyeurism,
morbid curiosity, or smug satisfaction over "the other guys" who blunder. Learn
from these mistakes, if only to avoid them. The challenges of risk management
have never been greater. Fortunately, though, never have the rewards been as
promising.

TOP OF PAGE

Figure 1

More Risk Manager Mistakes: An Informal Poll

A recent informal poll on an Internet risk management discussion forum produced
the following additional nominations for common risk management mistakes.

• Not understanding the worst-case scenario of loss-

sensitive rating plans or deductible plans or failing to
communicate it to top management
• Not fully understanding the difference between
deposit and earned premiums or failing to determine how
final premiums will be determined
• Not understanding the entire insurance policy,
particularly the application of the exclusions
• Trusting blindly a broker's understanding or
representation as to what is and is not covered
• Thinking that a broker will reverse an insurer's
coverage denial of a gray area loss
• Failing to purchase adequate insurance limits
• Not meeting face-to-face and in person periodically
with primary and lead underwriters
• Being afraid to use a consultant to validate your
program
• Taking credit for premium reductions in soft markets
 • Routinely shopping insurance programs every year or
2
• Becoming a specialist rather than part of the
management team
• Believing you are indispensable
• Spending too much time on professional
organizations (e.g., RIMS, CPCU Society) at the expense of
your job
• Not realizing that insureds do have loss reporting
duties under a self-insured retention

TOP OF PAGE

This piece was authored by:

KEVIN M. QUINLEY, CPCU, ARM, AIC, AIM
MEDMARC Insurance Company

Mr. Quinley is senior vice president of Risk Services for MEDMARC and Hamilton
Resources Corp. in Fairfax. Virginia. He has written over 250 published articles
and five books on claims and risk management, including Litigation Management,
published by IRMI. He teaches classes in commercial risk management and
insurance for The CPCU Society. Mr. Quinley received his B.A. degree from Wake
Forest University and his master's degree from the College of William and Mary.

We graciously acknowledge the cooperation of, the author, Mr. Quinley and Jack
Gibson of International Risk Management Institute, Inc., the publisher.
Permission has been granted by the copyright owner to Harvard Aimes Group to
post this article. No further permission to post or re-transmit this item is given or
implied by Harvard Aimes Group as such permission can only be given (in writing)
by the Copyright holder.

THE RISK REPORT Copyright ~ 1996 by International Risk Management Institute,

Inc. 12222 Merit Drive. Ste. 1660, Dallas. TX 75251-2217 214-960-7693. Jack P.
Gibson, editor, Bonnie Rogers. assistant editor. ISSN 0197-7539. All quoted or
reproduced only with permission in writing from the publisher. New subscription
cost: $159/yr. Renewal: $149/yr. ALL RIGHTS RESERVED
 The Essentials of Good Management

This material was compiled by my friend and sometime mentor, Tony

Rodolakis. He is V. P. Risk Management at Starwood Hotels.

Have a plan - A plan puts you in charge of your energies and activities.

Be prepared - Inadequate preparation produces inadequate results.

Choose your own associates - Surround yourself with people that you know
and can trust.

To fill a key spot, pull out all the stops - Don't let normal constraints get in
the way.

Teach, Teach, Teach - Be a teacher and hero. Be a success.

Practice private communication - Give quality time/instruction to most trusted

aides.

Establish authority - Know the extent of your authority and practice it.

Insist on absolutes - Teach the right way, insist on the right way, be an
example of the right way to do business.

Watch your timing - Can maximize impact of activities and events.

Handle corruption immediately - Gather facts, then act. Don't put it off. Get it
over with and move on.

Don't sugarcoat - Let your associates know exactly what lies ahead for them.
Don't over commit. Don't promise what you cannot deliver. Be honest and
realistic.

Get away from it all - Take your vacations. Real ones in which you get away
from work.

TOP OF PAGE

Field test your staff - Give them specific tasks, and then let them go do them.

Practice good public relations - Tell your story and that of the company's well
and timely.

Get good logistical support - Don't get trapped into handling small details. Be
free to do the things that only you can do and count the most.

Learn a little humility - Don't fall into the trap of arrogance. Not only is it
unseemly, it is bad business.

Share the glory - Praise those who work for you. Do it publicly. Give credit
where it is due.
Say "thanks" - In business and in life, it is impossible to say "thank you" too
many times.

Stay in touch with real people - They are your customers and employees.

Be responsive - Return phone calls and answer correspondence promptly.

Don't neglect public speaking - Use it as a platform to inspire and inform.

Cut your losses - Don't let pride or stubbornness keep you in a market, product
or alliance that is not going to work out.

Learn how to correct subordinates - Correction is generally reserved for those

you care about and respect the most.

Beware of sycophants (yes men) - You need to be the kind of leader who
appreciates and rewards those who will tell you the truth no matter how
distasteful that truth might be. An executive is only as good as the information he
has - good and bad.

TOP OF PAGE

Be a servant - The surest way to success for a business executive is to put his
employees and customers first-in effect, to become a servant to them and
meeting their needs.

Discourage position jockeying - A good manager, a successful one, will always

know who is producing and who is only talking about producing. Be wary of
employees who are merely positioning themselves for advancement rather than
advancing the corporate cause.

Be a fruit inspector - Every good tree bears good fruit, but a bad tree bears bad
fruit. When hiring, look long and hard at the results the person has produced.

Stop Worrying - There is a world of difference between planning and worrying.

Planning and paying attention to details are positive activities because we can
make positive things happen. Worrying, however, is useless fretting over things
we have no control and produces no positive results.

Avoid grandstand plays - Business people are often tempted by the grandstand
play, usually to inflate an already oversized ego.

Be fair to all, generous where appropriate - Don't be concerned about

rewarding one person, only because of what others might think. Be fair to all. Be
generous where generosity is merited.

Be a risk taker - As corporate managers entrusted with our stockholders' assets,

our job is not to preserve capital but to grow it. This means investing in new
products, new markets and new people. Taking prudent risks.

Take care of the children - Create a climate of balance where employees are
encouraged to spend quality time with their children.

Pay your taxes - Don't pay any more than you have to. But pay all that you
owe. Get the best tax advice available.
Let your results speak for you - Tell what you have done, not what you think
of yourself. Let your record speak for you.

Be an inspirational leader - Be a cheerleader as well as a coach.

Prune for productivity - As managers entrusted with the health of an

enterprise, we must constantly cut and prune. People, departments and branches
that are not productive must be cut away. This should never be done in a casual
or cavalier manner, however, as the people involved should always be seen as
important but must be evaluated by their productivity.

TOP OF PAGE

Don't try to serve two masters - No one is happy. The job is done poorly - if at
all.

Remain calm in the storm - Regardless of the crisis, recognize the need for
calm and try to plan for tough times. Being calm does not mean being detached.
You can be calm and still be fully engaged and actively involved.

Settle disputes quickly - One attribute of an effective leader is the ability to be

a peacemaker; to be a catalyst for reconciliation. Disputes within a company are
usually more harmful than those between companies.

Eat with the troops - It will make them better soldiers.

Evaluate constantly - Make sure those working for you understand both the
company's goals and the methods to reach those goals. Do this by asking
questions and constantly evaluating.

Take the narrow path - Success in business almost always comes from
differentiating what you make or what you do from your competitors. Find ways
to set yourself apart in positive ways from other employees.

Serve families - Genuinely care about the lives of your employees outside the
company.

Prepare for tough times - In business, it is necessary to prepare for both the
general tough times and the specific periods of crisis that are likely to come. Both
a crisis plan and general damage control plan need to be in place.

Stand up for your employees - When you stand up for your people, you are
building loyalty and camaraderie while also defending yourself.

Set priorities - Paying constant attention to priorities is the way to success.

Remain focused. A universal number-one priority for all companies should be
servicing customers and employees.

Prepare for your successors - Recognize that you will, sooner or later, move
on. Have a plan in place to deal with it.
 The 1990s: The Decade
of Risk Management
(Part 1 of 3)

In early 1989, RIMS formed the Risk Management Roundtable. Chaired by

Michael McDonald, director of risk management for Ryder System Inc., its mission
is to advance both the theory and practice of risk management. Some 15
experienced risk managers are serving; the group is expected to grow to about
30 risk managers. Through discussion at Roundtable meetings, the aim is to
identify trends and issues, and develop mechanisms to address them in order to
broadly disseminate views and concerns.

In April 1989, several areas came forward for study, and teams were formed to
undertake an investigation. One area was how the risk management function is
performed and how it is perceived, particularly by senior management in the
business environment.

The "new risk team" proceeded to look at the genesis of risk management, its
present reality and where its future lies. Research undertaken by team members
was synthesized into what follows: a blueprint for the future which aims to
broaden the individual risk manager's role in order to contribute far greater than
now to Corporate America's need to manage a myriad of risks cohesively.

This paper was written by Anthony J. Burlando, vice president of risk

management for The Hillman Company, with contributions from George Balcer,
director of risk management for Stone Container Corp., Thomas A. Duffleld, vice
president of risk management and insurance for Archer Daniels Midland
Company, Fred B. Molineux, director of corporate insurance for Johnson &
Johnson, and Spencer J. Rankin, vice president of risk management for Schering-
Plough Corp. Mr. Burlando also wishes to thank Sue Anne Mitro, manager of
property/casualty insurance of The Hillman Company for her assistance

The paper is the opinion of the "new risk team" members; it is their hope that
others will offer views and reviews and thereby create a dialogue for change in
the status quo.

Risk managers are in the business of managing the future. In the next decade,
risk managers will create their own individual career opportunities by
fundamentally changing the traditional risk management function. Risk
management will emerge as an essential business discipline and the risk
management position will be elevated to the corporate officer level. The 1990s
will be "The Decade of Risk Management."

TOP OF PAGE

Risk Management in the 1980s

Risk management mission statements generally focus on the preservation of
assets and continuity of earning power. The mission statement is usually coupled
with the five-step risk management decision making process. The former defines
What is managed, and the latter outlines shows it is managed.
In reality, neither the risk management mission nor the risk management process
accurately represent modern risk management. More importantly, these useful
but outmoded definitions may be retarding individual career development and
impeding the acceptance of risk management as an essential business discipline.

A giant leap is necessary to correct the creeping mismatch between these

generally accepted risk management definitions and risk management in practice.
However, before a leap is possible, a number of questions must be answered.

Should the preservation of assets and the continuity of earning power be claimed
as the risk management mission statement? Clearly it should not! This mission
can be claimed by the CEO, the treasurer, and the legal department and the
lobby security guard. It is absurd to suggest that a risk manager would propose
that assets not be preserved or that earnings should cease. Corporate assets will
be protected and earnings will continue. This basic mission was satisfied long
before there were risk managers.

Does the traditional risk management decision making process accurately

describe how risk managers make decisions? It does not! The traditional risk
management process is the sequential application of five discrete action steps:
identify, measure, select, implement and monitor.

While the logic is pristine and appealing, the traditional process fails to
adequately describe the practice of risk management within the business
organization. It is severely flawed in at least three areas:

• The process is circular. The third step (select) is the

decision making process. How can it be used to further
define a step in a Decision making process?
• By definition, the time order must be sequential. One
cannot "measure" unless one first identifies;" one cannot
Monitor unless one first "implements;" etc. The concept is
supremely logical but totally impractical. It implies a rigid,
linear management process As such, it is at cross-purposes
with the desirable image of a risk manager as an intuitive
and creative problem solver.
• The same decision making process can be applied to
almost any problem-solving challenge. Whether tying down
a business deal or tying one's shoe, it is purposeless to
reiterate the obvious. A benign process is not an essential
risk management tool.

The traditional five steps imply an isolated technician, working outside the
mainstream of management, who spontaneously identifies risks previously
overlooked by well-meaning, but basically Risk-illiterate, superiors. In fact, more
credit needs to be given to the intuitive risk recognition abilities of top
management, and risk managers need to acknowledge that risk identification is
often done for them by others.

The traditional mission and process have led risk managers into an over-reliance
on insurance. While effective insurance management calls for mega-dollar
decisions relative to risk retentions, limits, coverages and deductibles, the close
association with the insurance buying function has been detrimental to risk
managers for the following reasons:
 • Insurance deals with painful or unpleasant
alternatives. It is a Bad news business. Many risk managers,
like Greek messengers, have lost their heads mismanaging
the inevitable bad news inherent to the functioning of
insurance mechanisms.
• Corporate America has a clear bias against insurance
(or insurance-related mechanisms) arising out of unrealistic
business expectations, a basic lack of understanding of
insurance cycles and prior, unsuccessful attempts to
establish long-term business relationships with insurance
companies. Additionally, the influence of bad experiences
with Personal insurance's cannot be underestimated.
• Insurance mechanisms deliver an inordinate number
of financial surprises, giving a false impression that the
managers of risk are less competent than, say, legal or tax
department managers. As long as planning and
predictability are top management's ~ measurements of
choice, risk managers will finish last in the image race.

The 1990s: The Decade

of Risk Management
(Part 2 of 3)

Risk Management in the l990s

Risk managers will be whatever they can convince Corporate America they can
be. Form will follow function. New functions will offer unprecedented opportunities
to apply risk management principles.

The traditional definitions are limiting and no longer support risk management in
practice. Emphasis needs to be placed on the mission rather than the process.
The new combination of mission and process will emphasize the unique
contributions of risk management rather than show it is dunes An entirely new
platform must be constructed, universally adopted by the risk management
community and carefully promoted to Corporate America.

The platform must build its foundation on the risk manager's unique experience in
managing interdisciplinary skills. It must be flexible enough to allow for the
significant variations that exist among and between diverse business
organizations, independent departments and numerous layers of management. It
must be creatively drafted and promoted to avoid criticism from competing
disciplines.

The new mission and process are designed to help overcome built-in corporate
barriers to effective risk management. It is the unique ability to coordinate
interdisciplinary skills that is today's risk manager's strongest suit!
 TOP OF PAGE

The New Mission

The new mission is to select, coordinate and efficiently apply interdisciplinary
skills to harmful uncertainties which may diminish the future value of public,
private or personal resources.

It is important to note that all reference to the word unmanaged has been
avoided. This has been done for several reasons. Manage is the most overused
and abused word in the business vocabulary. Second, the word strongly implies
traditional authority/responsibility exchanges. The mission statement requires the
application of skills possessed by other managers. It is political folly to suggest
that a risk manager direct (i.e., manage) an attorney in matters of law or a
treasurer's financial activities. Finally, the omission of manage is liberating It
permits a risk manager to turn the reporting pyramid upside down in order to tap
the unique skills of the best and the brightest within the organization, irrespective
of rank or structure.

TOP OF PAGE

The New Process

The new process is the measured application of the five descriptors (See Photo).
Each one-word descriptor is a symbol for a much broader concept. The
descriptors comprise the fabric of the process. Together, they are used to build
networks among otherwise independent disciplines.

The common usage definition for each descriptor is:

• Investigate - observe or study by close examination

and systematic inquiry;
• Inform - give material form to;
• Influence - affect or alter by indirect or intangible
means;
• Interpret - explain or tell the meaning of; present in
understandable terms; and
• Integrate - form or blend into a whole; unite with
something else.

The common usage definitions are only a starting point. Each risk manager must
apply his own unique interpretation to the descriptors, in light of the new mission
statement and the task at hand. The advantages of descriptors may be
summarized as follows:

• Definitions not required;

• Support use of malleable matrix rather than linear
model;
• Support mission statement interdisciplinary theme;
• May be universally accepted but individually applied;
• Allow for future interpretation and development; and
• Support management trends toward downsizing,
fewer layers of management and less formal structure.
 TOP OF PAGE

New Opportunities
As a practical matter, the new risk position will become a repository of corporate
related risk functions - functions which demand the intense coordination of
interdisciplinary skills.

New functions may penetrate other corporate departments and be integrated at

different managerial levels. Opportunities may arise out of:

• Mergers, acquisitions and divestitures;

• Environmental exposures;
• Security;
• Crisis and business resumption planning;
• Benefit financing;
• Information exchange; public relations/damage
control; meet;
• Contract control/word control;
• Quality control and product design;
• Futuristic planning and product develop
• Efficiency, ergonomics and value engineering; and
• Personal/personnel risk management.

The 1990s: The Decade

of Risk Management
(Part 3 of 3)

New Tools
Risk managers should strive to develop "receptors" within their organizations.
Receptors are individuals for whom specific risk management information will
have particular value and who will ultimately serve to fulfill the risk management
mission statement. Additionally, the risk manager can anticipate special action
from a given receptor.

Once the fabric of the receptor network is established, the risk manager can
patch individuals in and out of the matrix to serve a specific risk management
goal. A receptor may supply information, help the risk manager investigate,
influence others, integrate risk management principles, or interpret issues within
his/her area of expertise - all within an established matrix constructed by the risk
manager.

Otherwise, effective stimuli are ineffectual without properly developed receptors.

Risk managers must recognize potential receptors and anticipate a set of
predictable actions from each receptor. Receptors must be sensitized to risk
management issues long before they are asked to join the risk manager's matrix
team. This should be considered a major part of any risk manager's job.

TOP OF PAGE
Creating Opportunities By Changing Corporate
Perceptions
Titles, first impressions and buzzwords are the rule in our fast paced business
world. Whether driven by business-like expediency or by human psychology,
people like to sort, categorize and group the abstract into familiar constructions.
It is convenient to group related functions under one or two-word titles.

Risk management titles and functions are not commonly recognized or

understood by Corporate America. The title "Risk Manager" will gain recognition
and prestige with its adoption by established disciplines such as banking,
engineering and health care.

Traditional risk management functions cast a negative image, while failing to

accurately describe modern risk management in practice. Perhaps, the function
should be changed precisely

because the traditional function has failed to take root in the consciousness of
Corporate America. The function must be upgraded to match the growing
acceptance of the title. By this process, risk managers will be evaluated within
the business organization.

With the exception of Officer, there are few powerful mental images projected
within the typical business organization. Risk managers are presently placed at or
near the bottom of the corporate hierarchy. The paradox is striking when one
considers that risk management routinely deals with issues affecting the virtual
survival of the corporation.

The problems associated with the title of risk manager were created, in part, by
the fact that an overused business title (manager) is used in conjunction with an
abstract term (risk). Other business titles developed out of a small group of
traditional staff functions, including legal, tax, personnel, treasury, marketing and
field operations. Titles associated with these disciplines are tightly defined, easily
recognized and universally accepted.

While it is quite common to find a risk management position reporting to the CFO
or general counsel, the reverse is never true, even though a risk manager may be
a financial expert or an attorney. With the number of unrelated disciplines now
claiming the "risk" title, it is conceivable that the title (perhaps without its current
group of practitioners) may leapfrog the traditional hierarchy of corporate
functions. The term "risk management" has become so popular, a synthesis of
risk related functions may congeal into a quasi-risk management title that could
be assumed by the individual who formerly held the title of, say, general counsel.
Perhaps, the CEO (chief speculative executive officer) would require an alter ego,
the CRO (chief risk officer). The concept conveys an appealing symmetry and a
democratic sense of checks and balances. The concept is not without precedent:
Energy firms have appointed environmentalists to their boards of directors;
nuclear utilities have created risk management committees with authority over
operating officers; and other business organizations are adopting titles like chief
information officer. Some "risk professionals" now report to the office of the
president.

TOP OF PAGE
Creating Opportunities By Changing the Function
Risk managers manage risk; but what does that mean to Corporate America? The
question has been complicated by a plethora of newcomers, each claiming the
risk management title as their own. From interest rate hedges to personal health
care maintenance, it appears the name is associated with every aspect of day-to-
day life.

It is thus very difficult to discern the function from the title risk manager. Yet,
there is no better title. Risk managers must learn to tolerate the high level of
public misconception that currently exists. After all, if the principles of risk
management can be as broadly applied as the new mission statement seems to
indicate, then it is reasonable to expect that different Brands of risk management
will germinate in unlikely places. The process is healthy and should be
encouraged. It enhances, rather than dilutes, the corporate risk management
function.

Risk managers should aggressively attempt to change top management's

perception and the perception of Corporate America at large. Meaningful change
only can be realized by changing the function, not the title. The reality is that risk
managers cannot change their own titles. It is fruitless, and possibly detrimental,
to our best interests to try! Title changes are always awarded from the top down.
Risk managers must learn to change their function from the bottom up.

If the function can be expanded and perceptions enhanced, then risk

management, itself, will be integrated into the upper management decision
making process. As experienced risk practitioners, risk managers will be given
unprecedented opportunities to directly contribute. The next decade will be
marked by the fulfillment of the risk management mission. At long last, risk
managers will become part of the process.
Why this Web Site?
Many of you may know that I was a practicing Risk Manager for the 9 years
immediately before the founding of Harvard Aimes Group.

Since 1984, I've earned my living helping companies find good people to manage
their Risk Management programs. I consciously chose to operate in a very narrow
niche. I believe we are the ONLY Executive Search firm in the world that accepts
assignment ONLY in the area of CORPORATE risk management (including the sub-
specialties of Safety and Claims management). We do not accept assignments
Brokers, Carriers, or Vendors to the buyer community. And we work ONLY on an
Employer-retained basis.

I developed this site because of an abiding (self-) interest in Risk Management as

a career / a craft / and a profession.

Your comments (and your contributions) are greatly appreciated.

Jim Gunther, Principal

Harvard Aimes Group

What have you done for me lately?

Over the years, we've always tried to be accessible to people who have a
personal interest in Risk Management as a career. Many times folks ask about the
general subject of career management. More often, however, the caller wants
advice or help in making an immediate job change. The biggest recurring
frustration I've had in the years since founding Harvard Aimes Group is my
inability to do anything more than to give good advice to good people when what
they really need is 'a new job'. The following is some of the "free advice" I've
dispensed over the years - you may take it for what it's worth.

• Career Risk Management

• The headhunter's role
• Pre-Loss Considerations
• Research and Development
• One decision to increase your chances by 10
• Why Risk Managers DON'T get fired
• The one book I always recommend

TOP OF PAGE

Career Risk Management

At the risk of sounding cryptic, it is painfully obvious that the days of corporate
"cradle-to-grave" (if they ever existed) are certainly over. Furthermore, the pace
of change shows no sign of slowing down. That in mind, it should be obvious that
today's middle manager needs to take a more proactive approach to career
management.

You are totally responsible for your future!

The headhunter's role
TIMING IS EVERYTHING
A good friend observed some time ago, that "you 'headhunters' are a lot like
bankers". While business was pretty good at the time, I didn't quite understand
the characterization. He continued, only partly in jest, that his banker "was
always happy to lend money when I didn't need it". I got it - and (unfortunately)
there's more than a bit of truth to his observation!

Like your banker, the time to develop a "relationship" with a

recruiter/headhunter/executive search consultant (which moniker is applied
doesn't matter to ME) is when you don't NEED one.

It is never a bad idea to be plugged in.

FOLLOW THE MONEY

All search firms (whether an employment agency working on a contingency fee
basis or an employer-retained practice - such as ours) are paid by the CLIENT
and -- YOU aren't the client!
Our charter is to help the firms we represent (they pay our fee) find the near
perfect combination of background, experience, and chemistry or "fit" which
matches their needs at the given moment. When considered against a
background of budget/salary/industry and location considerations, the likelihood
that 'all the stars can perfectly align' for your benefit at the exact moment that
you have a 'need' is, frankly, remote.

TOP OF PAGE

Pre-Loss Considerations
The Five-Year Chunk Outlook
I've long advocated that folks look at their career in five-year "chunks". Beyond
your first couple job assignments (which should be looked at as post-graduate
education), the middle manager needs to form a mindset in which a job is
undertaken on the basis of a Five-Year option.

Such an approach will require that one:

• Get your ticket punched - that is - acquire the

degrees and professional designations appropriate to your
chosen field.
• Keep current on state-of-the-art in your field
• Stay active and networked in your field
• Each of these points is related.

The investment in your own human capital will benefit your present employer
making you more valuable to them.

Knowledge is power. Knowledge of the marketplace will keep you abreast of

your own value in the marketplace.
If, at the end of your five year "option" period, you still find yourself excited,
fairly compensated, and your employer continues to provide a thriving
environment - GREAT! But it is naive to expect it.

Should, however, you find your, then current, assignment less than stimulating
you may consider to exercising your "option" elsewhere. Certainly, the angst
often associated with making a change should be somewhat reduced because it
was - "part of the plan".

TOP OF PAGE

Research and Development

I had a discussion with a colleague some years ago, regarding a scandal that had
been exposed in the Wall Street Journal. This was a front-page general business
item that was eventually discussed by all the business magazines and, in fact,
directly effected his specific industry. Clearly, my friend had NO knowledge of the
subject. He volunteered that he hadn't read anything about it because, "if his
company wouldn't get him the Journal he wasn't going to pay for it" - What a
stupid, self-destructive attitude!

While my friend might have considered his company's educational reimbursement

policy cheap and shortsighted - such a policy should have been the most
compelling reason for him to invest in himself. He spitefully chose not to invest in
advanced academics, professional designations or targeted networking of any
type. (He was also an ant-computer Luddite.) Alas, he is out of the Risk
Management business today -- Sadly, the market passed him by.

WHAT ARE YOU READING?

There are so many general business related resources available that you could
spend your every waking hour reading. Obviously, one has to pick one's spots. At
a minimum, you should be reading:

• Wall Street Journal - Immediate and Daily

• Forbes
• the magazine your CEO reads

or

• Business Week also provides a good reflective

perspective
• Fortune frequent entertaining articles - certainly a
wonderful way to keep abreast of "flavor-of-the-month"
management theories and trends
• Business Insurance - obviously.
• The Journal of your particular industry
(I.e. Restaurant News for the restaurant industry) Make
sure you get the most respected one in your business. You
need to be able to speak the language spoken in your
industry (and that isn't insurance-ese!)

GETTING YOUR TICKET PUNCHED

GET THE A.R.M.
There are a number of practical (cynical?) reasons to get your ARM (Associate in
Risk Management) sooner than later.

While it does not teach you how to be a Risk Manager, it does give a nice
overview. You might actually learn something.

It will separate you from more than 60% of the folks you may compete with in
the job market; especially at the near-entry level.

The preparation/review classes are excellent networking opportunities.

It is a relatively easy professional designation to obtain. Only three exams.

It is tangible evidence of a commitment to professional development.

CPCU vs. MBA

Some things to think about when you plan your continuing formal education. The
CPCU is the "gold standard" professional/technical designation for the insurance
professional. Anyone holding the key ought to be proud of his or her
accomplishment. Nonetheless, those planning a career in the corporate world
(and not already committed to the 10-exam CPCU process) ought to consider:

• CPCU is, in fact, an insurance designation.

• MBA is a general business designation and is likely to
have more credibility and currency within the corporate
organization.
• In the real world, where the Risk Manager is seldom
seen as a mainstream manager (because of the language
he/she speaks), why not stack the cards in your favor by
having the same ticket your peer level managers have?

PRIORITIES
When considering the pantheon of professional educational opportunities, many
(Risk) Managers would be better served by the Dale Carnegie or Toastmasters
regimen than by the 10 CPCU classes.

CONTINUOUS PROFESSIONAL DEVELOPMENT

TARGETED NETWORKING
There are only so many hours in the day. Few employers relish the thought of
their managers participating in every possible industry group.

Choose Wisely!

RIMS
I've always been an advocate of professional involvement with RIMS. For most
practitioners, it's the only opportunity to network with peers on a regular basis.
It's accessible. The ability to pick up the phone and "brainstorm" with a colleague
you've met through RIMS, who doesn't have an ax to grind, is incalculable. All
things considered, if you're depending exclusively on your broker for risk
management advice and counsel you run a serious "lack of perspective" risk.
INDUSTRY SPECIFIC RISK MANAGEMENT GROUPS
Most industries have formal or informal focus groups. While one needs to be
somewhat circumspect regarding anti-trust issues, these can be some of the most
worthwhile organizations to be involved with. The likes of the National Restaurant
Association, the Food Marketing Institute and the American Bankers Association
do a fine and focused job with their risk management sub-groups.

MAPI vs. RIMS

One wonderful organization I discovered some time ago is Manufacturers Alliance
for Productivity and Innovation (MAPI). This Washington DC based group has a
very broad charter to affect legislation and enhance the environment for
business. They educate government but they also have a mission to enhance the
skills their members. They have a CEO group, a General Counsel's group,
Treasurer's, Human Resources, and a Risk Manager's group. Typically, these
specialty focus groups meet twice yearly (at pretty nice digs). The unique MAPI
twist is a requirement on individual members to participate by and delivering a
paper every 3 years. The work product delivered at the meeting is mostly
practical and excellent.

From my conversations over the years with top executives, I can report that
involvement with MAPI has enormous currency in the corporate hierarchy.
Because your boss and his/her boss have been exposed to MAPI, they know that
when you go to a MAPI meeting that you're going to work and you're going to
learn. That is not always the perception held of the annual RIMS conference.

TOP OF PAGE

The ONE decision you can make to improve your

career opportunities by a factor of 10
Life certainly offers a series of trade-offs. You should consider that you might be
creating your own glass ceiling by refusing to consider opportunities outside your
present geographic comfort zone. Immutable laws of supply and demand prove
that those willing to relocate (at some point) during their career are usually able
to CHOOSE from a greater selection of opportunities.

Why Risk Managers DON'T Get Fired

There was a very thoughtful article in Institutional Investor some years ago
entitled "Why Risk Managers Get Fired" (by Neil Osborne). It reported several
technically related snafus that contributed to the ouster of the Risk Manager. It
mentioned the RM's failure to place separate insurance on the corporate jet for a
flight to Mexico (resulting in a temporary impoundment to the exquisite irritation
of the CEO/passenger). It further detailed other screw-ups relating to co-
insurance shortfalls, gaps and lapses and failure to understand/anticipate how the
insuring agreement would apply (too late) after the loss.

The common thread was a failure to execute the technical fundamentals of the
job.

In the last 15 years I've often been cast in the role of the Undertaker (NOT the
executioner). I can't recall one case where the incumbent has been ousted solely
because of shortcomings in the technical aspects of one's Insurance/Excess
Insurance program. People DON'T get fired because of they are not good
insurance technicians.

I've yet to hear of a CFO comparing manuscript policies with his peers or
competitors resulting in anyone's demise. Similarly, I've never heard of a Risk
Manager being fired because his loss conversion factor was a point above a
similar company down the block. It just doesn't happen!

Does this mean that you don't have to watch the details? Of course not - That's
your job! Just don't expect a lot of appreciation for the nuance of your craft. You
are expected demonstrate "seamless competence" in the routine execution of
your job.

TOP OF PAGE

The one book I always recommend

The ONE book I recommend for ANY middle or upper management aspirant or
purchaser of search services: Rites of Passage at $100,000 -- by John Lucht. This
book is loaded with insider information about career leverage and how the entire
job changing process works. If I can't do anything for you other than recommend
this book, I may have done you an enormous favor.

Why Risk Managers do get fired

With apologies to Cool Hand Luke - "What we have here is a failure to
communicate" - It's (almost) always a failure to communicate. That's the
short answer. ... Stay tuned for the longer answer.