I've long believed that effective Risk Management delivers tangible benefits to organisations. Ray Flynn, a risk expert with decades of real experience, shares his attempts to sell Risk Framework Assurance to reduce Insurance costs. Ray is a former Director of the IRM and independent Risk Consultant.
Could an independent review of a professional service company’s risk framework result in it paying reduced Professional Indemnity Insurance premiums? Probably. Is it an easy sell? No!
I was once on a management course where we started by
listing things we would like to achieve from what we learned, detailed as a
value to the company (additional revenue or profit). It had to be something you wouldn’t have
aimed for otherwise, so it could be directly attributed to the training. Anyway, 6 months later we had to report on
how well we had done in achieving these goals, again putting a value on
them. I think one of mine was to develop
a new ‘product’ that would generate £X in revenue in the months following the
course and I had achieved my objective.
Anyway, it turns out that this is how the training company sold their
services to new companies. They were
able to list ‘testimonies’ from previous clients about how much the training
had added to their bottom line. In other
words, the course more than paid for itself.
Whether this was in the back of my mind, or if through pure
genius, I developed a plan to get companies to invest in an independent review
of their risk management framework, in a way that would more than recover the
cost of our consultancy work. The focus
was on professional service providers that paid huge amounts of money every
year for Professional Indemnity Insurance coverage. I remembered hearing that the company I once worked
for had reduced its PII premiums by $millions by demonstrating to its insurers
that it had implemented a robust system of risk management for its
projects. I figured that this could be
taken further. If these companies had
their existing risk management processes and procedures reviewed by independent
risk experts, would the insurance companies be even more comfortable in
providing PII cover, to the extent that they would charge even lower
premiums? I checked with a contact I had
in a broker specialising in this type of cover and the answer was that, as a
general rule of thumb, an independent review by a reputable risk consultant
could generate about a (once off) 20% reduction in annual premiums. I asked if companies paying for other
insurances, such as third-party liability, defamation, kidnapping, etc. could
expect to see the same benefits, if they were to demonstrate some level of
verification of their approach to risk, and the answer was a resounding ‘yes’.
So, there it was: all I had to do was to team up with an
established, reputable risk management consultancy (which I did) and target
companies providing professional services (architects, engineering firms, law
practices, hospitals etc.) large enough to be paying millions annually for
their PII coverage and show them the sums: ‘Pay us £100,000 for an independent
review of your risk management framework and, of course, implement our
recommendations, and you will save yourself £1,000,000 or more on your PII
insurance’! Apart from that, you might
actually improve your Risk Management performance. The problem of in-house risk management teams
not seeing the wood from the trees would be mitigated. It was a sort of Risk
Management Framework Assurance certification, and it was a “no brainer”!
We started with engineering consultancies, which is where my
background was, with a plan to bring on board legal, medical and other experts
to ease ourselves into doing the same thing for other professional service
providers. The world was our oyster (I
can’t think of a vegetarian equivalent of that one). Everyone we spoke to in the companies we
targeted was interested. Some thought it
was a brainwave. “Why hasn’t someone come
up with this idea before” and similar responses were heard. Did we get any work out of it? Nope, not a single paid hour! Why not?
Well, I think there were a few reasons:
1) We often ended up in front of the Chief Risk Officer (CRO) or equivalent, who, while agreeing with our approach, felt that the exercise could expose them in some way. Even though there was a chance that we would, independently, confirm that they were doing everything perfectly well, there was a risk that we would highlight some weakness, and that was a risk, I believe, some CROs weren’t willing to take, at least by voluntarily subjecting their ‘babies’ to scrutiny.
2) Even when we got in front of CEOs, or other decision makers, I believe the worst enemy of risk management kicked in: Complacency! “We’re fine on our own”. “We can sort this out ourselves”. Maybe they contacted their insurance brokers and were offered the ‘equivalent’ from their in-house consultancy arm?
3) We ran out of time. We were operating out of an office that was short of commissions and, with no easy wins, other things took priority, so we couldn’t sustain the campaign. Maybe it needed a more global approach than we were doing at a local level. We thought we’d be able to develop a successful template that could be taken and used in every country in which the parent risk management consultancy operated. It might have been better to persuade the bosses in the US HQ to adopt it and develop it as an approach with existing clients in other sectors. Perhaps we needed a bigger “name”. There used to be the phrase “no one ever got fired for buying IBM”. In the 1980s, IBM figured that their name was worth an additional 18% on the cost of their services. As long as their price came in ‘only’ 15% higher than the competition, there were assured of the sale. In a similar way, given the choice, most companies would engage a “Big-4” consultancy over any other.
Ray Flynn
Ray is a semi-retired independent Risk Management consultant, with a focus on bribery and corruption. He has carried out risk framework reviews and fraud risk assessments & investigations. He has also run two businesses and carried out interim management assignments, in 4 different countries. He has worked extensively throughout Europe, the Middle East, the Americas, Asia and Africa and was also a key member of a team investigating corruption in the engineering industry with the World Bank over a two-year period. He is currently based in Brussels.
Ray was a board member of the Institute of Risk Management for 3 years and Chair of the institute’s Investment Committee. He also sat on the IRM’s Education & Standards Committee and spent 5 years on the Audit and Risk Committee. He has contributed to, and authored, two of the Institute’s publications
