Risk Management Reports

May, 1999
Volume 26, No. 5
 
C.D.I.M.

Iíve read considerable discussion lately on the role of the "risk manager" within an organization. What is the "core competence" (how I hate that phrase!) of this person? What skills are necessary? And can the "insurance risk manager" rise to the new challenge of an integrated approach to all risks in an organization, or will "financial " or "public policy" risk managers become its leaders?

Exposure to a paper by Bill Kelly, the Managing Director, Risk Management, for J. P. Morgan, in New York and to a one day conference in Massachusetts on new risk perspectives confirms an idea that has bothered me for some time. This idea is described by the initials C.D.I.M: "Canít Do It Myself." Many insurance risk managers seem to be hopelessly constrained by this syndrome: an inability to do anything on their own, without the extensive assistance of numerous external service providers (insurance companies, insurance brokers, consultants, accountants, actuaries, et cetera and ad infinitum). How else can we explain the extraordinary dominance of service providers in their daily activities, in the trade press, and in their conferences?

Take the Massachusetts session. All the speakers, with the exception of a panel of four risk managers at the very end, were vendors (including, of course, this editor). I have already criticized this dependency found in recent Canadian, UK, Australian and US risk management conferences. The vendor pitches in Massachusetts were consistent: "you need us; you canít do without us." It was a theme thoroughly acceptable to the listeners. Have vendors become the perpetual crutches for insurance risk managers? These managers appear to want more and more from their external service providers (albeit at a lower cost) and then they express amazement when senior management decides to outsource the function! Where is self-reliance? Where is the capability to do more internally? Where is the acceptance of responsibility? One speaker described a service provider "client executive" in such broad terms that this person could easily be mistaken for the insurance risk manager. Her entire presentation was built on the assumption that every insurance risk manager needs a "client executive" from an insurance brokerage firm. No one in the audience questioned this assumption.

Another example: Bill Kelly delivered a paper entitled "Risk Management Blasphemy" at the American Bankers Association Insurance Risk Management Forum in January. He traced the evolution of the title "risk manager" in the insurance arena, acknowledged current identity problems with others who use the same phrase, and noted the move toward outsourcing many activities. "Risk managers," he summarized, "correctly seek opportunities to make a greater contribution by expanding their abilities and becoming involved in the firmís efforts to address operational and financial risks." Kelly defined these as "market/credit; revenue volatility; operating; capital; and expense variability." But have they the skills to address this broad array of risks? Kelly then offered his "blasphemy:" that insurance risk managers might enhance their roles by "assuming responsibility for a broader spectrum of corporate procurement." They are to become purchasing agents, building on their experience of buying from service providers! Was he being facetious? I doubt it. He sees procurement as "an extremely dynamic area with dramatic new developments and approaches being announced daily." His thesis supports my supposition that insurance risk managers are habitually conditioned to seek external support and therefore are better buyers than doers.

So where does this lead us in the discipline of risk management? Somewhere in an organization, we need leaders who are willing to take responsibility for assessing risk and teaching others how to do it, for communicating to all constituents what we know and what we donít know about risk, and for maintaining a continuous contingency response capability for all the unusual events that occur. These are the critical skills for integrated risk management, not the specialties of derivatives, safety, security, insurance, or procurement.

Those afflicted with the C.D.I.M. syndrome need not apply.

Copyright© 1999 by H. Felix Kloman and Risk Management Reports
Table of Contents
RiskINFO