Do you know how many of your fleet accidents are caused by a fatigued driver? Do you know how many collisions happened in a particular intersection? Or how many workers’ compensation claims are associated with lifting in the confined space of a trailer?
Vehicle collisions – and associated costs – are rising at alarming rates. Carriers are scrutinizing their fleet safety exposures, leaving companies with fewer options and higher premiums for insuring fleets. A RMIS can help bolster your safety program and lower costs by identifying fleet risks early enough for you to take action. Here’s how:
A RMIS can show how well drivers prepare for their trips by tracking:
Sure, spreadsheets can be painful and time-consuming to use for values collection, but they’ve worked fine so far, right? Well, have they?
If you’re using spreadsheets, it might take two to three months to collect values, convert currencies, and aggregate and reformat data before you can finally corral it all into a meaningful format. Just drafting and emailing spreadsheets to individual collectors can take days – and that’s assuming the email address list is unchanged from the last campaign.
And then there’s the question of accuracy. Spreadsheets are a notorious breeding ground for error. Think about the ripple effect of a typo that values a property at $10 million instead of $1 million. An undetected mistake like this would most certainly lead to improper coverage and significantly higher premiums. It could even impact strategic decisions about adding new properties or allocating inventory. And good luck noticing one extra zero buried among hundreds of numbers on a spreadsheet.
Exposure management software takes the time and the pain out of the values collection process with:
Customizable questionnaires that make values entry easy
Automatic validation that ensures the data is accurate
Dashboards that show the real-time status of each campaign
Visually impactful reports that can be created with just a few clicks using any part of the data
Updating your exposure management process is a sure way to get the proper coverage, the best premiums – and so much more. With values in one, centralized source, you’ll be able to understand your exposures in greater detail and apply stronger analytics that deliver more timely and reliable insights.
You’ll have a clear picture of where your risks are so you can make smart decisions about adding locations, for instance, or moving inventory. Exposure data also can be leveraged to run allocations, map property values against catastrophic events, produce loss-ratio reports, and identify possible new areas for loss prevention.
If you still aren’t convinced that exposure management software is worth the time and trouble, do the math. Simply add up the number of:
People who need to submit values
Countries where you have assets
Locations within each country
Currencies that need to be converted
The higher the numbers, the more value you’ll get from software.
Spreadsheets may be the comfortable choice for collecting values. But entrenched habits can hold you back. Time spent collecting, validating, reformatting, and consolidating data is time NOT spent on things that really count – turning that data into actionable intelligence.
Automating and streamlining the values collection process allows you to focus your resources where they can deliver the most value. Isn’t that a more productive way to spend your time?
In business, the “it won’t happen to me” mindset isn’t just blind optimism — it’s an inherently flawed and frankly irresponsible approach to risk management.
The reality is risk is everywhere – the question isn’t if a risk event will happen, but when – and how much of an impact it will have on the bottom line. One small point of vulnerability in your business — or that of a partner’s — could lead to a risk event that snowballs into a situation that hurts stock price, brand reputation, financials and more.
The priority should be in ensuring that risk events don’t turn into worst-case situations. The key to stopping events from reaching nightmare status and limiting the impact of events is planning. A comprehensive and strategic, proactive risk management plan considers all vulnerabilities across the enterprise and provides the answers on how to stop them before they grow beyond your control.
If it can happen to them, it can happen to anyone.
One recent example of a worst-case scenario is the recent Notre Dame disaster, where warnings of a malfunctioning fire prevention system and concerns over inadequate staffing fell flat. There was only one security guard – who had only been employed by the cathedral for a few days – working the day of the fire due to staff cuts, which led to a delayed call to firefighters. Aside from the sentimental impact of losing such an iconic cathedral with 850 years of history, the rebuild will cost upwards of $2 billion and take over two decades to complete.
Could Notre Dame’s nightmare have been avoided? The short answer is yes – with the right approach to risk, plans and controls, companies can mitigate and limit the impact of even the worst possible scenarios.
Seeing what’s around the corner – before it gets to you.
The first step in effective risk management is proactively looking at all risky situations that could affect the organization’s performance – including intangibles like reputation. This means having visibility into the risks unique to each department and analyzing them collectively to see how they relate to each other. Pulling risk information from across the business into one, cohesive source gives a clear picture of the cumulative impact of risk on the organization and makes it much easier to identify appropriate mitigation plans for worst cases. Just like a doctor wouldn’t look at a symptom in isolation when evaluating a patient’s condition, risk managers need to look at all potential factors before determining an organization’s ability to handle a risk event.
The risk landscape can change quickly, which means it’s critical to be able to assess what’s happening in real time and act at a moment’s notice. Having complete, accurate and up-to-date risk information, which is enabled by integrated risk management technology, means teams can continuously re-calculate the potential impact and ramifications of a risk event as it evolves, which enables risk managers to immediately focus on the issues most likely to turn into the worst-case scenarios.
Ask “what if” before it happens.
Notre Dame experienced its worst-case scenario – but the truth is these events could happen to any organization, which is why it’s important to think about such possible cases, well before they become reality, and have a plan in place for mitigation.
When it comes to risk, the mindset should not be “it won’t happen to me,” but rather, “I won’t let it happen to me.” With the right tools, processes, resources and partners, control over risk – even the big threats – is possible. Good risk management doesn’t just happen — it takes proactivity, collaboration among key stakeholders, and setting the right intentions.
Many organisations are adopting governance, risk and compliance (GRC) technology to help manage their activities in these areas. This shift continues to be driven by an ever-changing regulatory landscape and an increasingly connected world. GRC solutions automate the collection, correlation and reporting of information to offer a broader picture of not only how well the company is performing, but also how well it is complying with the law and managing risk.
Once you have gone through the arduous process of justifying the investment into GRC solutions and made your choice of available platforms to best fits your needs, the actual implementation piece comes with its own set of challenges that must be considered in advance in order to make things go as smoothly as possible and cause the least amount of disruption.
Read on to learn about the 10 most common organisational challenges of a GRC solution implementation and start planning now to address them.
Determining the key people and their roles early on in the GRC process.
Waiting to define the team and roles can lead to delays, rework and frustration as a new person coming in may have a different perspective or goal. This is especially important with the sponsors, as they often set the high-level agenda.
Knowing communication is key.
It may seem trite and unnecessary to spell out, but this is often an area where the GRC programme derails. When thinking of communication consider:
Internal stakeholders for planning, progress, guidance, decision making, etc.
Peers—for guidance, changes, challenges, best practices, etc.
Implementation teams—both GRC program and possible automation or software—for requirements, overall vision and goals, stakeholders, etc.
Utilising the frameworks and guidelines that are available as a litmus test for your programme.
Frameworks and guidances such as COSO, COBIT, NIST, ITIL, UCF, etc.,can provide a great starting point as well as a strong touch point throughout your maturation process to ensure you are considering all aspects of a GRC program.
Building a network of peers in your field of expertise and industry.
Reach out to them for best practices, challenges, changes, guidance, etc. This is the most tangible way to get comfort that the GRC process you are building is considering all aspects that need to be considered.
Thinking you have to have a fully mature business process to implement a GRC automated programme.
It is not necessary to have a fully mature business process in place to begin, but do make sure you have a basic understanding of what you want the business process to be—the process can mature over time but a strong starting point will avoid rework and frustration.
Understanding the processes, data, teams, etc. that are already in place in your organisation.
There are often very solid GRC areas that can be a great starting point for developing a robust program. For example Internal Audit, SOX, IT GRC, and others have mature business process with defined data taxonomies that can take a GRC program from infancy into maturity much more quickly. Also, as verticals that have strong guidance and leadership around developing GRC programs, they can be strong advocates in an organisation and help with the success of the GRC build-out overall.
Starting at the desired end result and work your way backward.
Knowing which reports and dashboards you want helps guide the information you need to capture and how it needs to be structured in order to get to the desired end result.
Clearly communicating requirements in the RFP or sales cycle.
If you decide to automate or implement a software to support your GRC process, it is vital that you make sure you understand exactly what the SOW is committing to and what it excludes. If you aren’t clear on anything push into that area to get clarity. Understanding what is being provided and excluded is key to how well the system will work for you overall as well as providing confidence that the product will meet your needs when it comes to the anticipated core functionality.
Thinking of the big picture first.
If you are automating or implementing software to support your GRC process, think of the big picture at the beginning and then work towards that. It is reasonable to start small and build out to the full GRC program, but when building out the starting processes make sure the end result is considered in the decisions being made. Not doing so can create unintentional blockages in the process and result in an unsuccessful break down of the organisational verticals that was intended.
Listening to the advice and guidance of those around you.
Whether it is from organisational leadership, peers, outside sources, or implementation teams when automating, this is a key component of a successful implementation. You can then take the information you have received and look at it through the lens of what you are trying to accomplish. Be open to the outside perspectives but make sure it ties into the objectives you are working towards.
Taking on the implementation of one or more GRC solutions is no small feat and there are bound to be unforeseen obstacles along the way. However, by knowing some of the likely challenges in advance, and proactively creating plans to address them, you will be better prepared to set your organisation up for success.
Riskonnect is one of the most comprehensive Risk Management Information System solutions, according to the independent 2019 RMIS Report. Authored by respected industry experts David Tweedy and Patrick O’Neill, the report is designed to provide buyers with unbiased analysis to better understand the RMIS market and available technology.
The report notes the growing importance and sophistication of risk management in organizations, which is spurring demand for broader solutions that include enterprise risk, governance risk, and compliance risk.
And we couldn’t agree more. Riskonnect’s integrated risk management solutions already span insurable risk management and operational risk governance and compliance. In fact, this report singled out Riskonnect with the highest possible score of 5 in the ERM/GRC category.
Other categories covered by the report include: Claims Administration, EH&S, Exposures, Captive Pooling, Policy & Insurance, Reporting, and Claims Management. Riskonnect was the only vendor to have improved or maintained YOY scores in every category. The study also examines specific criteria for each vendor, including customer experience, implementation experience and timeline, system-wide functionality, and system attributes.
As the world’s largest RMIS provider, we are gratified to be recognized for our success in helping organizations transform the way they perceive and manage risk. Riskonnect offers the most comprehensive and accessible technology in the industry with:
24/7 global service to provide support where, how, and when our customers need it
Dedicated experts at every stage – project delivery, online support, relationship managers, systems consultants, data consultants, and regulatory compliance
The intelligence to surface, connect, and communicate risk in ways that drive faster, smarter decisions
“At Riskonnect, we have embraced the concept of integrated risk management and are unique in our ability to bring together all types of risk from across the organization and across the globe,” says Jim Wetekamp, CEO of Riskonnect. “We are the best, most comprehensive RMIS vendor for the world’s most sophisticated risk professionals. And we’re just getting started.”
The 2019 RMIS Report by David Tweedy and Patrick O’Neill is a comprehensive and objective review of the RMIS market and providers. Download the full report here.
Healthcare: Clinical Rounding – To integrate safety, satisfaction, and environment of care (and more) round findings with the rest of your reported safety, quality, and patient-experience data to more easily identify relevant correlations and actionable information.
We have new products and releases planned:
We’ve launched a number of new products focused on transforming the way organizations perceive and manage risk:
Riskonnect GRC Suite Expansion.
Riskonnect is developing several advances in Enterprise Risk Management, Vendor Risk Management, Internal Audit, and Compliance products to continue to expand end-user value through Integrated Risk Management.
Riskonnect ClearSight Spring and Fall Releases.
The Spring release will continue to deepen the significant capabilities of the ClearSight product, followed by a Fall release with extensive new administration capabilities.
Riskonnect Integration and Regulatory Compliance Network.
Riskonnect will release the next innovation in risk management technologies, including automated regulatory filings and an integration foundation delivering a complete web-services architecture for real-time third-party integration support.
We are making great progress integrating
Riskonnect and ClearSight technologies:
Early Integration Activities
We are developing services to integrate the Riskonnect and ClearSight technologies and offer customers more value, more choice, and more ways to grow with Riskonnect. First up is providing ClearSight users with seamless access to the GRC Suite of solutions, including Enterprise Risk Management, Vendor Risk Management, Internal Audit, and Regulatory Compliance.
Midterm Integration Activities
Across all Riskonnect modules, we place a high value on the end-user experience. In 2017, we released the revised RK/UX user experience with tremendous advantages in usability, insight, and navigation. Midterm integration activities are focused on expanding the use of the RK/UX experience across all solutions, including the ClearSight platform.
Riskonnect Insights and ClearSight Data Discovery offer the intelligence needed to power effective integrated risk management by surfacing, connecting, and communicating risk information in ways that drive faster, smarter business decisions. Midterm integration activities are focused on providing a single harmonized view of risk data across all insurable and non-insurable risk, including ClearSight within the Insights offering.
More Great Advances on the Horizon!
How the platform will evolve:
The capabilities of all of Riskonnect’s offerings will continue to expand, with increasing interactivity across workflows, analytics, and end-user experience over time – all without requiring any migration activities for customers. Riskonnect will achieve this progress through the Riskonnect IRM service-oriented platform.
Riskonnect IRM will be a service-oriented platform and application suite that integrates risk management functionality and supporting services, including middleware and analytics to transform the way organizations perceive and manage risk.
Riskonnect IRM applications will incorporate best practices from across our 900+ customers and the contributing Riskonnect, ClearSight, and Aruvio technologies
Riskonnect IRM capabilities will be delivered within modules that can be used independently or in combination with integrated data management and analytics services.
The Riskonnect Risk Correlation Engine will provide customers with a view of risk never seen before, unveiling the impact of risk across the entire organization.
RIMS is the largest risk event of 2019. This year’s agenda includes a record number of sessions on a wide range of risk-related topics, plus inspirational speakers like legendary sports icon, Billie Jean King. If that isn’t enough to get you packing, here’s a countdown of 5 more reasons to come to RIMS 2019 in Boston:
5. Hear from Your Peers.
There’s nothing like hearing firsthand about how another organization handled an issue that you’re facing. Riskonnect has 32 customers speaking at RIMS – all with interesting, valuable, and inspiring stories to tell. And a number of customers will be spending time in our booth to discuss their experiences one-on-one.
4. Enjoy an express espresso – on us!
Feel your energy flagging? Swing by Booth #1117 in the Marketplace for your morning jolt – or your afternoon pick-me-up. Your espresso drink of choice is on us!
3. Run for fun!
Take a healthy break and lace up your running shoes for the 5th annual 5K Fun Run. Participants will take three laps around beautiful Boston Common, the country’s oldest public park. Register for the Fun Run here.
2. Immerse yourself in history.
Walk the Freedom Train, shop Faneuil Hall, make way for ducklings at Boston Public Garden, sip tea at Boston Harbor, or tour any of the many historical sites Boston is famous for. And don’t forget to sample some of the many culinary specialties. Lobster roll, anyone?
1. Meet the New Riskonnect!
Riskonnect and ClearSight are now the world’s largest RMIS provider. The new Riskonnect is one powerful organization with the scale, knowledge, and resources to help you manage risk at unprecedented levels. Come see how our integrated risk management technology can transform the way you manage risk. We can’t wait to show you!
Are you ready to integrate risk, quality, and safety through technology? Here’s a checklist of things to consider when you’re buying a healthcare RMIS.
One system. Have one system for safety, quality, and risk information, such as a Risk Management Information System (RMIS), designed specifically with healthcare in mind. The software should effectively incorporate the unique requirements – and possibly competing priorities – of each function, increase automation, and support your workflows. And make sure it captures all of the information needed by everyone for reports.
Training. Even the best software is virtually useless if no one is comfortable using it. Look for software that is easy and intuitive to use right from the start. Even then, some training will be necessary to get the most from your software – but the increased functionality will be well worth the investment of time and effort.
Anonymous reporting. Providing a safe environment for open and honest discussion is essential for uncovering truths. Open up incident reporting to anyone in the organization, and allow reports to be made anonymously.
Easy incident reporting. You can’t investigate something that was never reported. Make sure the software makes it easy and accessible to report all types of incidents or near misses. You can only take action to improve the situation if you know about it in the first place.
Review root cause analysis and event audit investigations. Getting to the root of one problem may actually solve several others along the way. Take what you learn and apply that to other areas to amplify your results.
Strive for best practices. Establish a system for reviewing, updating, and disseminating clinical policies and procedures with an eye toward constant improvement. Whittling away at inefficiencies is a continuous journey that can generate huge improvements in productivity – and safety.
Leverage a common structure. Use a configuration that follows industry standards, while accounting for the uniqueness of your organization. And be sure it will be accepted and understood by all users.
Be open to change. Any new system involves some change. Be flexible with your processes and workflows to take advantage of the tools available through the software.
Once it’s up and running, a healthcare RMIS can help you build better alliances between risk, quality, and safety – and achieve synergies that will reduce risk, lower costs, and improve patient safety. All it takes is a little planning.
Claims generate an abundance of data. But numbers alone are just, well, numbers. You have to figure out what it means – and put it to good use.
Artificial intelligence combined with big data can identify subtle but important patterns to guide decision-making. You’ll be able to respond faster, allocate resources better – and even prevent similar claims altogether.
What can you pull out of your claims data? Plenty! Claims data can be used to identify:
Complex claims. Forecast how severe the loss will be for each claim, and flag costly and complex cases for early intervention. Complicated claims can be assigned to the most experienced adjusters and routine claims to less experienced adjusters – or even processed automatically – for the best use of resources.
Fraud. Calculate the degree of fraud potential, and identify early warning signs so those claims can be quickly referred to an investigator and/or medical evaluator.
Litigation potential. Use location, attorney involvement, and other criteria to determine which claims are likely to litigate so defense attorneys can immediately start building a case.
Medical management. Look beyond the reported injury to identify which claims need further investigation – by an independent medical evaluation, nurse case manager, pharmacy review, or other healthcare professional – to determine if treatment is appropriate and if other things can be done to improve the claim outcome.
Performance levels. Use important indicators such as lag time, litigation rates, average claim duration, severity, closing ratio, or aged-claim counts to determine how well your claims program is performing.
Priorities. With an estimated 20% of conditions driving 80% of claims costs, data can help determine which claims are in that critical 20% to focus on first for maximum impact.
With the right technology, you can take advantage of all the claims data you’ve been collecting by transforming data into insights that will help you make better decisions, reduce cycle time, and allocate resources more effectively. And that can make for some pretty impressive results.
Success these days depends on your ability to immediately grasp all of your current risks, anticipate what’s around the corner, and understand what it means for the organization. And there’s no room for error.
An Enterprise Risk Management program can help you make smart decisions about risk that will put you on the path toward success. ERM collectively looks at all risks, how they relate to each other, and the cumulative impact on the organization. It looks to increase an organization’s value by both minimizing losses and maximizing opportunities for growth.
Advances in technology are making it easier than ever to manage risks at an enterprise level. But technology alone is not the answer. For ERM to be successful, you have to cultivate a risk culture.
Risk management must be a part of every critical decision throughout the organization. People at all levels and functions must not only understand the organization’s approach to risk, but take personal responsibility for managing risk in their everyday work.
Making that happen requires top-level buy-in. If the C-suite incorporates risk into their decisions, others will follow. Add to that by communicating widely, clearly, and continuously about expectations. Assign responsibility for managing specific risks – and hold people accountable.
With ERM, risk management is everyone’s responsibility. Here are six steps to help you launch an ERM program – and begin instilling an ERM mindset throughout your organization:
Identify your risks and the potential impact on the organization. What is your strategy for responding to risk – and how will ERM help create and protect value?
Leverage what your organization is already doing to manage risk. Apply current practices and strategies for managing well-understood risks – like worker injuries – to other risks.
Build support. Enlist the support of all stakeholders – operations, sales, accounting, legal, and more. And designate a leader – preferably from the C-suite – to champion the ERM cause.
Break it down. The idea of managing all risks can be overwhelming at first, so start with the risks that have the biggest impact on the company’s success and build from there.
Assign accountability. Designate responsibility for each risk to whoever is most closely associated with that risk.
Report on progress. How has ERM added value to the organization?
Even with everyone on board, ERM won’t eliminate risk – but it will minimize surprises. While it can feel uncomfortable at first to involve disciplines outside the risk management department, ERM is well worth the effort. It breaks down silos, adapts to changing conditions, and supports better decision making. And if something unexpected does happen, you’ll have the knowledge, tools, and culture to turn those challenges into opportunities for success.
To be successful, ERM must be embedded into the very fabric of the organization.