Sue Copeman interviews four delegates at the Zurich Risk Engineering Global Workshop 2004. What do you consider are the key issues facing risk managers in Europe and in your own country in particular?
STEFAN BAUHOFER: It depends very much on the area you are active in,
and in general using statistics (which focus on the past) is not always very helpful in assessing future developments. We have to concentrate more on previously accepted and so far unidentified risks - in the words of one speaker at this workshop 'thinking the unthinkable'.
In addition to the traditional risks, such as industrial accidents, natural catastrophes and environmental disasters, new risks are emerging. For example, the 'faster, cheaper and better' management philosophy implies doing the same work in less time - which can mean shortcuts in processes getting closer to the limit. The growing reliance on technology makes power outage and IT hacker attacks a real concern. Recent terrorism incidents show that this risk can take very different forms. Global warming is a potential disaster with a slow fuse which needs the cooperation of governments to combat it. We've also seen the the increased impact of diseases and epidemics, such as SARS and mad cow disease. Scientific developments also mean that things like gene technology and genetically modified organisms are an issue.
The list is almost endless - discrimination and suppression through the unification of groups with different ethnic and political backgrounds; the growth in organised crime in some parts of Europe; illegal immigration, drug trafficking and money laundering.
ANA-MARIA CANELA: From a general point of view, this is a very dynamic time. One of the main issues is the worldwide spread of terrorism, with incidents also becoming more numerous in European countries. Competition risk is also very important. This applies to pharmaceutical companies that may be selling products to countries where patent rights are not respected. In addition, the pharmaceutical industry has become more consolidated, with companies battling to increase their market share and facing some risks in trying to achieve this.
The US claims culture is also spreading to Europe. Another key issue is the more stringent requirements for companies' accounting and reporting systems. While the move towards greater transparency is clearly to be welcomed, it may present a greater reputational risk. You have to be more careful that you do not fail in some way and damage your reputation.
MATS JANELID: SCA is in many ways a traditional pulp, paper and packaging company, so our key risk issues tend to be traditional hazards such as fire. However, SCA has been growing very fast in recent years, with a number of acquisitions throughout the world. Integrating these within the group and assessing their risks are crucial tasks. Business continuity is an important consideration because of interdependency issues.
FRIEDHELM LOTZ: For global companies, the key risk management issues differ more across industry or business sectors than they do across countries or continents. This applies especially to my own company which generates over 95% of its revenue outside its home country, Switzerland.
The most common relevant denominators among key issues which risk managers of global companies face today are: IT security, the tightening legal environment and new compliance issues; product liability, brand and reputation damage; supply chain risks, and terrorism in its various forms. Obviously, the ranking can vary from sector to sector and the list is not exhaustive.
In my own organisation's case - and this is perhaps typical for highly innovative global pharmaceutical companies - major risks are those related to product safety (for example liability risks potentially materialising in class actions, product recalls, etc). Also important are the risks in the product investigation/development process, for example the rejection of a potential blockbuster by the approving authority, liability issues in clinical trials, and so on.
In the 'total risk' picture measured in financial terms, enterprise risks (strategic, financial and operational) have a bigger impact than purely environment, health and safety (EHS) related risks, with the latter probably representing less than 10%.
How do these issues affect companies ?
STEFAN BAUHOFER: Every organisation has to define its critical success factors, and risk identification is getting higher priority. Prevention is also becoming more expensive and insurance premiums may well increase.
ANA-MARIA CANELA: Senior management is experiencing an evolution as to what risk management means. In the past, companies tended to have separate risk control functions, with, for example, people dedicated to insurance, health and safety, product quality, and so on. Senior management now find this silo approach very difficult to manage, particularly in terms of establishing priorities.
MATS JANELID: It's important to recognise that what we see as traditional instruments, for example in continuity planning, might be new to companies/operations joining the group.
FRIEDHELM LOTZ: In dealing with a variety of high level risks, risk managers are confronted with an increasingly costly and limited insurance market with shrinking capacity. The degree to which companies are affected will be strongly related to their ability to adapt their risk management to the 'new' hazard/risk/insurance landscape.
What kinds of solutions are available?
STEFAN BAUHOFER: Organisations may need to change their way of thinking regarding responsibilities, risk sharing, captive solutions, etc, and to develop a more holistic view covering all aspects of the different risk areas. Enterprise risk management is not a 'one size fits all' solution, it has to be particular to each company. And the type of solution always depends on the question - how much risk can and do we want to take?
ANA-MARIA CANELA: My own company has an enterprise-wide risk management initiative to produce a comprehensive systematic and integrated approach throughout the whole organisation, its key processes, and the value chain.
MATS JANELID: Dealing with our traditional risks involves identifying them and then working with loss prevention. It is important that management recognises the vulnerabilities, which you might not have had to look so closely at before. We are also tightening and harmonising protection standards throughout the group.
FRIEDHELM LOTZ: As a consequence of the limitations in the insurance market, companies need to intensify loss prevention, build up a robust business continuity management, find adequate self-insurance solutions and prepare sufficient contingency reserves.
What impact has corporate governance had?
STEFAN BAUHOFER: Corporate governance has an influence not only in the operational area but also in the way of thinking. My own company introduced a corporate code of conduct for all its employees in 1997, which underlines and implements the group's commitment to comply with all applicable laws and regulations that govern its business. Employees have to maintain the highest ethical standards of professional and personal conduct in their relationships with customers, fellow employees, suppliers, competitors, governments and communities. Our reporting system has to be able to handle all three risk categories - market, financial and operational - reliably and efficiently and in such a way that the board of directors has all relevant information necessary for strategic decisions. We recently created a new position, that of group assurance officer, to handle this coordination function. Reporting is done via a comprehensive electronic management information system.
ANA-MARIA CANELA: Our company is rated AAA. As we are listed in the US, we have to comply with the Sarbanes-Oxley Act. In addition, we have very strict internal standards for corporate governance. We adhere to the UN Global Compact with worldwide standards for code of conduct and corporate citizenship. We have an extensive integral regulatory framework to guarantee, not only transparency, but also behaviour and how we manage risk. We apply our standards worldwide without discrimination.
MATS JANELID: SCA treats corporate governance as a top management issue which is relevant at board level. The risk management department is involved where appropriate. For example, in respect of acquisitions, part of due diligence is looking at how risks, old and new, are handled/transferred.
FRIEDHELM LOTZ: Being rather technically oriented, I consider corporate governance as a high level, strategic quality management system for the top management of the enterprise. In our company, corporate governance is not new, although rules and standards are evolving and becoming more formalised. Therefore, I do not feel that corporate governance has specifically impacted my activities at a given time. On the other hand, it is clearly evident that new initiatives, for example social reporting, are raising awareness at all levels about the fact that the company has not only to respond to perceived wishes of shareholders, but also to the expectations of all stakeholders, and of society at large.
Do you envisage any new risks arising?
STEFAN BAUHOFER: In general, I think there are two aspects: new risks due to new fields of activity (complex technologies with high chance potential and unclear risk profile), and old risks in new geographical areas. Problems with new, unfamiliar risks can be lack of experience and denial of the danger. Warnings do not advance one's career, and people rarely celebrate a catastrophe that did not happen.
ANA-MARIA CANELA: New risks are likely in the fields of gene and nano technology. Some risks will become more important as companies increasingly focus on their core business and outsource more. We need to be careful in the future about the way we manage our suppliers of materials and services.
The company has internal standards relating to the performance of third parties but, as the amount of outsourcing increases, we have to prioritise the potential risks. We have created several tools to obtain more information so we can better assess the related risks.
MATS JANELID: Climate-related risks are not new, but they are of increasing importance and will be a major issue. Sweden is a sheltered environment as far as climatic disasters are concerned and hopefully that will continue, but SCA has operations in central Europe where there are issues with flood and storm, and also operations in the US, Far East and New Zealand.
FRIEDHELM LOTZ: Most of the risks we will face in future are already with us in some form or another, although there may be shifts in the ranking of them as time goes on. For example, supply chain risks may increase in importance in our industry sector due to further specialisation, globalisation, consolidation and increased outsourcing. I believe the legal environment will be more difficult, and genetic engineering may rise in significance.
Are companies able to transfer all the risks they wish? Are they choosing to use more self- insurance strategies?
STEFAN BAUHOFER: There have obviously been problems with insuring terrorism following 9/11, when it was transformed from a minor risk to a major, and perhaps more importantly, incalculable one. Environmental liability insurance is another difficult area. In both these cases, insurers have slowly returned to the market, with tighter, pricier policies.
It may be possible to transfer some business risks by means other than insurance. For instance, corporate treasurers routinely hedge their company's transactions in foreign currencies, and insurers such as Zurich offer alternative risk transfer solutions. In the difficult markets where risk suddenly changes, the state often steps into the breach. Both the European Union and the US government rolled out substantial terrorism coverage for airlines in the wake of 9/11.
ANA-MARIA CANELA: The pharmaceutical business bears intrinsic risks, as is illustrated by the large number of products you initially research and develop compared to the far smaller number that eventually actually go onto the market. Our policy is to prevent and minimise risks to an acceptable level as far as possible and then use risk transfer or self-insurance or a combination of these for the remaining ones.
MATS JANELID: We cannot transfer all the risks we would like. For example, flood insurance is not available everywhere in the world, so you have to carry that risk yourself in some areas. SCA has had a captive company for about 20 years now so we are used to absorbing risk in the group and to taking substantial self retentions. SCA plants have high deductibles to cut premium and this puts responsibility where it belongs.
FRIEDHELM LOTZ: The main business risks cannot be transferred and EHS related ones only partially. Therefore companies increasingly adopt self-insurance strategies.
What types of skills do you think the risk manager of today needs?
STEFAN BAUHOFER: The risk manager needs to be sensitive to weighing up the opportunities versus the dangers, and must be able to conduct comprehensive risk dialogues between different parts of the business, different communities and across different cultures.
ANA-MARIA CANELA: Risk managers must have sound experience, and a very good knowledge of the business activities and processes. They must also be able to think quickly and analytically, because of the complexity and interdependency of risks today, and be ready to adapt to change. Having an open mind and thinking multiculturally are important in understanding other people's views and working in multidisciplinary teams. High integrity is essential.
MATS JANELID: Risk managers need imagination and a broad outlook. Then, of course, you should be experienced and know what you are doing.
FRIEDHELM LOTZ: The risk manager needs to understand the overall picture.
He should have a thorough knowledge of all the major aspects of the business, especially those critical to the mission of the company. He should have sufficient understanding in finance and should be sensitive to technical and EHS aspects. Last but not least, he should be a good facilitator and communicator.
What are the most valuable aspects of attending events like the Zurich workshop?
STEFAN BAUHOFER: In addition to a full programme of keynote speeches, presentations on emerging risks and some practical lessons, the workshop provides a unique opportunity for us to exchange ideas and know-how with our insurance partner Zurich, as well as with other experts.
ANA-MARIA CANELA: Your usual day to day activities keeps you concentrated on a set series of issues. The workshop offers an opportunity to broaden your mind, with a concentration of experts with different approaches and advice. It's an enriching experience.
MATS JANELID: It's an opportunity to get new input, to see what is going on, and to meet people. The basics might still be the same, but it helps to get new ideas on how to approach the problems.
FRIEDHELM LOTZ: The most valuable aspects are: networking, getting new insights in risk management and meeting colleagues and friends, especially from Zurich Risk Engineering who played an important role in my own formation in risk management and with whom we maintain a fruitful collaboration scheme.
Sue Copeman is editor, StrategicRISK. The Zurich Risk Engineering Global Workshop 2004 was held in Noordwijk, The Netherlands, on 22-24 September.
LISTENING AND LEARNING
Hans Peter Frei, head of Zurich Risk Engineering Group, believes that the Zurich Risk Engineering Global Workshop offers a valuable opportunity for obtaining customer insight. "We are looking to provide cost-efficient solutions to our corporate global customers and helping them manage the cost of risk can only be achieved by understanding their operations. We are looking for long term partnerships and the feedback that we gain at our workshop is very important.
"We have established a comprehensive technological information exchange network both within Zurich and with our customers. The workshop enables us to build relationships and, since those attending come from many different countries, to understand the different cultures and approaches. It increases transparency, which I believe is the crucial way forward and gives us the opportunity to listen to our customers.
"More companies are embracing enterprise risk management and want to understand their total cost of risk rather than thinking purely in terms of separate lines of business. Our customers are interested in protecting the bottom line and the company's reputation. The partnership approach means that we share knowledge, with benefits for both sides."
INTERVIEWED WERE:
STEFAN BAUHOFER, risk engineer, corporate insurance and risk management, Schindler Management Ltd
ANA-MARIA CANELA, head, global HSE management, Novartis Pharma AG
MATS JANELID, risk manager, Svenska Cellulosa Aktiebolaget SCA
FRIEDHELM LOTZ, corporate auditor, F. Hoffmann-La Roche Ltd, corporate safety and environmental protection (CSE).