Download (direct link):
We have long dealt up in our organizational lives, but usually these were occasions of asking permission: requests for resources, adjustments to reporting relationships, and the like. We are now approaching a new and largely uncharted part of the forest, which will require new thinking and new approaches. We have seen the innovative and challenging rethinking of assumptions taking place in the advertising business with the advent of neuroscience research.5 Likewise, we have examined the almost-inconceivable changes in the manner in which some law enforcement agencies go about their work. Advertisements are but a mechanism to influence human choice. Is that not what we are about when we deal with our subordinates, peers, and superiors?
In thinking of such activities, we should be mindful of the issues at the top— in the boardroom and executive suite. Risk management has for many years sought to protect the organization and its assets through several mechanisms and activities, with various forms of insurance being high among them. Recent developments in the industry, following the dotcom collapse, September 11th, and Enron, may have forever altered the landscape. Insurance may now not be the automatic panacea to placate concerns about various forms of risk; it is simply becoming prohibitively expensive. A recent article in Risk Management magazine put this issue as follows: “A few risk managers report that underwriters have not been interested in negotiation or in risk and claims mitigation issues— only in rate hikes. As a result, not much could be done in the short term to avoid significant price increases for significantly less coverage.”6
Such a position by the insurance industry, if growing, could significantly alter the risk landscape for many years to come. It suggests three alternatives—none of them good, but at least two of them manageable. The first is to accept the status quo, pay increased rates for reduced coverage, and learn to live with it. The net effect will likely be increased product and service prices to pass this cost along to customers; lower profits to absorb the increased costs; or dropping of higher-risk (and probably higher-profit) services lines or products to reduce risk. The second alternative is to focus on risk mitigation to such an extent and in such a manner that insurers will relent on price increases and coverage reductions. But even were an organization successful in this endeavor, it is still a mutual situation— the other side, the insurers, can still say “no.”
The third alternative is identical to the second with a shift in focus. It consists of maintaining a level of risk mitigation insurance that appears reasonable at prevailing prices, but attempting to move toward a posture of being self-insured, at least for those risks over which the organization has sufficient control and influence. In this scenario, the organization is spending resources formally designated for insurance coverage on active risk mitigation. As an organizational strategy, this may pay ancillary dividends. Risk mitigation surveys, whether they are for occupational fraud, physical security, or some other purpose, usually produce volumes of important and useful organization data that go far beyond pure risk mitigation. In one sense, it is a two-for-one activity, with increased operational efficiencies gained from vastly improved knowledge about organizational processes and capabilities.
This alternative may be seen as a significant gamble, largely because it has not been widely used before. This is true, and it may fall to the forensic professionals within organizations to become the advocates for consideration of such proposals, but this will not occur in a vacuum. Environmental drivers, like the changing dynamics of the insurance industry, may not only make such concepts and proposals more likely to be well-received, but may even mandate them in terms of economic logic.
If the levels of board and executive concern, in the post-Enron environment, approach those that appear to have manifested themselves in the post-September 11th time frame, the issue may be far from academic. Carol Hymowitz, writing in the Wall Street Journal about “Business’s New Agenda,” makes the following observations:
Until six months ago, corporate security was a back-burner issue.
Then, came Sept. 11th,... A few weeks later, the threat of anthrax-tainted mail stirred panic in offices throughout the nation.
Today security is a main concern from corporate boardrooms to mailrooms everywhere.7
In this article, Hymowitz goes on to cite a study conducted by Booz Allen Hamilton in November and December 2001, which found that 75 percent of
chief executives at large companies had an increased concern about security issues. Specifically, she advises, the study reflected the following areas of focus among those interviewed:8
Mail processing 86%
Protection of employees 79%