The pros and cons of implementing a risk management information system
The risk and insurance industry is often criticised for lagging behind other sectors when it comes to technology and innovation. Hampered by legacy and out-of-date systems, some say there’s never been a better time to disrupt the industry. But the tide has started to turn, at least for risk and insurance managers, who now have a plethora of new technology solutions and risk management information systems (RMIS) to choose from that promise to help ease their working lives.
The benefits of a RMIS seem clear: data certainty and consistency, potential insurance premium savings, automated reporting and reminders, and a real-time granular picture of a company’s biggest risks, insurance programmes and claims history.
So why do so many risk managers still rely on desktop solutions? Do they not see a value in the systems on the market, are they laggards, or is some other element at play?
One reason is cost constraints and justifying the return on investment. Ventiv Technology Australia managing director Justin Gale suggests the case for purchasing a new technology system can be a hard sell for risk managers. “Insurance is seen as an expense centre, so the challenge that [risk managers] have is convincing decision-makers to spend money in order to save money,” he said.
“If you’re selling a CRM system that’s going to help a sales team generate more revenue, there seems to be more support for a ROI when [a system enables] revenue generation as opposed to cost savings.”
The soft insurance market has also played its part in the slow uptake, as firms have been able to secure lower premiums year-on-year from their insurer partners. But Gale says this is something of a false economy: “The insurance market’s been going for more than 300 years and it goes in cycles. When the market turns and premiums start going up, [firms with a RMIS] will have a risk that’s going to be more attractive to insurers because they’ve got that historical data to back themselves up.”
However, according to a report out of Europe this month, the price of an RMIS is only the third-most important criterion when risk managers are choosing a system. Above it are ease of use, which topped the list, and the system’s reporting capabilities.
Amrae’s information systems commission president, François Beaume, told StrategicRISK that not all RMIS functions scored well with the 50 risk managers surveyed.
Audit and competitive intelligence functionalities in particular fail to meet the needs of risk managers. But the majority of respondents were “satisfied” with the risk mapping and incident management functionalities of vendors, as well as how systems can support compliance and governance requirements.
In Australia, media company Seven West implemented a new technology system last year. Risk and audit head Mark Wilson, who led the tender programme, said: “There was no system off-the-shelf that was a perfect fit for us and every customer is going to find the same thing – we’re not that special, we had our own unique requirements and so does everyone else.”
But Wilson warned against purchasing a completely customised solution: “It always sounds really good upfront, but every time you want to maintain the system and do an upgrade, you end up with all sorts of extra complications and testing because you’ve got a bolt-on piece of custom functionality which isn’t necessarily contemplated in [the vendor’s] updates and it creates a lot of complication.”
In selecting a system, Wilson’s three priorities were: the ability to integrate risk management processes; the ability to configure a system for their own requirements; and producing meaningful reports for business heads and the board.
Telstra chief risk officer Kate Hughes also said her company struggled to find a tool that met its needs.
“The capacity to put in a really simple tool that enables you to link a risk to a control to an action, and in some cases to a dollar value so you can figure out if you should insure it or not, is really hard,” she said.
Telstra is currently implementing a new system as part of its transformation from a traditional telecommunications business into a technology firm.
“Our implementation won’t be short and it won’t be simple. In an organisation of our size, that’s a fair call, but by the same token, I don’t think these things should take multi-year implementations and that’s effectively what we’re staring down.”
Hughes says she would like to see systems become more intuitive and link together potential risk events in different parts of the business.
And JLT Risk Consulting Asia director Craig Paterson agrees that the technology needs to improve, albeit with a caveat: “People use their phone as a baseline as what to expect [from all technology], which is probably not reasonable. There are billions of people buying mobile phone technology, but there aren’t billions of people buying risk management software. So [RMIS] is always going to be one step behind your phone.”
In saying that, Paterson “can’t understand how risk and insurance managers can remotely try to live without having a software platform to do their job”.
“It’s a bit like having your finance management system: you can see exactly, at that date in your system, how much money do we have in the bank. An insurance and risk management system can tell you at any date what are your biggest risks, what insurances do you have in place [and] what is your claims experience,” he added.
Uniting Church in Australia head of risk and insurance Christian Mathis says his RMIS was crucial in securing a discount for its property insurance.
“Insurance data is the lifeblood from which risk transfer strategies are not only set but ultimately measured and assessed. Whether you are focused upon the remarketing of a particular risk class, the calculation of optimal self-retentions or development of risk allocation strategies, such decisions must be made where the accuracy of underlying data is undisputed,” he said.
The ability of a RMIS to aggregate risk data efficiently is one of its key benefits, agrees Marsh South East Asia managing director Douglas Ure.
But he said the systems aren’t for everyone: “I see so many risk managers that try to cut corners because they’ve got a certain target for getting a system in place, or they’ve got a budget to stick to. To some extent, if the budget is relatively small, then you may find you’re better off with Excel spreadsheets because the pain and inefficiencies being caused by selecting the wrong or cheapest system can damage some of the great work that risk managers may have done to put in place risk management frameworks and develop a risk-aware culture.”