What is a Risk Management Assessment and what does it entail?
The Risk Management Assessment, or RMA, is the first step in developing a comprehensive risk management program. The RMA identifies, analyzes, and reports on an organization’s material risk exposures. It provides a multi-dimensional view of risk, taking into account organization-wide enterprise risks and specific insurance-related exposures.
A typical Risk Management Assessment consists of five steps, they are:
- Get to know the organization. Gather as much information as possible to learn about the organization, establish objectives, and review a timeline for completion of the RMA.
- Examine risk management techniques. Take a closer look at the existing insurance coverage, what losses have been experienced, and the organization’s Total Cost of Risk (TCoR), as well as the risk management best practices currently in use.
- Identify and analyze exposures. Ask a series of questions designed to uncover risk exposures and prepare an action plan to protect against these risks.
- Implement the plan. Address gaps in insurance, finalize loss reserve reviews and procedures and set a strategy for improvement.
- Monitor results and provide support. Form a work group with members from the organization and provide ongoing guidance on risk-related issues. Recommend actions that support continued TCoR improvement.
Working with the senior management team, the risk management consultants will:
- Gain a thorough understanding of the organization and business model, including competitors, supply chain, production and distribution risks.
- Consider strategic drivers and any obstacles that might impact achieving long- and short-term goals.
- Identify and analyze operational exposures to evaluate the level of materiality the company can absorb.
- Evaluate existing risk management practices and insurance programs and recommend ways to lower the organization’s TCoR.
Questions to ask
Before an organization engages a risk management consultant firm for a Risk Management Assessment, they’ll need to clearly understand:
- Objectives for the RMA
- Scope of the RMA
- Organizational structure to support the process
- Tools and resources available
What sort of information is reviewed?
- Insurance policies, specifically gaps and weaknesses
- Unique, business-specific risk exposures
- Past losses --- Are reserves sufficient?
- Premiums --- Are they competitive when benchmarked against competitors’ rates?
- Best practices --- What is the organization currently doing to minimize risk?
- Contracts --- are obligations broader than your insurance?
Common Goals for an RMA:
Compliance --- Reacting to externally imposed corporate governance guidelines that concern risk identification, disclosure, management, and monitoring.
Defense --- Anticipating problems before they threaten the company’s strategic objectives. This is largely avoiding unknown issues that could undermine company progress.
Coordination/Integration --- Breaking down internal silos by coordinating various pockets of risk management activity and awareness to improve overall company performance.
Exploiting Opportunities and Creating Value --- Appreciating how risks interact across the enterprise and exploiting natural ways to avoid or manage those risks.
Upon completion of the RMA, the client will receive a written final report that includes:
• Loss exposure analysis
• Evaluation of insurance program administrative practices
• Insurance coverage analysis
• Conclusions and recommendations
What will an organization get with a risk management assessment?
- Comprehensive, easy-to-understand report
- Full company report card
- Coverage concern overview
- Insurance premium reduction strategy
- Gaps in coverage revealed
- Knowledge to further improve going forward