I was talking with a risk manager recently about how to translate his risk management department goals and objectives into a practical and executable action plan. His department had not used written action plans in the past. Management seemed to assume the department would handle insurance renewals, claims, and related activities in the ordinary course of business. This risk manager wanted to find a better way to demonstrate the value delivered to the organization by the risk management function, while making the business case for increased involvement in the day-to-day life of the company. The action plan needed to cover the work expected by management while capturing the value added by the team.
This particular conversation got me thinking that other risk managers may be in similar circumstances as we approach year-end. Here are some ideas about an approach for achieving an effective action plan for 2019, along with core questions as a simple checklist.
Start with your goals and objectives
I realize this is obvious, but if your department’s goals and objectives are stated too broadly (for example, “maximize the value delivered to the company by the risk management department”) it will be challenging to develop metrics, targets, and timing directly. You might need to break broadly stated goals and objectives into specific tasks and projects that are easier to measure.
Be sure to incorporate potential special projects for the year ahead. If you have not seen the company’s strategic plan and business plan, seek that information now to better identify areas where risk management will be called upon to assist the organization with major initiatives.
Review risk management responsibilities and opportunities vs. capabilities
As a next step, you might consider taking an hour to assess your organization’s existing risk management capabilities in relationship to its identified risk management needs, as well as any major opportunities for risk management to add value. For example, is there an opportunity to improve internal collaboration, improve results, and reduce cost around safety and/or claims management through adoption of total cost of risk principles and techniques?
The main deliverable from this exercise should be an assessment of any major gaps in risk management needs versus capabilities, along with actions needed to close those gaps. Don’t take too much time with this exercise, and allow yourself to consider both internal capabilities and services provided by third party administrators, advisors/consultants, and brokers.
Here are some sample questions to address over the course of this exercise:
- At the risk management department level:
- What are the core functions (activities) of our team?
- What is working well?
- Are the any major gaps or areas where we should be addressing risk more proactively, such as supply chain, cyber, business continuity, and crisis management?
- Where could we be more efficient, more effective, more value oriented?
- Are we leveraging our internal and external relationships and resources effectively?
- Is our insurance purchasing strategy and renewal process as effective as it needs to be?
- Does the claims process work? Do we seem to spend too much time and money chasing claims recovery?
- How well are we handling contract-related risk and risk management techniques?
- How would we approach our work if we were building the risk management function from the ground up?
- At the enterprise level:
- Where does the organization have gaps in its risk management practices?
- What are the lessons learned and “near misses” we can study to better understand where to improve, and with what priority?
- Does the organization understand its existing and emerging risks with enough insight and data to manage those risks appropriately?
- Have we quantified our major risks, and do we understand the amount of risk we are comfortable taking?
- Are we managing catastrophic risks appropriately?
- Do we have a robust business continuity management program?
- Risk management talent
- What is the level of risk awareness within the organization?
- Do we have the right mix of skills, experience, and bandwidth to achieve our goals and objectives over time?
- Are we recruiting, developing, and retaining our risk management talent?
- Do we have any concerns about succession planning?
- What are the top three to five improvements that would deliver real value to the enterprise over the next one to three years?
This need not not be an exhaustive exercise. Challenge yourself to create a sensible outline of what needs to happen over the next three years. Then use this as a basis for developing next year’s action plan.
Draft your plan
When you’re ready to commit the action plan to paper, it might be helpful to use planning categories that fit your business and culture, for example:
- Core department activities
- Development projects such as conducting a supply chain model or implementing a risk management information system.
- Special projects such as an acquisition, new product launch, or expansion in geography.
Be sure to capture the tasks, timing, responsibilities, metrics and targets for each activity and project.
If it seems challenging to connect day-to-day risk management activities with the concept of delivering real value to the enterprise, revisit the metrics you are using to measure achievement of each target. Try using both financial and operational metrics, because some deliverables are not necessarily directly measureable in dollars.
Test your plan from a strategic perspective
Test your draft plan by considering how 2019 activities and deliverables fit into your organization’s longer-term strategy and plan. This will help you:
- Gain perspective for how best to address risk management needs over time.
- Prioritize activities that need to happen within the next 12 months versus activities that can be pushed off to next year.
- Identify areas where 2019 activity sets the stage for potential future projects that will further build the risk management department’s capabilities, saving time and cost in later years.
- Be ready to discuss your plan and priorities in both the near term and longer term context, demonstrating a strategic mindset for how risk management brings value to the organization.
Organizations adopt various methods for developing their strategies, business plans, and action plans. The method or format you use is less important than the thoughtful planning that results from asking these key questions, and using the insights you develop to create a well-balanced, achievable, measureable, and aligned plan for your team. Best wishes for the New Year.