David Bergmark (pictured above) has seen risk management transform from firms using numerous unwieldy spreadsheets to increasing use of software that can manage risk from end to end and visualize it all on a single platform.
However, many firms, including insurance companies, still have a way to go.
“Twenty (20) years ago a lot of this stuff was cobbled together using spreadsheets and word documents - and we still see that in 30% to 40% of new business that we look at,” said Bergmark, who is CEO of risk management software company, Protecht Group.
Bergmark said there are considerable business opportunities in helping firms, including insurance companies, increase their risk management operations efficiencies by “having a single source of truth for risk management.”
“If an audit finds issues that need correcting,” he said, “they [insurance executives] have to try and get the manager in the business unit identified by a particular audit finding to respond, so they send an email manually, the guy updates it in the spreadsheet, the spreadsheet comes back - it’s just painful!”
Today’s risk management software – like Bergmark’s which is called Protecht.ERM - automates this process with notifications triggered by audit findings that alert the right individual to take action by a due date.
“So it [the risk management software] really tries to alleviate that manual processing so the risk team can focus more on interpreting results, rather than doing the grunt work to get the data,” he said.
Bergmark suggested that the increasing use of end-to-end risk management software is being pushed by the rising number of risks companies are facing. He said “it’s really quite challenging” to gain sufficient understanding let alone control of these risks using spreadsheets.
“You’ve just got lists of people and resources that it’s hard to picture,” he said.
Bergmark said the risks companies face today have dramatically increased, not just to critical operations from outside forces, but internal risks too, including regulations which require compliance management.
“Organizations nowadays are facing claims from employees around bullying, discrimination, those sorts of things,” he said. “So, there’s employment practices risks, there’s regulatory risks - there’s a tsunami of regulation out there that insurance companies or customer organizations need to manage.”
End-to-end risk management software also facilitates better reporting and presentation of information to stakeholders, he said, and in the case of insurance companies, to risk committees and boards.
Bergmark said today this software is widely used by government regulators, ASX listed companies and financial institutions.
“Every bank would have one of these risk management systems in place,” he said.
Bergmark said today continual monitoring is how firms can understand their risks and what controls they actually have.
“We can do that through what we call metrics or compliance type adaptations,” he said. “Then if things go wrong, we need to systematically capture incidents, learn from them and create action plans to prevent them from happening again.”
He described this as “true enterprise risk management.”
“Resilience to us is a solid component of that because we’re looking at critical operations end-to-end and understanding points of failure,” he said.
The testing involved in this process allows some disruptive events to be prevented and others to be better dealt with. For those events over which a firm has no control, like floods, risk management can help ensure a quick and efficient recovery.
Bergmark said the Australian Prudential Regulation Authority (APRA) has indicated that insurers have three critical operations that need to be a focus of any risk management plan.
“One would obviously be receiving and processing claims by your customers, the second one would be the making of payments to those customers and the third one is dealing with customer inquiries,” he said.
Part of assessing these critical operations would involve testing them in disaster scenarios like floods.
“How long can we let our claims processing be down before we know we’ve got a significant impact on our customers or our market?” he said. “That’s really what we’re trying to do - understand that time horizon and then we make sure all of those components that deliver it can be recovered in time to not cause extreme difficulties with the customer base.”
Today’s risk management software, he said, allows a company to capture information, test it, capture the test results, capture actions, treat it and visualize it all on a single platform.
