Risk Identification – don’t just mail it in
ERM programs all start out with a suggestion that you must identify your risks.
Many folks take this as a trivial exercize. But it is not. There are two important reasons why not:
- Everyone has risks in the same major categories, but the way that those categories are divided into the action level is important. All insurers have UNDERWRITING RISK. But almost all insurers should be subdividing their UDERWRITING RISK into major subcategories, usually along the lines that they manage their insurance business. Even the very smallest single line single state insurers sub divide their insurance business. Risks should also be subdivided.
- Names are important. Your key risks must have names that are consistent with how everyone in the company talks.
Best practice companies will take the process of updating very seriously. They treat it as a discovery and validation process.
To read more about Risk identification, see the WillisWire post
(This is the first of a 14 part series about the ERM practices that are needed to support the new ORSA Process)
and the RISKVIEWS post