Tools for change

Risk engineering is a relatively new term and its simplest definition is the application of engineering methodologies and concepts to risk management. The term is appropriate and useful: it is not about eradicating risk or simply controlling it – or indeed managing it; it is about engineering risk to the needs of the organisation.

Risk engineering is perhaps most associated with property protection and loss control. But it has much wider applications concerned with identifying, evaluating and mitigating risk exposures, be they financial/regulatory, operational or facility related.

The Research Center for Risk Engineering at the Polytechnic Institute of New York University takes it even further. “The importance of risk engineering is increasing every day – not only in the academic world, but also in our daily lives – and it is becoming clear there is a need for a comprehensive attitude towards risk management.”

It goes on to point out that risk engineering covers “financial engineering, global warming and sustainability, nuclear and security, health and cyber-security and the many applications where risks are prevalent”.

Risk engineering services

Risk engineers can be found in insurers, brokers, consultants, even catastrophe modellers. For some companies the issue is closely related to property protection and business continuity – many risk engineers specialise in fire prevention and control.

For others it takes on a much broader meaning, covering all aspects of risk.

The risk engineering department of AXA Corporate Solutions, for example, says its aim is to help clients reduce their exposure to potential losses by helping them implement their corporate risk management policy and taking concrete measures rolling out loss prevention plans.

Whether one takes a broad or narrow view of risk engineering, there are common elements. Frazer Argyros-Farrell, senior consultant at Marsh, says the most important element of risk engineering is the use of a systematic process.

“Risk is down to individual perception,” he says, “and the idea of risk engineering is to try and get in some sort of qualitative and quantitative factors – perhaps putting it into a risk matrix – and thereby removing the randomness of risk perception.”

He goes on to point out that the process begins with a survey and an audit, which is designed to establish what the company does, what processes they have in place and how the processes are managed, whether management procedures are being followed and so on. He explains that this is then followed by the analysis, which can involve benchmarking and standards, as well as risk mapping.

John McConnell, senior consultant, Willis International Risk Engineering team, says, “I believe the key thing in addressing risk management best practices in large global corporations is to implement an effective benchmarking system and support that with both internal and external resources. Of course, it is necessary that global corporations establish executive commitment through a risk allocation strategy or other vehicle.”

He goes on to explain the importance of risk assessment in the engineering process: “Risk assessments are a primary tool in the identification, evaluation and control of risk. Using a risk assessment process is useful in directing attention at prevention activities as opposed to reacting to incidents after their occurrence.”

Brokers use various tools to help clients identify and manage risks. Willis has developed a risk tool called Willis Blue, “a web-based, enterprise-wide risk assessment tool that focuses on assessing multi-location operations, based on a platform of organisational standards”. McConnell describes it as a “vehicle for achieving dramatic reductions in risk related liabilities and facilitating cultural change to encourage best practices.”

At Marsh, the consultants use a Heat Map, which, Argyros-Farrell explains, is a spreadsheet with all the sites down one side and all the hazards across the top, grouped into construction, occupancy, protection and environment. He says clients can use it to look at a portfolio as a whole and identify areas or sites where there are risk issues, and they can then focus in on where there is a need to spend time and money.

Growth of liability risks

Having said that risk engineering is often associated with property protection, it has now begun to be applied increasingly to liability risks. These too require a systematic process of quantification and assessment. Indeed, such risks are a growing problem for organisations as society becomes more litigious and a blame culture starts to take hold.

There have long been problem areas on the liability side, not least the issue of asbestos, but the list of concerns looking ahead is growing by the day - genetically modified organisms, electromagnetic fields, nanotechnologies, stress, obesity, and the whole issue of environmental liabilities.

Added to this, there are the vagaries of the US legal system, and as if that wasn’t enough, it now appears that Europe and the rest of the world is heading the same way, with the growth of a so-called compensation culture and the potential rise of class actions in Europe.

On the latter point, Swiss Re published a Focus Report in the summer entitled “The globalisation of collective redress: Consequences for the insurance industry”. The report stated that there is a clear trend towards the creation of collective redress schemes throughout the European Union (EU). “The European Commission is seeking to strengthen collective redress mechanisms within the EU as a means of encouraging competition and bolstering consumer rights.”

And a 360° report from Lloyd’s last year entitled “Directors in the Dock - is business facing a liability crisis?” warned that businesses could be facing a future liability crisis if they do not face up to growing litigation issues. The report revealed that over half of all business leaders believe that a US-style compensation culture is spreading in Europe and Asia.

Lord Levene, Chairman of Lloyd’s said at the time: “Litigation is a leveller of modern businesses. No matter what their size, location or industry, all businesses are facing increasing liability risks. Product recalls are now a daily occurrence, rising 50% in Europe alone in the last year. Shareholder activism is on the rise and a complex operating environment and new legislation serves to increase risks further.”

Liability risk engineering

Set against such a background, it is not surprising that risk engineering has moved into the liability arena. Liability risk engineering is a developing area, or as it was described in the title of a workshop at this year’s AIRMIC Conference, “A Rapidly Evolving Tool”. In the workshop, Paul Goulding, insurance and risk manager, News International, explained that he did not need just another compliance tool - what he was looking for was a tool that would have an impact on claims and premiums, would review new types of incident, and control incidents and hence losses, as well as providing the experience of a risk engineer.

In the same AIRMIC workshop, Greg Jones, risk engineer, AXA Corporate Solutions UK, said that while legislation can be seen as the ‘stick’, good liability risk engineering should be seen as the ‘carrot’. He said that the benefits of risk engineering are that reduced losses will save clients money, for example, with losses below the deductible, and the time and effort dealing with claims. He explained that it also creates a true picture of the quality of the risk, is not based on previous loss history, and credits improvements made by the insured, as well as helping to build a relationship between insurer and client.

Liability risk engineering is not yet a standard service or product, according to Anne Barr of France-based LREM Conseil, a specialist consultant in liability risk engineering. She says that for some, it may be the assessment and prevention of legal and contractual risks, for others, the assessment and prevention of operational risks with potential impact on third parties such as hazardous process, health and safety, product or environmental risks. “I see it as an in-depth analysis and grading of all those components, aiming at underlining key exposures and suggesting mitigation solutions where most needed,” she says.

She goes on to explain the structured approach that is required for the identification, analysis and evaluation of the risks. “The approach I suggest relies on the determination of a ‘pure risk’ profile, combining all parameters specific to the company, its products, clients, markets, work organization, and premises, in order to grade exposures in product, public, employer’s or environmental liability.”

She continues, “The grading scale is adapted to the company risk frequency/severity criteria. Once the profile is established, then liability risk controls are listed, graded, and compared to the exposure levels. For product risks, for example, such aspects as claims management, regulatory watch, traceability, recall, purchasing/sales contracts and quality management are analysed and graded.”

Prevention not cure

One of the problems on the liability side, that risk engineering seeks to deal with, is that there has been more of a focus in the past on dealing with liability claims through strong litigation defence rather than on the prevention of such claims. In other words, a failure to focus on prevention rather than cure.

“I believe the focus has been more in the past on claims than on their prevention,” says Barr. “There seems to be, however, a growing interest in liability risks prevention, probably due to a combination of factors including the legal and economical context, increased reporting requirements, and links between liability and image/reputation risks.”

McConnell agrees: “The central issue in preventing claims is being committed to sponsoring organisational change - a difficult issue not embraced by the majority of risk management professionals.”

With the increasing risk of litigation around the world, and especially in the US, there is clearly a growing need for coordinated liability risk management programmes, but is this recognised by risk managers? “Absolutely – yes, it’s recognised by risk managers, but the issue is how do I effectively implement and coordinate a global best practices system?” says McConnell. “The answer is to streamline risk criteria, so that organisations will be able to make better informed decisions with regards to compliance with organisation-wide standards, loss potential and image and reputation.”

Liabilities have always been there, says Argyros-Farrell, “but we are becoming more aware of liabilities as people and businesses. If you manage out risk then you manage out liabilities. On the retail side, for example, clients are very keen on prevention because a lot of their claims come from slips, trips and falls, or people personally trying to find fault. So they are trying hard to prevent claims.”

Barr explains that, for companies with product risks, for example, liability risk engineering can add value “by making sure critical suppliers and/or subcontractors are identified, that insurance and indemnity clauses on purchasing contracts are adapted to corresponding risks, and that adequate selection and control procedures, notably on traceability systems, are in place.”

With the growing number of liabilities, and the increasingly litigious society, risk engineering’s move into the liability arena is both timely and necessary, and ultimately, will prove to be highly cost-effective.