Category Archives: Risk Management magazine

Immediate Vault Immediate Access

Q&A: 2019 Risk Manager of the Year Luke Figora

Posted on by

Luke Figora, senior associate vice president and chief risk and compliance officer at Northwestern University, was named the RIMS 2019 Risk Manager of the Year today.

With annual revenues of approximately $2.5 billion (reported in 2018) and nearly $700 million in sponsored research annually, Northwestern is among the country’s leading research universities. Figora has risen quickly through the ranks at Northwestern, where his enterprise risk management (ERM) framework has elevated its risk culture across three campuses—two in Illinois and one in Qatar.

Figora spoke with Risk Management Monitor about his experience as one of the youngest stakeholders among Northwestern’s leadership, his process of customizing an ERM matrix and his reaction to the recent college admissions scandal.

Risk Management Monitor: You and your department created an ERM matrix in the past year that united Northwestern’s compliance owners and that may even set a precedent in higher education. What went into its creation?

Luke Figora: We spent a lot of time defining risk appetite statements and tried to make our program a little more outcome-based and actually show how we’re moving the needle on uncertain key risks for Northwestern. And we avoided spending too much time aligning perfectly to one of the ERM frameworks like COSO or ISO. So I think if someone looked at our program from the outside, it might not check all the boxes from a typical model perspective, but it’s driving action here at Northwestern and it seems to be the right level for engagement with our stakeholders.

I think one of the biggest challenges for ERM at Northwestern—and maybe this is true across the industry—is that we don’t necessarily have one strategy right now. We have some pillars and values that Northwestern follows, but we’re ultimately a very decentralized institution that has a number of schools, and a number of units in each one of those have slightly different objectives and goals.

RMM: It seems that there is a degree of transparency, but not full transparency.

LF: Right. For example, athletics and the School of Medicine have very different risk profiles and neither one of them should know the other’s risks or operations. And it would be hard for someone in athletics to speak about the risks of animal research within the School of Medicine. I think that’s where our risk office plays a role in right-sizing the expectations and taking the feedback from all the units, but trying to do some triage through that.

RMM: Many of your colleagues are several years your senior—how has that impacted your work?

LF: I am probably the youngest person on the leadership team across the institution, but it has probably been beneficial. I have tried to bring different ideas and update the ways in which we think about risk. I’m not jaded by the insurance industry, and I think people are receptive because of that.

RMM: Since arriving at Northwestern nearly five years ago, you moved up the ranks relatively quickly, although you’ve maintained that was not your goal. How would you advise young risk professionals as they get their feet wet?  

LF: I think all of us at early stages in our careers can’t wait to be a manager and want that vertical growth and the chance to lead a team, but the bigger driving factor for me has been horizontal growth and expanding the portfolio. After that, I believe the other opportunities will come. That is a belief I try to hammer home in my work and when I make industry presentations.

RMM: The college admissions system is a hot topic due to the major scandal that broke in March. How might that have affected where the admissions process is on Northwestern’s risk register?

LF: Last year at this time, fraud in the admissions cycle wouldn’t have been one of our top 10 enterprise risks. But when things like this break, there is a tendency to go into reaction mode and examine whether we have similar issues. I always try to keep people level-headed and remind them that just because this hit doesn’t mean it moves to number one on our crisis management list for the year. It is worth doing a deep dive into the question or topic that’s in the news, but whenever scandals hit, I think we’ve tried to approach them with a rational view.

RMM: It sounds like the knee-jerk reaction is to go into crisis communication mode, even though it’s not your crisis.

LF: We know we’re going to get questions from our trustees, so there’s an initial all-hands-on-deck mentality. You have to make sure you have talking points that outline how we’ve thought about it because we know we’re going to get questions from the media. We do focus on crisis communications, but it becomes more about knowing if we have the right controls that could protect the institution from something like this happening to us.  

Figora was also the special guest on this week’s RIMScast, which you can download here.

Delta Places Age and Time Limits for Support Animal Travel

Posted on by

Travelers might flock to, or flee Delta Airlines, depending on how they feel about emotional support and service animals. The company announced two risk management provisions as changes to its service and support animal policy with regard to the ages of the animals as well as flight durations:

  • Effective Dec. 18, 2018: Service and support animals under four months of age are not allowed on any flight due to rabies vaccination requirements. Additionally, emotional support animals are no longer allowed to be booked on flights longer than eight hours.  If you purchased your ticket prior to Dec. 18 and have requested to travel with an emotional support animal, it will be OK to travel as originally ticketed.
  • Effective Feb. 1, 2019:  For customers originating travel on or after Feb. 1, 2019, Emotional support animals will not be accepted on flights longer than eight hours after regardless of booking date.

These announcements follow the July notice that the airline would only allow one emotional support animal per customer and that it would no longer allow pit bulls.

The Los Angeles Times reported that passengers who had asked to bring a support animal on a long flight and bought their ticket before Dec. 18 will be allowed to fly with the animal until Feb. 1.

Delta’s policy says passengers who want to travel with support or service animals must comply with the U.

buy sildalis online www.nicaweb.com/images/layout1/gif/sildalis.html no prescription pharmacy

S. Department of Agriculture rule that pets be at least 8 weeks old and fully weaned before they can fly. Whether other airlines and transportation companies follow Delta’s policy pattern remains to be seen.

buy stendra online www.nicaweb.com/images/layout1/gif/stendra.html no prescription pharmacy

Service v. Support

In April, Risk Management magazine discussed the risks associated with assistance animals on flights and in businesses. While most people are more sympathetic to the need for a seeing-eye dog, the concept of emotional support animals, by contrast, is still relatively new and possibly dangerous.

buy lariam online www.nicaweb.com/images/layout1/gif/lariam.html no prescription pharmacy

“This can cast reasonable doubt on claims about the need for an assistance animal, particularly with the ‘alternative’ animals like pigs, rabbits and ducks that have drawn notable media attention,” Risk Management reported.

The Americans with Disabilities Act (ADA) defines service animals as “any dog that is individually trained to do work or perform tasks for the benefit of an individual with a disability, including a physical, sensory, psychiatric, intellectual, or other mental disability.”

Furthermore, “the work performed by a service animal must be directly related to the individual’s disability, such as guide or Seeing Eye dogs…”

Psychiatric service animals are not the same as emotional support or comfort animals, which are not considered service animals under the ADA. Delta also hosts a resource page that explains the difference between trained service animals and emotional support or psychiatric service animals:

On Delta flights, service and support animals are expected to be seated in the floor space below a passenger’s seat or seated in a passenger’s lap. Service and support animals and their associated items travel for free. The size of the animal must not exceed the “footprint” of the passenger’s seat.

Former NSA Director Talks Cybersecurity, Insurance at Advisen Conference

Posted on by

NEW YORK—Advisen’s Cyber Risk Insights Conference, held during Cyber Week, featured risk management professionals and more than 18 panels and sessions on Oct. 25. The keynote was delivered by Adm.

buy apixaban online achievephysiorehab.ca/wp-content/uploads/2023/10/jpg/apixaban.html no prescription pharmacy

Michael S. Rogers, former Navy commander of U.S. Cyber Command and Director of the National Security Agency (NSA), under the administrations of  Presidents Obama and Trump. Rogers discussed rising cyber threats and offered advice to providers and consumers as they assess their cyber insurance policies.

“For insurers, you need to be prepared, because the list of actors is growing and the threat is growing,” Rogers said. “Don’t build on a strategy [where you believe] things are getting better.”

He also put a particular spotlight on the fact that there is no universally accepted guideline for cyber threats when considering acts of war. Cyber, he said, differs from traditional triggers because there’s typically no physical injury or loss of life.

“You have these wholly different international views, because nation-states in western democracies do not have ownership of the web,” he said. “They do not control their citizens and control the flow of data,” as opposed to countries with greater control of information.

buy bactroban online achievephysiorehab.ca/wp-content/uploads/2023/10/jpg/bactroban.html no prescription pharmacy

“Because you have these broad, polar views it’s been difficult at times, on an international level, to get a consensus on what a framework be like to set a cybersecurity standard,” which Rogers added, could help define how a cyber attack might be considered an act of warfare.

buy strattera online achievephysiorehab.ca/wp-content/uploads/2023/10/jpg/strattera.html no prescription pharmacy

He proposed an approach that could start nations on a path to a universally accepted guideline: “Can get we get a smaller subset of issues to coalesce around a core group of principles, start small, and build from there? I think we’ll have success that way.”

Rogers noted that he is a proponent and believes incentivization may be the key to keeping businesses safer and maintaining lower premiums, using features of the automotive industry as an example.

“Automatic brakes and safer vehicles, for example, were an incentive for the buyer and the seller,” he said. “Production and consumption were all incentivized to make better decisions. I don’t know if it will work [with cyber insurance]. It’s all about risk.”

Rogers’ insight dovetailed along with the new information from the eighth annual Advisen cyber survey that Zurich Insurance released at the opening of the conference.

The percentage of companies that purchase cyber insurance, either via stand-alone policies or endorsements, has increased 40 points since 2011. This year’s results show a 10% increase from 2017, the largest year-over-year increase since its inception.

“Cyberrisks continue to change and businesses continue to look for ways to protect themselves from those risks,” said Paul Horgan, head of North America Commercial Insurance for Zurich North America. “These survey results provide a critical snapshot of the attitudes, concerns and actions of risk managers. It is our responsibility to respond to their needs and concerns with innovative services and solutions.”

Survey results show the two most influential factors driving cyber insurance purchases in the past year:

  • regulatory changes such as the European Union’s (EU) General Data Protection Regulation (GDPR), and
  • business continuity risks such as the Dyn distributed denial of servicer (DDoS) attack, WannaCry and NotPetya events. These caused significant losses to businesses around the world, shutting down network systems and in many cases slowing or actually halting business operations.

The Advisen data reflects a stark contrast to the feedback from last year’s survey, which found that just 10% of respondents identified business interruption as the primary reason for purchasing cyber insurance and that purchase growth had gone stagnant after a steady six-year increase from 35% to 65%.

These factors were two of the top emerging cyberrisks identified by Risk Management magazine in early 2018.

Jacksonville Murders Force Reassessment of Active Shooter Risks

Posted on by

A mass shooting at a video game tournament in Jacksonville, Florida on Sunday has once again shined a spotlight on the growing risks businesses face even as they conduct normal operations.

A lone shooter, 24-year-old David Katz, opened fire on football video gamers at a pizza restaurant, killing two and injuring at least nine before turning the gun on himself in an adjacent restaurant. Reports indicate that Katz was allegedly upset at being eliminated from the tournament. One of the deceased victims was a player who defeated Katz in a prior tournament, leading investigators to believe there had been a motive for the shooting. 

The effect of mass shootings has left Florida numb, especially since this follows the Feb. 14 massacre at Marjory Stoneman Douglas High School in Parkland, which left 17 dead and 17 injured; and the Pulse Nightclub shooting in Orlando in 2016, leaving 49 dead and 53 injured. These tragedies demonstrate that no business or venue should consider itself inherently safe and serve as reminders to risk professionals in all sectors that their organizations could be vulnerable to a mass shooting.

Public Safety
The shooting was unique in that it occurred during a live broadcast of the football gaming tournament. Gunshots were clearly audible as players delivered commentary during their simulated contests, prompting them to take cover and call the police, who responded minutes after receiving the first call.  

The incident marked the 235th mass shooting in the U.S., according to the Gun Violence Archive, an organization that collects information about gun-related violence in the country. The FBI and the United States’ Congressional Research Service consider a mass shooting to be one that injures at least four people, excluding the shooter.

In light of this increasingly commonplace threat, understanding how to respond to an active shooter situation can mean the difference between life and death. The U.S. Department of Homeland Security has provided the Run.Hide.Fight plan for guidance in what to do in an active shooter scenario.

Mental Health
As more information about Katz emerges, the links between gun violence, mental health and public safety in the United States become more evident.

CNN reported that Katz had a history of mental health issues and legally purchased a 9mm handgun and a .45-caliber handgun in Maryland. How he transported the weapons and ammunition across state lines and into the event are details still being investigated.

CNN also obtained police records that show 26 calls to the police from the Katz family home in Columbia, Maryland, from 1993 to 2009, for issues ranging from “mental illness” to domestic disputes. At least two of those calls involved Katz arguing with his mother, although none of the reports provided to CNN indicate any physical violence.

Since 2013, residents in Maryland must obtain a handgun qualification license from the state police before purchasing a pistol or revolver. That means Katz would have submitted his fingerprints, undergone a background check (which includes disqualifying individuals who were voluntarily or involuntarily hospitalized for more than 30 days), and passed a firearms safety training course to buy those guns. This scenario has been met with wide skepticism. And since some of his documented mental health issues may have occurred before the gun laws were revised, the disqualifications may not have applied to Katz.

“That clearly is an area in need of reform,” said Democratic Sen. Robert Zirkin, who chairs a Senate committee that handles gun laws.

Insurance
Risk Management magazine recently reported that companies may not be aware of potential gaps in their coverage or that the limits of their coverage, when considering active shooter incidents, are insufficient.

“You might have property coverage, but you might not have assessed your properties in specific locations against this type of risk,” said Robert Hartwig, clinical associate professor of finance and co-director of the Risk and Uncertainty Management Center at the University of South Carolina’s Darla Moore School of Business.“You almost certainly would not have crisis management under your ordinary property or liability policy. So these represent gaps that, as a risk manager, you might be unaware of.”

Beyond property damage, it can be unclear what is covered after a shooting. For example it is difficult to establish the liability for allowing an assailant on a property. “Unfortunately, the increase in the number of active shooter situations has probably gotten ahead of the law on this issue,” Hartwig said. He added that a number of states do allow individuals to carry concealed weapons much, if not all, of the time. “So it’s not necessarily the case that, just by entering the premises with a weapon, individuals are violating the law. Therefore, a business is not necessarily negligent by allowing an armed individual to enter its premises.”