Making the Most out of a Crisis

CALGARY, ALBERTA, CANADA—Suppose your company experiences a major hurricane, tornado or fire: Property is destroyed and your business is stalled, meaning customers are left waiting. But there are buildings to be rebuilt and equipment to be replaced, and the claims process hasn’t even started. This is when the risk manager’s skills at placing the company’s insurance coverage and negotiating for the best payout can not only demonstrate their true value, but can put the company back on course, according to experts here at RIMS Canada’s annual conference.

“When there’s a serious property loss, this is the time for the risk manager to shine, because up until then it’s about premium, premium, premium,” Tom Parsons, manager of risk management at Fairmont Raffles Hotels International in Toronto said during a RIMS Canada Conference session. “Up until a serious loss occurs, I don’t think you feel the impact that you can give back to the company. Because what we do is buy insurance, so it has to work. It is what you helped craft and build into your policy through the years. You have created a policy that is robust, and that is going to cover everything—you hope.”

Among the examples cited was a soft drink bottling plant flooded with eight feet of water following a hurricane. While the company’s high-speed bottling equipment was damaged and would need to be replaced, explained Jeffrey Phillips, managing director in PwC’s U.S. forensic advisory practice, the issue was that floodwaters were highly contaminated due to a number of chicken and hog farms in the area. As a result, the company determined that the building could not be used for any type of food processing and would need to be demolished. The insurer, however, argued that the walls could be sealed, containing any contaminants. The company had found a competitor to do some of the bottling, but it wasn’t enough to fill their orders, Phillips said.

Because delivery of the new bottling equipment was slated to take months, there was also a large business interruption period being covered, he said. This is when innovation came into play. The bottling company was able to show the insurer that buying another plant rather than rebuilding would put them back in business sooner, cutting back on their losses. The insurer agreed and sent them a check. As a result, the company purchased a larger facility in a better location.

“They were up and running in six months—the business interruption had stopped,” he said. The better location also meant reduced shipping costs and the company gained market share. Because the company was able to make the case to its insurer, both came out ahead in the long run.

Phillips recommended that companies negotiating after a crisis “communicate, communicate, communicate” with their insurers.

They should also get their insurers to sign off on major contracts such as scope of work, rates and overhead and discuss changes to operations or facilities with the adjustment team and agree on scope of property damage repair or replacement whenever possible.

Insurers will typically push to return the facility to pre-loss condition, “unless you can prove the changes will save them money,” he added. “Insurers will not be creative for you, they don’t know your business or your goals.”

Wildfires a Reminder to Update Disaster Preparedness Plans

Raging across the country, threatening businesses and residences alike, wildfires are a reality, burning a reported 1.9 million acres in the U.S. so far this year. West of Santa Barbara, firefighters have battled an intense fire for almost a week. Wildfires are also burning in Arizona and New Mexico. In Canada, the Fort McMurray blaze burned for weeks and scorched some 2,400 square miles of land—more than 1.4 million acres. In five of the past 10 years, in fact, wildfires have ranked among the top 20 worldwide loss events.

Interstate2

Companies that haven’t already done so may want to assess the impact such a disaster could have on their business as well as what actions can be taken to mitigate damage. While most businesses believe they are prepared for a fire, especially if their building is equipped with fire alarms, fire extinguishers, smoke detectors and an evacuation plan, these measures may not be enough when stress and confusion take over, according to Interstate.

Organizations could face utility interruption, impacting gas and phone syDocument recovery3stems; they may have flooding from sprinklers, which, mixed with soot, can cause other complications; there may be smoke damage, which can by carried throughout a building through air conditioning systems; and there can be chemical residue from fire suppression systems.

There also may be asbestos hazards from older building materials, ceiling and floor tiles and pipe insulation.

Planning ahead for data loss resulting from damaged computers and burned paper documents is also advised.

Interstate lists four questions companies need to ask in advance of such a disaster:
Interstate 1

Building a Better Continuity Plan for Hurricane Season

According to the Federal Emergency Management Agency, 40% of businesses do not reopen after a disaster and another 25% fail within one year. As September is not only the beginning of hurricane season, but also National Preparedness Month, the Insurance Information Institute and the Insurance Institute for Business & Home Safety have released a new infographic highlighting some of the crucial steps businesses should be taking to fortify against natural disasters.

“Businesses that plan for a disaster have the best chance of surviving, and that starts with identifying the potential risks,” said Loretta Worters, a vice president with the I.I.I. “Large businesses have risk managers, but small business owners have to be their own risk managers and, working with their insurance professional, determine the right type and amount of insurance to be able to recover from a disaster.”

“It is also critical for small business owners to create and/or update their business continuity plan and work with employees so they are prepared for the potential effects of a disaster,” said Gail Moraton, business resiliency manager at IBHS. “Taking time to do this now will save money and time later.”

hurricane preparedness business continuity

Risk Management and Business Continuity: Improving Business Resiliency

Preparing for and responding to negative events, from the mundane to the catastrophic, from the predictable to the unforeseen, has become a fact of life for businesses and governments around the world. We don’t have to look any further than the seemingly daily reports of cyberattacks on governments, corporations and individuals to comprehend the severity of the problem.

Tackling these risks requires an integrated and holistic framework with the capability to identify, evaluate and adequately define responses to the circumstances. For more and more organizations, this means adapting an enterprise risk management (ERM) model. ERM seeks to identify all threats—including financial, strategic, personnel, market, technology, legal, compliance, geopolitical and environmental—that would adversely affect an organization. This holistic approach gives organizations a better framework for mitigating risk while advancing their goals and opportunities in the face of business threats. But in order to implement and continuously manage this enterprise-wide model there is a critical need for closer integration of two typically distinct roles within the organization—business continuity management (BCM) and risk management. Together, these two vital elements make up a robust ERM plan and have a tremendous impact on an organization’s ability to contend with interruptions to the execution of organizational activities.

Put in the simplest terms, risk management is concerned with minimizing the probability of and destruction caused by negative events. Operational risk management, as the name implies, must cope with interruptions at the operational level. Recognizing that there are inherent imperfections in systems, people, facilities and general operational functions, the essence of operational risk management is to negate or reduce the probability of an incident occurring. Focusing upon incident-specific, site-specific analysis of potential causes of interruptions, risk managers seek to preclude incidents from occurring. If elimination of the risk is not possible, the focus moves to minimizing the results of the negative event.

For example, suppression systems reduce the risk of operational disruption caused by fire damage. Redundant equipment decreases the possibility of operational interruption resulting from machine breakdown and redundant communications help maintain connectivity. By analyzing past events and examining known hazards (defined flood plains, hurricane-prone areas, construction sites, earthquake areas and terrorism-prone areas) operational risk management seeks to avoid the occurrence of negative destructive events.

But creating strategies to minimize the probability that an event will impact an organization certainly will not prevent the incident from taking place. No degree of preparation can stop a tornado, tsunami or other massively destructive event. So understanding that every incident is not preventable, our other line of defense is to minimize the impact. That’s where BCM comes in. BCM is concerned with minimizing the impact upon the entity after an event occurs and restoring the organization to its normal operations and delivery of products and services as quickly and safely as possible. In short, BCM helps maintain the viability of an entity under duress.

Because it is event-neutral, BCM is able to categorize effects into four distinct categories:

  • Effects on facilities, making them inaccessible or unusable
  • Effects on operational capability, such as supply chain interruptions, processing errors or staff unavailability
  • Effects on technology
  • Effects on the organization itself, ranging from financial problems to intellectual property rights.

When an event inevitably does occur, the optimal goal is to make any business interruptions imperceptible to those outside the affected organization. Here’s an example of how risk management and business continuity management, working together, enabled an organization to achieve that goal:

One of the world’s most important foreign exchange dealers realized that, as an occupant of a high rise building, it could not control the consequences of all incidents that might impact its ability to service its customers, which were some of the largest financial institutions in the world. A review by the company’s risk manager determined that there was a likelihood of an interruption in service as a result of construction work in the surrounding area. To reduce the risk, it was recommended that they install redundant lines and route them through alternative conduits into the building. So they undertook building redundancy in their telecom network. In addition, the risk of server failure was similarly high and so mirroring was implemented to duplicate all transactions and ensure that no data would be lost in the event of a failure of the building’s infrastructure.

Despite all the precautions to reduce risk, what risk management couldn’t control was an East Coast blackout that terminated power to its operation. Recognizing the impact that a loss of power could have, including the loss of use of the facility, the business continuity professional determined that a robust contingency plan was required.

The business continuity plan included a strategy that automatically forwarded incoming calls to another facility outside the U.S. and also provided connectivity to its back-up technology center. When the blackout hit, the business continuity plan worked exactly as tested. Phones were switched, systems were accessible and, best of all, customers never knew the difference. The company was actually more prepared than many of its customers who failed to provide similar capabilities and had to cease trading.

The combination of risk management and business continuity provides the level of resiliency that most organizations must achieve in light of the uncertainty that exists today. The blend will reduce uncertainty and promote a more stable operating environment.