Aquisition Integration for Logistics and Cargo Insurance

chess-game
During my 36 years in the marine insurance industry, one of the most common issues has been failure to properly integrate acquisitions into cargo logistics insurance programs—which can result in gaps in cargo insurance coverage. Old habits die hard, however, and this is particularly true in logistics operations.

When an organization acquires a new company, there is a choice. The buyer can allow the acquisition to continue to operate independent of its logistics program (rarely is cargo insurance left independent) or fully integrate them into the buyer’s logistics and cargo insurance programs. The most common occurrence is full integration into the buyer’s logistics and cargo insurance programs for cost savings and continuity.

If the independent logistics option is chosen for the acquisition, it is still critical to perform a detailed gap analysis of the logistics SOPs (Standard Operating Procedures) used by the acquisition to assure their program does not present unique exposures not currently considered or addressed in the buyer’s program. The most objective and effective gap analysis should be performed by an outside consultant working with the buyer’s designated logistics representative.

A risk management representative is not required but may wish to attend. The consultant must have extensive experience in logistics audits as well as a clear understanding of implications of the terms and conditions of the cargo policy. This team will create a gap analysis report that details variances from best practices and the key drivers in the buyer’s logistics program that are critical to the marine cargo insurance program. This also allows the buyer’s cargo program to be adjusted for any unique requirements of coverage by the acquisition to assure there are no coverage gaps.

Importance of SOPs
It is worth a moment to address SOPs for logistics and security for shipping and storing goods in the due course of transit. Formal SOPs are critical to assure compliance, and proper measurement of compliance. SOPs also provide continuity of logistics’ programs so learned processes and shipping lane specific issues are not lost when there is a change in personnel.

In instances when the buyer decides for full integration, the process is much the same as described above for the independence option for logistics by the acquisition. The most important difference is that the gap analysis details the variances between the acquisition and the buyer’s logistics program SOPs and rates the findings into levels of importance for timely adoption; critical, second tier and third tier variances. The critical issues require adoption as soon as possible while the other variances can be corrected over the course of time.

It is important to complete a followup audit(s). If there are critical issues, a followup audit might be completed after the buyer has been advised that the critical variances have been finalized, to independently confirm compliance has been obtained if deemed appropriate. Regardless, a one-year audit is recommended to examine all the variances in the gap analysis to determine the level of compliance to correct all originally identified variances.

Again, old habits and processes die hard. You will often hear, “We always did it this way.” It is important during the gap analysis to integrate local issues required as needed, as long as it does not compromise the goal of the SOP. The integrations, especially acquired foreign companies, can be difficult, involving politics by other units of both companies outside of the logistics, security and risk management units. It is critical that senior management of both the buyer and the acquisition company have “full buy-in” on the integration process to overcome the political infighting that can develop.

The best analogy of this process would be a chess game—complex and variable with many moving, interrelated parts.

Creating a Risk Intelligent Organization

Many organizations spend time and effort building and developing robust risk mitigation frameworks and strategies to handle business-specific risks. In spite of constant monitoring through dashboards and reports, many companies still face major and unexpected issues. One of the main reasons for shortfalls in risk management is the general attitude towards risk mitigation. Although companies are well-prepared with an infrastructure in place, they often struggle when cultivating a sense of risk awareness, responsibility and intelligence into and across the fabric of an organization, which results in gaps and deficiencies.

Every organization realizes the significance of risk intelligence, but they frequently face issues in the initial stage of their transition. Developing a risk culture is frequently viewed as just a requirement to be fulfilled rather than something that adds value to an enterprise. Without a clear agenda, many companies find it impossible to cultivate risk-taking capabilities into its employee base.

Risk intelligence demands that every individual in an organization take responsibility for managing risks in the day-to-day operations. Senior management should assess the existing risk management strategy and gauge its effectiveness in alleviating risks as well as developing awareness throughout the organizational structure.

Factors Influencing Risk Culture

For a smooth journey in risk intelligence, the senior management has to be completely aware of the levers influencing risk-taking behavior of their employees. Some of the major factors that impact smart risk-taking decisions include talent management, training and education, qualification of staffs, incentives, leadership at the top of the organizational hierarchy, and the ability of an organization to take risk-based decisions.

To develop a risk-intelligent structure in business enterprises, organizations should perform a thorough assessment. This can be achieved by setting up objectives, conducting surveys and interviews, analyzing gaps, prioritizing actions, incorporating recommendations and keeping track of the effectiveness of the strategy. Comparing the existing culture against other influential factors such as governance, policies and procedures, competence, relationships, performance, and accountability will help the top management understand the current state of culture and the level of contribution of existing risk initiatives to create a positive impact on the business’s risk culture.

Conducting gap analysis around the influential factors will offer a better understanding of what needs improvement. To create an effective risk culture and make it work successfully to the benefit of an organization, management should continuously improve it to fit the changing business objectives and requirements.

Strengthening Risk Culture through Technology

Leveraging technology to create a centralized framework for capturing risks and organizing data elements will strengthen the risk culture to a greater extent. A risk management framework should speak a common language that is well understood throughout the organization, including stakeholders. Developing a technically assisted risk management strategy will eliminate the most common challenges faced by an organization.

A centralized data model will aid in managing risks that may arise due to external and internal events. It will also give the organization a top-down view of the business goals, global risks and controls associated with it.  A common risk environment enables effective monitoring and reporting of the gaps and risks using heat maps, dashboards, and charts. This will enhance the organization’s risk intelligence by providing real-time visibility into scores, its risk appetite, as well as limitations towards risks.

Risk and security officers will be able to get a better picture through trend analysis and obtain useful insights. A flexible framework that is developed on the basis of industry standards will provide a strong foundation for risk intelligence and aid in timely capture and categorizing of risks and initiate appropriate corrective actions.

Key Elements of a Risk Intelligent Organization

  • A risk intelligent organization follows a unified and standardized risk framework that speaks the same language across the entire organization. A framework that follows a common language is easy to understand and helps mitigate risks in a timely manner, thereby driving value.
  • Successful creation of risk intelligence defines roles, responsibilities, and the hierarchy structure in an enterprise.
  • A centralized framework will also bolster support to business operations and a wide array of functions.
  • Creating risk intelligence will enhance performance and accountability.
  • A risk intelligent organization will be able to strike a perfect balance between risk and reward.
  • Risk intelligent architecture offers the executive management, board members, stakeholders, and audit committees the ability to effectively perform their duties by promoting a greater level of transparency. Executive management is assigned with the task of developing, incorporating, and maintaining a robust and efficient risk management strategy and improvise it on a regular basis it to fit the changing requirements.
  • Business units are obligated to monitor the performance of their respective units and their approaches to managing risks as specified by the risk management and independent assurance functions, as well as oversight from executive management.
  • In a risk intelligent organization, finance, legal, HR, and IT units offer support to the individual departments in the organization in their efforts to mitigate risks.

The role of the internal audit is assigned with providing independent and unbiased assurance to the senior management by assessing the efficiency of the risk management practices and finding ways to enhance those strategies.