Author Archives: Hilary Tuttle

About Hilary Tuttle

Hilary Tuttle is the managing editor of the Risk Management Monitor and Risk Management magazine.

RIMS ERM Conference 2021: A Case-Study Approach to “Solve Any DEI Issue in One Hour”

Posted on by

At today’s RIMS ERM Conference 2021, a hybrid event with in-person experiences in New York City and virtual content online, many of the presenters focused on the intersection of ERM (enterprise risk management) with other mission-critical three-letter topics, including ESG (environmental, social and governance) and DEI (diversity, equity and inclusion).

In one of the afternoon’s sessions, “Identify and Solve Any Organizational DEI Issue In One Hour,” presenter Layne Kertamus, professional in residence of risk management and insurance at Utah Valley University, explored “new ways to talk about what needs to be said, and what needs to be listened to.”

“Most organizations that I’m aware of have moved past the idea that they have to do something on [DEI] issues for our stakeholders—it has moved on to ‘We cannot afford to not have some real results in these arenas’ and that should be motivation enough, if we needed any motivation,” Kertamus said. “The issue will not go away and it will evolve. Hopefully we can find a way to make this not just a prompt for change, but a real asset.”

Kertamus noted the particular challenges of the “frozen middle” in implementing meaningful DEI initiatives. Middle management feels pressure from both above and below to take DEI action, and “may react to hearing these goals with concern or dread—for example, thinking ‘My status and opportunities may now be more limited than they were before.’”

With the “why” and other background largely established, Kertamus focused the session on one approach to the “how” of DEI-related change. While many DEI discussions start with general open forums and reminders about being respectful and open, he noted that some of these approaches may lead to inauthentic or surface-level outcomes. To really get into an authentic plan that gains acceptance, Kertamus said, “sometimes we need to create environments where we can talk the way we need to talk.”

He proposed that organizations adopt a case study method to facilitate some of these discussions, outlining the “one hour” from his session’s title:

  • With this method, a “case presenter” brings their concern, challenge or passion to present a large-scale DEI-related issue in the workplace that impacts other stakeholders. A facilitator should be selected and need not be an expert, but must bring an open mind and a willingness to enforce time limits. A group of “peer consultants” is then gathered from across the company, perhaps at different levels or in different departments.
    online pharmacy lexapro with best prices today in the USA

  • First, the group listens to a five minute presentation from the case presenter, and then spends 10 minutes asking fact-based questions directed through the facilitator.
    online pharmacy flomax with best prices today in the USA

    It is critical that the questions are directed and perhaps even pointed, but be focused on facts and not opinions or defenses.
    online pharmacy cozaar with best prices today in the USA

  • The largest segment of the process is a group diagnostic session, spending 20 minutes examining what, if anything, the presenter may have left out, may have ignored as a result of their own lived experience, or other gaps in the issue. It is critical not to jump to solutions in this phase—you may get “answers,” but the purpose here is true diagnosis.
  • The next 10 minutes should be spent on group action brainstorming, brainstorming solutions for the presenter, embracing all perspectives and bringing personal experience, values, and insight to the table. “Be willing to give the presenter bad news, if necessary,” Kertamus urged. For example, you may need to acknowledge that there is no solution, or that they missed a strategic opportunity along the way. The presenter should remain quiet and listen during this step.
  • Next, the presenter gets 10 minutes to respond to the discussion, speaking candidly and asking questions after listening to the group’s brainstorming session. “This can be a defensive time, they may feel beat up, but it can also be an opportunity for real connection, understanding, and for making agreements and commitments moving forward,” he said.
  • If agreements are made, one question is critical before adjourning: “When will you move forward using action steps recommended today?” This can be a critical moment in advancing concrete plans and changes in attitude or approach to DEI in the workplace.

While this approach can be used with a wide range of issues as the focus “case,” Kertamus noted it is particularly useful with “problems where someone cannot just use their authority to impose a change or solution,” for example, a leader who has tried to implement changes and build equity and inclusion as values in a department but keeps meeting resistance. “This is really for instances where you accept the mission of the organization and want to make it real or palpable, but cannot just impose it, you need to open other dialogues,” he said.

If you are not attending the RIMS ERM Conference 2021 live this week, “Identify and Solve Any Organizational DEI Issue In One Hour” and other sessions from the event will be available to stream online during the event or later on-demand.

Women in Risk: Advice for Advancing Female Risk Professionals Beyond Women’s History Month

Posted on by
women in business

“There are more and more courageous conversations happening in business about gender parity and barriers for women in business,” said Tina Gardiner, manager of risk management services for Regional Municipality of York, Canada, and member of the RIMS board of directors. “While women are still underrepresented at the executive level largely due to gender bias, I am pleased to see changes happening at a rate much faster than ever before.”

Indeed, significant challenges remain in gaining true equity and eliminating the gender gap in risk and insurance, but there are also more resources, momentum and mentors than ever before.

“One of the biggest barriers I faced as a young woman starting a career in risk management was operating in an environment where there wasn’t really the benefit of high-level female role models or mentors,” said Carrie Cannataro, senior vice president of client services at Gallagher Bassett, noting the dramatic evolution since she entered the space in the mid-’80s. As more women have earned senior leadership roles, female risk professionals are increasingly strengthening both the risk profession itself and the prospects of other women fighting for a seat at the table. As Cannataro noted, “We can only be successful if we immerse ourselves within a network of collaborative and positive influences.”

To that end, I recently put out a call on social media asking women in risk to share their best advice for others who are trying to advance in the risk profession and who identify as female. Originally, the goal was to celebrate Women’s History Month by spotlighting women in risk and insurance in March, and it has been wonderful to see initiatives to highlight and advocate for women across the industry for the past 31 days. Equity and excellence from half the population should span far more than a month, however.

In that spirit, here’s some of the valuable insight of women advancing risk management year-round, and their advice to fellow female risk professionals looking to advance their careers in risk:

“There are tremendous opportunities for women in risk management. However, to reach your potential and really excel in this field, women can’t be afraid to speak up. We must ask for the resources we need and seek out opportunities that might take us out of our comfort zones but that also offer a platform for us to share our knowledge and expertise.”
Kristen D. Peed, CPCU, RPLU, CRM, AIC, ARM-E, corporate director of risk management and insurance at CBIZ, Inc. and member of the RIMS board of directors

“In my experience I have found women in risk management are strong in their support and encouragement of each other through networking, mentoring, celebrating and sharing stories about career journeys. We need to keep investing in each other by pushing boundaries and comfort zones in the positions we apply for, the salary levels we expect, the credentials we earn and the workplace environment we demand. We need to actively engage in the socialization of gender equality, inclusivity, combating imposter syndrome and workplace flexibility for shared family responsibilities. The future we want and deserve is ours to create for each other.”
Tina Gardiner, B.Sc., CRM, CIP, manager of risk management services for the Regional Municipality of York

“I’m committed to supporting women in the workplace and believe it’s crucial that we pave the way for future generations. I’d offer the following advice: 1) Own your development and invest in yourself. 2) Establish a personal growth/career goals, including strategies and tactics on how to achieve them and timelines. Review regularly to monitor progress and celebrate wins. 3) Create a personal board of directors and mentors, and seek feedback from them. 4) Give back and gain valuable experience via joining a non-profit board. 5) Network, network, network.”
– Soraya Wright, RIMS-CRMP, vice president of strategic initiatives at RIMS, and founder and chief risk officer of SMW Risk Management Consulting LLC

“Women have been the cornerstone of this profession since its inception. I applaud all of those who came before us and laid a foundation for us to grow and succeed, as well as those inspiring women who are determined to leave their own mark on this profession. For women to succeed in risk management, we must support each other. We must create opportunities for others to demonstrate their knowledge and capabilities, achieve their goals and advance professionally.”
Penni L. Chambers, CPRM, CIC, CRM, ARM, vice president of risk management for Hillwood, a Perot Company, and member of the RIMS board of directors

“One of my biggest pieces of advice for women working in risk is that working hard by yourself is not the answer. We need to seek out relationships that inform and support our advancement. Whether it’s a mentor, coach or other professional network, there are plenty of ways we can seek help in defining rewarding and realistic career opportunities and put those opportunities within our reach.”
Carrie Cannataro, senior vice president of client services at Gallagher Bassett

“Persistence and communication. Not everyone hears information the same way. Think about your audience as you communicate fact-based information and gut instincts. If you’re not heard the first time, don’t give up! You may need to change your wording, timing, or examples in order to get your point across.”
– Katherine Gledhill, MBA, vice president of finance and accounting at RIMS and CFO of Spencer Educational Foundation

“Growth and comfort do not always happen at the same time. You have to get comfortable doing things that are out of your comfort zone. This is where you’ll really grow, when you challenge yourself beyond what you think is possible. As women, we must build each other up and constantly look for ways to learn from and support one another. I’d also strongly encourage women to consistently assess their values and take the time to prioritize them throughout their careers. This will lead to sustainable happiness and success in both your personal and professional life.”
– Grace Grant, executive director at Gamma Iota Sigma

“Pick an area that interests you and become an expert. Being an expert takes time, but once you have this knowledge, no one can take it away. You must always continue to learn and expand your knowledge base. A solid foundation will support and allow you to take chances that a generalist cannot. You can gain this expertise by moving within one company/industry, one line of business, or geographically—just be clear on what your focus is. Women are often undermined or challenged on technical issues. However, if you have developed the needed expertise, you are more likely to challenge confidently with fact and figures. As you build your career, you will learn that people trust and respect experts, as experts understand their business better and can predict trends and drive the business more effectively.”
Ciara Brady, global head of liability for Allianz Global Corporate & Specialty

Preparing for the Next Stage of the COVID-19 Pandemic at RIMS Content Roundtable

Posted on by

In last week’s “RIMS Content Roundtable: COVID-19 Vaccines and Distribution,” a group of RIMS members gathered for an exclusive Q&A with Dr. Adrian Hyzler, chief medical officer at Healix International, who focused on progress with COVID-19 vaccination efforts and moving toward a “next phase” of the pandemic.

“Where we’re headed is: this pandemic will end—all pandemics end—but it doesn’t end all of a sudden, it goes out with a whimper…it sort of just seeps away at different rates around the world,” Hyzler said, noting the rates of vaccination and controls implemented country by country will curb the coronavirus at different paces. “But it’s now going to be an endemic disease, meaning it’s something we live with. We’re not going to get rid of this disease.”

He believes recognition among public health experts that COVID-19 will become endemic rather than be eradicated prompts new conversations about expectations and preparations around the world.

“The new dialogue is: what is the acceptable level of COVID and what is the acceptable level of deaths from COVID? Because COVID is a respiratory disease and people die of respiratory diseases every year, especially in winter. That’s something we live with,” Hyzler said. “We’re going to have to get to a point where there are going to be people who die from COVID every year, but they’re not going to overrun hospitals, and they’re not going to affect care of other diseases.”

Getting to the stage of “a disease we live with” requires mass vaccination, and he stressed the importance of the widespread effort to encourage people to get COVID vaccines as soon as possible. Scientists are not yet sure what percentage of the population will need to be fully vaccinated to control the pandemic sufficiently and, he said, “that’s vaccinated across the whole population evenly, and that’s not the case—we know there are communities where they are vaccine-hesitant, we know there are religious groups that are not as confident about the vaccine, and they tend to cluster, so those are always ready for outbreaks.”

Rather than discuss the sometimes controversial or scientifically debatable concept of “herd immunity,” Hyzler encouraged thinking about “community immunity.”

“‘Community immunity’ is good because it’s more about what we can do for each other,” he explained. “Getting vaccinated, for a 28-year-old, is not necessarily about that person, it’s about what it can do for the community—the older people, the people who have preexisting conditions that make them vulnerable.”

This kind of community orientation and widespread adherence to best practices will be critical in getting to any next phase of the pandemic, and to staying there. Reflecting on his experience of the acute lockdowns implemented in the U.K., for example, Hyzler stressed the lessons learned about the impact of mass adherence to mitigation and prevention measures. “Even with the variant that’s come out here that is very transmissible and has become common in the States, we’ve shown that non-pharmaceutical interventions—which are masks, distancing, isolation, hygiene—they work,” he said.

Many of these non-pharmaceutical interventions will not be going away any time soon—indeed, they may be just as critical moving forward. Hyzler predicted, “I think, into next year, we may still be wearing masks in many situations and there may be a great move to more things outdoors, since we know how much safer that is, and I think we’ll have learned a lot of things from this… Hopefully we’ll also be more ready for something that will happen again.”

As the world moves toward mass vaccination to help curb COVID-19, companies should be preparing for the next stage of the pandemic and creating detailed plans for safely returning to work. To that end, Hyzler noted some large private companies have publicly offered resources to help other enterprises protect employees and operations amid the pandemic and prepare for a return to workplaces.

For example, Ford has published two versions of a “Return to Work Playbook,” one for manufacturing and another for non-manufacturing companies. According to Ford, in addition to providing these documents to employees, “the company is also providing a copy to its suppliers, business partners and relevant third parties to ensure they are all aware of its health and safety practices when they are on site at Ford facilities or are interacting with Ford personnel.” Companies outside of Ford’s supply chain can also benefit, however.

“Add in some CDC advice, and look at what people [around you] are doing, because there are little things you can do that are very specific to your area or your workforce,” Hyzler recommended. “Then, take the information [from the playbook] that’s useful and mold it into a mini version of a playbook, if you’re a smaller company.”

In addition to the Ford playbooks Hyzler mentioned, check out these publicly available resources from the private and public sectors that may offer help in managing COVID-19 risks and creating a return-to-work plan for your enterprise:

Ford’s Return to Work Manufacturing Playbook [PDF]
Ford’s Return to Work Non-Manufacturing Playbook [PDF]
IBM’s Return to Workplace Playbook [PDF]
Kaiser Permanente’s COVID-19 Return to Work Playbook
CDC’s Guidance for Businesses and Employers Responding to Coronavirus Disease 2019 (COVID-19)
CDC’s “Daily Activities” Guide for Returning to Work
OSHA’s Protecting Workers: Guidance on Mitigating and Preventing the Spread of COVID-19 in the Workplace

Participants in the roundtable event were able to debrief with fellow risk professionals in breakout rooms, sharing impressions from the session and experience addressing related risks within their own organizations. For more opportunities to discuss return-to-work plans, vaccine considerations and other COVID-related risks with other risk professionals, all RIMS members can continue the conversation on Opis, the society’s community engagement and networking platform. Among almost 200 education sessions, the upcoming RIMS Live 2021 virtual conference will also offer dozens of COVID-related education and networking events from April 19 to 30, and registration is now open. To hear more insights directly from Dr. Hyzler, you can check out his appearances on the RIMScast podcast.

On Data Privacy Day, Catch Up on These Critical Risk Management and Data Security Issues

Posted on by

Happy Data Privacy Day! Whether it is cyberrisk, regulatory risk or reputation risk, data privacy is increasingly intertwined with some of the most critical challenges risk professionals face every day, and ensuring security and compliance of data assets is a make or break for businesses.

buy prevacid online www.soundviewmed.com/wp-content/uploads/2023/10/jpg/prevacid.html no prescription pharmacy

In Cisco’s new 2021 Data Privacy Benchmark Report, 74% of the 4,400 security professionals surveyed saw a direct correlation between privacy investments and the ability to mitigate security losses. The current climate is also casting more of a spotlight on privacy work, with 60% of organizations reporting they were not prepared for the privacy and security requirements to manage risks with the shift to remote work and 93% turning to privacy teams to help navigate these pandemic-related challenges. Amid COVID-19 response, headline-making data breaches and worldwide regulatory activity, data privacy is also a critical competency area for risk professionals in executive leadership and board roles, with 90% of organizations now asking for reporting on privacy metrics to their C-suites and boards.

“Privacy has come of age—recognized as a fundamental human right and rising to a mission-critical priority for executive management,” according to Harvey Jang, vice president and chief privacy officer at Cisco. “And with the accelerated move to work from anywhere, privacy has taken on greater importance in driving digitization, corporate resiliency, agility, and innovation.”

In honor of Data Privacy Day, check out some of Risk Management’s recent coverage of data privacy and data security:

CPRA and the Evolution of Data Compliance Risks

Also known as Proposition 24, the new California Privacy Rights Act (CPRA) aims to enhance consumer privacy protections by clarifying and building on the expectations and obligations of the California Consumer Privacy Act (CCPA).

Frameworks for Data Privacy Compliance

As new privacy regulations are introduced, organizations that conduct business and have employees in different states and countries are subject to an increasing number of privacy laws, making the task of maintaining compliance more complex. While these laws require organizations to administer reasonable security implementations, they do not outline what specific actions should be taken. Proven security frameworks like Center for Internet Security (CIS) Top 20, HITRUST CSF, and the National Institute of Standards and Technology (NIST) Framework can provide guidance.

Protecting Privacy by Minimizing Data

New obligations under data privacy regulation in the United States and Europe require organizations not only to rein in data collection practices, but also to reduce the data already held. Furthering this imperative, over-retention of records or other information can lead to increased fines in the case of a data breach.

buy ocuflox online www.soundviewmed.com/wp-content/uploads/2023/10/jpg/ocuflox.html no prescription pharmacy

As a result, organizations are moving away from the practice of collecting all the data they can toward a model of “if you can’t protect it, don’t collect it.”

3 Tips for Protecting Remote Employees’ Data

As COVID-19 continues to force many employees to work from home, companies must take precautions to protect sensitive data from new cyberattack vulnerabilities. That means establishing organization-wide data-security policies that take remote workers into account and inform them of the risks and how to avoid them. These three tips can help keep your organization’s data safe during the work-from-home era.

What to Do After the EU-US Privacy Shield Ruling

It was previously thought that the EU-US Privacy Shield aligned with the EU’s General Data Protection Regulation (GDPR), but following the CJEU’s recent ruling, the Privacy Shield no longer provides a mechanism for legitimizing cross-border data flows to the United States. This has far-reaching consequences for all organizations that currently rely on it. In light of the new ruling, risk professionals must help their organizations to reevaluate data strategies and manage heightened regulatory risk going forward.

The Risks of School Surveillance Technology

Schools confront many challenges related to students’ safety, from illnesses, bullying and self-harm to mass shootings. To address these concerns, they are increasingly turning to a variety of technological options to track students and their activities. But while these tools may offer innovative ways to protect students, their inherent risks may outweigh the potential benefits. Tools like social media monitoring and facial recognition are creating new liabilities for schools.

2020 Cyberrisk Landscape

As regulations like CCPA and GDPR establish individuals’ rights to transparency and choice in the collection and use of their personal data, one can expect to see more people exercise these rights.

buy doxycycline online www.soundviewmed.com/wp-content/uploads/2023/10/jpg/doxycycline.html no prescription pharmacy

In turn, businesses need to ensure they have formal and efficient processes in place to comply with such requests in the clear terms and prompt manner these regulations require, or risk fines and reputation fallout. These processes will also need to provide sufficient documentation to attest to compliance, so if businesses have not yet already, they should be building auditable and iterative procedures for “data revocation.”

Data Privacy Governance in the Age of GDPR

As personal information has become a monetizable asset, risk, compliance and data experts have increasingly been forced to address the regulatory and operational ramifications of the rapid, mass availability of personal customer and employee data circulated both inside and outside of organizations. With new data protection regulations, Canadian and U.S. companies must reassess how they process and safeguard personal information.

Key Features of India’s New Data Protection Law

Among the new data protection laws on the horizon is India’s Personal Data Protection Bill. While the legislation has not yet been approved and is likely to undergo changes before it is enacted, its fundamental structure and broad compliance obligations are expected to remain the same. Companies both inside and outside India should familiarize themselves with its requirements and begin preparing for how it will impact their data processing activities.