Risk management software company, Protecht Group, recently launched a visual mapping tool with templated reports that can help organizations, like insurance companies, better manage disruptive events. The software – Protecht.ERM – facilitates the end-to-end risk management of a firm’s critical operations.
“Ultimately, we’re trying to help our customers get a better understanding of what their critical operations are,” said CEO David Bergmark (pictured above).
Bergmark said that involves thinking about underlying resources that are not financial.
“It’s more people, hardware, software, infrastructure, all those things make up delivery of a critical operation in financial organizations nowadays,” he said.
Bergmark sees insurance brokers as important educators in this software led risk management process.
“We talk to some of the larger players, like the Aons of the world and there’s certainly interest in them educating their customers on the benefits of this sort of software,” he said.
In simple insurance terms, Bergmark sees software like his as a way of helping to reduce the cost of premiums.
“If I’ve got two customers that do the exact same thing and have the same turnover and one of them does risk management really well and one of them doesn’t - surely the premium should be cheaper for the one that does risk management really well, right?” he said.
Viewed from the perspective of a broker’s clients, Bergmark described, hypothetically, one firm explicitly explaining its risks to a broker, how it mitigates, monitors and controls those risks, any losses and treatment plans and actions.
“Surely, that’s a much better story than going, ‘I don’t know, you tell me what risks you think I’ve got?’” he said.
Brokers, he suggested, have a significant part to play in moving firms from a spreadsheet focused approach to risks to more useful and efficient enterprise risk management software.
“So brokers do play a role but I don’t view them as being the seller, I view them as being the educator,” he said.
This resilience focused software integrates into Protecht’s existing enterprise risk management software application and, said Bergmark, captures the key risks and also the controls that mitigate those risks.
The software makes it easier to understand risk related information because, rather than unwieldy and difficult to understand spreadsheets, it presents it so you can clearly see it. Bergmark said the visualisation is like a “a process map,” making it easier for a company, like an insurance firm, to communicate what it’s doing about its critical operations.
“We put a lot of thought into what we call resilience reporting dashboards,” said Bergmark, “Because if you think about stakeholders, you’ve obviously got the resilience manager that’s responsible for making sure those critical operations are up but there are so many other stakeholders now, particularly in financial services.”
“So you need to be able to communicate what you’re doing about managing those critical operations quickly and efficiently,” he said. “The joy of having it in an application like ours is that we can produce some pretty great dashboards to support various stakeholders across the business.”
When asked about the insurance implications of the growing severity of risks from cyber to climate, Bergmark agreed that quite soon a firm’s ability to buy an insurance policy may depend on risk management software like this.
“I don’t think it’s that far away,” he said.
In early September, APRA chair Wayne Byres delivered a speech to the RMA Australia CRO Conference (Risk Management Association Australia Chief Risk Officer Conference) about major risk trends and how the insurance and financial services industries manage them.
“In promoting a stronger focus on data, metrics, limits, and tolerances, we do not want to see executives and boards flooded with numbers,” he said. “That would not be helpful.”
Byres said risk managers need to use information to provide meaningful insights.
“Doing so will aid the detection of genuine shortcomings and vulnerabilities, as well as improve the ability to take timely action to address the root cause of problems,” he said.
Byres said having a risk culture is critical to both good risk management and broader organisational success. He encouraged firms to undertake risk culture surveys of their employees.
“Over time, the responses will help identify the extent to which positive changes are (or are not) taking place within individual institutions, as well as areas for improvement,” he said. “It also provides APRA with the ability to benchmark results across institutions, facilitating peer analysis and comparison.”