Gather a group of 20, 30 or even 50 P/C insurance executives in a room and ask, “Who here wants their company to miss achieving its strategic goals?” or “Who wants to always have to put out fires day-to-day?” How many hands do you think would go up?

It’s safe to say none.

Everyone wants to be successful; there’s no denying that statement.

However, with today’s world marred by what seems to be extreme levels of volatility, uncertainty, complexity and ambiguity (VUCA), running a carrier smoothly day-to-day, much less achieving long-term strategic goals, is more challenging than ever.

Tools are available for helping carriers overcome or otherwise navigate this challenging landscape. One of those tools is enterprise risk management (ERM). Unfortunately, few P/C carriers (companies in general, to be honest) harness these tools effectively.

Part of the reason is a misunderstanding of what ERM is truly meant to be, which is an easy thing to get mixed up in our industry.

In speaking with dozens of carrier executives, the confusion is clear when I ask them about their ERM practices. Not only do executives believe ERM is mostly about compliance, it is easy for them to think ERM is referring to “exposure risk management” being handled by reinsurance and managing their book of business.

While this is certainly a part of enterprise risk management, it is by no means the entire picture.

The true “E” in ERM (enterprise) is looking comprehensively at all a company’s moving parts ranging from back-office operations to strategy and everything in between. ERM, related to submitting an ORSA (Own Risk & Solvency Assessment) report, is something many carriers have experienced, but this also feeds another perception that ERM is simply about regulatory compliance and averting failure.

Ideally, the purpose of ERM should NOT be about “the risks” in the negative sense but rather about increasing confidence throughout the company that goals can be achieved. This why “objective-centric” ERM is deemed to be the value-creation way of practicing ERM.

One of the earliest and most outspoken proponents of what has been dubbed “objective-centric” ERM, Tim Leech, explains its ultimate goal is to:

“Ensure management and board are aware of current risk/uncertainty linked to MISSION CRITICAL OBJECTIVES [MCOs] to help them discharge their fiduciary duty to manage/oversee uncertainty linked to MCOs, make better decisions, and improve performance.”

However, this brief explanation is not the purpose of today’s article; you can learn more about objective-centric ERM by checking out this article published earlier this year in Carrier Management.

Related article: Enterprise Risk Management Secrets for Long-Term Company Growth

The ultimate purpose of today’s article is to clear up another misperception that prevents companies from utilizing ERM to its full advantage, one that goes something like this:

“We are a small company, so we therefore cannot do objective-centric ERM.”

Or flipping the coin over:

“Our company is really big, so we must have this elaborate structure in place.”

As a culture, we have this idea that bigger is always better and that size enables us to pursue things we otherwise would not be able to. Whatever the specific situation, it is a limiting belief that hinders potential on both a personal and corporate level.

Shifting to insurance carriers pursuing objective-centric ERM, there is a dangerous perception that the ERM practices chosen by a company’s leaders should be solely based on its size and complexity. Many standards and guidance on “best practices” perpetuate this falsehood.

Therefore, a small farm mutual that brings in under $1 million in annual premiums will look at the so-called “ideal” version or approach to ERM mentioned above and think, “We’re too small to practice ERM. That’s something for the companies bigger than us. We just don’t have the resources or need for it.”

On the other hand, a nationwide or global carrier will think, “We must have all these formal processes in place to do any true ERM” or “We have too many other priorities right now, so we’ll just keep on doing what we have been.”

The reality is, outside of a few exceptions that we will get into below, fundamental practices should be consistent regardless of a company’s size.

What will be vastly different between a small and large carrier is the number and complexity of the risks themselves, not the practices. The larger and more complex a company is, the more complex the risks.

There is no need to set up ERM, get the company accustomed to it and then mature the practices. Instead, the one thing that will have the biggest impact regardless of company size is to shift from a risk-centric to an objective-centric focus or approach to ERM.

Below are three steps any company, no matter if it is a startup or a multinational carrier, can begin taking immediately.

Step #1 – Start with an understanding of what the company has to do to successfully fulfill its mission. A few of these “mission-critical” objectives include pricing the risk according to the exposure being underwritten, paying claims timely and fairly, and maintaining sufficient assets to remain solvent.

These objectives can then serve as a foundation for identifying what could both prevent or help achieve the goal.

If your company does not currently have a mission statement, then think about the purpose of your company.

Step #2 – Coordinate with business unit leaders to understand how they will know the company is achieving the identified objective. Identify an existing business performance metric the business can monitor to verify if they are on track or if any course corrections need to be made.

These metrics can also be used to determine the level of risk company leaders are comfortable taking. This “risk appetite” is above and beyond retention on a reinsurance program.

Step #3 – Instead of hearing the same old annual presentation on “top risks,” objective-centric ERM enables the company at all levels to understand the biggest risks to its mission-critical objectives and then know which risks need to be addressed by developing a game plan on next steps to properly respond to the risk.

This “output” of objective-centric ERM is actionable information and a clear path forward as opposed to the same annual presentation on “top risks.” The use of business performance metrics for monitoring means business leaders are already monitoring risks and objectives when managing the business on a day-to-day basis.

As the following graphic shows, this all occurs on a continuous loop. Using this blueprint, executives of any stripe will gain value from the outputs they will receive from ERM.

These same three steps can be taken by a carrier just starting to write business, a regional carrier writing $100 million, or a $2 billion global carrier.

Now to the exceptions.

There are some more advanced practices associated with ERM that may cause some struggles with smaller carriers for a variety of reasons:

1. Changes are happening way too fast. Certain practices like modeling and others are simply not feasible when things are too unpredictable.
2. People resources. A smaller carrier will have people who wear multiple hats and therefore juggle a lot.

While ERM may not be as formal because of these constraints, neither of these should prevent a company from embedding risk into daily decision-making and actions.

It is kind of like walking to get healthy.

Those $200 pair of athletic training shoes may be ideal and allow you to walk farther more comfortably. But it does not take a fancy pair of shoes to put one foot in front of the other. So, you shouldn’t let this situation stop you from getting started.

The same is true with adoption an objective-centric approach to ERM.

Is your company ready to begin transitioning from a compliance, risk-list approach to one driven by a focus on achieving business and strategic objectives?