FOCUS: RISK CONSULTING
By Paula L. Green
Companies are showing increasing interest in employing risk consultants to help them manage their exposure.
As they protect employees, property and supply chains flung around the globe, corporate executives are using risk consultants to grapple with a set of risks that hasn't stopped expanding since the 2001 terrorist attacks in the US. Whether for giant international firms with hundreds of staff from São Paulo to Tokyo or a one-man shop with specific expertise, risk consultants are helping executives wrestle with traditional property and casualty needs as well as the financial, investment and environmental risks emerging in today's increasingly interconnected business world.
Risk consultants can design a comprehensive enterprise risk program that matches a corporation's risk appetite while plugging the holes in the corporate structure or activity that could sink the company's share price, tarnish its reputation and brand and topple its profits. They can help a corporation manage traditional property and liability claims and help risk officers decide whether to buy commercial insurance, self-insure or set up a captive. And consultants can bring in their own crew of auditors and actuaries to analyze accounts receivable data or find the right professionals to do so. They are also helping corporate officers comply with the expanding web of government regulations spawned by the financial crisis.
But what risk consultants can't and shouldn't be doing, risk management experts stress, is taking final decisions on which risks a company wants to tackle or how the risks should be managed. "Consultants can be problematic. They can provide value, but they can't assume any fiduciary capacity. That's going into an area that they don't belong in," says Mat Allen, a managing director at Marsh Risk Consulting in New York City, referring to the signing of checks or the release of corporate funds. He adds that the trend toward outsourcing human resource and financing functions can sometimes lead a corporation into murky waters. "Sometimes these decisions to go outside are made without being properly [considered] because they save money," says Allen.
Businesses should also be careful not to expect too much of a risk consultant or to let him or her assume responsibility for a project or function. "I always caution a client who says 'You just figure out what to do,'" says Joy Gander, owner of Gander Consulting Group in Madison, Wisconsin. "I can present options, but then you have to tell me what you want. You have to take responsibility for the implications of the choices made, because it will be you sitting at a board meeting or staff meeting explaining why those choices were selected."
Companies that rely heavily on consultants can also find themselves taking on more and more outside help, even if they don't really need it. "I'm always skeptical of the value that consultants can provide, " says Allen, adding that a company needs to be clear about what it wants a risk consultant to do. "You can get consultant creep and have too many people from the same consulting company."
Julia Graham, chief risk officer for the global law firm DLA Piper, agrees that it is possible to rely too heavily on an external consultant. But taking a disciplined approach to their selection and use can be very positive for a company seeking a fresh perspective. "If used wisely and properly, consultants can bring a unique skill set and fresh ideas and can add enormous value," says Graham, who works in the London office of the firm, which has about 3,500 lawyers in 30 countries. While the tough economic times have made companies more selective, outside experts with specialized knowledge in an area unknown to a corporate risk officer are helpful. This might be expertise on security issues or on, for example, the financial credentials that can help a European company cope with the Solvency II requirements—the European Union's risk-based solvency standards. Consultants might also be able to offer an understanding of shifting government compliance rules, or the technological know-how to implement a software project, says Graham, who is also a vice president of the Federation of European Risk Management Association in Brussels.
As vice president of global safety and security at Marriott Lodging International, Alan Orlob carefully uses outside consultants to validate a security program shaped in-house for its 3,500 hotels. "We use [consultants] to look at what we are doing and if we're doing it the right way," says Orlob. "But we believe we understand hotel security better than anyone around and have a better handle on our situation than anyone outside could have."
Joe Atkinson, a principal in Price-waterhouseCoopers' advisory practice in New York City, believes an external risk consultant needs access to a so-called "executive sponsor" at the corporation. "This is someone at a senior level, such as an EVP or SVP, as my counterpart...with whom I can have a conversation and who can participate in the dialogue," Atkinson says. "If I don't have that, we [consultants] are acting in isolation."
Even if the consultants interview dozens of employees and senior executives to glean information about the multinational's risks and problem areas, they have to guard against simply regurgitating the data and information they collect during the interviews. "You can put something on the table that is not informative. If you allow the consultant to execute in isolation, you miss the opportunity to learn and grow," says Atkinson. "For the best value, the company should be driving the change."
The participation of an executive at the managing director level, who can act effectively as the project manager and coordinate the consulting staff 's work on a long-term project, is also valuable, Atkinson adds.
Counting the Cost
Consulting fees vary widely, depending on the corporation's own internal resources to capture data and the scope of the consultant's work. A risk assessment of a large global corporation that aims to transform the way people look at, monitor and evaluate risk, as well as envelop technology platforms, could carry a seven-figure price tag, Atkinson says. Although he would not cite any hard numbers, Stephen Cross, chief executive officer of Aon Global Risk Consulting, says multinationals' use of risk consultants has increased over the past decade, as risk officers have grappled with one crisis after another: terrorism, accounting scandals, stock market dives, hurricanes and environmental disasters.
A consultant's external eyes can help a global firm identify its risks and determine its risk appetite, which means deciding how much risk it wants to retain on its balance sheet without seeking to hedge or insure the risk. Cross says a corporation's risk appetite is tempered by numerous factors, such as restrictions laid out by covenants on loans, its debt to equity ratio, credit rating, free cash and cash flow, its ability to borrow, credit rates, and the cost of insurance versus the cost of credit. Most important in the equation is the investor's risk profile. "If it's high risk, that's what the investors expect. If it's not, then investors will not tolerate negative surprises that could have been hedged," Cross adds.
Never happy with surprises that slash the company's bottom line or damage its reputation, board members and senior executives are increasingly asking their risk managers if corporate risks are being properly managed in an increasingly interconnected business world still grappling with a credit crisis. "The C-level is asking simple questions. 'What are our top risks? What process are we engaged in to cover them?'" says Marsh's Allen.
Gander points out that in a mid-size company laying out $200,000 to $300,000 in annual premiums, the person managing risks and buying insurance frequently carries out other functions, such as the purchasing of goods. He or she simply doesn't have the time to gain the expertise a risk consultant has about the ins and outs of insurance buying.
Allen: “I’m always skeptical of the value that consultants can provide”
Even chief financial officers at large corporations frequently need advice on the pros and cons of using various mechanisms to manage risks. "A CFO may know what a captive is, but not be that comfortable knowing the pros and cons of setting up a captive," says Gander, who is also a member of the Society of Risk Management Consultants, an association of independent risk management consultants operating in the United States, Canada and other parts of the world. "A risk consultant can talk the language of the trade so non–risk management professionals can understand." And, unlike an insurance agent or insurance broker who sells insurance, a risk consultant can offer a corporate client objective advice, whether for a comprehensive risk management program or the management of a single risk. Gander refers to a corporate client she dealt with, for example, who did not realize a 10% to 12% service fee was tucked within the $750,000 annual premium the company was paying for its insurance cover. "I asked them if they were getting $75,000 worth of service each year," she says. "Risk consultants can offer an extra set of eyes to an existing program and lay out the pros and cons of different options without any emotional or political investment," Gander adds.
Cross: Risk-averse investors “will not tolerate negative surprises”
Cross counters that a firm like Aon, which is a global insurance brokerage and a so-called solution provider, is accountable for successfully implementing its proposed solutions. "Pure consultants don't actually do the doing, and therefore some of their proposed solutions may not be practical or possible to execute," says Cross. He adds that the pure consultant has no leverage in the insurance marketplace, while a major broker like Aon, which places $85 billion in premiums into the insurance and reinsurance markets each year, can leverage relationships in the interest of its clients.
DLA Piper's Graham says both entities have something to offer. Large brokers can serve as excellent consultants who have the infrastructure in place to analyze all of a company's risks. "But they could palm you off to a junior-level person at the firm," she says. The smaller-size consultants, on the other hand, can offer very tailored services but may have to call upon other consultants for certain skills beyond their area of expertise. "But you'll usually get the wise knowledge of senior-level people or even the owner of the firm," she adds.