Enterprise risk management provides a formal process for firms to examine their critical risks in context, and implement cost-effective risk management and risk-financing solutions.
The COVID-19 pandemic’s impact on the economy, construction, and business operations, along with the growing array of exposures confronting AEC firms has left many of them looking for new ways to strengthen their risk management and insurance initiatives.
In recent years, more AEC firms have looked into enterprise risk management, or ERM, to address their need for a more holistic and sophisticated process to identify, assess, quantify, and manage the increasingly complex risks they face. ERM offers a way to address critical risks as part of an integrated, strategic, and firm-wide process.
It can provide a wider context for evaluating critical business decisions, including whether to expand into new disciplines or geographic markets, whether to take on different types of projects, or whether to acquire or merge with other design firms.
Using ERM, design firms engage in a robust process to optimize protection against their most serious potential exposures while achieving efficiencies in their insurance program and driving down their overall cost of risk.
Implementing ERM starts by educating the firm’s senior leadership and gaining their buy-in. ERM initiatives often require firm-wide participation in an ongoing process, so they are most likely to succeed when leadership understands the value they bring and becomes fully engaged.
Next, designate an ERM team to organize the effort and keep it on track. The ERM team reports directly to leadership and typically includes a cross-section of firm management, administration, and key thought leaders.
Every AEC firm has its own risk profile and appetite, which may be related to its disciplines, project mix, geographical distribution, financial structure, and compensation practices. A firm’s risk appetite may also be reflected in its investment in risk management, as well as portion of overall risk transferred through insurance versus self-insured.
Ultimately, a firm must determine its “risk appetite” or how much risk it is willing to take to achieve its growth and sustainability objectives. Note that this can evolve over time, depending on the firm’s financial strength, economic conditions, market forces, and other factors.
After defining their firm’s risk appetite, or level of risk it is willing to take to achieve its growth and sustainability objective, the ERM team can proceed to identify and quantify its risks.
One way to do this involves holding a firm-wide exercise or workshop to get input from everyone involved, and then to organize and analyze all the information captured. Keep in mind, this approach may be more time-intensive for firms with multiple offices in varied locations.
Depending on your firm’s size, the ERM team might gather the necessary information through one-on-one interviews with key leaders of the firm or by having all employees participate in an online firm-wide survey. Although such surveys can be completed quickly, the quality of responses may not be optimal and the lack of face time forgoes the opportunity to create an ERM culture.
Once critical risks are identified, they can be examined individually, assigned relative monetary values and probability of occurrence. Each risk can be weighted and mapped graphically for comparison.
One approach uses a statistical scattergram with a horizontal axis ranging from low to high probability of occurrence and a vertical axis showing the potential financial impact of a loss event. In setting priorities, higher impact events with higher probabilities are the most critical to assess carefully and mitigate or manage.
For analyzing individual risks, some firms use key risk indicators, which help track the potential presence, level, or trend of a risk. For instance, a spike in “days outstanding” for accounts receivable may signal issues with billing, collections, or individual client relationships.
To identify key risk indicators, you can check the firm’s applications for management liability and professional liability insurance. They typically have questions about significant potential risks and can help the firm see if it has the best practice, procedure, or system in place.
Examining risk in a wider context may also identify off-setting risks. If certain events might result in a decrease in billings in one area of a firm’s business, it may be offset by increased activity in another. For instance, COVID-19 may have led some owners to postpone some projects, but may have triggered increases in others, such as those in healthcare.
To facilitate effective risk analysis, some firms categorize risks into groups, such as:
- Strategic risks:
- Practice disciplines
- Target client base
- Geographic focus (projects or offices)
- Organic growth vs. M&A
- Reputational issues
- Practice management risks:
- Contract hygiene
- Project management and client relationships
- Professional responsibility and ethics issues
- Regulatory and/or legislative compliance
- Operational/business risks:
- Firm governance and management approach
- Office space and lease agreements
- Business interruption/natural disasters
- Staffing levels
- Subconsultant selection, management and oversight
- Information technology risks:
- Intellectual property exposures, including loss or theft of client blueprints and schematics
- Data security and ethical walls
- Third-party suppliers and outsourcing
- Human resources risks:
- Retaining key design professionals and staff
- Compensation practices
- Benefits plans and adequacy/cost
- Training and development
- Financial risks:
- Cash flow and capital requirements
- Financial controls
- Uninsured and under-insured losses
- Pension obligations
- Client insolvency
- Fraud/embezzlement of firm and client assets
- Accounts receivable/fee disputes
A key element of ERM involves establishing risk measurements to monitor results. For example, in assessing the firm’s financial risks, some measures might include billing trends, receivables over 90 days, credit line utilization, and pay down rate. In addition, some ERM teams conduct formal annual “risk audits” to assess performance against key risk metrics, which helps determine if the firm was able to reduce potential hazards.
ERM provides a formal process for firms to examine their critical risks in context, and implement cost-effective risk management and risk-financing solutions that yield measurable results. An experienced risk advisor can help you determine the most effective ways to deploy ERM within your firm.
Rob Hughes, senior vice president and partner, Ames & Gough. He can be reached at email@example.com.
Author’s note: Some ideas and processes mentioned in this article were gleaned from: Fraser, John and Simpkins, Betty J. Enterprise Risk Management: Today’s Leading Research and Best Practices for Tomorrow’s Executives. Hoboken, New Jersey: John Wiley & Sons, Inc., 2010.Click here to read this week's issue of The Zweig Letter.