insurance risk management case study

Transforming enterprise risk management for value in the insurance industry

The value of enterprise risk management (ERM) in the insurance industry was given a decisive demonstration in the financial crisis. McKinsey research showed that the better their ERM systems, the better insurers performed financially in 2008 and 2009. 1 1. From compliance to value creation: The journey to effective enterprise risk management for insurers (PDF–456KB), February 2014. In the aftermath, much industry attention focused on creating or improving ERM systems, and the focus has been sustained under pressure from regulators, rating agencies, and investors. The starting point for the industry’s ERM efforts has been, perhaps naturally, a reactive stance, with systems designed to respond to incidents and ensure compliance with existing and forthcoming regulations. Yet a few insurers have been able to develop ERM frameworks that support strategic decisions and create real business value. Over time, they have reduced the volatility of their returns and improved capital performance—results of having enabled a more penetrating view of proposed risk taking across the enterprise and embedding the ERM function as an active partner in business decision making.

What are the elements of an effective ERM framework? How can insurers move from playing defense to using ERM systematically to advance business objectives? In a recent survey we conducted, leaders of a range of insurance companies revealed that they were thinking about such questions in a focused way. 2 2. Twenty-seven insurers representing approximately $3 trillion in assets were asked about systemic risk in the sector, the adequacy of industry regulation in accounting for risk, and the performance of their companies’ internal risk-management practices. Most agreed that the sector was largely free of systemic risk, but expressed a range of views on the current and evolving regulatory environment: see Luca Pancaldi, Uwe Stegemann, and Torban Swart, “The big questions for the insurance sector,” chapter 10 in The Economics, Regulation, and Systemic Risk of Insurance Markets , ed. Felix Hufeld, Ralph S. J. Koijen, and Christian Thimann (Oxford University Press, 2016). While expressing confidence in the strength of their companies’ risk capabilities, respondents identified key areas for improvement in risk transparency and insight (Exhibit 1). Smaller companies also indicated gaps in risk culture and performance transformation. Most of the surveyed chief financial and risk officers indicated that they are enhancing ERM amid a perceived climate of heightened risk—one defined by a more uncertain macroeconomic environment, persisting low interest rates, financial-market volatility, and rising geopolitical instability.

Attaining ERM excellence: A journey to value creation

Where do you stand the erm framework.

On the journey toward its integration into business strategy, the epitome of excellence in enterprise risk management (ERM), the risk function strengthens the interlinked areas of the framework. It is always good to know where you are going well before you get there. Optimally, the broad areas of ERM and their constituent elements are mutually reinforcing.

Risk transparency and insight

• Risk identification and taxonomy. A common vocabulary for different risks enables an enterprise-wide view of the risk profile, so that it can be shaped according to the business strategy. Risks are thereby defined and prioritized based on probability, impact, and preparedness.
• Risk reporting. Regulatory and company-specific reporting principles are selected for timeliness, clarity, comprehensiveness, and accuracy; the underlying data architecture and IT must support risk-data aggregation. Strong governance is essential.
• Risk IT and data analytics. With technical and business-leading analytics talent, new sources and types of data are captured to extract differentiating insights; machine learning is applied to improve existing models and enable the underwriting of new risks.
• Stress testing. Models are based on consistent scenarios and translation of economic drivers into key insurance risks. The approach is to assess risks in line with the business strategy, taking account of balance-sheet and capital implications.

Risk appetite and strategy

• Risk appetite. The risk appetite is defined by the business strategy. An understanding of whether you are the natural owner of given risks is developed on this basis; how much risk to take to pursue company goals is then cascaded down to the businesses.
• Risk strategy. The strategy comprises actions to transform the risk profile, selected based on priorities and including trade-offs with corresponding costs.

Risk decisions and processes

• Decisions. Risk is embedded in strategic and business decision making rather than used in a purely compliance-driven approach.
• Processes and operations. Core business processes and operations are designed and executed on a risk-informed basis.

Risk organization and governance

• Risk archetypes. The risk function’s mandate for enterprise risk management is clearly defined.
• Risk organization. Risk structures are designed across the entire organization with the support of top management.
• Risk-function profile. Responsibilities are clearly allocated between the risk-taking and controlling units.

Risk culture and performance transformation

• Risk culture. Diagnostic inquiries can be made periodically to ensure that the risk culture is sound across the entire organization.
• Risk norms. New risk norms should be embedded through corporate processes and governance.
• Risk skill building. A program should be in place to enhance risk skills for key roles as needed.

In thinking about the experience of leading institutions with enterprise risk management, McKinsey developed a framework to help capture best practices (see sidebar, “Where do you stand? The ERM framework”). The framework integrates the elements of risk management in a reinforcing cycle that supports the business strategy (Exhibit 2).

A best-practice risk function fosters a highly integrated, enterprise-wide risk culture across the organization, managing the risk profile to serve the business strategy. The path to ERM excellence involves a transformative journey, and most insurers are at its beginning stages (Exhibit 3). For the majority of companies, the risk focus is on compliance, a necessary starting point. They monitor risk, gauge risk levels against new regulations, and react appropriately to risk incidents. The ERM function at this stage is mainly backward looking, developing controls and aligning existing risks with current and forthcoming regulation. The risk function first establishes and then operates within risk-review guidelines and may have (and at times may exercise) formal veto power over business decisions.

Systematic ERM really only begins after compliance-focused capabilities have been adequately developed, including the setting of risk limits and policies and the adoption of accounting and statutory metrics. Most insurers are at this stage of development. They use their own risk and solvency assessment (ORSA), in line with US and EU regulations. This provides insurers with an internal process for assessing the effectiveness of risk-management capabilities and solvency under normal and stressed conditions. ORSA helps insurers evaluate all material risks that could affect their ability to meet policy-holder obligations, including market risks, credit and underwriting risks, liquidity risks, and operational risks.

At this stage, the ERM approach pushes the risk-management function to incorporate loss control and risk-return optimization into its role. In ongoing dialogue with other functions (such as finance) and the business, risk managers proactively identify potential issues and, where helpful, challenge common practices. The function develops an understanding of corporate strategy and the ability to model economic capital (risk capital) and conduct stress testing. The function then converts the models into strategic input for top management.

Would you like to learn more about our Risk Practice ?

In the ultimate stage of the journey, the risk function creates value by integrating ERM with corporate strategy. The function becomes a sought-after thought partner, enabling business management to weigh risk-return implications and potential risk trade-offs in strategic and operational decisions. To become a strategic thought partner, the ERM function must be able to create the comprehensive economic-capital models needed to drive business decisions and to link advanced risk analytics to key business processes.

Improving ERM: Where insurers say they are focusing

As Exhibit 1 displayed, our survey respondents mostly cited capabilities within risk transparency and insight as the objects of their planned ERM-improvement efforts.

Within this ERM area, respondents noted their intentions to improve stress testing, risk reporting, and—especially—data and analytics. One-quarter of respondents cited data governance and quality and another quarter cited automation and speed of data gathering as their initial improvement priorities. In the survey and follow-up discussions, respondents shared their perceptions that the industry needs generally to invest more in analytics, recognizing the transformative power of big data. Fast, automated access to accurate data is only a prerequisite for the strategic use of advanced analytics. The broad challenge is to generate value from the data. Advanced analytics enables better decision making in pursuit of strategic objectives and increased performance transparency to improve bottom-line financial results.

Most respondents indicated that they perform stress testing and consider results in decision making, but about half revealed that not all risks are taken into account in the process. In interviews and follow-up discussions, survey participants expressed their intention to improve stress testing by properly accounting for all risks in their stress tests and by deriving more useful insights from the results. Nearly half of respondents revealed that their risk-reporting process was only partly structured and had no predefined escalation mechanisms in place.

Risk culture

When asked about the level of accountability for risk-related matters in their organization, 38 percent of respondents declared that risks in daily business are not always considered with the support of both qualitative judgment and quantitative tools. This implies that a plurality of the industry is not achieving available levels of risk transparency that could improve business decisions.

With respect to frontline functions, participants indicated that risk is most engrained in people’s minds in the following areas: investment management (the first choice for 56 percent of participants) and corporate and commercial nonlife (22 percent). Room to improve frontline risk culture seems to exist in retail life and nonlife businesses.

Discussions and interviews with insurance leaders highlighted that some players are making significant investments in risk-culture programs, in particular launching dedicated actions to increase risk culture in retail businesses where third parties (that is, brokers and independent financial advisers) are often the main distribution channel.

Approaching ERM transformation

ERM transformations can be focused on selected priority areas or the overall ERM program. Experience has shown that successful transformations have key traits in common. Direct board and top-management sponsorship and participation is the first requirement. Second, a chief risk officer (CRO) should be elevated from the usual technical-advisory status to play a true leading role. As leader, the CRO should drive the initiatives and set the direction of the effort. In planning the transformation, the CRO-led team must take an integrated perspective, above all ensuring consistency across all core ERM elements. This is even more important than achieving excellence in any one area. The CRO should communicate the core messages of the transformation and ensure that they are cascaded to all levels of the organization. The CRO-led effort must also influence risk management throughout the organization, using such leverage as material incentives and role modeling optimal behavior.

A targeted intervention

In a targeted ERM intervention, particular elements—such as risk-appetite definitions, stress testing, or reporting, for example—are addressed as priority challenges. Such interventions are efficient when the overall ERM framework has been thoroughly evaluated and determined to be robust. They can also be helpful in addressing particular external constraints, such as regulatory findings or new rules (and rulings). Success depends on a well-defined starting point and clearly articulated set of priorities.

The targeted transformation begins with a diagnostic evaluation of the ERM framework. This will scan each segment and identify and prioritize improvement initiatives. The development of advanced capabilities can be an ideal choice for a targeted intervention. Machine learning, for example, allows companies truer visibility into their customers’ risk profiles. It improves existing models and helps companies avoid unseen risks while potentially allowing them to underwrite completely new risks. The future profitability of the sector depends on such differentiating insights from new sources and types of data. To obtain these insights, leading companies are investing in innovative capabilities such as advanced analytics and machine learning.

An overall ERM transformation

An overall transformation program will cut across all or most of the ERM framework’s segments and their constituent elements, and it could take up to two years to complete. Insurers undertake such transformations when a diagnostic evaluation reveals that the ERM framework requires general improvement; when the company is undergoing a strategic change of course, such as a modified risk appetite or a significant change in the business mix; or when the improvement areas indicated in the diagnostic require interventions that cut across the entire organization or involve cross-functional elements in the framework.

Unleashing the value of advanced analytics in insurance

An overall ERM transformation is shaped in three steps. First, an independent diagnosis of the current ERM status is undertaken, based on best-practice knowledge and insights, with peer-performance benchmarking. The results are discussed with top management and the board, in order to define the target ERM state and prioritize the needed array of initiatives. Finally, an integrated action program is built, with clearly defined milestones and deadlines, incorporating early experiences and making needed improvements and adjustments as the transformation progresses.

Exhibit 4 presents a brief outline of the results of an actual diagnostic evaluation of a large insurer’s ERM framework and proposed transformation program.

The evaluation is the beginning of the journey to build a new ERM foundation and to formalize risk strategy and processes. In each part of the framework, actions are identified and implemented to focus the transformation effort on a defined target ERM state. Actions are rolled out strategically, according to prioritized needs. In the example diagnostic, priority actions for transparency and insight would include a review of reporting and stress testing and the development and implementation of new governance and models. The approach to stress testing would be shaped by the insurer’s specific situation and needs. It would involve deep analysis on a consistent set of scenarios, a comprehensive assessment of implications, identification of tailored strategic actions and mitigating decisions, and deep dives on specific risk exposures (Exhibit 5).

As the transformation proceeds within each area of the ERM framework, and as gaps with the target end state are closed and connections across the risk function are strengthened, priorities can be reassessed and realigned in light of new insights and accomplishments.

With a broad consensus among insurers that the environment has become riskier and the regulatory atmosphere more complex, greater and more systematic attention is being afforded to the state of enterprise risk management. As improvement areas in the ERM framework are identified, leading insurers are taking this opportunity to move beyond plugging the gaps. Commanding new capabilities and techniques, they are defining a target state for ERM and cultivating an organization-wide risk culture that could become sources of real competitive value.

Christian Bongiovanni and Luca Pancaldi are partners in McKinsey’s Milan office, Uwe Stegemann is a senior partner in the Cologne office, and Giambattista Taglioni is a senior partner in the New York office.

The authors wish to thank Daniel Kaposztas for his contributions to this article.

Explore a career with us

Related articles.

Compliance in 2016: More than just following rules

People and talent management in risk and control functions

• Browse All Articles
• Newsletter Sign-Up

RiskManagement →

No results found in working knowledge.

• Were any results found in one of the other content buckets on the left?
• Try removing some search filters.
• Use different search filters.

The implication of business intelligence in risk management: a case study in agricultural insurance

• Original Article
• Open access
• Published: 22 May 2021
• Volume 3 , pages 155–166, ( 2021 )

Cite this article

You have full access to this open access article

• Mehran Amini 1 ,
• Sara Salimi 2 ,
• Farid Yousefinejad 3 ,
• Mohammad J. Tarokh 4 &
• Sayyed M. Haybatollahi 5  

6743 Accesses

3 Citations

Explore all metrics

The increasing data scales in today’s business sectors coupled with the necessity of risk management raise the importance of business intelligence tools as an integrated solution for the insurance industry. These tools have mostly been used to achieve effective risk management. Although methods of risk management in the insurance industry have been proposed many years ago, the research effort has primarily been focused on predictive analyses. This study aimed to investigate the role of business intelligence as a solution to illustrate its potential in risk management particularly for decision-makers in agricultural insurance. We hypothesized that this would make a preferable decision in uncertain conditions. Sample data from the online transaction process system of Iran agricultural insurance fund were preprocessed in SQL server. Multidimensional online analytical processing architecture was analyzed using Targit business intelligence tool. Our results identified financial risks that lead to a framework of controlling risk based on business intelligence in the agricultural insurance fund.

Similar content being viewed by others

RETRACTED ARTICLE: A hybrid approach for risk analysis in e-business integrating big data analytics and artificial intelligence

Yu Zhang, L. Ramanathan & M. Maheswari

Research on the Application of Data Mining Algorithm in Financial Risk Control Model in the Process of Digital Economy Transformation

Overseas Risk Intelligence Monitoring Based on Computer Modeling

Avoid common mistakes on your manuscript.

1 Introduction

Risk management is an effective tool to tackle uncertainties in the probability of an event’s occurrence that challenges decision makings. Many factors associated with risk management including business intelligence (BI) have the potential to be used to reduce such uncertainties. This challenge in decision making, appears to increase together with the expansion of globalization. Easy-to-use technologies for saving data and widespread access to the internet allow researchers and organizations to collect more data (Zhu et al. 2019 ). Because the origin, content, and display methods of most of these data vary and because they relate to diverse settings, such as commercial and financial, the current literature lacks enough findings concerning how these data are modeled and how they contribute to a company’s decision making strategy. Although methods for managing the uncertainties (e.g., managing liquidity related risks) in insurance have been proposed for many years, the research efforts, thus far, have primarily been focused on predicting outcomes based on the given dataset as well as its variables. While business intelligence has always been regarded as the highest priority for investment, companies have complained about the overflow of information and lack of access to the relevant data (Howson 2013 ). Hence, relevant data from companies’ data servers can be analyzed in favor of cost reduction (e.g., time and resources) by different BI algorithms that can also lead to controlling financial risks (Ghosh et al. 2018 ; Chen 2017 ). By implementing the risk management processes, many organizations aim to increase the impact of risk management activities and to build up value for stakeholders (Williams and Heins 1989 ). The necessity of using BI raised from the fact that financial enterprises including insurance companies like any other financial enterprises have analyzable data that can be used to modify knowledge-based risk management. In this study, our research purpose besides an investigative case study and providing an implementable framework was how business intelligence approaches can be used to risk management process using real-world data. This study particularly focused on the implication of BI approaches in improving decision making in agricultural insurance. We, therefore, investigated whether agricultural insurance data pertain to online transactional processing (OLTP) system contain the following elements: complete data of insurers, their properties specifications, locations, amount of paid compensations, reasons of damages, and bank account of insurers in the agricultural bank. However, previous studies have addressed a variety of problems in using BI, from leveraging organizational agility (Cheng et al.  2020 ) to improve decision making in other sectors such as transportation, health, telecommunications, etc. (Ain et al. 2019 ). This study draws on BI approaches (e.g., observation, reporting, and prediction) with a focus on the phases of risk management (e.g., detection analysis and risk control) to demonstrate how BI can improve provided services, preferable managing of uncertainties coupled with improving decision quality based on existing data in the company.

2 Literature review

The term BI was first referred to “an automatic system to disseminate information to the various sections of any industrial, scientific or government organization” (Luhn 1958 ). In recent years, BI has been known as an intended process through which a company can investigate and train to extract information from vast stocks of data to detect an obtainable opportunity while minimizing the threats associated with uncertainty (Cheng et al.  2020 ). Previous studies have shown that the progress of computational intelligence occurs in various fields (Wu et al.  2014 ; Ain et al. 2019 ), in which a survey of the significant areas and perspectives are presented in this section.

2.1 Early warning systems

Various studies have addressed the importance of early warning systems (EWS) as a method to control risk. By testing EWS in practice, in her study, Krstevska ( 2012 ) referred to macroeconomic models with the features of Macedonia’s economy and they proved that EWS is an advantageous solution that can be conducted in BI tools to forecast the risk of a financial crisis. In another study, Flores ( 2009 ) addressed the early warning in insurance utilizing stochastic optimization to find an investment policy for the management of a fund from the perspective of a risk-averse government. Early warning is also discussed for conveying the mechanisms of financial and macroeconomic supervision that regional monetary units can be considered in the BI policies to cultivate existing surveillance tools for improving crisis detection and prevention. In particular, they illustrated that the RMU might be beneficial as a tool for macroeconomic consultation (Castell 2009 ). Some studies argued their method in industrial applications and described a method for identifying logistic risks for small-to-medium size companies (Xie et al.  2009 ). Fuzzy cognitive map (FCM) is a mixed methodology based on neural network and fuzzy logic, which both are in the querying algorithms of the BI. Liu et al. ( 2006 ) developed an intelligent early warning system using fuzzy logic based on an integrated set of software metrics from multiple perspectives to make sponsors, users, project managers and software developers aware of many potential risks as early as possible. It has the potential to improve software development and maintenance to a great extent. Han and Deng ( 2018 ) combined artificial neural networks, fuzzy optimization and time-series econometric models in one unified framework to form a hybrid intelligent early warning system for predicting economic crises. Wang et al. ( 2018 ) proposed a financial crisis early warning monitoring algorithm based on FCM, and evaluated the effect of the algorithm based on the relevant data of listed companies in China; the experimental outcomes showed that the technique is efficient, economical, and timely and can practically reflect the crisis state of financial data.

2.2 Risk-based decision making

Employing computational intelligence for decision-making based on risk in information systems as supporting systems of decision-making has been studied since 1970 (Keen 1978 ; Sprague 1982 ). Some studies have taken advantage of the business intelligence to provide another application for analyzing the loan risk in financial modeling of pulp and paper industry (Warenski 2012 ). Some researchers have specifically addressed the assessment of value and risk in IT investment; by taking the resource-based view of the company and the perspective of the feasible option, they found that IT investments and their timing influence organizational downside risk (Otim et al.  2012 ). Such investments involving a complex series of stakeholders require attention to organizational policies. Some have studied the role of political pluralism in the expansion of commercial banks, especially from the perspective of risk management in India (Olson 1996 ). Industrial decision-making does not merely include multi-stakeholders, but it also includes multi-criteria. Some researchers have provided a risk assessment technique of multiple criteria for analyzing risk in safety by integrating the accepted features of the common failure mode, effects, and criticality analysis technique in the BI tools with taking into account economic variables in terms of risk and to minimize the total safety costs by defining a specific index called total risk priority number (Wu et al.  2014 ). Lakemond et al. ( 2013 ) dealt with a model for considering risk in product development, which is capable of initial assessments of risk and other challenges. Some of the neural networks study applications to assess reliability to reduce the project failure risk. Another application showed the value of artificial neural network models in the projects of public-private partnerships. The application was also used in the banking industry which included employing artificial neural networks to analyze credit cards applications which allow banks to effectively control their risk after the post-2008 bubble (Yazici 2011 ). Some researchers combined neural networks with text mining software to address financial risk management in daily trading. Another application was to use the artificial neural network models, which is one of the main algorithms in BI tools to manage the financial risk of over 7000 small companies in Italy. The results showed that when the method is unconnectedly designed according to size, geographical area, and business sector, the method prediction accuracy is noticeably higher for the smallest sized companies and especially those which are operating in central Italy (Ciampi 2013 ).

2.3 Game-based risk analysis

The role of Nash in offering game theory and studying the competitive strategy is significant (Nash 1950 ). The focus of this field is mainly on industrial risk management. Some researchers studied a complete information game model which examines emerging multi-risks in a project management environment by designing an effective algorithm to deal with the allocation solution based on Nash equilibrium that can also be reflected in the BI based plans, and an experiment is presented to show the usefulness of the proposed game method. The proposed solution methods can be employed to support decision-making in project risk management (Zhao 2009 ). Some extended the game theory models to probabilistic risk analysis in counter-terrorism activities. They carried out a comparative analysis of probabilistic risk analysis methods such as Bayesian networks, decision trees, and game theory that are the main algorithms in BI tools to get insights into the significant differences in assumptions and results. They found that assessing the distribution of potential attacker decisions is a problematic judgment, especially considering the adaptation of the attacker to defender decisions. Intelligent opponent risk analysis is an extension of decision analysis and sequential game theory that can be taken to decompose such judgments (Merrick 2011 ). And some used this theory to model vertical distinction in online advertising and found that a higher revenue can result in lower service prices (Lin et al.  2012 ).

2.4 Credit risk decisions

The basic task of the financial industry in risk management is to study the probability of default. Some researchers offered a scoring model for the Czech banks by means of linear discriminatory analysis, the initial probability of default is calculated through a scoring model in US banks by using linear discriminant analysis. They showed that even though all banks are well organized, there is still a high chance that “a financial crisis” will arise (Gurny 2009 ). Some others utilized the Six Sigma DMAIC methodology to reduce financial risk (Chen et al.  2012 ). Still, some others showed how scorecards can be used to predict the risk management of credit value of large banks (Wu 2010 ). Caracota et al. ( 2010 ) offered a scoring model for (small- and medium-size) enterprises that applied for loans. Some others studied the effectiveness of credit scoring of public enterprises (sponsored by the state) and showed how credit bureau scoring resulted in support for different strategies of risk escape or preference for less risk and greedy investments risks (Poon 2009 ).

2.5 Data mining in enterprise risk management

Data mining has turned into a very popular concept in statistical and artificial intelligence tools as well as plays a pivotal role in the BI tools for the analysis of sets of big data. Among the various risk management related studies, some researchers have applied the data mining tools to the financial affairs of companies, including fraud detection management, credit risk estimation, and performance prediction of the company (Shiri et al.  2012 ). Some argued that data mining in internal fraud renders preferable results compared to a single-variant analysis (Jans et al.  2010 ). Holton ( 2009 ) employed data mining for occupational fraud in auditing which the main focus is on detecting motivational aspects such as employee disgruntlement. Their proposed model predicts whether emails contain disgruntled communications, providing extremely relevant information not otherwise likely to be revealed in a fraud audit. The model can be incorporated into fraud risk analysis systems to improve their ability to detect and deter fraud. In other industries, data mining is employed to better predict the electricity supply cut-off, especially when caused by a storm (Nateghi et al.  2011 ). Some other studied data mining to support risk management in the supply chain; the recognized papers’ insights, gaps and future directions could inspire new investigation procedures with a view to managing the risks in the globalized supply chain environment (Ghadge et al.  2012 ; Shojaei and Haeri 2019 ). Some other studies have been conducted to reduce occupational damage risk using data mining (Murayama et al.  2011 ; Zhu et al. 2019 ).

The aforementioned studies, therefore, support the adaptation and utilization of the BI systems and their capabilities in wider organizational settings including sequential case studies. Although companies have been unsuccessful to capture the advantages of BI systems to their full extent. They mainly are pursuing means to leverage value from the carried out systems (Visinescu et al.  2017 ). However, prior studies do not have any comprehensive solution that discusses the ways related to adoption and utilization of BI system in practical and sequential stages in financial settings such as agricultural insurance, we present a utilitarian and sequential exploratory case study with a limited dataset in the agricultural insurance coupled with a suggested framework, which not only is a universal and reusable abstraction but it also delivers specific functionality that facilitates the development of BI applications, products, and solutions.

3.1 Description of the Iran agricultural insurance system

Iran agricultural insurance fund is the only active insurance company in the agriculture section in Iran. It was established in 1984 by agricultural bank which is one of the governmental banks in Iran. The initial aim of setting up this fund was to support the farmers and ranchers whose products were damaged by pests, diseases, drought, frostbite, and other natural disasters. Cotton and beet were first insured in 1984 as the first agricultural products ever insured, and at the time being, more than 153 products and activities are under insurance. During 30 years its responsibilities had been expanded into some main responsibilities, such as, investigating in any research in terms of increasing and improving agricultural products, holding courses to educate farmers and ranchers, investing in developing the company’s IT sections to become an IT-based system, like updating data servers to collect all relevant datasets such as farmers’ data, their properties location and specifications, paid compensations in each year, etc. (Agricultural insurance fund 2020 ). The historical reports have showed that the capacity of insurance is as follows (which has not fully been materialized due to the voluntary nature of insurance and also a limitation in financial resources): farming products (85 %), garden products (89 %), birds (100 %), products of livestock, aquatics and natural resources (95 %). Some of the indices of agricultural insurance development within the last 10 years (the 10 years ending in the agricultural year 2011–2012, comparative performance) are as follows:

Insurance of farming products; from 2 million hectares to 5.8 million hectares (2.9 times)

Insurance of garden products; from 12,000 hectares to 510,000 hectares (42.5 times)

Livestock insurance; from 2 million animals to 14 million animals (7 times)

As it can be seen from Fig.  1 , the upward trend of agricultural insurance growth among signed contracts is significant. In Fig.  1 the ascending growth trend of insurers number within the last 10 years is shown, which amounts to more than 2 million at the end of the farming year 2011–2012:

Insurers’ number within 10 years (Agricultural insurance fund 2020 )

Table 1 shows the overall figures of premium (including government’s share and insured person’s share) and compensation paid during the 10 farming years 2002–2003 to 2012–2013 (by million Rials).

3.2 Dataset description

The sample dataset contained 7740 insured agricultural lands and 21 numerical and categorical variables of each land, which is taken by the informatics section of agricultural banks from the online transaction processing servers of the agricultural insurance fund in 2013–2014. It consisted of lands that were cultivated by insured landowners with wheat in the Kermanshah region which has 5 branches of agricultural bank: Kozaran district, Shahid Rajaie, Keshavari Blvd, Mahidasht and Kermanshah. The online transaction processing servers of the company are collecting data of contracts, financial transactions, and insurance appraisers’ reports in all Iran agricultural banks in an integrated data center.

The dataset consisted of two types of data: measures and dimensions. (1) The measures were numerical variables, which were organized in a fact table and contained foreign keys of the logical relationships. These variables included: insured ID, contract number, date, tax amount, paid compensation, the total amount of insurance, insurer’s share, insured person’s share, maximum obligation. (2) The dimensions or the system’s key performance indicators (KPIs) were categorical variables and contained primary keys; in our case study dimensions contain five tables, Solar Hijri calendar, Gregorian calendar, insurer profile, the insured person or company profile, insurance contract specifications. These two types of data based on the created database on the fund’s online transactions processing servers shape the data cube scheme (Fig.  2 ). Financial risks in agricultural insurance are generally related to unexpected financial outcomes that can cause many issues such as liquidity risk. A suitable mechanism to manage uncertainty in agricultural insurance must have the ability to accurately detect all kinds of risks by modeling all data in the agricultural insurance online transaction processing (OLTP) servers without impeding the performance of the platform. Therefore, a mechanism of insured individuals clustering through schemed data cube was presented. Using the clustering mechanism, we grouped data points together based on a set of parameters such as their similarities and relations. Despite that insured individuals may have various possessions in different regions, the logical relationships among the tables still have a mechanism to identify the users who have partially similar features. By investigating the created data cube, which was a multidimensional array of all involved variables the financial risk management purposes of the research were asserted.

Data cube scheme and logical relationships

In various relative analytics, we had three primary factors: hindsight, insight, and foresight. At the foresight level, predictive analyses were used to predict the outcomes, by taking the advantage of various machine learning (ML) algorithms (McNellis 2019 ; Ereth and Eckerson 2018 ). BI tools based on collected data can predict the future state of the variables. Two pivotal predicting algorithms in BI are regression and classification, which both are categorized under the same umbrella of supervised ML. The regression algorithm allows evaluating the mapping function of the input variables as numerical or continuous output variables known as measures. The, classification algorithm, on the other hand, attempts to assess the mapping function of the input variables to discrete or categorical output variables known as dimensions. These algorithms can be conducted based on several architects, the main two ones are multidimensional online analytical processing (MOLAP) and relational online analytical processing ROLAP; in the present work, the chosen architecture is MOLAP because it has some merits over ROLAP, such as, better performance in real-time analysis and dealing with a bigger amount of data. Creating MOLAP architecture has various steps (Fig.  3 ). We used SQL server analysis service (SSAS) 2012 to create tables out of OLTP datasets contains 5 dimension tables and 1 fact table represents the measures, then raising an analysis services multidimensional and data mining project in Microsoft visual studio 2010 and connect to the created database in SSAS and transfer all data, next generating data source view from all added tables and data, this is followed by forming logical relationships between fact table (with foreign keys) and dimensional tables (with primary keys), then creating dimensions’ attributes and hierarchies which leads to building data cube based on fact table that contains measures. In the penultimate stage, making a connection string from Targit (business intelligence tool) to the Microsoft visual studio. Finally, the created data cube is available in the Targit environment to make customized queries, comparisons, dashboard system, prediction, etc.

Steps in various platforms to create MOLAP architecture

4.1 The applied MOLAP

Risk management phases, in general, were as follows: risk detection, risk analysis and risk control. According to the results obtained from designing the dimensions and measures existing in the data cube and experts’ comments, some financial risks were identified, which are regarded as the function of financing decisions of the company (Bandaly et al. 2018 ). All the next indicated graphs belong to 2014–2015 were the BI predictions, which were processed by the sample 2012–2013 dataset. Figure 4 shows the analyses and behavior trend of total earning insured amount in each premium issuing branches in the given region (Kermanshah which has 5 branches: Keshavarzi Blvd., Shahid Rajai, Kermanshah, Kozaran, and Mahidasht) during the farming year of 2013–2014 and the predicted year of 2014–2015. In the 2013–2014 graph, axis x represents the amount of money earned by each branch for insuring the farmers’ lands. Graph 2014–2015 is a prediction of the same trend in the next year in which Mahidasht and Kozaran branches would have better financial performance. This foresight is achieved by learning algorithms such as a neural network in the BI software engine depending on the measures of the dataset such as land area, number of bank accounts, insured savings, and insurance fee. Based on these figures’ managers can take actions to prevent the causes of decreasing trends in Kermanshah, Shahid Rajai branches and empowering positive impacts on increasing trends in the other branches. As it can be seen (Fig.  4 ) Kermanshah had better performance although Kozaran and Mahidasht could earn much more insurance fees since they cover vaster farmlands. The reason behind the performance of the Kermanshah branch in comparison to other branches was behind the fact that the manager’s main focus was no longer on acquiring new customers but on retaining old ones. Managers in Keshavarzi Blvd. and Shahid Rajai branches by carrying the same policies in the next year they would run the risk of losing their positions.

Forecasting amount of received money for insurance fee

In another analysis in Fig.  5 , the predicted paid compensation amount in comparison with insurers’ received fee in different branches in the 2014–2015 farming year is shown. Due to the updating of new policies in terms of agricultural insuring tariffs in the share of government in 2014, all the districts except Kozaran would be faced with an increasing trend in the amount of paid compensation in the 2014–2015 farming year. This assessment and prediction are crucial at the beginning of each farming year and should be considered, because the budget of the fund is provided by the annual government budget, therefore the agriculture bank must send the estimated budget to the government for the upcoming farming year. Basically, each branch has its agricultural experts to advise farmers and after every report given by landowners they have to visit the reported land to evaluate the level of damage also farmers can take full advantage from their consultations, for example, the right form of ploughing or plowing a field which is one of the basic instructions of field management that can dramatically reduce the level of damage especially in the fields with a slope of higher than 20 degrees. Kozaran branch is the only branch with a higher insurance fee than the amount of total paid compensation. These figures demonstrate that they could use their experts to keep the level of damage low.

The paid compensation amount and insurers’ received fee prediction in 2014–2015 farming year

Through analysis indicated in Fig.  6 , the trend of the production of each land (x-axis is the name of lands with the lowest damage) compared with the paid compensation amount (y, axis) in the 2014–2015 farming year is predicted. These 19 lands would be the most profitable lands among 7740 lands in the agricultural insurance fund in the region of Kermanshah which paid compensation amount to them is the lowest one, therefore their owners’ performance in controlling relevant risks is noticeable. From the marketing point of view and saving financial resources, finding lands with low damage level is essential because by investigating the reasons behind it, experts in the ministry of agriculture can encourage other farmers to follow those models and solutions to reduce the damage, consequently, the paid compensation amount would be decreased as well. Besides general risk management mechanisms such as adopting cropping techniques pest management systems, fertilization, irrigation that are considered in most of the land there are two extra common techniques among these 19 fields which are the owners not only used resistant variables (this is a crucial factor in farming because many farmers are using their product in each year as the next year seed which this can cause reduce the next year’s product more than 5 % in each year) but also they employed crop rotation strategy which can naturally build up soil fertility, crop yield, reduce soil erosion. Through BI customized queries drill down into the data cube entities finding differences and the reasons for managers in each branch is applicable. Being aware of the reasons behind each damage can solve or reduce it for upcoming farming years.

Profitable insured lands

Based on the principles of financial risk management, the agricultural insurance fund financial analysis process includes four steps: collecting financial data, providing financial balance sheets, providing financial ratios and creating financial measures based on the fund’s strategies (Agricultural insurance fund 2020 ). As you can see in Fig.  7 , by employing business intelligence various algorithms the mentioned four steps financial processes are achievable through designing an analytical database and an appropriate data cube. Based on the financial records in the sample dataset of 2013–2014, the financial variables in 2014–2015 are predicted. High dependence on the government’s resources, high damage in products, and absence of participation on the part of the private sector, heightens the importance of management, financial risk analysis, and extraction of meaningful trends out of transactional data of the fund. The government’s share in the 2014–2015 farming year would be increased by 4 % as compared to 2013–2014. Upon the occurrence of minor damage in 2013–2014 (indicated by 2014 in Fig.  6 ), the amount of paid compensation would be increased by 24 times as compared to the previous year which can cause obvious liquidity risk. Since the outsourcing of financial risk is not possible for agricultural insurance fund in such farming years (e.g., with a high level of damage), the compensation should be paid through consultation with the government, which often is accompanied by payment deferment, absence of appropriate approaches for similar risky events for the following years. Failing in predicting financial outcomes would cause serious financial risks furthermore high dependence of agricultural insurance fund on the government budget can make fund fails in meeting its obligations unless the decision-makers could have an insight of the upcoming outcomes based on their existing data sets which are feasible by employing business intelligence approaches.

Predicted financial measures for 2014–2015 by analyzing 2013–2014 financial records

4.2 A framework of BI in relationship with risk management

As a foundation for developing applications whereby business intelligence developers can define a specific platform to prepare a groundwork for a data-driven company, frameworks have an undeniable role to play. For the sake of having a comprehensive framework, every database must be taken into account through which analyzing them the developers can achieve beneficial outputs and results for the next layer; the first layer of the framework (Fig.  8 ) is dedicated to all potential databases that could give the feeds for the customized queries in the interface layer, for example, the rate of rainfall in a particular area has unquestionable impacts on dry farming. In the integration layer, all valid datasets are extracted; data cleaning and cleansing, which aims to pass only proper data to the target is one of the actions in the transform step; in the last step of ETL through loading all created data marts are gathered to feed the data warehouse; data warehouse (DW) as the data provider of the BI algorithms is conducted by loading data marts in the analysis layer. In the application layers, all outputs of implementing BI based on multidimensional online analytical processing architecture are available, such as online analytical processing (OLAP), data cube, data management, key performance indicators monitoring, business process management. In the interface layer, all elements of our BI arsenal can be seen, which early warning system is the most important one that quite stands out and leads the whole framework to the knowledge layer with regard to controlling uncertainties and risk management.

The framework of BI system in agricultural insurance

5 Discussion

The scope of this paper focused on the implication of business intelligence as a solution to illustrate its potential in risk management particularly for decision-makers in agricultural insurance. Through multidimensional online analytical processing architect, we carried out series of predictions in terms of financial measures (numerical variables) for 2014–2015 farming year by analyzing a limited sample of financial and operational records consists of insured lands were cultivated with wheat in 2013–2014 in Kermanshah region and its 5 branches.

As risk analysis attempts at assessing an underlying true risk with quantified uncertainty limits (Goerlandt and Reniers 2018 ); indeed business intelligence solutions can determine how likely specific outcomes are if some aspects of the system are not precisely known. The presented BI system predicted the government’s share in the 2014–2015 farming year would be increased by 4 % compared to 2013–2014. Our results showed that upon the occurrence of minor damage in 2013–2014 (Fig.  6 ) the amount of paid compensation increased by 24 times compared to the previous year which can cause obvious liquidity risk. The relationship between a financial enterprise liquidity risk and its performance has been also shown by the previous studies (Pac et al. 2018 ). This is a vital analysis of the risk perspective since the outsourcing of financial risk is not possible for agricultural insurance fund in farming years with a high level of damage therefore, compensation should be paid through consultation with the government, which often is accompanied by payment deferment as well as the absence of appropriate approaches for similar risky events for the following years. Failing in predicting financial outcomes would cause serious financial risks; furthermore, high dependence of agricultural insurance fund on the government budget can make fund fails in meeting its obligations; hence, an implication of the aforementioned prescriptive analytic would be to allow agricultural insurance to use collected data from OLTP, contracts, climate parameters, etc., to predict future possible outcomes by employing proposed MOLAP architecture along with the customized framework suggested by the current study.

Furthermore, improved decision excellence is the pivotal expected upside of implementing BI systems. Specifically, common decision making methods in the Iran agricultural insurance fund as for: command, consult, vote, consensus (i.e., talk until reaching an agreement) can be replaced by BI algorithms to help agricultural insurance to become an insights-driven organization even when there is a paucity of relevant data. Take for instance, predicting 19 lands that would be the most profitable lands among 7740 records in the agricultural insurance fund in the given region is a good example of defining future strategies because their owners’ performance in controlling relevant risks is noticeable; therefore, by investigating the reasons behind it, experts in the ministry of agriculture can encourage other farmers to follow those models and solutions to reduce the damage, consequently, the paid compensation amount would be decreased as well.

This study had some limitations that need to be mentioned. Since we used real data from the online transactional processing of the fund, we couldn’t show all the possible results. The granted permission for receiving sample dataset was only for the 2013–2014 farming year, whereas at least 15 years of data is collected in the fund servers which can lead to more accurate results and a wide range of problems in terms of fraud detection, human resource management, etc., can be covered and analyzed. Furthermore, because of the insured persons, personals, insurance appraisers’ private privacy data, our ability to show the results was another important limitation.

6 Conclusions

To handle financial risk management numerous companies are struggling with becoming data-driven businesses. A financial enterprise like agricultural insurance is one of these enterprises that face financial risks through business intelligence analysis. Considering the nature of agriculture as an industry with unique conditions we can witness uncertainty in its sections and experts in these fields are dealing with the most uncertain factors therefore, altering the obsolete strategies in terms of being a data-driven company for agricultural insurance fund has to be categorized as a high priority goal. A practical contribution of this research was to demonstrate the benefits of business intelligence solutions regarding financial uncertainties. We showed employing business intelligence can dramatically decrease imprecise estimations caused countless uncertainties in agricultural insurance. In this experimental case study, we strove to illustrate the BI approaches to indicate three levels of analytics (e.g., hindsight, insight, foresight) which can lead to risk management’s stages (e.g., detection, analysis, control). The results of the analytical model of BI revealed four possible predictions to tackle financial risks. We also proposed a framework of BI system in agricultural insurance with the main focus on financial and operational risk management through which minor modifications can be employed in various financial enterprises.

Agricultural insurancefund (2020) Agricultural Insurance Fund, History and Responsibilities. In:Agriculture Bank Web Page. http://www.sbkiran.ir/about/tasks

Ain N, Vaia G, Delone WH (2019) Two decades of research on business intelligence system adoption, utilization and success – a systematic literature review. Decis Support Syst 125(April):113113. https://doi.org/10.1016/j.dss.2019.113113

Article   Google Scholar  

Bandaly D, Shanker L, Şatır A (2018) Integrated financial and operational risk management of foreign exchange risk, input commodity price risk and demand uncertainty. IFAC-PapersOnLine 51(11):957–962. https://doi.org/10.1016/j.ifacol.2018.08.484

Caracota RC, Dimitriu M, Dinu MR (2010) Building a scoring model for small and medium enterprises. Theoret Appl Econ 17(9):117–128

Google Scholar  

Castell MRF, Dacuycuy LB (2009) Exploring the use of exchange market pressure and RMU deviation indicator for Early Warning System (EWS) in the ASEAN + 3 region. DLSU Bus Econ Rev 18(2):1–30

Chen CH (2017) Research on business intelligence with data mining applications. Int J Bus Econ Res 6(2):19. https://doi.org/10.11648/j.ijber.20170602.11

Chen YC, Chen SC, Huang MY, Tsai CL (2012) Application of six sigma DMAIC methodology to reduce financial risk: a study of credit card usage in Taiwan. Int J Manag 29:166–176

Cheng C, Zhong H, Cao L (2020) Facilitating speed of internationalization: the roles of business intelligence and organizational agility. J Bus Res 110(January):95–103. https://doi.org/10.1016/j.jbusres.2020.01.003

Ciampi F, Gordini N (2013) Small enterprise default prediction modeling through artificial neural networks: an empirical analysis of italian small enterprises. J Small Bus Manag 51(1):23–45

Ereth J, Eckerson W (2018) AI: The new BI. How algorithms are transforming business intelligence and analytics. Retrieved August, 1, 2019

Flores C (2009) Management of catastrophic risks considering the existence of early warning systems. Scand Actuar J 1:38–62

Article   MathSciNet   Google Scholar  

Ghadge A, Dani S, Kalawsky R (2012) Supply chain risk management: present and future scope. Int J Logist Manag 23(3):313–339

Ghosh P, Som S, Sen S (2018) Business intelligence development by analysing customer sentiment.2018 7th International Conference on Reliability, Infocom Technologies and Optimization: Trends and Future Directions, ICRITO 2018, 287–90. https://doi.org/10.1109/ICRITO.2018.8748517

Goerlandt F, Reniers G (2018) Prediction in a risk analysis context: implications for selecting a risk perspective in practical applications. Saf Sci 101 (October 2017):344–51. https://doi.org/10.1016/j.ssci.2017.09.007

Gurny P, Tichy T (2009) Estimation of future PD of financial institutions on the basis of scoring model. In: 12th International Conference on Finance & Banking: Structural & Regional Impacts of Financial Crises, 215–228

Han Y, Deng Y (2018) A hybrid intelligent model for assessment of critical success factors in high-risk emergency system. J Ambient Intell Humaniz Comput 9(6):1933–1953. https://doi.org/10.1007/s12652-018-0882-4

Holton C (2009) Identifying disgruntled employee systems fraud risk through text mining: a simple solution for a multi-billion dollar problem. Decis Support Syst 46(4):853–864

Howson C (2013)Successful business intelligence: unlock the value of BI & big data, 2nd edn. McGraw-Hill Osborne Media, New York. https://doi.org/10.1036/9780071809191

Jans M, Lybaert N, Vanhoof K (2010) Internal fraud risk reduction: results of a data mining case study. Int J Account Inf Syst 11(1):17–41

Keen PGW, Scott Morton MS (1978) Decision support systems: an organizational perspective. Addison-Wesley, Reading

Krstevska A (2012) Early warning systems: testing in practice. IUP J Financ Risk Manag 9(2):7–22

Lakemond N, Magnusson T, Johansson G et al (2013) Assessing interface challenges in product development projects. Res Technol Manag 56(1):40–48

Lin M, Ke X, Whinston AB (2012) Vertical differentiation and a comparison of online advertising models. J Manag Inf Syst 29(1):195–236

Liu X, Kane G, Bambroo M (2006) An intelligent early warning system for software quality improvement and project management.J Syst Softw 79(11):1552–64. https://doi.org/10.1016/j.jss.2006.01.024

Luhn HP (1958) A business intelligence system. IBM J Res Dev 2(4):314–319. https://doi.org/10.1147/rd.24.0314

McNellis J (2019) You’re likely investing a lot in marketing analytics, but are you getting the right insights? Gartner. https://blogs.gartner.com/jason-mcnellis/2019/11/05/youre-likely-investing-lot-marketing-analytics-getting-right-insights/

Merrick J, Parnell GS (2011) A comparative analysis of PRA and intelligent adversary methods for counterterrorism risk management. Risk Anal 31(9):1488–1510

Murayama S, Okuhara K, Shibata J, Ishii H (2011) Data mining for hazard elimination through text information in accident report. Asia Pac Manag Rev 16(1):65–81

Nash J (1950) Equilibrium points in N-person games. Proc Natl Acad Sci 36(1):48–49

Nateghi R, Guikema SD, Quiring SM (2011) Comparison and validation of statistical methods for predicting power outage durations in the event of hurricanes. Risk Anal 31(12):1897–1906

Olson DL (1996) Decision aids for selection problems. Springer, New York

Otim S, Dow KE, Grover V, Wong JA (2012) The impact of information technology investments on downside risk of the firm: alternative measurement of the business value of IT. J Manag Inf Syst 29(1):159–194

Pac R, Finan B, Pol M, Yi-kai, Chen (2018) Bank liquidity risk and performance 21(1). https://doi.org/10.1142/S0219091518500078

Poon M (2009) From new deal institutions to capital markets: commercial risk scores and the making of subprime mortgage finance. Acc Organ Soc 34(5):654–674

Shiri MM, Amini MT, Raftar MB (2012) Data mining techniques and predicting corporate financial distress. Interdiscip J Contemp Res Bus 3(12):61–68

Shojaei P, Haeri SAS (2019) Development of supply chain risk management approaches for construction projects: a grounded theory approach. Comput Ind Eng 128:837–850. https://doi.org/10.1016/j.cie.2018.11.045

Sprague RHJ, Carlson ED (1982) Building effective decision support systems. Prentice-Hall, Englewood Cliffs

Visinescu LL, Jones MC, Sidorova A (2017) Improving decision quality: the role of business intelligence. J Comput Inf Syst 57(1):58–66. https://doi.org/10.1080/08874417.2016.1181494

Wang Q, Hui F, Wang X, Ding Q (2018) Research on early warning and monitoring algorithm of financial crisis based on fuzzy cognitive map. Clust Comput 7. https://doi.org/10.1007/s10586-018-2219-7

Warenski L (2012) Relative uncertainty in term loan projection models: what lenders could tell risk managers. J Exp Theor Artif Intell 24(4):501–511

Williams AC, Heins RM (1989) Risk management and insurance. McGraw-Hill, New York

Wu D, Olson DL (2010) Enterprise risk management: coping with model risk in a large bank. J Oper Res Soc 61(2):179–190

Wu D, Dash S-H, Chen (2014) Business intelligence in risk management: some recent progresses. Inf Sci 256:1–7. https://doi.org/10.1016/j.ins.2013.10.008

Xie K, Liu J, Peng H, Chen G, Chen Y (2009) Early-warning management of inner logistics risk in SMEs based on label-card system. Prod Plan Control 20(4):306–319

Yazici M (2011) Combination of discriminant analysis and artificial neural network in the analysis of credit card customers. Eur J Financ Bank Res 4(4):1–10

Zhao L, Jiang Y (2009) A game theoretic optimization model between project risk set and measurement. Int J Inf Technol Decis Mak 8(4):769–786

Zhu X, Jin X, Jia D, Sun N, Wang P (2019) Application of data mining in an intelligent early warning system for rock bursts. Processes 7(2). https://doi.org/10.3390/pr7020055

Download references

Acknowledgements

Authors would thank the “Research and Development” department of the Agricultural insurance fund of Iran for the collaboration by giving access to financial and operational data.

Open access funding provided by Széchenyi István University (SZE).

Author information

Authors and affiliations.

Department of Information Technology, Szechenyi Istvan University, Gyor, Hungary

Mehran Amini

Department of Management, Kurdistan University, Sanandaj, Iran

Sara Salimi

Department of Management, Islamic Azad University, Sanandaj, Iran

Farid Yousefinejad

Department of Industrial Engineering, K. N. Toosi University of Technology, Tehran, Iran

Mohammad J. Tarokh

School of psychology, University of Nottingham, Nottingham, UK

Sayyed M. Haybatollahi

You can also search for this author in PubMed   Google Scholar

Corresponding author

Correspondence to Mehran Amini .

Additional information

Publisher’s note.

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/ .

Reprints and permissions

About this article

Amini, M., Salimi, S., Yousefinejad, F. et al. The implication of business intelligence in risk management: a case study in agricultural insurance. J. of Data, Inf. and Manag. 3 , 155–166 (2021). https://doi.org/10.1007/s42488-021-00050-6

Download citation

Received : 10 February 2020

Accepted : 11 May 2021

Published : 22 May 2021

Issue Date : June 2021

DOI : https://doi.org/10.1007/s42488-021-00050-6

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

• Business intelligence
• Risk management
• Risk analytics
• Agricultural insurance
• Find a journal
• Publish with us
• Track your research

• SUGGESTED TOPICS
• The Magazine
• Newsletters
• Managing Yourself
• Managing Teams
• Work-life Balance
• The Big Idea
• Data & Visuals
• Reading Lists
• Case Selections
• HBR Learning
• Topic Feeds
• Account Settings
• Email Preferences

The Case for AI Insurance

• Ram Shankar Siva Kumar
• Frank Nagle

Existing plans might not cover the risks posed by these new technologies.

When organizations place machine learning systems at the center of their businesses, they introduce the risk of failures that could lead to a data breach, brand damage, property damage, business interruption, and in some cases, bodily harm. Even when companies are empowered to address AI failure modes, it is important to recognize that it is harder to be the defender than the attacker since the former needs to guard against all possible scenarios, while the latter only needs to find a single weakness to exploit. Enter AI insurance. The authors believe that businesses can expect stringent requirements when AI insurance is introduced to limit the insurance provider’s liability with rates cooling off as the AI insurance market matures. They offer a guide on preparing for the introduction of these insurance plans.

Most major companies, including Google , Amazon , Microsoft , Uber , and Tesla , have had their artificial intelligence (AI) and machine learning (ML) systems tricked, evaded, or unintentionally misled. Yet despite these high profile failures, most organizations’ leaders are largely unaware of their own risk when creating and using AI and ML technologies. This is not entirely the fault of the businesses. Technical tools to limit and remediate damage have not been built as quickly as ML technology itself, existing cyber insurance generally doesn’t fully cover ML systems, and legal remedies (e.g., copyright, liability, and anti-hacking laws) may not cover such situations. An emerging solution is AI/ML-specific insurance. But who will need it and exactly what it will cover are still open questions.

• RK Ram Shankar Siva Kumar is a data cowboy in Azure Security Data Science at Microsoft. He currently leads two efforts at Microsoft: using Machine Learning to secure systems via Azure Sentinel, a cloud intrusion detection system; as well as securing Machine learning systems via the Trustworthy AI group. Ram is also an affiliate at the Berkman Klein Center at Harvard University, and Technical Advisory Board Member at University of Washington.
• FN Frank Nagle is an assistant professor at Harvard Business School where he studies and teaches topics at the intersection of technology and strategy. Previously, he worked in the cybersecurity field for nearly a decade.

Partner Center

• Account details
• Follow topics
• Saved articles
• Newsletters
• Help Centre
• Subscriber rewards

You are currently accessing Risk.net via your Enterprise account.

If you already have an account please use the link below to sign in .

If you have any problems with your access or would like to request an individual access account please contact our customer service team.

Phone: 1+44 (0)870 240 8859

Email: [email protected]

You are currently accessing Risk.net via your institutional login.

If you have any problems with your access, contact our customer services team.

Phone: +44 20 7316 9685

Journal of Operational Risk

1744-6740 (print)

1755-2710 (online)

Editor-in-chief: Marcelo Cruz

Impact Factor: 0.645

First Published: March 2006

Extreme value theory for operational risk in insurance: a case study

Michal vyskočil and jiří koudelka.

• Tweet  
• Facebook  
• LinkedIn  
• Save this article
• Send to  
• Print this page  

Need to know

• Standard formula may not always be conservative, prudent and sufficient
• Advanced model provides reasonable results in operational risk capital calculations
• Peak-over-threshold application under generalized extreme value distribution
• Capital requirement calculation is based on bootstrapping principle

This case study focuses on modeling the real, unique data set of 4245 operational risk claims of an anonymous Central and Eastern European insurance company from 2010 to 2018. We apply extreme value theory to build a more complex model, estimating losses from operational risk events using available historical claims. Low frequency, high-severity claims are identified using the extreme value theory peak-over-threshold method, and modeled via the generalized Pareto distribution, and compared with with Frechet, Weibull and Gumbel distributions. The compound lognormal distribution is used for high-frequency, low-severity claims. Using the bootstrapping principle, many one-year claims portfolio predictions are generated to calculate value-at-risk. The aim of this paper is to examine the sufficiency of the standard formula approach as defined in Solvency II in the case of a company with a specific risk profile. Based on the calculations for the real, unique data set we develop a new approach for estimating the solvency capital requirement for operational risk. Our findings show that the application of extreme value theory to internal data provides a more conservative capital requirement estimation than the standard formula calculation. Thus, the analyzed insurance company may be vulnerable to potential losses when the standard formula is applied.

Copyright Infopro Digital Limited. All rights reserved.

You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/

If you would like to purchase additional rights please email [email protected]

You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/

• About the editor
• Editorial board
• Call for papers
• Publish with us
• Reprints and permissions

Sorry, our subscription options are not loading right now

Please try again later. Get in touch with our customer services team if this issue persists.

New to Risk.net? View our subscription options

If you already have an account, please sign in here .

More papers in this issue

• Volume 16, Number 4 (December 2021)
• Thomas Kaiser

Browse journals

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Alternatively you can request an individual account here

Enterprise Risk Management Case Studies: Heroes and Zeros

By Andy Marker | April 7, 2021

• Share on Facebook
• Share on LinkedIn

Link copied

We’ve compiled more than 20 case studies of enterprise risk management programs that illustrate how companies can prevent significant losses yet take risks with more confidence.   

Included on this page, you’ll find case studies and examples by industry , case studies of major risk scenarios (and company responses), and examples of ERM successes and failures .

Enterprise Risk Management Examples and Case Studies

With enterprise risk management (ERM) , companies assess potential risks that could derail strategic objectives and implement measures to minimize or avoid those risks. You can analyze examples (or case studies) of enterprise risk management to better understand the concept and how to properly execute it.

The collection of examples and case studies on this page illustrates common risk management scenarios by industry, principle, and degree of success. For a basic overview of enterprise risk management, including major types of risks, how to develop policies, and how to identify key risk indicators (KRIs), read “ Enterprise Risk Management 101: Programs, Frameworks, and Advice from Experts .”

Enterprise Risk Management Framework Examples

An enterprise risk management framework is a system by which you assess and mitigate potential risks. The framework varies by industry, but most include roles and responsibilities, a methodology for risk identification, a risk appetite statement, risk prioritization, mitigation strategies, and monitoring and reporting.

To learn more about enterprise risk management and find examples of different frameworks, read our “ Ultimate Guide to Enterprise Risk Management .”

Enterprise Risk Management Examples and Case Studies by Industry

Though every firm faces unique risks, those in the same industry often share similar risks. By understanding industry-wide common risks, you can create and implement response plans that offer your firm a competitive advantage.

Enterprise Risk Management Example in Banking

Toronto-headquartered TD Bank organizes its risk management around two pillars: a risk management framework and risk appetite statement. The enterprise risk framework defines the risks the bank faces and lays out risk management practices to identify, assess, and control risk. The risk appetite statement outlines the bank’s willingness to take on risk to achieve its growth objectives. Both pillars are overseen by the risk committee of the company’s board of directors.  

Risk management frameworks were an important part of the International Organization for Standardization’s 31000 standard when it was first written in 2009 and have been updated since then. The standards provide universal guidelines for risk management programs.  

Risk management frameworks also resulted from the efforts of the Committee of Sponsoring Organizations of the Treadway Commission (COSO). The group was formed to fight corporate fraud and included risk management as a dimension. 

Once TD completes the ERM framework, the bank moves onto the risk appetite statement. 

The bank, which built a large U.S. presence through major acquisitions, determined that it will only take on risks that meet the following three criteria:

• The risk fits the company’s strategy, and TD can understand and manage those risks. 
• The risk does not render the bank vulnerable to significant loss from a single risk.
• The risk does not expose the company to potential harm to its brand and reputation. 

Some of the major risks the bank faces include strategic risk, credit risk, market risk, liquidity risk, operational risk, insurance risk, capital adequacy risk, regulator risk, and reputation risk. Managers detail these categories in a risk inventory. 

The risk framework and appetite statement, which are tracked on a dashboard against metrics such as capital adequacy and credit risk, are reviewed annually. 

TD uses a three lines of defense (3LOD) strategy, an approach widely favored by ERM experts, to guard against risk. The three lines are as follows:

• A business unit and corporate policies that create controls, as well as manage and monitor risk
• Standards and governance that provide oversight and review of risks and compliance with the risk appetite and framework 
• Internal audits that provide independent checks and verification that risk-management procedures are effective

Enterprise Risk Management Example in Pharmaceuticals

Drug companies’ risks include threats around product quality and safety, regulatory action, and consumer trust. To avoid these risks, ERM experts emphasize the importance of making sure that strategic goals do not conflict. 

For Britain’s GlaxoSmithKline, such a conflict led to a breakdown in risk management, among other issues. In the early 2000s, the company was striving to increase sales and profitability while also ensuring safe and effective medicines. One risk the company faced was a failure to meet current good manufacturing practices (CGMP) at its plant in Cidra, Puerto Rico. 

CGMP includes implementing oversight and controls of manufacturing, as well as managing the risk and confirming the safety of raw materials and finished drug products. Noncompliance with CGMP can result in escalating consequences, ranging from warnings to recalls to criminal prosecution. 

GSK’s unit pleaded guilty and paid $750 million in 2010 to resolve U.S. charges related to drugs made at the Cidra plant, which the company later closed. A fired GSK quality manager alerted regulators and filed a whistleblower lawsuit in 2004. In announcing the consent decree, the U.S. Department of Justice said the plant had a history of bacterial contamination and multiple drugs created there in the early 2000s violated safety standards.

According to the whistleblower, GSK’s ERM process failed in several respects to act on signs of non-compliance with CGMP. The company received warning letters from the U.S. Food and Drug Administration in 2001 about the plant’s practices, but did not resolve the issues. 

Additionally, the company didn’t act on the quality manager’s compliance report, which advised GSK to close the plant for two weeks to fix the problems and notify the FDA. According to court filings, plant staff merely skimmed rejected products and sold them on the black market. They also scraped by hand the inside of an antibiotic tank to get more product and, in so doing, introduced bacteria into the product.

Enterprise Risk Management Example in Consumer Packaged Goods

Mars Inc., an international candy and food company, developed an ERM process. The company piloted and deployed the initiative through workshops with geographic, product, and functional teams from 2003 to 2012. 

Driven by a desire to frame risk as an opportunity and to work within the company’s decentralized structure, Mars created a process that asked participants to identify potential risks and vote on which had the highest probability. The teams listed risk mitigation steps, then ranked and color-coded them according to probability of success. 

Larry Warner, a Mars risk officer at the time, illustrated this process in a case study . An initiative to increase direct-to-consumer shipments by 12 percent was colored green, indicating a 75 percent or greater probability of achievement. The initiative to bring a new plant online by the end of Q3 was coded red, meaning less than a 50 percent probability of success. 

The company’s results were hurt by a surprise at an operating unit that resulted from a so-coded red risk identified in a unit workshop. Executives had agreed that some red risk profile was to be expected, but they decided that when a unit encountered a red issue, it must be communicated upward when first identified. This became a rule. 

This process led to the creation of an ERM dashboard that listed initiatives in priority order, with the profile of each risk faced in the quarter, the risk profile trend, and a comment column for a year-end view. 

According to Warner, the key factors of success for ERM at Mars are as follows:

• The initiative focused on achieving operational and strategic objectives rather than compliance, which refers to adhering to established rules and regulations.
• The program evolved, often based on requests from business units, and incorporated continuous improvement. 
• The ERM team did not overpromise. It set realistic objectives.
• The ERM team periodically surveyed business units, management teams, and board advisers.

Enterprise Risk Management Example in Retail

Walmart is the world’s biggest retailer. As such, the company understands that its risk makeup is complex, given the geographic spread of its operations and its large number of stores, vast supply chain, and high profile as an employer and buyer of goods. 

In the 1990s, the company sought a simplified strategy for assessing risk and created an enterprise risk management plan with five steps founded on these four questions:

• What are the risks?
• What are we going to do about them?
• How will we know if we are raising or decreasing risk?
• How will we show shareholder value?

The process follows these five steps:

• Risk Identification: Senior Walmart leaders meet in workshops to identify risks, which are then plotted on a graph of probability vs. impact. Doing so helps to prioritize the biggest risks. The executives then look at seven risk categories (both internal and external): legal/regulatory, political, business environment, strategic, operational, financial, and integrity. Many ERM pros use risk registers to evaluate and determine the priority of risks. You can download templates that help correlate risk probability and potential impact in “ Free Risk Register Templates .”
• Risk Mitigation: Teams that include operational staff in the relevant area meet. They use existing inventory procedures to address the risks and determine if the procedures are effective.
• Action Planning: A project team identifies and implements next steps over the several months to follow.
• Performance Metrics: The group develops metrics to measure the impact of the changes. They also look at trends of actual performance compared to goal over time.
• Return on Investment and Shareholder Value: In this step, the group assesses the changes’ impact on sales and expenses to determine if the moves improved shareholder value and ROI.

To develop your own risk management planning, you can download a customizable template in “ Risk Management Plan Templates .”

Enterprise Risk Management Example in Agriculture

United Grain Growers (UGG), a Canadian grain distributor that now is part of Glencore Ltd., was hailed as an ERM innovator and became the subject of business school case studies for its enterprise risk management program. This initiative addressed the risks associated with weather for its business. Crop volume drove UGG’s revenue and profits. 

In the late 1990s, UGG identified its major unaddressed risks. Using almost a century of data, risk analysts found that extreme weather events occurred 10 times as frequently as previously believed. The company worked with its insurance broker and the Swiss Re Group on a solution that added grain-volume risk (resulting from weather fluctuations) to its other insured risks, such as property and liability, in an integrated program. 

The result was insurance that protected grain-handling earnings, which comprised half of UGG’s gross profits. The greater financial stability significantly enhanced the firm’s ability to achieve its strategic objectives. 

Since then, the number and types of instruments to manage weather-related risks has multiplied rapidly. For example, over-the-counter derivatives, such as futures and options, began trading in 1997. The Chicago Mercantile Exchange now offers weather futures contracts on 12 U.S. and international cities. 

Weather derivatives are linked to climate factors such as rainfall or temperature, and they hedge different kinds of risks than do insurance. These risks are much more common (e.g., a cooler-than-normal summer) than the earthquakes and floods that insurance typically covers. And the holders of derivatives do not have to incur any damage to collect on them.

These weather-linked instruments have found a wider audience than anticipated, including retailers that worry about freak storms decimating Christmas sales, amusement park operators fearing rainy summers will keep crowds away, and energy companies needing to hedge demand for heating and cooling.

This area of ERM continues to evolve because weather and crop insurance are not enough to address all the risks that agriculture faces. Arbol, Inc. estimates that more than $1 trillion of agricultural risk is uninsured. As such, it is launching a blockchain-based platform that offers contracts (customized by location and risk parameters) with payouts based on weather data. These contracts can cover risks associated with niche crops and small growing areas.

Enterprise Risk Management Example in Insurance

Switzerland’s Zurich Insurance Group understands that risk is inherent for insurers and seeks to practice disciplined risk-taking, within a predetermined risk tolerance. 

The global insurer’s enterprise risk management framework aims to protect capital, liquidity, earnings, and reputation. Governance serves as the basis for risk management, and the framework lays out responsibilities for taking, managing, monitoring, and reporting risks. 

The company uses a proprietary process called Total Risk Profiling (TRP) to monitor internal and external risks to its strategy and financial plan. TRP assesses risk on the basis of severity and probability, and helps define and implement mitigating moves. 

Zurich’s risk appetite sets parameters for its tolerance within the goal of maintaining enough capital to achieve an AA rating from rating agencies. For this, the company uses its own Zurich economic capital model, referred to as Z-ECM. The model quantifies risk tolerance with a metric that assesses risk profile vs. risk tolerance. 

To maintain the AA rating, the company aims to hold capital between 100 and 120 percent of capital at risk. Above 140 percent is considered overcapitalized (therefore at risk of throttling growth), and under 90 percent is below risk tolerance (meaning the risk is too high). On either side of 100 to 120 percent (90 to 100 percent and 120 to 140 percent), the insurer considers taking mitigating action. 

Zurich’s assessment of risk and the nature of those risks play a major role in determining how much capital regulators require the business to hold. A popular tool to assess risk is the risk matrix, and you can find a variety of templates in “ Free, Customizable Risk Matrix Templates .”

In 2020, Zurich found that its biggest exposures were market risk, such as falling asset valuations and interest-rate risk; insurance risk, such as big payouts for covered customer losses, which it hedges through diversification and reinsurance; credit risk in assets it holds and receivables; and operational risks, such as internal process failures and external fraud.

Enterprise Risk Management Example in Technology

Financial software maker Intuit has strengthened its enterprise risk management through evolution, according to a case study by former Chief Risk Officer Janet Nasburg. 

The program is founded on the following five core principles:

• Use a common risk framework across the enterprise.
• Assess risks on an ongoing basis.
• Focus on the most important risks.
• Clearly define accountability for risk management.
• Commit to continuous improvement of performance measurement and monitoring. 

ERM programs grow according to a maturity model, and as capability rises, the shareholder value from risk management becomes more visible and important. 

The maturity phases include the following:

• Ad hoc risk management addresses a specific problem when it arises.
• Targeted or initial risk management approaches risks with multiple understandings of what constitutes risk and management occurs in silos. 
• Integrated or repeatable risk management puts in place an organization-wide framework for risk assessment and response. 
• Intelligent or managed risk management coordinates risk management across the business, using common tools. 
• Risk leadership incorporates risk management into strategic decision-making. 

Intuit emphasizes using key risk indicators (KRIs) to understand risks, along with key performance indicators (KPIs) to gauge the effectiveness of risk management. 

Early in its ERM journey, Intuit measured performance on risk management process participation and risk assessment impact. For participation, the targeted rate was 80 percent of executive management and business-line leaders. This helped benchmark risk awareness and current risk management, at a time when ERM at the company was not mature.

Conduct an annual risk assessment at corporate and business-line levels to plot risks, so the most likely and most impactful risks are graphed in the upper-right quadrant. Doing so focuses attention on these risks and helps business leaders understand the risk’s impact on performance toward strategic objectives. 

In the company’s second phase of ERM, Intuit turned its attention to building risk management capacity and sought to ensure that risk management activities addressed the most important risks. The company evaluated performance using color-coded status symbols (red, yellow, green) to indicate risk trend and progress on risk mitigation measures.

In its third phase, Intuit moved to actively monitoring the most important risks and ensuring that leaders modified their strategies to manage risks and take advantage of opportunities. An executive dashboard uses KRIs, KPIs, an overall risk rating, and red-yellow-green coding. The board of directors regularly reviews this dashboard.

Over this evolution, the company has moved from narrow, tactical risk management to holistic, strategic, and long-term ERM.

Enterprise Risk Management Case Studies by Principle

ERM veterans agree that in addition to KPIs and KRIs, other principles are equally important to follow. Below, you’ll find examples of enterprise risk management programs by principles.

ERM Principle #1: Make Sure Your Program Aligns with Your Values

Raytheon Case Study U.S. defense contractor Raytheon states that its highest priority is delivering on its commitment to provide ethical business practices and abide by anti-corruption laws.

Raytheon backs up this statement through its ERM program. Among other measures, the company performs an annual risk assessment for each function, including the anti-corruption group under the Chief Ethics and Compliance Officer. In addition, Raytheon asks 70 of its sites to perform an anti-corruption self-assessment each year to identify gaps and risks. From there, a compliance team tracks improvement actions. 

Every quarter, the company surveys 600 staff members who may face higher anti-corruption risks, such as the potential for bribes. The survey asks them to report any potential issues in the past quarter.

Also on a quarterly basis, the finance and internal controls teams review higher-risk profile payments, such as donations and gratuities to confirm accuracy and compliance. Oversight and compliance teams add other checks, and they update a risk-based audit plan continuously.

ERM Principle #2: Embrace Diversity to Reduce Risk

State Street Global Advisors Case Study In 2016, the asset management firm State Street Global Advisors introduced measures to increase gender diversity in its leadership as a way of reducing portfolio risk, among other goals. 

The company relied on research that showed that companies with more women senior managers had a better return on equity, reduced volatility, and fewer governance problems such as corruption and fraud. 

Among the initiatives was a campaign to influence companies where State Street had invested, in order to increase female membership on their boards. State Street also developed an investment product that tracks the performance of companies with the highest level of senior female leadership relative to peers in their sector. 

In 2020, the company announced some of the results of its effort. Among the 1,384 companies targeted by the firm, 681 added at least one female director.

ERM Principle #3: Do Not Overlook Resource Risks

Infosys Case Study India-based technology consulting company Infosys, which employees more than 240,000 people, has long recognized the risk of water shortages to its operations. 

India’s rapidly growing population and development has increased the risk of water scarcity. A 2020 report by the World Wide Fund for Nature said 30 cities in India faced the risk of severe water scarcity over the next three decades. 

Infosys has dozens of facilities in India and considers water to be a significant short-term risk. At its campuses, the company uses the water for cooking, drinking, cleaning, restrooms, landscaping, and cooling. Water shortages could halt Infosys operations and prevent it from completing customer projects and reaching its performance objectives. 

In an enterprise risk assessment example, Infosys’ ERM team conducts corporate water-risk assessments while sustainability teams produce detailed water-risk assessments for individual locations, according to a report by the World Business Council for Sustainable Development .

The company uses the COSO ERM framework to respond to the risks and decide whether to accept, avoid, reduce, or share these risks. The company uses root-cause analysis (which focuses on identifying underlying causes rather than symptoms) and the site assessments to plan steps to reduce risks. 

Infosys has implemented various water conservation measures, such as water-efficient fixtures and water recycling, rainwater collection and use, recharging aquifers, underground reservoirs to hold five days of water supply at locations, and smart-meter usage monitoring. Infosys’ ERM team tracks metrics for per-capita water consumption, along with rainfall data, availability and cost of water by tanker trucks, and water usage from external suppliers. 

In the 2020 fiscal year, the company reported a nearly 64 percent drop in per-capita water consumption by its workforce from the 2008 fiscal year. 

The business advantages of this risk management include an ability to open locations where water shortages may preclude competitors, and being able to maintain operations during water scarcity, protecting profitability.

ERM Principle #4: Fight Silos for Stronger Enterprise Risk Management

U.S. Government Case Study The terrorist attacks of September 11, 2001, revealed that the U.S. government’s then-current approach to managing intelligence was not adequate to address the threats — and, by extension, so was the government’s risk management procedure. Since the Cold War, sensitive information had been managed on a “need to know” basis that resulted in data silos. 

In the case of 9/11, this meant that different parts of the government knew some relevant intelligence that could have helped prevent the attacks. But no one had the opportunity to put the information together and see the whole picture. A congressional commission determined there were 10 lost operational opportunities to derail the plot. Silos existed between law enforcement and intelligence, as well as between and within agencies. 

After the attacks, the government moved toward greater information sharing and collaboration. Based on a task force’s recommendations, data moved from a centralized network to a distributed model, and social networking tools now allow colleagues throughout the government to connect. Staff began working across agency lines more often.

Enterprise Risk Management Examples by Scenario

While some scenarios are too unlikely to receive high-priority status, low-probability risks are still worth running through the ERM process. Robust risk management creates a culture and response capacity that better positions a company to deal with a crisis.

In the following enterprise risk examples, you will find scenarios and details of how organizations manage the risks they face.

Scenario: ERM and the Global Pandemic While most businesses do not have the resources to do in-depth ERM planning for the rare occurrence of a global pandemic, companies with a risk-aware culture will be at an advantage if a pandemic does hit. 

These businesses already have processes in place to escalate trouble signs for immediate attention and an ERM team or leader monitoring the threat environment. A strong ERM function gives clear and effective guidance that helps the company respond.

A report by Vodafone found that companies identified as “future ready” fared better in the COVID-19 pandemic. The attributes of future-ready businesses have a lot in common with those of companies that excel at ERM. These include viewing change as an opportunity; having detailed business strategies that are documented, funded, and measured; working to understand the forces that shape their environments; having roadmaps in place for technological transformation; and being able to react more quickly than competitors. 

Only about 20 percent of companies in the Vodafone study met the definition of “future ready.” But 54 percent of these firms had a fully developed and tested business continuity plan, compared to 30 percent of all businesses. And 82 percent felt their continuity plans worked well during the COVID-19 crisis. Nearly 50 percent of all businesses reported decreased profits, while 30 percent of future-ready organizations saw profits rise. 

Scenario: ERM and the Economic Crisis  The 2008 economic crisis in the United States resulted from the domino effect of rising interest rates, a collapse in housing prices, and a dramatic increase in foreclosures among mortgage borrowers with poor creditworthiness. This led to bank failures, a credit crunch, and layoffs, and the U.S. government had to rescue banks and other financial institutions to stabilize the financial system.

Some commentators said these events revealed the shortcomings of ERM because it did not prevent the banks’ mistakes or collapse. But Sim Segal, an ERM consultant and director of Columbia University’s ERM master’s degree program, analyzed how banks performed on 10 key ERM criteria. 

Segal says a risk-management program that incorporates all 10 criteria has these characteristics: 

• Risk management has an enterprise-wide scope.
• The program includes all risk categories: financial, operational, and strategic. 
• The focus is on the most important risks, not all possible risks. 
• Risk management is integrated across risk types.
• Aggregated metrics show risk exposure and appetite across the enterprise.
• Risk management incorporates decision-making, not just reporting.
• The effort balances risk and return management.
• There is a process for disclosure of risk.
• The program measures risk in terms of potential impact on company value.
• The focus of risk management is on the primary stakeholder, such as shareholders, rather than regulators or rating agencies.

In his book Corporate Value of Enterprise Risk Management , Segal concluded that most banks did not actually use ERM practices, which contributed to the financial crisis. He scored banks as failing on nine of the 10 criteria, only giving them a passing grade for focusing on the most important risks. 

Scenario: ERM and Technology Risk  The story of retailer Target’s failed expansion to Canada, where it shut down 133 loss-making stores in 2015, has been well documented. But one dimension that analysts have sometimes overlooked was Target’s handling of technology risk. 

A case study by Canadian Business magazine traced some of the biggest issues to software and data-quality problems that dramatically undermined the Canadian launch. 

As with other forms of ERM, technology risk management requires companies to ask what could go wrong, what the consequences would be, how they might prevent the risks, and how they should deal with the consequences. 

But with its technology plan for Canada, Target did not heed risk warning signs. 

In the United States, Target had custom systems for ordering products from vendors, processing items at warehouses, and distributing merchandise to stores quickly. But that software would need customization to work with the Canadian dollar, metric system, and French-language characters. 

Target decided to go with new ERP software on an aggressive two-year timeline. As Target began ordering products for the Canadian stores in 2012, problems arose. Some items did not fit into shipping containers or on store shelves, and information needed for customs agents to clear imported items was not correct in Target's system. 

Target found that its supply chain software data was full of errors. Product dimensions were in inches, not centimeters; height and width measurements were mixed up. An internal investigation showed that only about 30 percent of the data was accurate. 

In an attempt to fix these errors, Target merchandisers spent a week double-checking with vendors up to 80 data points for each of the retailer’s 75,000 products. They discovered that the dummy data entered into the software during setup had not been altered. To make any corrections, employees had to send the new information to an office in India where staff would enter it into the system. 

As the launch approached, the technology errors left the company vulnerable to stockouts, few people understood how the system worked, and the point-of-sale checkout system did not function correctly. Soon after stores opened in 2013, consumers began complaining about empty shelves. Meanwhile, Target Canada distribution centers overflowed due to excess ordering based on poor data fed into forecasting software. 

The rushed launch compounded problems because it did not allow the company enough time to find solutions or alternative technology. While the retailer fixed some issues by the end of 2014, it was too late. Target Canada filed for bankruptcy protection in early 2015. 

Scenario: ERM and Cybersecurity System hacks and data theft are major worries for companies. But as a relatively new field, cyber-risk management faces unique hurdles.

For example, risk managers and information security officers have difficulty quantifying the likelihood and business impact of a cybersecurity attack. The rise of cloud-based software exposes companies to third-party risks that make these projections even more difficult to calculate. 

As the field evolves, risk managers say it’s important for IT security officers to look beyond technical issues, such as the need to patch a vulnerability, and instead look more broadly at business impacts to make a cost benefit analysis of risk mitigation. Frameworks such as the Risk Management Framework for Information Systems and Organizations by the National Institute of Standards and Technology can help.  

Health insurer Aetna considers cybersecurity threats as a part of operational risk within its ERM framework and calculates a daily risk score, adjusted with changes in the cyberthreat landscape. 

Aetna studies threats from external actors by working through information sharing and analysis centers for the financial services and health industries. Aetna staff reverse-engineers malware to determine controls. The company says this type of activity helps ensure the resiliency of its business processes and greatly improves its ability to help protect member information.

For internal threats, Aetna uses models that compare current user behavior to past behavior and identify anomalies. (The company says it was the first organization to do this at scale across the enterprise.) Aetna gives staff permissions to networks and data based on what they need to perform their job. This segmentation restricts access to raw data and strengthens governance. 

Another risk initiative scans outgoing employee emails for code patterns, such as credit card or Social Security numbers. The system flags the email, and a security officer assesses it before the email is released.

Examples of Poor Enterprise Risk Management

Case studies of failed enterprise risk management often highlight mistakes that managers could and should have spotted — and corrected — before a full-blown crisis erupted. The focus of these examples is often on determining why that did not happen. 

ERM Case Study: General Motors

In 2014, General Motors recalled the first of what would become 29 million cars due to faulty ignition switches and paid compensation for 124 related deaths. GM knew of the problem for at least 10 years but did not act, the automaker later acknowledged. The company entered a deferred prosecution agreement and paid a $900 million penalty. 

Pointing to the length of time the company failed to disclose the safety problem, ERM specialists say it shows the problem did not reside with a single department. “Rather, it reflects a failure to properly manage risk,” wrote Steve Minsky, a writer on ERM and CEO of an ERM software company, in Risk Management magazine. 

“ERM is designed to keep all parties across the organization, from the front lines to the board to regulators, apprised of these kinds of problems as they become evident. Unfortunately, GM failed to implement such a program, ultimately leading to a tragic and costly scandal,” Minsky said.

Also in the auto sector, an enterprise risk management case study of Toyota looked at its problems with unintended acceleration of vehicles from 2002 to 2009. Several studies, including a case study by Carnegie Mellon University Professor Phil Koopman , blamed poor software design and company culture. A whistleblower later revealed a coverup by Toyota. The company paid more than $2.5 billion in fines and settlements.

ERM Case Study: Lululemon

In 2013, following customer complaints that its black yoga pants were too sheer, the athletic apparel maker recalled 17 percent of its inventory at a cost of $67 million. The company had previously identified risks related to fabric supply and quality. The CEO said the issue was inadequate testing. 

Analysts raised concerns about the company’s controls, including oversight of factories and product quality. A case study by Stanford University professors noted that Lululemon’s episode illustrated a common disconnect between identifying risks and being prepared to manage them when they materialize. Lululemon’s reporting and analysis of risks was also inadequate, especially as related to social media. In addition, the case study highlighted the need for a system to escalate risk-related issues to the board. 

ERM Case Study: Kodak 

Once an iconic brand, the photo film company failed for decades to act on the threat that digital photography posed to its business and eventually filed for bankruptcy in 2012. The company’s own research in 1981 found that digital photos could ultimately replace Kodak’s film technology and estimated it had 10 years to prepare. 

Unfortunately, Kodak did not prepare and stayed locked into the film paradigm. The board reinforced this course when in 1989 it chose as CEO a candidate who came from the film business over an executive interested in digital technology. 

Had the company acknowledged the risks and employed ERM strategies, it might have pursued a variety of strategies to remain successful. The company’s rival, Fuji Film, took the money it made from film and invested in new initiatives, some of which paid off. Kodak, on the other hand, kept investing in the old core business.

Case Studies of Successful Enterprise Risk Management

Successful enterprise risk management usually requires strong performance in multiple dimensions, and is therefore more likely to occur in organizations where ERM has matured. The following examples of enterprise risk management can be considered success stories. 

ERM Case Study: Statoil 

A major global oil producer, Statoil of Norway stands out for the way it practices ERM by looking at both downside risk and upside potential. Taking risks is vital in a business that depends on finding new oil reserves. 

According to a case study, the company developed its own framework founded on two basic goals: creating value and avoiding accidents.

The company aims to understand risks thoroughly, and unlike many ERM programs, Statoil maps risks on both the downside and upside. It graphs risk on probability vs. impact on pre-tax earnings, and it examines each risk from both positive and negative perspectives. 

For example, the case study cites a risk that the company assessed as having a 5 percent probability of a somewhat better-than-expected outcome but a 10 percent probability of a significant loss relative to forecast. In this case, the downside risk was greater than the upside potential.

ERM Case Study: Lego 

The Danish toy maker’s ERM evolved over the following four phases, according to a case study by one of the chief architects of its program:

• Traditional management of financial, operational, and other risks. Strategic risk management joined the ERM program in 2006. 
• The company added Monte Carlo simulations in 2008 to model financial performance volatility so that budgeting and financial processes could incorporate risk management. The technique is used in budget simulations, to assess risk in its credit portfolio, and to consolidate risk exposure. 
• Active risk and opportunity planning is part of making a business case for new projects before final decisions.
• The company prepares for uncertainty so that long-term strategies remain relevant and resilient under different scenarios. 

As part of its scenario modeling, Lego developed its PAPA (park, adapt, prepare, act) model. 

• Park: The company parks risks that occur slowly and have a low probability of happening, meaning it does not forget nor actively deal with them.
• Adapt: This response is for risks that evolve slowly and are certain or highly probable to occur. For example, a risk in this category is the changing nature of play and the evolution of buying power in different parts of the world. In this phase, the company adjusts, monitors the trend, and follows developments.
• Prepare: This category includes risks that have a low probability of occurring — but when they do, they emerge rapidly. These risks go into the ERM risk database with contingency plans, early warning indicators, and mitigation measures in place.
• Act: These are high-probability, fast-moving risks that must be acted upon to maintain strategy. For example, developments around connectivity, mobile devices, and online activity are in this category because of the rapid pace of change and the influence on the way children play. 

Lego views risk management as a way to better equip itself to take risks than its competitors. In the case study, the writer likens this approach to the need for the fastest race cars to have the best brakes and steering to achieve top speeds.

ERM Case Study: University of California 

The University of California, one of the biggest U.S. public university systems, introduced a new view of risk to its workforce when it implemented enterprise risk management in 2005. Previously, the function was merely seen as a compliance requirement.

ERM became a way to support the university’s mission of education and research, drawing on collaboration of the system’s employees across departments. “Our philosophy is, ‘Everyone is a risk manager,’” Erike Young, deputy director of ERM told Treasury and Risk magazine. “Anyone who’s in a management position technically manages some type of risk.”

The university faces a diverse set of risks, including cybersecurity, hospital liability, reduced government financial support, and earthquakes.  

The ERM department had to overhaul systems to create a unified view of risk because its information and processes were not linked. Software enabled both an organizational picture of risk and highly detailed drilldowns on individual risks. Risk managers also developed tools for risk assessment, risk ranking, and risk modeling. 

Better risk management has provided more than $100 million in annual cost savings and nearly $500 million in cost avoidance, according to UC officials. 

UC drives ERM with risk management departments at each of its 10 locations and leverages university subject matter experts to form multidisciplinary workgroups that develop process improvements.

APQC, a standards quality organization, recognized UC as a top global ERM practice organization, and the university system has won other awards. The university says in 2010 it was the first nonfinancial organization to win credit-rating agency recognition of its ERM program.

Examples of How Technology Is Transforming Enterprise Risk Management

Business intelligence software has propelled major progress in enterprise risk management because the technology enables risk managers to bring their information together, analyze it, and forecast how risk scenarios would impact their business.

ERM organizations are using computing and data-handling advancements such as blockchain for new innovations in strengthening risk management. Following are case studies of a few examples.

ERM Case Study: Bank of New York Mellon 

In 2021, the bank joined with Google Cloud to use machine learning and artificial intelligence to predict and reduce the risk that transactions in the $22 trillion U.S. Treasury market will fail to settle. Settlement failure means a buyer and seller do not exchange cash and securities by the close of business on the scheduled date. 

The party that fails to settle is assessed a daily financial penalty, and a high level of settlement failures can indicate market liquidity problems and rising risk. BNY says that, on average, about 2 percent of transactions fail to settle.

The bank trained models with millions of trades to consider every factor that could result in settlement failure. The service uses market-wide intraday trading metrics, trading velocity, scarcity indicators, volume, the number of trades settled per hour, seasonality, issuance patterns, and other signals. 

The bank said it predicts about 40 percent of settlement failures with 90 percent accuracy. But it also cautioned against overconfidence in the technology as the model continues to improve. 

AI-driven forecasting reduces risk for BNY clients in the Treasury market and saves costs. For example, a predictive view of settlement risks helps bond dealers more accurately manage their liquidity buffers, avoid penalties, optimize their funding sources, and offset the risks of failed settlements. In the long run, such forecasting tools could improve the health of the financial market. 

ERM Case Study: PwC

Consulting company PwC has leveraged a vast information storehouse known as a data lake to help its customers manage risk from suppliers.

A data lake stores both structured or unstructured information, meaning data in highly organized, standardized formats as well as unstandardized data. This means that everything from raw audio to credit card numbers can live in a data lake. 

Using techniques pioneered in national security, PwC built a risk data lake that integrates information from client companies, public databases, user devices, and industry sources. Algorithms find patterns that can signify unidentified risks.

One of PwC’s first uses of this data lake was a program to help companies uncover risks from their vendors and suppliers. Companies can violate laws, harm their reputations, suffer fraud, and risk their proprietary information by doing business with the wrong vendor. 

Today’s complex global supply chains mean companies may be several degrees removed from the source of this risk, which makes it hard to spot and mitigate. For example, a product made with outlawed child labor could be traded through several intermediaries before it reaches a retailer. 

PwC’s service helps companies recognize risk beyond their primary vendors and continue to monitor that risk over time as more information enters the data lake.

ERM Case Study: Financial Services

As analytics have become a pillar of forecasting and risk management for banks and other financial institutions, a new risk has emerged: model risk . This refers to the risk that machine-learning models will lead users to an unreliable understanding of risk or have unintended consequences.

For example, a 6 percent drop in the value of the British pound over the course of a few minutes in 2016 stemmed from currency trading algorithms that spiralled into a negative loop. A Twitter-reading program began an automated selling of the pound after comments by a French official, and other selling algorithms kicked in once the currency dropped below a certain level.

U.S. banking regulators are so concerned about model risk that the Federal Reserve set up a model validation council in 2012 to assess the models that banks use in running risk simulations for capital adequacy requirements. Regulators in Europe and elsewhere also require model validation.

A form of managing risk from a risk-management tool, model validation is an effort to reduce risk from machine learning. The technology-driven rise in modeling capacity has caused such models to proliferate, and banks can use hundreds of models to assess different risks. 

Model risk management can reduce rising costs for modeling by an estimated 20 to 30 percent by building a validation workflow, prioritizing models that are most important to business decisions, and implementing automation for testing and other tasks, according to McKinsey.

Streamline Your Enterprise Risk Management Efforts with Real-Time Work Management in Smartsheet

Empower your people to go above and beyond with a flexible platform designed to match the needs of your team — and adapt as those needs change. 

The Smartsheet platform makes it easy to plan, capture, manage, and report on work from anywhere, helping your team be more effective and get more done. Report on key metrics and get real-time visibility into work as it happens with roll-up reports, dashboards, and automated workflows built to keep your team connected and informed. 

When teams have clarity into the work getting done, there’s no telling how much more they can accomplish in the same amount of time.  Try Smartsheet for free, today.

Discover why over 90% of Fortune 100 companies trust Smartsheet to get work done.

• Industry Solutions
• All Industries
• Symphony Energy
• Symphony Health
• Symphony Consulting
• Symphony Grow
• Symphony Wealth
• Symphony Build
• Symphony Aerospace
• Symphony Stage
• Symphony REACT
• Symphony Search
• Symphony Transact
• Symphony Commerce
• Symphony Faith
• Industry Case Studies
• Compositions

Risk Management Case Studies

As experts in our craft and close partners with our clients, we have helped numerous companies and individuals change tempo and smoothly transition to their next movement.

Meeting the Contractual Requirements of a $6 Billion Renewable Energy Transmission Line Project

Punitive Damages Alternative

Private Airline Pilots Union Seeks a Responsive Broker to Organize Policies

Affluent Couple Has Broker Asleep at the Wheel

Client Seeks to Improve Coverage, Gets More Than Just Insurance

Property Owner Denied Coverage for Loss

Security Staffing Company with High Frequency of Seasonal Employee Claims

Client with Multiple Agents Saves Premium with One Broker

Movie Theater Circuit Seeks Advocate to Protect Their Bottom Line

Multifamily Operator Seeks Benefits of Having Suitable Insurance Products

Let symphony risk help you perform more remarkably..

Symphony Risk is the next-generation, full-service insurance brokerage, risk management advisory, and employee benefits consulting advisory for the risk and human capital needs of middle market and lower Fortune 500 businesses, private equity firms and alternative asset managers, corporate executives, and high-net-worth families.

© Copyright 2023 Symphony Risk Solutions

Privacy Policy

© Copyright 2024 Symphony Risk Solutions

• Critical Risks
• Risk Management
• The Insurance Industry
• Claims & The Law
• Workers’ Comp Forum
• Risk Insiders
• Sector Focus

Risk Central

• Power Broker
• Risk Matrix
• Risk Scenarios
• Risk All Stars
• Teddy Award
• Sponsored Content
• Branded Webinars
• Digital Issue
• Issue Archive
• National Comp
• National Ergo & Ergo Expo
• Award Applications

Newsletters

• &BrandStudio
• Privacy Policy
• About R&I

The best of R&I and around the web, handpicked by our editors.

White papers, service directory and conferences for the R&I community.

Go to Risk Central.

Digital edition.

Web replica of the print magazine.

View Digital Edition.

4 informative case studies to help guide reputational risk management.

Nir Kossovsky is CEO of Steel City Re, which mitigates the hazards of reputation risk with parametric reputation insurances, ESG insurances, and risk management advisory services.

Societal phenomena such as #MeToo, #opioidcrisis, #boycottNRA and #deleteFacebook are exposing inadequacies in risk and governance frameworks, and astute managers recognize the need to seek remedies.

What’s needed are systems and processes helping risk managers prepare to adapt and respond to culturally-linked perils that are outside the usual framework of 1 st  party, 3rd party and compliance risks. Notwithstanding the implications for mission creep, development of those systems to protect corporate reputation is something enterprise risk managers should embrace.

Confidence in a company’s ability to pursue its strategy is what motivates investors to risk capital, lenders to advance capital and employees to engage. Customers expect to be delighted by product and service experiences.

These stakeholders, implicitly or through covenants, expect risks to their expectations will be managed. In addition, in certain commercial sectors, regulators demand risk management with failures manifesting in fines, criminal charges and loss of business rights. It is therefore obvious that the economic benefits of meeting stakeholders’ expectations is the value of a firm’s reputation; the Economist newspaper crowned risk to that value as the “risk of risks” more than a decade ago.

Most risk management frameworks lump reputation among a firm’s valuable assets. Reputation risk, it would seem, should be managed like other 1st party risks. Actuarial models developed by risk bearers help risk managers allocate resources to mitigate 1st party economic losses. However, until my firm developed actuarial models for reputation risk using synthetic measures of reputation value, the insurance world offered little guidance.

What follows are four case studies on how company’s tried and failed or succeeded in managing this risk.

Example 1: Facebook.

Facebook’s 2017 10K explicitly notes the value of reputation and the potential cost of its loss 14 times. In the spring of 2018, the audit committee was overseeing reputational matters but had no quantitative measure of reputation’s importance and no risk managers working from a framework that linked reputation risk to cash flows or other economic metrics. As a result, few at Facebook seemed to anticipate that the loss of trust precipitated by the Cambridge Analytica disclosures would erase 20 percent of the firm’s market cap when its impact on user growth and engagement became known to investors.

Facebook created the expectation of trust and failed to meet it. Reputation risk is the peril of stakeholders’ disappointment and anger when there is a gap between stakeholder expectations and reality. Noxious media typically amplifies that gap, which it certainly did in Facebook’s case.

Liability risk models, such as the burden-probability-loss formula that was articulated in Judge Learned Hand’s 1947 ruling are failing in the face of cultural issues. Among the most memorably is the case of the exploding Ford Pintos.

Example 2: NiSource

A current example of cultural issues shaping a liability exposure involves NiSource, one of the nation’s largest natural gas distribution companies serving approximately 3.9 million customers in seven states.

Well aware of its reputation risk, which is disclosed in six mentions in the 2017 10K, it also acknowledges that angry disappointed stakeholders lead to “loss of cost recovery and increased litigation.” The board’s nominating and governance committee is charged with “reviewing and evaluating risks to the Company’s reputation and the steps management has taken to monitor and control such risks.”

After a series of gas explosions in the Boston area , and facing a complaint from the Governor of Massachusetts, the company undoubtedly faces costly liabilities and has already experienced a loss in market cap. However, they could in theory be much worse. In my firm’s experience, reputational value losses can exacerbate 3rd-party related liability losses by factors ranging from 2 to 7 times. What is helping to mitigate the reputational damage is that NiSource appears to have a genuine interest in the welfare of both its customers and employees, and such culturally-sensitive goodwill manifests in times like these where competing forces are battling for the mind of the stakeholder.

Reputation risk is the peril of stakeholders’ disappointment and anger when there is a gap between stakeholder expectations and reality. Noxious media typically amplifies that gap, which it certainly did in Facebook’s case.

Financial stakeholders may have been somewhat impressed with the company’s apparent sensitivity to reputation risk. Had they been more impressed, the company may have mitigated the loss in equity value which will trigger the inevitable pile on of litigators. How? Through the conventional practices of risk financing and transfer.

On a pro-forma basis, our firm modeled NiSource’s potential equity loss in a material crisis to be $764 million. Based on its inferred reputation risk management efforts, existing P/E ratios and other actuarial factors, a source of contingent capital from the pooled resources of an insurance captive and insurance markets of about $40 million would have materially dampened the stock market’s negative reaction.

Example 3: Weinstein and Company

Two other recent cases also illustrate weaknesses in the third pillar of a risk management framework: compliance-centricity.

In the matter of Weinstein and Company, the board was too close to the alleged perpetrator to be able to distance itself from the ethical breach. Stakeholders expect that, even with a strong CEO, a company’s board will be able to exercise appropriate oversight. As a result, found culpable in the court of public opinion, the firm was not salvageable.

Example 4: Wynn Resorts

On the other hand, at Wynn Resorts, the board successfully jettisoned the alleged perpetrator, Steve Wynn, protected itself from the opprobrium of gaming regulators and recovered all of its lost

The former Wynn Commons at the University of Pennsylvania. Photo by Natasha A. Kossovsky

equity value in under 20 weeks. The American Law Institute, in its upcoming publication  Principles of the Law, Compliance, Enforcement, and Risk Management for Corporations, Nonprofits, and Other Organizations,  is expected to address the timing discrepancy between courts of law and public opinion.

When it comes to mitigating enterprise-wide threats, reputation risk appears to be challenging existing risk management frameworks.

Risk managers must understand that the work involves mitigating not only negative media coverage but also anger and disappointment of stakeholders whose expectations have not been met.

In this mix, reputation insurances provide indemnifications that affirm trust and reduce economic losses.  &

Risk Insiders are an unrivaled group of leading executives focused on the topic of Risk. They share their insights and opinions – and from time to time their pet peeves and gripes.

Each Risk Insider is invited to publish based on their expertise, passion and/or the quality of their writing. The only rules are no selling and no competitor put-downs.

The views expressed in this article belong to the author and are not an editorial opinion of Risk & Insurance.

Share this article!

Trending stories.

Rising Star Abby Flaherty of Risk Strategies Details Her Entertainment Brokering Journey and How Industry Tragedy Has Impacted Coverage

Planck’s Leandro DalleMule Discusses the Ethics of AI in Insurance

3 Keys to Combat ‘Big Brother’ Fears with Safety Technology

2024 RIMS President David Arick Shares How COVID and AI Have Changed the Risk Management Space

More from risk & insurance.

Turning Data Into Dollars. How Kara Sepulveda Is the Driving Force Behind Lithia Motors’ Enhanced Risk Management

Kara Sepulveda’s transformative risk management leads to sweeping operational improvements.

Will More States Adopt Drug Formularies? Reports From These Five States Could Help Them Decide

A recent WCRI report looks at how five workers’ compensation drug formularies have influenced the industry.

Rising Star Natalie Gomez Says That Aspiring Brokers Should Find the Right Mentor — and Not Be Afraid to Ask Questions

Client-focused and detail-oriented: These are the qualities that define Marsh’s Natalie Gomez.

From C-Suite Engagement to GenAI, Ascot’s Owen Williams Shares His Holistic Approach to Digital Transformation

Owen Williams, chief information officer for Ascot U.S., sees strong data governance as critical to driving technology initiatives forward in the insurance industry.

Sponsored: Philadelphia Insurance Companies

How a carrier partner can help navigate a challenging management and professional liability market.

Rates in the management & professional liability (M&PL) markets were on the rise from 2020 to early 2023 and are now falling rapidly.

M&PL divisions manage a number of different insurance products including management liability (D&O), professional liability (E&O), employment practices liability (EPL), fiduciary liability policies, cyber, etc. In 2023 and into 2024, a big influence on the marketplace has been the extremely aggressive and softening public company D&O market.

Though these rates have been softening for management liability, that may change over the next few years as companies continue to adjust their business models motivated by economic uncertainty. Layoffs were up nearly 200% last year , Forbes reported, even as other recession indicators, like the inflation rate , improved. A recession could lead to an increased claim activity and force carriers to raise rates.

“Whenever there is a meaningful downturn in the economy, we tend to see claim frequency pop up,” said George Schalick, Jr., senior vice president of the Management and Professional Liability Division at Philadelphia Insurance Companies (PHLY).

With continued fiscal uncertainty, businesses potentially already burdened with pandemic-related claims should seek a carrier with a long history in M&PL products. They will provide much-needed risk management guidance and be better positioned to support their insureds during market fluctuations.

Why Insureds Might See an Uptick in M&PL Claims

George Schalick, Jr., Senior Vice President of the Management and Professional Liability Division, Philadelphia Insurance Companies

The current soft market might come as a bit of a surprise as it does not track with previous underwriting cycles and economic conditions. Afterall, many privately held and non-profit organizations struggled during the early days of the pandemic with shutdowns and rapidly declining revenues.  But the Government assistance programs, like the Paycheck Protection Program loans , helped keep many afloat during the tough times.

“During COVID many organizations stopped doing business until they were able to sort out all of the health and safety challenges,” Schalick said. “They were forced to lock down, but then all the government assistance programs allowed them to keep people employed. The increased volume of claims we anticipated we would see coming from the lockdowns and restrictions that were imposed upon businesses in the U.S. didn’t manifest at first.”

“Just because there wasn’t an onslaught of reported claims at the beginning of the pandemic, doesn’t mean the circumstances that would give rise to a claim being reported didn’t occur. Courts and the judicial system were closed or slowed and now that they are back open, we’re starting to see the circumstances that occurred during the COVID lockdowns becoming claims today,” Schalick said. “Litigation is progressing.”

Added to the delayed pandemic litigation is a concern over newer claims that might be filed as the country inches toward an economic downturn. Though a recession was avoided in 2023, experts think a soft dip could occur in 2024, with 76% of economists saying there’s a 50% or less chance of an economic downturn this year — that almost always results in more management liability claims.

“During the Great Recession in 2008, we saw an almost immediate spike in claims because of the economic conditions and the pressure it placed on organizations. They were making personnel changes with significant belt tightening almost immediately.” Schalick said.

What’s in Store for M&PL Policy Rates in 2024?

Despite an uptick in claims and increased economic uncertainty, management liability rates haven’t increased, resulting in market-wide pricing levels that may not meet the increased pressure of rising settlements and jury verdicts.

“Rates are going the other direction and settlement values are not falling,” Schalick said.

The mismatch between rates, claim frequency and severity is, in part, because carriers experiencing the dramatic soft market in the public D&O market are seeking premium gain in the private and non-profit market.

“In the public company market, the rates have been decreasing significantly. The rates were increasing in the private, not-for-profit market, and rightfully so, but there’s a desire to supplement overall mid-size D&O for carriers who also write private not-for-profit, and they see that as an opportunity to aggregate premium,” Schalick said. “So the always competitive landscape in the private, not-for-profit market has dramatically increased in the last 18 to 24 months.”

Still, companies of all sizes and types should be concerned about management liability rates in the future. Legal system abuse is resulting in increases in both the amount of litigation and the size of verdicts plaintiffs are receiving.

Certain areas of the country are particularly vulnerable to this type of legal system abuse. As a result, insureds in these localities are likely to be vulnerable to rate increases.

“The environment is so positive for the plaintiff that forces premium increases so carriers are able to stay in that market long term,” Schalick said.

Why a Tenured Carrier Partner Can Help Insureds Navigate An Uncertain Market

It’s clear that insureds are facing an uncertain M&PL market over the next few years. Fortunately, carriers with a long history in the M&PL space will be there to offer stability.

Philadelphia Insurance Companies has been supporting this market for 35 years. PHLY is committed to offering long-term rate stability, even as economic and claims trends start to push premiums upwards. They have an appetite for all sorts of companies, large and small, for-profit and nonprofit alike.

“We’ve been at this game for a long time and are one of the most tenured underwriters in this space,” Schalick said. “We like to stay very consistent.”

  PHLY has worked with both for-profit and non-profit on management liability policies. With dedicated M&PL teams throughout the company’s 13 regions, PHLY provides the support agents and brokers are looking for on behalf of their clients. The teams know their regions well and can respond to local trends. They’re also dedicated to making the renewal process as easy as possible for their partners and policyholders.

“We have real confidence in our results, so we focus a lot on making the renewal experience as painless as possible for all agents and insureds,” Schalick said.

The company is also investing in tools to help insureds avoid losses. Earlier this year, they launched a new online risk management platform, PHLYGateway, which offers resources for insureds on how to create an employee handbook and trainings on issues such as recognizing workplace sexual harassment and discrimination.

If insureds have questions, they can consult a Best Practices Help Line, provided via the platform. That way, they can get on the spot risk management guidance to help them prevent claims.

To learn more, visit: https://www.phly.com/mplDivision/managementLiability/default.aspx .

This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Philadelphia Insurance Companies. The editorial staff of Risk & Insurance had no role in its preparation.

Risk Management and Insurance Case Study

Introduction.

Risk management refers to the concept of identifying, assessing, evaluating, prioritizing, of possible risks that a firm or an individual faces in a bid to minimize, control, or monitor impact of identified risks through applications of resources. One of the ways of controlling or minimizing impact of risks is the risk transfer (Dorfman, 2007).

Risk transfer, also known as insurance, involves engagement of a third party through a contract to pay a given sum of money in the event that such a suspected loss occurs. Insurance contracts involve premium and principles of insurance.

One of the principles is subrogation and indemnity requiring insurer to pay insured sum assured in the event that a loss is caused by insured risks.

The following scenarios confirm how the principle of indemnity and contribution affects insurance practices.

You have purchased a homeowner’s insurance policy for your home that you live in with your spouse and 2 children of 19 and 17. You live in a single family residence built in 1996 that is 1 story with 3 bedrooms and 2 ½ bathrooms. The coverages for your policy are as follows:

Coverage A: $190,000

Coverage B: $19,000

Coverage C: $75,000

AOP Deductible: $1,000

Coverage D: $38,000

Coverage E: $300,000

Coverage F: $5,000

Hurricane Deductible: 2%

You also purchase for your insurance an auto policy covering all 4 drivers in your household and the 3 vehicles you own. The coverage in your auto policy is as follows:

• Personal Injury Protection: $10,000 ded: $0
• Liability: Bodily Injury $50,000 / $100,000
• Liability: Property Damage $50,000
• Uninsured Motorist: $50,000 / $100,000
• Medical Payments: $5,000
• Collision Deductible: $500
• Comprehensive Deductible: $500

Both policies were purchased on March 1st, 2012 and are for 1 year. During the year your household had the following claims. Please indicate how much the insurance company is required to pay for the claims and under which coverage are they paying:

• April 12th,2012: a water pipe burst in your kitchen while the dinner was being cooked and it produced $69,000 to your home and $5,500 to some small appliances and kitchen items.Water pipe is part of the constructed house hence any losses associated with physical damages caused to any part of the property is compensated on the basis of coverage A (Dorfman, 2007). Therefore, the amount of $74,500 will be compensated from the $190,000 Coverage A taken by the policy holder.
• May 21st, 2012: you son driving back from school while raining loses control of the vehicle and hits a traffic signal knocking it down. The city sues you to repair the damage and is awarded by the court a judgment for $83,525. Your son did not suffer any injuries but the vehicle required $8,600 in repairs. The insurance will pay a sum of $50,000, which was the principal sum insured for property damages under the auto policy. The owner will have to meet the cost of the remainder, which is $89,525 – $50,000 = 39,525. This is because the insurance firm only promised to indemnify the policy holder up to $50,000 in case of any property damages under the auto policy. However, the owner will not have to pay the remainder as the insurance policy will under Coverage E (Vaughan & Vaughan, 2007).
• July 16th, 2012: Hurricane Jimmy barreled through South Florida and caused wind damage to your home in the amount of $105,000 in repairs and $91,500 to your personal property inside. The total damage of the hurricane is $204,500. Given the hurricane deductible of 2%, the insurance will pay the difference between damages caused and the deductible derived from the sum assured (Dorfman, 2007). The deductible is 2% of 672,000 = $12,450. Therefore, the insurance firm will pay $192,050 ($204,500 – $12,450) based on Coverage E.
• August 20th, 2012: After several days of constant very heavy rains in the afternoon in South Florida, waters level went up and caused extensive flooding in your neighborhood. The rise of these flood waters caused $14,500 of damage to your home, $28,000 to your personal property, and $6,000 to your automobile. Total damages caused by the flood were $48,500. Coverage C takes care of all personal property loss caused by water losses, fires, floods, hurricanes, and any other causes that lead to damage of personal property (Harrington & Niehaus, 2003). Insurance firm will pay the $48,500 from the Coverage C policy.
• February 14th, 2012: while cooking a Valentine’s Dinner for spouse and the kids were away at a friend’s house your kitchen caught on fire but this time it caused a major short circuit that caused the flames to grow quickly and the house totally burned down with all your belongings being destroyed. The fire also spread to two neighbors properties who then successfully sued you in court for their losses: the first had damage to their home for the amount of $109,000 and belongs for $98,000; the second for damage of $174,000 for their home, $103,000 for belongs, and $58,000 for their car that was completely destroyed in the garage. It was necessary to spend $61,000 to rent another place while your home was being rebuilt. The total damages will be paid by the insurance policy given that all the possible coverages and auto policies were taken enough to play a role in compensating the insured for the loss of the house. All the coverages taken will come into play to provide the compensation since the house was brought down by fire.
• March 10th, 2013: Your son had a car accident where he hit another car and overturned your vehicle for a total loss. Your son fortunately was not hurt in the accident because of his seatbelt but your car had a total loss valued at $31,000. The other car he hit had two passengers who suffered extensive injuries: the driver required surgery and hospitalization for $101,500 and the passenger was in coma for 2 months and required surgery costing $233,000 in medical bills. The other car was also a total loss and was valued at $43,500.

Under the following, the insurance will provide compensations for the losses incurred during the accident. Liability policy that was taken in the amount of Property Damage $50,000 will be used to compensate for the $31,000 loss of the car.

Under the Bodily Injury liability policy of $50,000 / $100,000, the insurer will compensate for the loss caused to the other parties. Since the insured had a comprehensive policy with a deductible of $500, the insurer will pay all the losses caused to the third party less $500.

Dorfman, M. (2007). Introduction to risk management and insurance (9 th ed.). Upper Saddle River, NJ: Prentice Hall.

Harrington, S. & Niehaus, G. (2003). Risk management and insurance. New York, NY: McGraw-Hill.

Vaughan, E. & Vaughan, T. (2007). Fundamentals of risk and insurance. New York, NY: John Wiley & Sons.

• Chicago (A-D)
• Chicago (N-B)

IvyPanda. (2019, April 17). Risk Management and Insurance. https://ivypanda.com/essays/risk-management-and-insurance/

"Risk Management and Insurance." IvyPanda , 17 Apr. 2019, ivypanda.com/essays/risk-management-and-insurance/.

IvyPanda . (2019) 'Risk Management and Insurance'. 17 April.

IvyPanda . 2019. "Risk Management and Insurance." April 17, 2019. https://ivypanda.com/essays/risk-management-and-insurance/.

1. IvyPanda . "Risk Management and Insurance." April 17, 2019. https://ivypanda.com/essays/risk-management-and-insurance/.

Bibliography

IvyPanda . "Risk Management and Insurance." April 17, 2019. https://ivypanda.com/essays/risk-management-and-insurance/.

• “Double Indemnity”: The Brightest Representative of Genre Noir
• Australian Business Law: Insurance Contracts Act
• "Double Indemnity": An Exemplary Noir Film
• Living Environments: Classification for Youth
• Personal Financial Planning: Insurance Case
• Marketing Research and How Marketing Information system is Organized in Middlesex Insurance Company
• Family Nurse Practice Malpractice
• Consideration of Insurance From an Ethical Point of View
• Aspects of Mortgage Calculations
• The Doctrine of Insurable Interest
• Business Risk Management: Apple Inc.
• Risk Management: A Four-Step Process
• Risk Management in a Project
• Risk Assessment in Handling Hazardous Materials
• Organizational Risk Identification and Control

• Blog & News
• Captive Reinsurance
• Casualty Insurance
• Policyholder Service
• Unbundled Claims
• Underwriting Philosophy
• Commercial Equipment Manufacturer
• Commercial Manufacturer
• Commercial Material Industry
• Energy Industry
• Food Products Company
• Healthcare Industry
• Large Communications Provider
• Large Regional Service Company
• Large Transportation Risk

Manufacturer Outgrows Insurance Program

• Wood Products Manufacturer
• Conferences
• Covid-19 Resources
• Corporate Governance
• Diversity, Equity, Inclusion & Belonging
• Financial Ratings
• Experienced Professionals
• Internships
• Open Positions
• Legal Disclaimer
• Old Republic General Insurance Group
• Old Republic International
• Privacy Policy

Commercial Equipment Manufacturer: Policy Servicing Issues

Read the case study

Commercial Manufacturer: Going 'Unbundled'

Commercial Material Industry: 'Transparent' Collateral

Energy Industry: Identifying the Right Workers’ Compensation Program Design

Food Products Company: Captive Fronting Products

Healthcare Industry: Designing the Right 'Coverage'

Large Communications Provider: Captive Fronting Products

Large Regional Service Company: Taking Care of Business

Large Transportation Risk: Auto Limits/Retentions

Wood Products Manufacturer: Self-Handling General Liability Claims

Every great partnership starts with a conversation..

• 445 S. Moorland Road, Brookfield, WI 53005
• 262-797-3400

AGENT LOGIN

HOLDER LOGIN

FIND AN AGENT

Society’s insurance case studies are real-life stories, explaining complex business situations from start to finish. These stories detail how business owners and insurance companies work together to overcome unique and unexpected challenges.

In this case study, an accident caused by a customer resulted in serious employee injuries and significant property damage.

At about 6:30 p.m. on Wednesday, July 23, 2014, a patron was leaving a pub in southeastern Wisconsin. Intending to pull straight out of his parking stall, he accidentally put his vehicle into reverse and accelerated, backing into the building and caving in the wall. Meanwhile, inside the pub, an employee was serving drinks from behind the bar, which is near a cooking area with a broaster. Suddenly, scalding hot grease erupted from the broaster, splashing everything nearby. The vehicle had hit the wall that contained the cooking equipment, causing serious injuries to the pub employee and significant damage to the building.

CLICK HERE for complete details on what happened next.

More Insurance Case Studies:

• Recovering from Downtime with Business Interruption Insurance
• Workers Compensation: Taking Care of People and Claims
• Protecting Your Bottom Line with Prompt Claims Reporting
• Minimizing Losses with Risk Management
• Recovering Money and Lowering Insurance Premiums
• Ensuring an Accurate Final Premium

To find out how Society can help your business, visit societyinsurance.com to find an agent and request a free quote .

Case Related Links

Case studies collection.

Business Strategy Marketing Finance Human Resource Management IT and Systems Operations Economics Leadership and Entrepreneurship Project Management Business Ethics Corporate Governance Women Empowerment CSR and Sustainability Law Business Environment Enterprise Risk Management Insurance Innovation Miscellaneous Business Reports Multimedia Case Studies Cases in Other Languages Simplified Case Studies

Short Case Studies

Business Ethics Business Environment Business Strategy Consumer Behavior Human Resource Management Industrial Marketing International Marketing IT and Systems Marketing Communications Marketing Management Miscellaneous Operations Sales and Distribution Management Services Marketing More Short Case Studies >

• ERM Resource Center
• Full Resource Center Archive
• ERM Fundamentals
• ERM Leadership and Governance
• ERM and Strategy
• Risk Identification and Assessment
• Risk Appetite and Response
• Risk Monitoring and Communications
• ERM Frameworks and Best Practices
• ERM Expert Insights
• Emerging Risks
• ERM Roundtable Summit
• Training and Events
• Advanced ERM
• ERM in Higher Ed
• ERM in Non-Profits
• ERM Fellows
• ERM Custom Training
• Master of Management, Risk & Analytics
• Master of Accounting, ERM Concentration
• ERM Initiative Team
• ERM Advisory Board
• Contact ERM

New Case Study: Using Scenario Planning to Consider Emerging Risks

Downloadable Case Study

Looking for how organizations use scenario planning to address risks and capitalize on opportunities?

The case study focuses on the use of scenario planning as part of an Enterprise Risk Management (ERM) process, by examining the objectives for scenario planning, the development and evaluation of scenarios, and the ways that outcomes from scenario planning are used.

Examples of Scenario Planning

The case study is based on input from 20 companies covering 12 different industries including healthcare, financial services, pharmaceuticals, apparel, personal products, beverages, utilities, and others.  In addition, the study identifies critical success factors, areas targeted for improvement, common barriers, and the use of technology in the process.

Tips for Effective Scenario Planning

The case study addresses these topics:

• Identifying and defining the purpose of the scenario planning workshop:
• Planning the scenario planning activities and how the sessions will be structured and facilitated.
• Pinpointing both internal and external inputs to the process, such as subject matter experts, risk owners, senior management and ERM leaders.
• Summarizing and aggregating outcomes from the various scenario planning activities.
• Managing critical factors for a successful scenario planning workshop, including common barriers to the process
• Leveraging technologies tools to help facilitate scenario planning activities.

The case study ends with a summary of several best practices.

Original Article Source: “A Look into The Future with Scenario Planning: A Survey of ERM Practices”, Kiersten Woodring, Carson Chrismon, Justin Yim, and Danny O’Dirling, NC State University ERM Initiative, February 2020

Download the case study

• Operational Risk
• Risk Assessment
• Case Studies
• Tools and Templates

More From Enterprise Risk Management Initiative

What is enterprise risk management (erm), integrating erm with other risk and assurance functions, balancing erm’s focus on operational risks and emerging risks.

Baltimore bridge collapse: What happened and what is the death toll?

What is the death toll in the bridge collapse, when did the baltimore bridge collapse, what factors played a role in the bridge collapse, how much will the baltimore bridge cost to replace.

HOW LONG WILL IT TAKE TO REBUILD THE BALTIMORE BRIDGE?

When will the baltimore port reopen, what to know about the cargo ship dali and its stranded crew, what do we know about the bridge that collapsed.

HOW WILL THE BRIDGE COLLAPSE IMPACT THE BALTIMORE PORT?

Get weekly news and analysis on the U.S. elections and how it matters to the world with the newsletter On the Campaign Trail. Sign up here.

Writing by Lisa Shumaker; Editing by Steve Gorman, Daniel Wallis and Bill Berkrot

Our Standards: The Thomson Reuters Trust Principles. , opens new tab

Thomson Reuters

Lisa's journalism career spans two decades, and she currently serves as the Americas Day Editor for the Global News Desk. She played a pivotal role in tracking the COVID pandemic and leading initiatives in speed, headline writing and multimedia. She has worked closely with the finance and company news teams on major stories, such as the departures of Twitter CEO Jack Dorsey and Amazon’s Jeff Bezos and significant developments at Apple, Alphabet, Facebook and Tesla. Her dedication and hard work have been recognized with the 2010 Desk Editor of the Year award and a Journalist of the Year nomination in 2020. Lisa is passionate about visual and long-form storytelling. She holds a degree in both psychology and journalism from Penn State University.

Hamas says Gaza truce talks remain deadlocked despite reports of progress

A Hamas official said on Monday no progress was made at a new round of Gaza ceasefire talks in Cairo also attended by delegations from Israel, Qatar, and the U.S., shortly after Egyptian sources said headway had been made on the agenda.

The Kremlin said on Monday that Ukrainian drone attacks on the Zaporizhzhia nuclear power station were very dangerous.