Printer Friendly

Addressing safety and security to enhance profits.

Addressing Safety and Security To Enhance Profits

It is time for the risk manager to come out of the insurance closet. No longer should the title evoke images of the bow-tied, bespeckled insurance actuary who determines the probability of claims using elaborate mathematical formulas. Risk managers must be embraced as a means for business to identify areas of risk, determine the likelihood of occurrence and reduce company exposure. This is accomplished through proactive programs that reduce or eliminate risks threatening the company's profit margin, with the result being pure profit enhancement. Indeed, only through the equation risk management equals profit enhancement can security, safety, crisis management and insurance be viewed as an integral part of a company.

Traditionally Speaking

Security and safety have traditionally been at odds with a company's goals, direction and priorities. Many corporations view them as necessary evils, overhead expenses whose function, by definition, is not revenue producing. If a word-association game was played in a corporate boardroom, security would most likely be followed by the word guard, safety would be equated with poster and fire protection would be followed by fire extinguisher or sprinkler.

The security industry must bear some responsibility for these stereotypes. In the past security managers, many of whom came from law enforcement, were ignorant of such business concepts as profit enhancement, return on investment (ROI) and maximizing resources. Their concerns were usually limited to protecting company property from burglars or dishonest employees and uncovering substance abuse and fraud. In addition, efforts to curtail these risks were never embraced because corporate executives often perceived safety violations as either the competition's problems or problems that "wouldn't occur here."

To understand the difference between traditional and proactive risk management, it is important to know how risks have conventionally been addressed. Traditional risk management has six characteristics: It is reactive, limited to protecting physical assets, usually fails to show a return based on investment, is out of sync with the goals of the company, is often diffused and displays a titanic view of business risks and their consequences.

In the United States security, safety and insurance functions have traditionally been reactive. A reactive thinker would commonly use such statements as "Why make waves or assumptions if we have no problem?"; "I know a problem exists, but it can't be quantified so why deal with it?"; or "We haven't had a problem yet so why deal with it?" This person can be compared to an apartment dweller in New York City who keeps his lights on all night and claims he has no cockroach problem. The problem is there, it is just not obvious to the naked, uneducated eye.

The primary objective of the security department has been to use alarms, guards and access control to keep intruders from entering the facility. Addressing internal issues such as employee dishonesty, fraud, computer crime and substance abuse was considered farfetched. As a result, the security director is nothing more than a guard supervisor. In addition the department is often viewed as an overhead expense with limited potential for profit enhancement, which exists only because the insurance company requires it. As it relates to managing risks, ROI is a foreign concept to both the security director and the company.

When it comes to company objectives, no attempt is made to integrate security/safety goals with those of the corporation. In some cases members of the security team feel cut off from the rest of the company and may even be ostracized. This breeds resentment and greater organizational disparity.

Risk management functions are generally handled by multiple departments. For example, workers' compensation may be handled by the personnel department and insurance by accounting. Security may fall under building maintenance. Fire protection might be the responsibility of facility engineering or, in the case of a leased facility, the landlord. Safety could be an operations department concern and may be limited to posters or brochures displayed in public locations. Obviously, only a centralized risk management department can address these functions.

Traditional risk management displays a titanic philosophy of business issues. Corporate executives who express such a view may truly believe that their employees would not steal, abuse drugs or commit fraud. To propose programs to address these issues, they insist, assumes that a problem exists. Unfortunately, some businesses wait until a disaster hits before making a change in their corporate policy. By then, of course, it may be too late.

Today's Issues

Physical assets must be protected in such a way that utilizes a user-friendly alarm system. If a risk manager can protect a facility and still get the support of the organization's security adversary, he or she has made the first significant contribution to developing a proactive risk management program.

Today it is understood that a company has not only physical assets but intellectual assets as well. Intellectual assets are the lifeblood of the organization. Every year companies go out of business because an employee leaks proprietary information. Surprisingly, many organizations have no corporate policy governing sensitive information. After business hours it is not unusual to find file cabinets unlocked, confidential information left on desks and copy machines, and meeting notes and flip charts scattered in conference rooms. What is needed are formal employee education programs and hard-and-fast rules for identifying, protecting and disposing of proprietary information.

Stress directly impacts medical insurance, safety, morale, productivity and quality assurance. It is estimated to cost American businesses $50 billion to $70 billion a year. Some executives consider stress a necessary by-product of any fast-paced organization, and if employees cannot handle it, they should resign. This hardline approach may sound practical but it is foolish and naive. Stress is a part of business but how employees handle it is critical to enhancing profits. Today's risk manager should consider programs aimed at reducing negative stress and revitalizing the mental and emotional energies of employees. Such programs will not only change employees' outlooks, but business as a whole will benefit.

Most companies do not openly discuss substance abuse despite the fact that, according to the Drug Enforcement Administration, one in four employees uses drugs on the job. Drug and alcohol use impacts security, safety, productivity and an array of other business functions. The objective of a substance-abuse program is to identify drug abusers, get them assistance and make them productive contributors to the company. This approach saves the expense of recruiting and retraining. It also improves company morale and saves the most important resource a company has--its employees.

Disaster recovery has for years been synonymous with fire. Consequently, most company officials feel that sprinkler systems fulfill the requirements of a disaster recovery plan. However, a disaster can also take the form of a flood, snowstorm, chemical spill and sabotage. Actually, anything that interrupts critical business functions is considered a disaster.

Contingency planning is essential because a company's viability, market share, customer confidence and competitive edge are all on the line when a disaster occurs. If a plan has not been developed, the comprehensive liability facing a company can be staggering. Therefore, an individualized plan should be developed for each area, including data processing, manufacturing, engineering, customer support, sales, purchasing and accounting.

Work-related injuries cost American businesses nearly $35 billion a year. Thus, safety has and will continue to be the core of a risk management program. Safety policies, employee safety committees and incentive award programs are essential elements of a proactive safety program. In addition to stressing on-the-job safety, it should also emphasize family safety. Some workers' compensation insurers provide training materials and engineering support to help identify exposure areas and make work processes safer and more efficient. The carrier should also be familiar with federal safety standards issued by the National Fire Protection Association (NFPA) and the Occupational Safety and Health Administration.

Employee theft is said to cost American businesses $40 billion to $50 billion each year. The dishonest employee looks for the opportunity to steal, whether by fraud, embezzlement or theft of company supplies, products or information. Theft is not limited to the blue-collar worker; white-collar crime is alive and well. A loss prevention program removes the opportunities to steal by surveilling exits, limiting access to the building after business hours, instituting a formal system for removing property, using undercover operatives and reference checks, and routinely auditing credit and collections and purchasing and security.

Finally, ROI, a concept once coveted by the financial community, has come to the aid of the risk manager. Return on dollars spent cannot be applied to all areas, but should be considered whenever possible. Proposing $20,000 worth of improvements to a building's fire protection system may not win approval by itself, but if it is accompanied by a memo showing how this expenditure will save $30,000 in premium each year, the risk manager may get immediate approval.

Indeed, ROI legitimates security, safety and insurance functions by tying them to the bottom line. For example, if a security system upgrade saves money by reducing the man-hours needed to protect the building, that is ROI. If a safety incentive award program costs $7,000, but saves the company $50,000 in reduced workers' compensation and insurance premiums, that is also ROI. If an employee assistance program turns around the lives of troubled employees, eliminates the manifestations of stress and substance abuse and saves the company the costs of hiring a replacement, that too is ROI.

Building Blocks to Success

A successful risk management program can be summarized into several components. One important component is the centralization of the program's administration, policy formulation, evaluation, review and supervision functions. If possible, one department should be responsible for coordinating security, safety and insurance. This way resources will not be duplicated and programs will receive fast approval. The department's activity should shadow the bigger picture of where the company is going and how it will get there.

Relationships must be established among the company, its broker and its property and workers' compensation insurer. While insurance companies have in recent years been stereotyped as money mongers for premium dollars, the fact is that the industry has its own risk management goals. Insurance companies do not want to pay out $200 million for a facility that burns to the ground or a $100,000 workers' compensation claim; they want the lowest exposure possible.

It is to the risk manager's advantage to work with insurers in solving problems, not hiding or ignoring them. Establish quarterly roundtables with insurers to identify and resolve issues, critique services and review claims. Most carriers employ experts in NFPA and OSHA regulations, hazardous chemicals and waste disposal and loss prevention programming. Work with the carrier to negotiate premium dividends or rebates for good loss histories. Another way to reduce premium is to have property rated a highly protected risk. In other words, create a return on insurance premium and make use of these experts.

Although they are highly skilled professionals, risk managers, security directors and safety managers do not have all the answers. The most valuable--and overlooked--resource a risk management program has is its own employees, because they are expert at what they do. Therefore, it is wise to ask department managers to help chart the course of the program and to involve employees in a safety committee, job safety analysis, a suggestion program or regular group meetings. Then, instead of "the program," employees will call it "our program," and negative reactions to controls or procedures will be reduced.

Outside resources--consultants, auditors and issue-specific companies--can help implement programs for which the company has limited time, resources and/or expertise. The expense of these consultants can often be tied to profit enhancement. Indeed, ask these consultants up front how they can save the company money.

Research is key. Explain how the program will boost the bottom line, not how it will help the risk manager. Meld risk management goals with corporate goals, identify why and how the problem will be approached and outline the savings and/or the risk potential. Keep in mind that this research involves statistics and contriving scenarios to illustrate how a loss could occur. In addition to research, marketing skills are essential. Like it or not, risk management must be sold to the organization. Do not assume a company will be impressed with safety and security ideas on the first go-round. The key is to be persistent.

Risk managers must also be holistic and deal with total issues. If, for instance, a substance abuse problem exists, remember that drug testing is not the only answer. Address pre-employment screening, employee assistance, investigations, stress management, positive policies, training and exit interviews to determine the full scope of the problem. Also, translate issues of concern in a manner that the chief executive officer, vice president and other executives can appreciate and visualize their impact on the company.

Assessing the effectiveness of a program is an ongoing task. It may mean checking on security guards several times a month or activating a smoke detector to find out if the alarm company receives the signal. Do not assume a well-designed program or system works.

Approach issues with a business perspective. If a company's risk management budget requires significant cuts, find ways to reduce costs without eliminating key aspects of the program. For instance, investigate ways to reduce man-hours by using video cameras or hiring one roving patrol guard instead of 10 stationery guards. This will help risk managers win favor in the comptroller's office, not to mention giving them the chance to prove that risk management is a creative and dynamic profession.

Risk managers must flag successes and failures. Send monthly reports to management identifying savings, and at the same time, if a problem arises let management know about it. One of the most effective times to get risk management programs approved is when an incident occurs. Indeed, the risk manager's argument is substantiated when information leaks, thefts, substance abuse and fraud that were thought non-existent in an organization are proven to exist.

Finally, risk managers know they will not get green lights all the time. Still, it is hard not to get discouraged. But do not take negative receptions and obstacles personally and do not be defensive. Work to meet safety and security goals while keeping in mind the company's perspective. There is no better rebuttal than an innovative way to deal with a problem.

John M. Garrigan is director of security/safety at Digital Communications Associates Inc. in Atlanta.
COPYRIGHT 1990 Risk Management Society Publishing, Inc.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1990 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:risk managers
Author:Garrigan, John M.
Publication:Risk Management
Date:Aug 1, 1990
Previous Article:Environmental impairment: dealing with the legalities.
Next Article:The dynamics of the risk manager-broker relationship.

Related Articles
Covering your assets.
What's wrong with a long-term view?
Breaking bureaucratic bonds.
Canadians revel in a risk management renaissance.
Protecting a resort's #1 asset - its guests.
Selling safety programs.
Do due diligence: a risk manager's merger checklist.
ERM and the security profession.
New ratings for building security risks.

Terms of use | Copyright © 2016 Farlex, Inc. | Feedback | For webmasters