Printer Friendly

Risk management for state-of-the-art technologies.

In May of 1992, three U.S. astronauts made a spacewalk to rescue an errant satellite. Launched in March 1990, the satellite had failed to reached its intended orbit, imperiling a huge investment of time and money. After three tries, the astronauts finally managed to maneuver the satellite back into their spacecraft's cargo bay. Although successful, the rescue mission cost about $150 billion.

In the world of industry, progress is built on a string of failures, some which may not surface until a product or service is put into use. While most risk managers don't deal with property such as space equipment, the example of the satellite illustrates a very important point: Although technological advancements result in improved methods for conducting business as well as new products and services, these developments can also be accompanied by unexpected -- and costly -- risks.

Taking into account the high costs associated with an equipment or system failure, it is critical that risk managers reduce the risks associated with the technology their companies depend on. Besides the costly repairs needed when a sophisticated device is damaged or destroyed, companies can also suffer financially disastrous revenue losses when important technologies such as computer systems malfunction.

Risk managers must therefore ensure that their companies' sophisticated technological systems are adequately protected. Although risk managers in diverse industries deal with different technologies, they can often employ similar protection strategies. In other cases, however, the unique nature of certain technologies requires loss control strategies designed specifically for these systems. Regardless of the technology, implementing protection measures requires the risk manager to learn as much about the systems and processes involved, envision all the direct and indirect losses that could occur, and use the appropriate loss control measures and insurance to protect against them.


Besides keeping up with new technology, risk managers today face a variety of issues that previously generated little attention. For instance, high-tech equipment often has a performance or service warranty that covers the product for a certain time period. However, if the warranty is canceled by the manufacturer as the result of equipment damage, who pays for the loss? Is it covered by insurance? The risk manager may find that it may not be.

For instance, suppose a printing company's new, state-of-the art printing press is damaged in an office fire. Then, when the company contacts its insurer, the insurer says the machine does not need to be replaced and offers to pay for repairs. However, the manufacturer of the printing press may say that it will cancel the warranty unless significant components are replaced or repaired in a particular way or by certain authorized persons. Assuming that part of the cost of the press is based on the value of the warranty, the printing company may be faced with a difficult choice: If the company replaces the equipment, it may not be fully reimbursed by the insurer. However, if the press is repaired, the company suffers the less tangible -- but nevertheless significant -- loss of the canceled warranty. In other words, if the equipment breaks down after the first loss as a result of a defect covered by warranty, the company would then have to pay for the repairs.

The dilemma revolves around a paradox all risk managers face. Manufacturers are constantly producing more sophisticated products. But at the same time, the increased complexity results in more components that can malfunction or break. The end result is that warranties are more important than ever -- but the promises implied in them can no longer be taken for granted.

Potential warranty disputes can generally be avoided by asking the insurer and manufacturer a few questions before a loss occurs. For example, the risk manager should ask the insurer if it treats loss of warranty as a property loss; in some jurisdictions, it is required by law to do so. Risk managers are also advised to ask the manufacturer the types of maintenance the owner of the equipment is responsible for in order to keep the warranty intact. The risk manager should also find out from the manufacturer the events that void the warranty. For example, can the warranty be reinstated by repairing or replacing damaged parts, by negotation or payment to the manufacturer or to a third-party warrantor? Knowing the answers to questions such as these up front should eliminate misunderstandings in cases where warranted equipment becomes damaged.

Another option is to purchase insurance coverage specifically developed for this purpose. Some companies have developed this relatively new product to address the problem.


The telecommunications industry vividly illustrates the advances -- and problems -- that technology can bring to businesses in a relatively short time. For instance, consider how the applications for computers have expanded over the last 10 years. Electronic data interchange (EDI), which was orignally used for a handful of functions, can now speed numerous commercial transactions by automatically generating and reading purchase orders, catalogs, bills of lading, insurance forms, invoices and financial information. However, technological advances such as EDI also facilitate certain types of losses.

For instance, experienced computer "hackers" who want to steal or divert money, get revenge for a real or perceived wrong, or simply cause trouble can readily break into a company's computer system. They can also manipulate computer systems to tap into other people's electronic information, make or erase transactions or install computer "viruses." The damage caused by invasive actions such as these is magnified by the system's downtime. If business transactions are halted for several hours or even days, million of dollars worth of business could be lost to a competitor.

Another security-related issue for businesses that utilize EDI involves the possibility that competitors can break into their systems to learn about business plans and pricing policies. Also, customer lists that are kept on an open network are more easily stolen. For companies that have invested a great deal of time and money developing this information, the prospect of a rival gaining such hard-earned data is unnerving -- not to mention extremely costly.

Fortunately, risk managers can undertake a number of actions to address these problems. For instance, companies can strengthen their physical data security by controlling access to the computer area, issuing individual operator passwords and invalidating passwords of workers when they leave the company. Computer security can also be improved by designing software that grants read-and-write privileges to selected persons only. Another security measure is to design software "flags" to trigger human intervention or any other unusual activity in the computer system. Finally, software that checks for computer viruses is manufactured by many companies, and is a highly effective method for detecting and eliminating them.

Despite its many benefits, EDI systems are highly susceptible to errors, including system, network and human errors. A system error includes situations such as the rare occasion when a computer may drop or add zeros to a number. For example, a purchase order for 500 jars of mayonnaise could be received as an order for 5,000 -- or 50 -- jars. Therefore, the more costly the product involved, the more money that is at stake.

Computers may also increase the likelihood of human error. The quick speeds that can be achieved by typing on a computer keyboard, the difficulty of proofreading words and figures on a computer screen and the eas eof blaming mistakes on "computer error" can all contribute to the number of mistakes made. The lesson to be learned is that computers, like people, are not perfect. Data entered into the system should be reviewed periodically for system or human errors; the longer a mistake goes unnoticed, the more it can cost the company and the harder it will be to trace and correct it.

Network errors can also occur when different software is used for the same computer language and data is moved over multiple switching complexes. Garbled communications can be the result of these efforts to match incompatible equipment. However, the expense involved in purchasing compatible software may pay for itself.

Power outages and surges are another threat to any business that uses computers. During the time period the system is down, business can grind to a halt. For example, a florist dependent on incoming orders cannot afford even a few hours of downtime. The scenario points to an important risk management consideration: downtime for businesses whose smooth operation depends on electronic data processing (EDP) or EDI is often more expensive than repair costs.

Protection against power outages is available via an auxilary power supply. Devices that protect computers from power surges are also widely available. Duplicate data should be stored off-site and updated frequently. Companies can also make arrangements to use other electronic equipment in the event of a malfunction or shutdown.


Unauthorized entry into a Private Branch Exchange (PBX) phone system is another serious problem for businesses. Some executives are unaware that their company's PBX system is computerized, and therefore do not realize they are susceptible to hackers who tap into the system to make calls. And if phone charges are reviewed only monthly, the price tag for illegal phone calls could soar to hundreds of thousands of dollars before a problem is even discovered.

To make matters worse, victims of phone services theft are discovering that the telephone company may assume little or no responsibility for the unauthorized calls, depending on the carrier and the terms of the phone service arrangements. As a result, some firms have turned to their property insurance policy, hoping to pass the cost along to the insurer. However, the success of this relatively new strategy is still undetermined; the issue of whether theft of phone services constitutes loss of property will likely be debated in the courts for some time.

For companies using a PBX, the best strategy against theft of phone services constitutes loss of property will likelyy be debated in the courts for some time.

For companies using a PBX, the best strategy against theft of phone service is to consult with the carrier regarding the most effefive loss prevention measures. Some companies with direct inward system access -- usually toll-free numbers that allow employees access to the company's phone switch -- have elected to discontinue the arrangement and issue phone credit cards instead. Other strategies include regularly changing passwords needed to access the phone system and frequently monitorinng phone charges.

Interruption of phone service can be a nightmare for many types of businesses. For example, on September 17, 1991, in the New York metropolitan area, telephone lines for more than 1 million AT&T customers went dead. Airline flights were canceled, and thousands of people were stranded in airports as radio communications between pilots and air traffic control centers were disrupted. As more businesses increase their dependence on high-tech telecommunications systems, major disruptions such as these are likely to occur more frequently.

How can such problems be prevented? Phone companies incorporate fail-safe systems such as route hardening (protecting the cable) and use of redundant processing, which esnsures that all switches have duplicate call processing units operating in tandem so that service will be continued if one processor goes down. Risk managers with companies that utilize a PBX may therefore wish to ask the telephone company how they can implement these protection measures.


Sensitive medical imaging equipment represents another form of expensive technology that risk managers must protect. Medical imaging equipment includes magnetic resonance imaging (MRI) machines, positron emission transaxial tomography (PETT) scans and a number of other devices that have improved health care professionals' diagnostic ability by supplementing traditional radiology with such techniques as high-frequency sound waves, high-powered magnets and sophisticated computer systems.

Therefore, risk managers for health care facilities may find they need to protect standard diagnostic equipment worth thousands of dollars or, depending on the size and nature of their organization, a 25-ton PETT scanner worth millions of dollars.

Although high expensive, these machines generate significant revenues; charges to patients for a PETT scan scan be more than $2,500 per visit. Since appointments for tests must be scheduled weeks or months in advance and financing for such equipment is often based on a steady revenue stream, downtime in the event of an accident or malfunction can create substantial monetary losses, as well as scheduling inconveniences. To further complicate the issue, some of these devices are so rare that a similar unit may not exist in the same region. Therefore, risk managers may find it difficult to develop reciprocal arrangements for the use of these machines with other medical facilities in the area.

Beyond employing the traditional property protection measures, risk managers must address the specific perils that accompany this type of technology. For instance, with the exception of conventional X-rays, imaging technologies rely on sensitive computerized components. Risk managers can use the loss control techniques applied to other electronic data processing equipment to protect these devices from fire, moisture, smoke, excessive heat and aberrations in the electrical power supply.

However, the unique nature of medical diagnostic equipment can create loss control challenges for health care risk managers. For example, some machines, such as MRI equipment, use huge magnets. The magnetic fields the machine produces must be contained to provide a stable homogeneous magnetic field to optimize the accuracy of the image, and to prevent the MRI from affecting the surrounding environment. Some MRI units utilize a dome, usually 20 feet by 12 feet, for this purpose. However, newer models are available that do not require the dome, reducing the space required for an installation to 500 square feet from 2,000 square feet.

Besides taking up a large amount of space, many types of medical imaging equipment are quite heavy. For instance, the location chosen for 25-ton PETT scans or six-ton MRI machines must take into account their immense weight. Because of the need for strong floor support, such machines are usually installed at or below ground level.

However, equipment located at lower or underground levels is more susceptible to flooding. If the health care facility is located in a floor-prone area, it is unadvisable to keep very heavy equipment on lower floors.

The sensitive nature of some of the components used in these machines also has an impact on the loss control measures to be employed. For example, earthquake-resistant construction is recommended for these systems since a quake that isn't strong enough to topple the building could still samage delicate components. Also, since California is not the only area subject to trembles, earthquake-resistant construction should be considered for equipment located in other areas of the United States as well. Many of these loss control issues point out to the need for risk managers to be involved even before the equipment is installed. Once a 25-ton scanner is situated in a room that is too small or inappropriately designed, making corrections will be extremely expensive.

Transporting medical diagnostic equipment represents another important loss control issue for health care risk managers. For example, equipment shipped from one location to another is vulnerable to transport mishaps, including collision, upset and overturn. To prevent these problems, health care facilities should employ professional drivers with the proper experience and good driving records. And although it may seem efficient to cross-train medical technicians as drivers, it could lead to putting a poor driver in charge of transporting equipment worth millions of dollars. The importance of qualified drivers cannot be overestimated. Since a mobile home containing medical diagnostic equipment has a higher center of gravity than a tractor-trailer, it is more likely to overturn, making driving skills even more critical.


New technologies are also being used to keep up with consumers' increasing demands for certain types of foods. For instance, the burgeoning interest in health and dietary issues has created a surge in the demand for fish and other seafood products. This, in turn, has accelerated the depletion of naturally occurring and self-replenishing fish populations to the point where not only are demands difficult to fill, but also the survival of several species is being threatened.

This has given rise to the development and growth of aquaculture -- more colloquially known as fish farming -- and it goes well beyond the occasional commercial catfish pond. Catfish, eels, salmon, trout and stripped bass are among the more common varieties commercially grown in volume for consumption.

However, aquaculture is still a high-risk "boom and bust" business. The primary problem facing the risk manager is that farmed fish are extremely susceptible to disease. A few stray microbes of bacteria or a sudden change in the water temperature can wipe out a substantial investment almost instantaneously. Besides conditions within the water itself, external factors such as an earthquake or nearby construction blasting can trigger fatal sound waves.

Therefore, it is important that risk managers institute a substantive loss prevention and control program to successfully protect this high-risk investment. This program involves continually testing the water, including its temperature, oxygenation levels, salinity, cleanliness and PH/ammonia content. Feeding procedures must also be monitored to maintain water purity as well as to ensure that appropriate quantities of food are being administered to the fish population. Finally, the breeding areas should be kept free of predators, which not only destroy fish, but also may contaminate the environment.

The examples of EDI, medical imagining equipment and fish farming demonstrate how new technologies can create distinctive concerns for risk managers. Therefore, risk managers in ever-changing technological fields such as these must make continuing education a priority, or their knowledge could become obsolete within a few years. Also, the cost and complexity of protecting these new technologies increase the responsibility of the risk manager and add new intricacies to his or her job. However, armed with updated knowledge and well-planned loss control strategies, the challenge can be successfully met by risk managers, regardless of the field in which they work.
COPYRIGHT 1993 Risk Management Society Publishing, Inc.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1993 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Mooney, James E.
Publication:Risk Management
Date:Nov 1, 1993
Previous Article:The latest trend in toxic torts.
Next Article:Risk management for recreational facilities.

Terms of use | Copyright © 2017 Farlex, Inc. | Feedback | For webmasters