John Marren and Paul Carter know a thing or two about risks. And they should, as both work in the ever-changing field of risk management. John and Paul's differing views on corporate risks demonstrate just how dynamic of an area this is.
“Better prepare for contingencies”
Both are engineers dealing with corporate risks, but their perspectives are very different. John Marren is responsible for risk and insurance management at the biopharmaceutical company, CSL Limited. Paul Carter is the new Global Head of Allianz Risk Consulting at Allianz Global Corporate & Specialty (AGCS). We asked them about the changing role of risk management and the risks that keep them awake at night.
What does a typical day in your office look like?
John J. Marren: It involves a lot of meetings and phone calls with colleagues and internal clients, addressing risk management issues or claims. In projects, we are currently developing a new emergency response system and are upgrading the business continuity management program for the corporate office. I am also reviewing loss prevention for new facilities in Texas and Germany, and preparing for strategy meetings and risk reviews for an upcoming trip to our corporate headquarters in Melbourne, Australia. Annually, we have to look into our insurance portfolio and pick it apart to identify any key areas to be adjusted. My key challenges are staying current on developments in a rapidly growing company and managing many projects at once.
Paul Carter: In my new role, I ensure that the strategic priorities of AGCS are translated into a tangible delivery from Allianz Risk Consulting for both our internal and corporate clients. I am heavily involved in the decisionmaking on key projects such as new analysis tools or an upgrade of our web-based client interface and, being responsible for more than 250 engineers, also have to deal with many HR issues. I spend quite a lot of time traveling, so days in the office are pretty much blocked for meetings and conference calls. Still, I try to foster an open door policy in the department and start by setting an example myself.
Do you remember one incident that has made a lasting impression on your career?
John: I guess it’s always about losses. There is always something to learn about each individual loss – from what caused it to how to get a company back on track. So, rather than remembering one single incident, I would say having been involved with various types of events from a fire at a plant to a liability claim has provided with me crucial experience that has assisted in each subsequent crisis event being handled a little bit better.
Paul: As a field engineer, I’ve experienced the best and occasionally the worst from various industries. I will never forget being told one day that one of the best risks I had ever inspected had suffered a severe fire loss. It turned out that multiple seats of fire had been maliciously set in the facility and the installed sprinkler system simply could not cope with such a scenario. The loss was devastating, despite the client having done all that was asked and even more.
John: That’s true, and it also goes to show that when you think you’ve taken every measure and thought of everything, losses can still happen. That’s why we have insurance.
A risk that keeps you awake at night?
Paul: My biggest concern is related to natural catastrophes, as these incidents have the possibility of creating huge losses. It is not just about a possibly devastating, but somehow limited, property loss at one site; it’s about entire regions and industries being affected in our strongly globalized, interconnected economy.
John: Again, for me it’s no risk in particular, but anything which would have a major impact on our ability to continue business operations is always a concern. We strive to be well-prepared for contingencies in all facets of our business. As a biopharmaceutical company, we always have to keep in mind that any mishap at one of our facilities will not only affect our own business success but also potentially the well-being of thousands of patients.
What has been the biggest risk you have ever taken?
John: Driving on the left side of the road in Australia!
Paul: Riding down a mountain side at over 80 km an hour on a full suspension mountain bike. I only realized how risky it was when I had a really bad crash.
Which emerging risks should companies be better prepared for?
Paul: As my home computer was recently hacked, I would say that cyber crime will become far more prom-inent in the future. Business interruption not triggered by physical damages such as power blackouts is already a major issue and will continue to increase in scale.
John: Anything which can have a material impact on your supply chain. Whether it be sourcing, transportation and logistics, or in manufacturing, the loss of a key element of your supply chain with limited contingency capability is something to always consider. And I also agree with Paul, the reliance on IT systems is without comparison in our history. Therefore, ensuring that critical systems are resilient and safeguarded against attack is a rapidly growing priority.
What’s the best piece of risk management advice you have been given?
Paul: One of my former bosses said to me: “Nothing will ever be attempted if all possible objections must be overcome”. It’s better to start improving your preparedness step by step rather than aiming for the one big thing from the very beginning and end up with no improvements at all.
John: I was taught many years ago when first starting in risk management: Operate as though you don’t have insurance as a financial backstop! This will compel critical thinking about the risks inherent in whatever business you are in.
How has the role of corporate risk managers or insurance risk engineers changed over the last years?
John: The role has become broader. We’re not just insurance managers anymore. Holistic Enterprise Risk management concepts have become the mantra of today’s risk managers. You must understand your business well in order to be a suitable advocate for wisely considering and accepting or transferring risk for the business. Decisions might be made that don’t always track perfectly with your advice, but our job is to enable the business leaders to make informed choices and avoid surprises.
Paul: The top business risks now look very different from what they did just ten years ago and so we have to align our risk consulting activities to these changing trends. For instance, property risk engineers within large corporate insurers used to focus much of their time on physical asset protection. Nowadays, assessing and mitigating risks of business and supply chain interruption is a major part of property risk consulting. Our analysis of exposures to natural catastrophes has also become more detailed.
Which skills does a good risk manager or risk engineer require?
Paul: Within insurance-related risk engineering, obviously a related technical background with extensive industrial experience, but don’t forget that our business is also about people. We are expected to discuss complex issues face to face with our clients, so risk engineers have to be good communicators who can talk the same technical language and build relationships.
John: A good risk manager must be able to work with all levels of people from the entire organization, starting at the top with the CEO down to management and further to the shop floor. He must be willing to dive deeply into the business in order to support the business adequately. Managerial and financial acumen are also essential. However, the risk manager’s role continues to evolve. In leaner and leaner organizations, it becomes more critical to ensure preparedness for contingencies.