Insurance Australia Group’s executive and board model, where the chief risk officer reports to the chief executive and the risk subcommittee of the board, has been described as best practice in risk and business management by Deloitte.
The global report, released this week by Deloitte, surveyed boards and executives from over 300 global companies. The survey found that company executives should use risk management to protect value and power performance.
Revenues generated from the businesses in the survey started at US$1 billion, with 23 per cent at more than US$20 billion. While those surveyed believed risk management should drive value creation, only 18 per cent were actively doing so.
The IAG model, however, was singled out as world-leading in terms of balancing risk and reward.
“Business is all about risk and reward, so strategy and risk are two sides of the same coin. Strategy discussions in the firm very quickly turn into conversations about risk,” IAG managing director Peter Harmer said.
IAG has a central staff of about 15 and, according to Harmer, they are responsible for driving the conversation around risk appetite and risk tolerance. However, the responsibility for risk management lies within the individual business units.
“The individual CEOs of our business are accountable to me through the CRO for their performance in terms of managing, mitigating, and ultimately financing risk,” Harmer explained in the Deloitte report.
The report also found that IAG looks at risk from two key perspectives. Firstly, there’s "the volatility of other businesses or individuals that we assume, insurance liability, which requires very careful management,” Harmer said in the report.
The other area is financial risk, which the firm breaks down into operational, regulatory and technology risk. Risks in these core baskets “translate down to an operational level: How much risk will we assume within the pursuit of our business objectives?"
Deloitte’s report noted that the insurer “focuses keenly on continuous improvement”. In terms of dealing with insurance risk, counterparty risk within reinsurance programs and investment/financial risk - core focuses and competencies for the firm - the report revealed that Harmer is generally satisfied with performance with no new initiatives seeming necessary.
A wonderful opportunity
However, Harmer did acknowledge that technology risk is where IAG has the most work to do. He explained that the firm must become more agile in identifying emerging technologies presenting disruptive risks and opportunities.
Despite the risks, the business sees disruption as providing “a wonderful opportunity”. IAG Customer Labs is developing software that can improve both customer-facing and back-office processes.
Work in areas ranging from cybersecurity to technology disruption is ongoing. In general, said Harmer: “If anyone tells you [they have these risks fully covered], I’d say they were delusional.” According to Deloitte, IAG’s model is also scalable to any size organisation.
“By being more proactive and deliberate in assessing risks, organisations are able to use their new understanding to differentiate and create value, not just protect it,” Deloitte risk transformation leader Peter Matruglio said.
In fact, the report found that executives recognised the importance of interaction with business and the CRO, with 58 per cent of global survey respondents saying their CROs should spend significantly more time performing the strategist role and participating in setting the strategic direction of the company and aligning risk management strategies accordingly.
IAG’s board has also won kudos for its approach to governance and culture. In March, CLSA ranked IAG's board first for 'hands on' insurance experience, the ability to create a decent culture and promote diversity.