A SAGE Test for Risk Management

When I was a Chief Risk Officer, I needed a method to help me quickly decide how to allocate my time and resources. The result was the acronym “SAGE.”

“SAGE” stands for “Survive, Achieve, Grow, and Expand.” The order is important, not just to make the acronym work, but because that is the order in which you, as a risk manager, should consider the priority of your actions and your budget.

Survive

Survival of the organization should be its first priority. If the organization does not survive, it has no chance of fulfilling the purpose for which it was created. If it does not survive, growth and expansion are moot.  Recall the safety speech that the airline flight attendant gives concerning the air mask:  

“In the event of a cabin depressurization, a mask will fall from a panel above you. Place it on your face (etc.). If you are traveling with people who need assistance, such as children, make certain you put your own mask on before assisting others.”

This last part of the announcement reminds us that, if we don’t survive, we can’t help others.

Achieve

The next step is to achieve the goals and purposes of the organization. Remembering why the organization was established in the first place and achieving those goals is secondary only to the survival of the organization. For a stock company, it is likely making a profit and returning value to the owner or shareholder.  For a mutual insurance company, it might be to provide an open insurance market for its owner and customers.  A captive’s purpose might be to guarantee a market for insurance coverage for its owner.  But it must survive in order to do so.

Grow

Growing the organization may or may not be important. Growth in this context means organic growth: increasing the activities you currently are performing, adding members or adding policyholders, and similar increases in what the organization is already doing or the customers with whom it is already dealing. Growth only makes sense if the organization is already attaining its purpose, meeting its goals, and is reasonably assured of survival.

Expand

Expansion occurs when the organization takes on new territories, lines or types of business, or other activities outside its current scope of activities.  

There is no clear line between growth and expansion. But that boundary is not as important as the fact that neither should occur until the organization is fully meeting its objectives and is assured of survival.

I used this as the test for activities within the organization.   Into which category does the activity fall?  “Survive” activities get first priority for my time and budget.  “Accomplish” gets the next level.  “Growth” activities are only allocated resources if the first two are being accomplished.  “Expand” tasks get what is left after the first three are satisfied.   It is a quick, simple way of prioritizing that others can understand and accept.

During one turnaround situation, I only concentrated on the “Survive” activities. What little time and budget I had left I allocated to “Accomplish” activities.  “Growth” and “Expand” were ignored.  Even then, only the most important “Accomplish” activities were performed: some had to wait.  It worked, and the company went from losing 20 cents on every dollar of sales to break even in two years.

I have watched other companies expand, but ignore survival, only to falter, and in a few instances, fail.  

“SAGE” for this purpose is copyrighted by Grover Edie MBA, FCAS, MAAA, CERA, CPCU, ARM, ARP

Getting Budget for ERM

Enterprise risk management (ERM) is the process of planning, organizing, leading, and controlling the activities of an organization in order to minimize the effects of risk on an organization’s capital and earnings.

If something is important to a company, it will be in the performance metrics for management’s bonus.  If you want staff or budget for ERM, your job is to figure out how ERM directly affects the organization’s goals for THIS YEAR!  Not next year, not five years from now, but by the end of this year.  If your company is experiencing some sort of difficulty, getting budget for ERM will depend upon your ability to show how ERM will enable the company to effectively remedy that difficulty. 

Linking the ERM activities to corporate objectives applies to every activity within a company, but because ERM is a rather new discipline, budget for it is usually not embedded in the usual budgeting process. 

Since most companies want profits and growth, we need to consider that those items are also a part of management’s survival and onus.

The risk inventory is one of the first steps in establishing an ERM program.  The remainder of this article assumes that has been accomplished.

If you know the operations, you need to learn the metrics.  If you know the metrics, you need to understand the operations.  What happens, how it is measured, and how it affects the metric important to management (usually profits, at least.) 

If management’s actions do not line up with the organization’s published objectives, look for something else that is their objective and align with it.

Compare ERM functions with those elsewhere in the organization

Compare the functionality of what you want to do with what is already being done within the organization.  An Economic Capital Model and an investment portfolio model are essentially the same thing; only the subject matter differs.  And when you realize that the variation in investment outcomes is tiny compared to the potential variation in underwriting income, you will wonder why investments are modeled and underwriting results are not.  One answer is that investments have a broader audience – investment managers model investments for all sorts of clients and can use standard platforms.  But with recently developed, commercially available, platforms to model insurers such modeling will become more mainstay.  Remind others of where Catastrophe modeling was decades ago and where it is today, and you can springboard onto an argument for Economic Capital Modeling.

Look for short term returns — “Quick hits”

Bonuses are paid at the end of the year, so whatever you can come up with that will affect the current year will be seen far more favorably than something that will affect two or five years down the road.  And a series of short-term successes will pave the way for acceptance of longer-term initiatives. 

Pricing changes hardly affect this year’s profits, other than discouraging underpriced business and encouraging over-charged business, where the change remedies those issues.  For insurers, where premiums are earned over a six-month, one-year or even longer period, adding premiums is not as effective on a short-term basis as avoiding business that is underpriced in the first place. 

Look for risks to specific situations  

How does it affect the enterprise as a whole?

  • “Get the Ohio branch up and operational by the end of the year” (expense ratios)
  • “Reduce headcount without reducing customer satisfaction.” (expense ratios)
  • “100% uptime for IT.”
  • “No cyber losses”.  Work with CIO and the expected cost of the most likely cyber-related loss (denial of service, data-napping, whatever) and its impact of profits, reputation, and CEO’s job.

These risks are being addressed by others in the organization – join with them rather than trying to compete for funds, to make sure THEY are successful in mitigating the risk.  Aligning with others enables you to go a lot farther than competing for funds.

Engage others

Rather than hire a person, engage others within the organization to do some of the work, if you can.  Many appreciate the variation from their daily tasks.  And often, they can provide valuable insights into the situation.   

The metrics by which management is measured, and is given bonuses, usually have both a positive and a negative component.  For example, net income has both a positive site, i.e. make more money, and a negative side, experience lower expenses or fewer losses.   Revenues can be viewed as positive (write more business) or negative (lose fewer existing customers.)

Finally, do as many of the above-mentioned items at the same time as you can do effectively.

————————–

Grover Edie, MBA, FCAS, MAAA, CERA, CPCU, ARM was VP & Chief Actuary and Chief Risk Officer of two different insurance organizations.  One was a multi-national group the other, a regional mutual.