Workers' compensation, being the statutorily defined and administered animal that it is, may not appear to need a risk standard applied to its day-to-day management, but I maintain the opposite is true. All risk exposures lend themselves to better management when approached with consistency, rigor and principled purpose.
Having just presented at the 2nd ISO 31000 Conference, I couldn't help but wonder if the focus on enterprise risk management (ERM) and governance, risk management and compliance (GRC) was causing risk managers with more narrow accountabilities to ignore the potential assistance that standards can offer them, their companies and their risk strategies.
For many risk managers, their sandbox is mostly defined by property and casualty exposures – an important area of risk management, but one which doesn't often apply ISO 31000 or any of its competing standards to everyday practice of the discipline. There appears to be some thinking that standards are only relevant if you have an "all risk" accountability. Is that a problem?
I would argue that, even if your direct responsibility is limited to just one exposure, a standard can help apply the rigor and consistency needed to excel in its management. The elements of a risk framework and process are much the same as they would be applied from one exposure to another. Each provides discipline where it is often missing – and usually much needed – to drive anything more than average results.
Similarly, a set of principles to guide the development and deployment of both a framework and the process itself facilitates the cohesion needed among the various stakeholders with interests in any exposure area. If there's a key difference in application, it lies primarily in the sheer depth and breadth of execution. In practice, a standard helps bring stakeholders together through consistency and commonality of approach. It helps drive discipline and rigor around the many methods and practices used to identify, assess, measure, mitigate/leverage, monitor and report on one or more risks.
If we consider the workers' compensation exposure specifically, it would be easy to fall back on the many statutes that prescribe the things we must do, when we must do them and, to some degree, how they must be done. But, in fact, the statutes are only the fundamentals that drive a regulatory interest in worker protection and fair treatment when hurt on the job. It is in few instances that the statutes drive decisions and actions within even a rudimentary risk framework.
I know of no workers' comp statute that facilitates the identification of risk or, more precisely, risk events that would help ensure the many sources of loss (i.e., causes) are minimized from a prevention standpoint. Similarly, show me a workers' comp statute that even touches on the risk management imperatives of risk assessment and measurement. And while this is not to say risk practitioners are not engaged in these important activities, it is to suggest that standards and frameworks enable and facilitate the more complete attention to the many aspects of exposures to which they are applied.
Thus, these tools are useful for ensuring a more comprehensive and thorough treatment of all aspects of the risk management paradigm. In effect, to do any less would be irresponsible for risk professionals. Why not allow standards to guide our actions for achieving both the best result for the injured worker and for his or her employer?
So don’t be dissuaded from considering the use of a standard when designing your strategy for managing risk in your organization. And while there's more than ISO 31000 to choose from, a huge plus for this standard is the fact that it requires no certification and thus avoids the bureaucracy of regular re-certification and all the time and effort that entails. For more on this standard, visit ISO.org or G31000.org.
Read my full column, “Should Risk Standards Matter?”, on the Risk & Insurance website for additional detail.
Chris Mandel, SVP, Strategic Solutions