Value of Measuring Risk: “If you can’t measure it – you can’t improve it.”

13 October 2017

The RIMS Canada Conference recently took place in Toronto from September 24th – 27th, 2017. JLT Canada’s Grant Williamson, Managing Director and Leader, Eastern Canada and Sasha Alexander, Vice President, Account Executive, Public Sector sat on a panel with Stephen Pottle, Risk Manager at York University, to discuss the value of Risk Managers and the importance of metrics to demonstrate their value.

As noted in the session, the role of the Risk Manager is increasingly being threatened by a lack of perceived purpose and value. With IT teams commonly handling the mitigation of cyber risks and compliance ensuring that legal requirements are met, the value of the Risk Manager is becoming more questioned. Yet with risk increasingly listed on the corporate agenda, why are Risk Managers being scrutinized?  "Risk Managers support all areas of the business to ensure that the long term business objectives are met," explained Alexander. With many Risk Managers feeling the stress of potential job loss, how can they better demonstrate their value to the C-suite and the board?

Pottle pointed out that Risk Managers must "understand [their] role and how it supports the business objectives of the organization" to fully understand their value. To do this, he suggested taking time to speak with their managers, peers and the Human Resource team to gain clarity on their role and ensure that their efforts align with their department and support the overall business objectives of the organization.

"Establishing a strong personal brand… is also central to [a Risk Manager's] success and value", Grant Williamson added. Creating a defined personal brand within the workplace is not easy, but as Pottle explained: "If you cannot communicate your value, someone else will and it may not be the story you wanted told." By taking time to gather information, quantify their findings and clearly articulate their results, Risk Managers communicate their value and control the telling of your story.

In order to quantify their findings and prove their worth, Risk Managers must measure their efforts. As explained by Alexander, "metrics are units of measurement that quantify your efforts and ensure that the objectives of the organization are met. They are tangible markers that are predictive, diagnostic and retrospective." Metrics demonstrate what work is helping to achieve a goal and they indicate when one has strayed.

There were two types of metrics discussed on the panel: output metrics and outcome metrics. Output metrics measure effectiveness. They include operational activities such as the number of contract reviews performed, or the number of certificates of insurance generated. Based on the results of such operations, the metrics can be adjusted to ensure the desired outcome is met. Outcome metrics quantify performance and assess the quality of the work being done. As emphasized by Pottle and Alexander, both output and outcome metrics are essential to Risk Managers demonstrating their value and meeting the business objectives. A key area that Pottle suggested Risk Managers measure is the number of incidents and claims in a department – where are the most claims? What are the issues? By tracking this information they can find solutions that are helpful to the organization, save money in the long term and demonstrate their value.

Since Risk Managers touch all areas of the business, Pottle noted that it is imperative that they articulate their role and tasks in a way that is familiar to the C-suite and the board. For example, if the Risk Manager is meeting with the Chief Financial Officer, they might want to communicate metrics in dollar figures and in the form of charts and graphs, while if they meet with the head of HR, they might discuss metrics in terms of employee safety or employee performance.

Pottle further explained that by quantifying their efforts as Risk Manager, they provide factual data and create a strong business case that illustrates how they support all aspects of the organization and save money where possible. Risk Managers provide solutions that mitigate risk so that insurance claims and the associated costs are avoided.

To conclude the session, all panelists urged Risk Managers to frequently communicate with everyone in their organizations, since the more they understand their organization; the more likely they are to provide strategic solutions. As Alexander pointed out, the more you talk to the people in your organization about the work they do and how they do it, the more strategic and prescriptive you can be in your communications with the C-suite.  At the end of the day, the more strategic Risk Managers are in their role and in helping the organization reach its objectives, the more attention and support they will receive from the C-suite level.

For further information, please contact Grant Williamson, Managing Director and Leader, Eastern Canada or Sasha Alexander, Vice President, Account Executive, Public Sector at