Risk-less Business

Risk happens—all day, every day. The days when risk could be defined simply in terms of insurance and claims management are long gone. Everything within the retail enterprise carries a measure of risk and, by default, added responsibility. By everything, that would mean all things insurable as well as all those actions, events and decisions across a retail organization that cannot be insured.

“Risk management is a philosophy that has permeated the OfficeMax organization,” explained Carol Arendall, senior director risk management at the Naperville, Ill.-based office-supply retailer, which had sales of $9 billion in 2007. “Our risk-management team is not off in the corner handling insurance and claims—risk management sits at the table for various operational decisions that get made within the organization.”

The risk-management team at OfficeMax, led by Arendall, adopted an enterprisewide approach to risk management about two years ago and actively evaluates risks throughout the organization—both those that can be insured and those that cannot.

“It’s not just about buying insurance, it’s actually using different risk techniques to identify what risks we might have even if we can’t buy insurance for it,” she continued. “The risk-management team becomes involved in [decisions] because there is a risk associated for the company.”

Arendall has spent more than 20 years in retail risk management, including 12 years at Carson Pirie Scott followed by risk management for Saks, Inc., before she joined OfficeMax three years ago.

Her expertise, suggested Gary W. Bull, managing director, retail industry practice leader, at Marsh in San Francisco, has helped position OfficeMax as a leader in strategic risk management.

As an insurance broker and strategic risk advisor, Marsh works with clients across a broad spectrum of industries. “The retail industry,” noted Bull, “is more strategic with risk management than other industries because of the nature of risks retailers are dealing with and the large amount of losses experienced in retail.”

Total cost of risk: One metric that Bull helps retailers get a handle on is their total cost of risk (TCR) relative to losses. “For a typical large retail chain, 90% of their TCR is actually retained losses, which are the losses they are assuming themselves such as general-liability claims and workers-compensation claims,” he explained.

Arendall acknowledged that Bull’s estimate would be realistic for most companies. “Retained losses are a big expense item for any corporation,” she agreed. “Workers compensation and our general liability are the top retained risks that we have.”

However, Arendall emphasized that areas that cannot be insured are equally troublesome. “One of the big ones is supply chain risks—there is so much associated with our supply chain, but only a small part of it is actually insurable,” she said. “For instance, there is risk associated with a hurricane destroying a plant in China and then we can’t get product to our stores. Or, there is the political risk associated with [international trade]. What happens after the Olympics if China shuts down its borders and won’t allow exports? We’re actually looking at all things on a much more macro level.”

Bull concurred, and said the top issues in retail risk management after retained losses are those losses pertaining to supply chain issues, followed by cyber liabilities and property insurance, most notably in what he described as catastrophe-prone areas.

A report released last month by Deloitte & Touche, Parsippany, N.J., indicated similar findings. Compiled from input gathered from national retail companies that participated on the condition of anonymity, the report, subtitled “What It Means to Be Risk Intelligent,” found that 33% of respondents expected compromised risks would be most likely to occur in the supply chain. Other risk areas of concern included brand/reputation compromises, 31%; data breaches, 19%; fraud or embezzlement, 10%; and revenue or earnings misstatement, 6%.

“It’s not so much what you do about a specific risk in the supply chain or relative to your reputation or product quality—it’s about what you do relative to all your risks and how you address those in a comprehensive way,” stated Brett Sherman, partner, audit and enterprise risk services at Deloitte and author of the report. “That’s where we are headed with an enterprise risk-management (ERM) approach.”

Although OfficeMax has clearly demonstrated success with its ERM approach, the Deloitte study found the vast majority of retailers are lagging behind. Only 24% responded “yes” to the question: “Is risk information effectively incorporated into core decision-making processes such as strategic planning, capital allocation and acquisitions?” Sixty-three percent said “no,” and 13% indicated they did not know.

Putting processes in place: In addition to embracing the enterprisewide philosophy for risk management, OfficeMax has implemented formalized processes to deal with risks.

“One of the most important things we have at OfficeMax is a very tight handle on anything contractual,” stated Arendall. “We’re very careful about signing the dotted line on anything that is going to commit OfficeMax, and we want to be very sure OfficeMax is properly protected.”

For instance, OfficeMax requires a certificate of insurance from any vendor it hires and takes the added step of linking this risk-management procedure with its accounts-payable group.

“You can’t do business with OfficeMax and get paid unless you provide us with evidence of insurance, which is actually a big deal within the risk-management world because not that many companies have linked their accounts-payable system with their risk-management department, so that’s another control we have in place,” she explained.

Additionally, an enterprisewide approach should certainly encompass comprehensive claims management and require strict attention to systematic procedures.

“When an incident happens in one of our stores, we have processes and procedures in place so the store [associates] know what they’re supposed to do and how they are supposed to react,” said Arendall. “We spent a lot of time identifying appropriate doctors to send our associates to so we make sure our associates get the best possible medical care. Similarly, we have processes in place for our truck drivers because we have a sizeable [transportation] fleet. There’s a lot that goes on behind the scenes that you wouldn’t expect with respect to the processes we have in place.”

Healthy claims management: Taking a proactive stance to deal with incidents, particularly those that are health-related, is a critical component of effective risk management. The volume of workers-compensation and general-liabilities claims being generated across the retail industry is “staggering,” according to Scott P. Rogers, managing director of the retail business unit at Sedgwick Claims Management Services.

Memphis, Tenn.-based Sedgwick, which adjudicates losses on behalf of its clients, realizes 25% of its revenues and 50% of its overall claims volume from retail accounts.

“With big-box retailers, which is our niche, there is a tremendous amount of volume and significant amount of money budgeted for casualty [claims],” said Rogers. “These are not small line items.”

Among the trends that Sedgwick is seeing across retail claims is an upturn in indemnity benefits paid to out-of-work employees and an overall shift in the percentage of total spend allocated to medical costs.

Relative to indemnity benefits, basically the wage-replacement money paid to workers injured on the job, Kathy Tazic, client assistance director at Sedgwick, explained, “Employees may be entitled to more than just wage replacement, sometimes the