Why Link Risk Management and Ethics?
February 2005
Some of you may recognize my name because
of my past work with the Insurance Institute of America's Associate in Risk
Management (ARM) designation program. You may wonder why, as a fledging commentator
for IRMI, I have now chosen to write commentaries on the general theme of "Ethics
and Risk Management." You may well wonder why because, in writing about risk
management for over 30 years before retiring in 2000,* I have
used the word "ethics" in print probably less than 100 times.
by George
L. Head, Ph.D.
Director Emeritus, American Institute
for CPCU
The theme "Ethics and Risk Management" signifies that each of these two worthy
disciplines—risk management and ethics—depends on the other. Good risk management
requires good ethics; and good ethics require good risk management. This implies,
from a positive perspective:
-
First, for an organization to manage its risks well, everyone who represents
that organization must practice good ethics.
-
Second, for an organization to act ethically, everyone who represents
that organization must manage risk well.
And, conversely, from a negative perspective:
-
First, an organization that permits or encourages unethical actions by
anyone who represents it is not practicing good risk management.
-
Second, an organization that permits or encourages anyone who represents
it to manage its risks poorly is acting unethically.
"Risk Management" and "Ethics" Defined
To see why good risk management and good ethics must go together—why each
needs the other—please start with definitions of these two fields. Risk management is a process for making
and carrying out decisions designed to minimize the adverse effects of accidental
or business losses on an organization by reducing the number or size of these
losses or by cost effectively financing recovery from any such losses. I have
been privileged to teach a definition much like this to those who earned the
ARM designation. That was a five-step process, but other processes with as few
as 2 steps or as many as 12 can be just as valid. (Risk management, like an
orange, can be sliced various ways. The exact number of slices really is not
crucial; what matters is that nothing is lost in the slicing.)
For ethics, any good college text on
business ethics gives a definition comparable to: any system of guidelines for
appropriate conduct toward others, aiming to comply with certain rules or to
achieve certain results in particular types of situations. For example, a rule-based
system of ethics emphasizes guidelines like "Always tell the truth" or "Never
steal." A results-based ethical system emphasizes achieving "the greatest good
for the greatest number" or directs, "Act as you propose only if the world would
be bettered by everyone in your situation also acting as you propose." In difficult
situations, different systems of ethics may condone or condemn a specific action
as ethical or unethical, especially with respect to different groups. Some examples
will be presented later in this article.
Commonalities
First, however, to see why the fields of ethics and risk management need
each other, consider the common ground they share. Ethics gives guidelines for
appropriate actions between persons and groups in given situations—actions that
are appropriate because they show respect for others' rights and privileges,
actions that safeguard others from embarrassment or other harm, or actions that
empower others with freedom to act independently. Risk management is based on
respect for others rights and freedoms: rights to be safe from preventable danger
or harm, freedoms to act as they choose without undue restrictions.
Both ethics and risk management foster respect for others, be they neighbors,
employees, customers, fellow users of a good or service, or simply fellow occupants
of our planet—all sharing the same rights to be safe, independent, and hopefully
happy and productive. Respect for others, whomever they may be, inseparably
link risk management and ethics.
Examples
Now for a few of the many possible examples of this linkage, drawing on the
four bulleted implications that opened our discussion:
First, for an organization to manage its risks well, all its people must
act ethically. For example, if someone misrepresents an organization's product,
the organization is vulnerable immediately to products liability claims and
in the longer run may lose its reputation and market share. Again, if one of
an organization's executives treats any subordinate employee unethically, that
employee (and a good number of his or her fellows) may lose his or her enthusiasm
for their work, may begin to take advantage of the employer in any of hundreds
of little ways, or may simply find another job. Or if one employee discovers
that a second employee is embezzling from the organization, the second employee's
failure to report this dishonesty causes financial loss to not only the organization
and to each of its owners but, in the long run, also to those who rely on that
organization for their livelihood.
Second, if an organization is to act ethically, everyone who works for that
organization must manage its risks well. The maintenance staff who takes out
the organization's daily trash must dispose of it properly; otherwise, neighbors
upon whom it is dumped may sue the organization and it, in turn, may face fines
and injunctions for environmental pollution. Furthermore, the organization's
risk management staff must be scrupulously honest in providing information to
the organization's insurers, not only to be sure that the organization has a
good reputation among underwriters (and therefore favorable premium rates, an
element of good risk management) but also to be confident that the organization
pays its ethically fair share of the loss exposures that are pooled through
insurance.
These examples also illustrate the third and fourth, converse, negative implications
bulleted above. The third implication—that permitting unethical behavior within
an organization is poor management of that organization's loss exposures—is
demonstrated by the careless conduct of the trash-disposal crew. Their actions
are likely to bring on lawsuits and, in time, a loss of reputation and market
share for the organization.
Fourth and finally, if an organization's most senior executives allow, worse
encourage, its risk management personnel to withhold or misrepresent information
in dealing with underwriters to purchase insurance this year on unfairly favorable
terms, then—come renewal times for perhaps a decade to come—senior management's
short-range misconduct jeopardizes the organization's insurance protection in
the long run.
Conclusion
These examples aim to drive home the point that good risk management and
good ethics support each other. Hopefully, they are clear and beyond debate.
My goal here has been to make this link through these examples and this reasoning,
to explain why good risk management and good ethics are, and need to be, linked.
These examples are not like the ones that will be the focus of future commentaries
in this series. Nor in the future will I deal with the headlined specifics of
alleged insurance or other scandal. In the future, I hope to present situations
that are more common, that present real ethical dilemmas that arise in practical
risk management. These will be situations where neither the good/bad ethics
nor the good/bad risk management are so black and white, and where together
we can reason through how best to let good ethics and good risk management work
together for the ultimate benefit of all.
Opinions expressed in Expert Commentary articles are those of the author and are
not necessarily held by the author’s employer or IRMI. This article does not purport
to provide legal, accounting, or other professional advice or opinion. If such advice
is needed, consult with your attorney, accountant, or other qualified adviser.