Some of you may recognize my name because of my past work with the Insurance Institute of America's Associate in Risk Management (ARM) designation program. You may wonder why, as a fledging commentator for IRMI, I have now chosen to write commentaries on the general theme of "Ethics and Risk Management." You may well wonder why because, in writing about risk management for over 30 years before retiring in 2000,1 I have used the word "ethics" in print probably less than 100 times.
The theme "Ethics and Risk Management" signifies that each of these two worthy disciplines—risk management and ethics—depends on the other. Good risk management requires good ethics; and good ethics require good risk management. This implies, from a positive perspective:
First, for an organization to manage its risks well, everyone who represents that organization must practice good ethics.
Second, for an organization to act ethically, everyone who represents that organization must manage risk well.
And, conversely, from a negative perspective:
First, an organization that permits or encourages unethical actions by anyone who represents it is not practicing good risk management.
Second, an organization that permits or encourages anyone who represents it to manage its risks poorly is acting unethically.
"Risk Management" and "Ethics" Defined
To see why good risk management and good ethics must go together—why each needs the other—please start with definitions of these two fields. Risk management is a process for making and carrying out decisions designed to minimize the adverse effects of accidental or business losses on an organization by reducing the number or size of these losses or by cost effectively financing recovery from any such losses. I have been privileged to teach a definition much like this to those who earned the ARM designation. That was a five-step process, but other processes with as few as 2 steps or as many as 12 can be just as valid. (Risk management, like an orange, can be sliced various ways. The exact number of slices really is not crucial; what matters is that nothing is lost in the slicing.)
For ethics, any good college text on business ethics gives a definition comparable to: any system of guidelines for appropriate conduct toward others, aiming to comply with certain rules or to achieve certain results in particular types of situations. For example, a rule-based system of ethics emphasizes guidelines like "Always tell the truth" or "Never steal." A results-based ethical system emphasizes achieving "the greatest good for the greatest number" or directs, "Act as you propose only if the world would be bettered by everyone in your situation also acting as you propose." In difficult situations, different systems of ethics may condone or condemn a specific action as ethical or unethical, especially with respect to different groups. Some examples will be presented later in this article.
First, however, to see why the fields of ethics and risk management need each other, consider the common ground they share. Ethics gives guidelines for appropriate actions between persons and groups in given situations—actions that are appropriate because they show respect for others' rights and privileges, actions that safeguard others from embarrassment or other harm, or actions that empower others with freedom to act independently. Risk management is based on respect for others rights and freedoms: rights to be safe from preventable danger or harm, freedoms to act as they choose without undue restrictions.
Both ethics and risk management foster respect for others, be they neighbors, employees, customers, fellow users of a good or service, or simply fellow occupants of our planet—all sharing the same rights to be safe, independent, and hopefully happy and productive. Respect for others, whomever they may be, inseparably link risk management and ethics.
Now for a few of the many possible examples of this linkage, drawing on the four bulleted implications that opened our discussion:
First, for an organization to manage its risks well, all its people must act ethically. For example, if someone misrepresents an organization's product, the organization is vulnerable immediately to products liability claims and in the longer run may lose its reputation and market share. Again, if one of an organization's executives treats any subordinate employee unethically, that employee (and a good number of his or her fellows) may lose his or her enthusiasm for their work, may begin to take advantage of the employer in any of hundreds of little ways, or may simply find another job. Or if one employee discovers that a second employee is embezzling from the organization, the second employee's failure to report this dishonesty causes financial loss to not only the organization and to each of its owners but, in the long run, also to those who rely on that organization for their livelihood.
Second, if an organization is to act ethically, everyone who works for that organization must manage its risks well. The maintenance staff who takes out the organization's daily trash must dispose of it properly; otherwise, neighbors upon whom it is dumped may sue the organization and it, in turn, may face fines and injunctions for environmental pollution. Furthermore, the organization's risk management staff must be scrupulously honest in providing information to the organization's insurers, not only to be sure that the organization has a good reputation among underwriters (and therefore favorable premium rates, an element of good risk management) but also to be confident that the organization pays its ethically fair share of the loss exposures that are pooled through insurance.
These examples also illustrate the third and fourth, converse, negative implications bulleted above. The third implication—that permitting unethical behavior within an organization is poor management of that organization's loss exposures—is demonstrated by the careless conduct of the trash-disposal crew. Their actions are likely to bring on lawsuits and, in time, a loss of reputation and market share for the organization.
Fourth and finally, if an organization's most senior executives allow, worse encourage, its risk management personnel to withhold or misrepresent information in dealing with underwriters to purchase insurance this year on unfairly favorable terms, then—come renewal times for perhaps a decade to come—senior management's short-range misconduct jeopardizes the organization's insurance protection in the long run.
These examples aim to drive home the point that good risk management and good ethics support each other. Hopefully, they are clear and beyond debate. My goal here has been to make this link through these examples and this reasoning, to explain why good risk management and good ethics are, and need to be, linked.
These examples are not like the ones that will be the focus of future commentaries in this series. Nor in the future will I deal with the headlined specifics of alleged insurance or other scandal. In the future, I hope to present situations that are more common, that present real ethical dilemmas that arise in practical risk management. These will be situations where neither the good/bad ethics nor the good/bad risk management are so black and white, and where together we can reason through how best to let good ethics and good risk management work together for the ultimate benefit of all.
Opinions expressed in Expert Commentary articles are those of the author and are not necessarily held by the author's employer or IRMI. Expert Commentary articles and other IRMI Online content do not purport to provide legal, accounting, or other professional advice or opinion. If such advice is needed, consult with your attorney, accountant, or other qualified adviser.
1 For any who may wonder, I am still at the Institutes, but now serving as "Director Emeritus," without any direct responsibility or authority. The ARM program, like the other Institute offerings on which I worked, are in new, fine hands. Check out the programs at www.theinstitutes.org/.