Leaders of the evolution

HEADNOTE

EXAMINE THE CAREERS OF THREE EXCEPTIONAL RISK MANAGERS NAVIGATING THE EVOLVING PROFESSION.

Few corporate positions are as evolutionary, perhaps revolutionary, as the job of risk manager. Twenty-five years

ago, one would be hard-pressed to find more than a dozen. Back then, they were insurance managers, but they were taking courses in the nascent science. As they proved their merit to senior management, these new executives were extracted from the murky backwaters of legal departments to assume leadership roles in increasingly sophisticated organizations. Over the years, risk managers have proven they are a valuable corporate resource.

Now the profession is in the grip of change again, as diverse companies undertake enterprise risk management strategies and chief risk officers--many coming out of insurance and finance risk management ranks--emerge enforce.

Risk managers run the gamut now, and are a tough act to pin down. There are wide differences in risk oversight responsibility and in risk management philosophy. The following profiles of three risk managers exemplify the broad definition of the risk manager today.

One is a highly regarded risk manager and a former president of RIMS with more than thirty years service. Another is a former manager of market risk who has joined the swelling ranks of chief risk officers. And the third risk manager evinces the struggle many in her profession confront as their companies experience astonishing growth.

Everybody in risk management, it seems, knows Richard "Dick" Heydinger. At annual RIMS conventions, the soft-spoken, veteran director of risk management services at Hallmark Cards Inc. is the recipient of hundreds of back pats and heartfelt exclamations of "Hey, howya doin' Dick!" Heydinger will retire at the end of the year, but he's not going out quietly. Indeed, he and others are shepherding the Kansas City, Missouri-based greeting card company through the first stages of an enterprise risk management process.

For Heydinger, the introduction of this revolutionary approach to corporate risk comes with the terrain. In the course of his career, he has participated in the constant evolution of the profession.

Back in the late-sixties, Heydinger was the accident clerk in the insurance and safety department at Norwalk Truck Lines, a large northern Ohio transcontinental trucking firm. The job entailed routine appraisal of actuarial reports and not much else, he says. Nevertheless, the work got him hooked on insurance and risk.

Later at the same firm, Heydinger jumped at the opportunity to work in the area of workers' compensation and began his career metamorphosis. "I took the company self-insured for the first time after just a year," he recalls. "Previously, we just insured everything from the first dollar up. I had been reading articles about risk management and risk retention and was extremely captivated."

When another trucking company acquired the firm, Heydinger signed on with Anchor Hocking Corp. in Denver, Colorado, a large glass container and ovenware manufacturer.

"I was the manager of property/casualty insurance operations and reported to the insurance manager," he says. "Back then (in 1970) companies still weren't using the name risk manager. Shortly thereafter, I earned my CPCU designation and took courses toward an Associate in Risk Management (which he later received) cosponsored by RIMS. By the time I left to join Hallmark in 1979, I had the title of director of risk management and retirement."

During this period, his job responsibilities increased. Insurance management became risk management, a broad category encompassing the identification and management of hazard exposures and worker risks. At Hallmark, the position would swell to include even more responsibility. "When I came here, there were about five people on staff in the risk management area; today, there are twenty-one," Heydinger notes.

The philosophy of risk management also was set to change. "We were part of legal back then, in a department known as insurance and claims," he says. "Insurance was the routine response to every risk--once you identified an exposure, you simply transferred it via insurance. In those days there also really wasn't any upfront identification of risk. Actually, I shudder now to recall that most risks were discovered in the course of claims and lawsuits. We weren't what you would call proactive about risk back then."

Heydinger lobbied senior management to move risk management out of legal and to adopt a real risk management philosophy, one in which risks were identified, assessed and either controlled or transferred. Fortunately, Hallmark's CFO at the time also was taking risk management classes and was an ardent ally. "He sold the concept to the CEO and me as the guy to implement the promises made," Heydinger says.

Other risk control functions were brought in under his umbrella, including safety, environmental compliance, asset protection and crisis management. Heydinger developed an integrated process for addressing the breadth of risks in his care, similar to the enterprise risk management process now underway at Hallmark, except for the fact that enterprise risk management encompasses all risk, not just hazard exposures.

His work was pioneering at the time, earning him Business Insurance's coveted Risk Manager of the Year award in 1993. A stint as RIMS president from 1988 to 1989, and industrious committee work over the years, gave him a high profile in the burgeoning profession.

As he prepares to retire with his wife Sandy to a life of reading and leisure, Heydinger is leaving with style. He is a member of Hallmark's enterprise risk management oversight committee, a group that also includes finance risk management, legal, human resources, information technology and internal audit. The pilot committee is mapping and analyzing Hallmark's risks across the corporate landscape, sharing data in order to measure all corporate exposures and develop a comprehensive risk management strategy.

It is likely that Hallmark will finish this process with the announcement of a chief risk officer, Heydinger predicts. And so the low-level management position he fell into in the 1960s now ranks in the upper corporate hierarchy. In many ways, this newfound appreciation for risk in industry after industry is a tribute to the groundbreaking work of people like Heydinger--though he would never admit it. "Actually, I was just a pretty lucky guy," he says.

If CEOs are the kings of top line management, then CROs are the kings of bottom line management. The CRO (chief risk officer) is a member of a new corporate breed, one that is growing in numbers and expected to become as ubiquitous as CFOs (chief financial officers) and CIOs (chief information officers).

As chief risk officer of Koch Industries, Inc., Michael Hofmann's job is to identify all risks challenging the Wichita, Kansas-based diversified energy company.

In previous life he was a senior audit manager for the accounting firm KPMG and, later, the head of Koch's market risk management organization where he lead the effort to identify, quantify, model and monitor market price risks resulting from the global commodity and financial trading activities.

In his new role, Hofmann has added the rest of Koch's corporate risks, including operational, strategic and business exposures, to his oversight responsibilities. Although he has never personally renewed a corporate insurance policy, Hofmann also oversees Koch's property and casualty exposures. Add to that the company's financial risks like interest rate, foreign currency and commodity trading price risks, as well as its brand-equity and reputational exposures, e-commerce challenges, credit risks and any other corporate exposures. Hoffman chalks up the success of risk management, in part, to the growing sophistication of financial market risk estimation techniques.

"Over the last few years, we have learned how to do a better job of estimating risk using financial derivative market strategies," he explains. "Today we can bring in financial market risk techniques to expand our conceptual thinking and apply it to these other areas of risk. Overall, this helps us to create a better understanding of aggregate risk."

In the rapidly deregulating energy business, a holistic appreciation of corporate risk is critical. Energy companies face risks today where few existed under previously strict regulatory control. Nowadays it is common for energy companies to routinely trade a wide spectrum of commodities, weather and market risks, retaining some, hedging others and transferring what is left.

Since energy risks are extremely volatile-- the price of crude oil, for example, has more than doubled in less than a year--sound management of these exposures to mitigate the impact on cash flow and earnings must be uppermost in mind. That is where Hofmann steps in. He is using many of the same tools he wielded as head of Koch's market risk management organization to hammer together an enterprise risk management strategy.

"Take weather derivatives, a very interesting market and one in which we are considered a leader," Hofmann explains. "This market makes sense for us because commodity demand is very heavily influenced by weather patterns. Now, obviously, our customers have a risk here and if we sell them a weather derivative, that not only hedges the impact of the weather on their earnings, it may in fact offset risks we have in our risk portfolio."

For example, Koch may absorb the risk of a warmer than usual winter for a client, and then either trade it away or retain it. Hofmann and his combined market, credit and insurance risk management organization make the determination.

"We want to understand the risk of whatever it is we invest in, alone and in combination with our other risks," he says. "It's all about understanding our overall risk-adjusted revenue."

Hofmann has used enterprise risk management to develop Koch's new strategy. He is at the beginning of this process, in the thick of developing a common language and process for Koch's different departmental risk overseers to analyze risk. "This way the organization can approach, appreciate and measure all risks through the same lens," he explains. "Only then can a determination be made which risks will be transferred and through which mechanism, either traditional insurance, derivatives, alternative risk transfer mechanisms or counter-party trades."

The first task is to complete an enterprise risk analysis of all of Koch's exposures, says Hofmann. The process will take about a year. Then he will be able to determine the most cost-effective and appropriate ways to transfer those, he says.

Hofmann says he is in search of consistency --a common system for managing the breadth of risks challenging Koch's financial progress.

"I see my job as taking these different disciplines--in insurance risk management, financial risk management, and so on--and fostering some sort of universality and unity in our approach to all risk," he says.

Debbie DeVere is serving up enterprise risk management at Compass Group North America, a $2.9 billion restaurant and food service conglomerate that has doubled its revenues in the past four years. DeVere has had the dubious pleasure of overseeing corporate risk management at a time when Compass continues to map one acquisition after another. No sooner had the Charlotte, North Carolina-based company closed a partnership deal with Levy Restaurants and the acquisition of Granada Associates, than it announced yet another pending acquisition-the Au Bon Pain chain of restaurants. "Things are always moving fast here," says DeVere.

Because the food service business is rife with worker injury and illness risks, DeVere has her hands full. Not only must she sift through a veritable mountain of claims data to monitor worker recoveries and decipher return-to-work trends, she must constantly add all the new hires to the burgeoning database. Meanwhile, she's working with the company's external auditors, Deloitte & Touche, and its insurance broker, Aon, to develop an enterprise risk management strategy.

"Right now we're at the beginning of the assessment phase and are taking a very disciplined approach," she says. "We've scheduled meetings with our CFO, controller and vice president of tax and accounting to decide how we should go forward. Needless to say, it's a very exciting time at this company."

As a young woman, DeVere planned to be a registered nurse. While waiting a year to get into nursing school, she took a job with The Travelers at the insurer's headquarters in Hartford, Connecticut, a few miles from where she grew up in Enfield. She worked in accounting and then underwriting. Eventually she did leave to go to nursing school, but realized that she actually preferred the world of risk and insurance.

In the mid-eighties, DeVere took a job with Gardner Merchant, a food service company, as its risk manager. She left for Compass and North Carolina in 1996. And even though the company was half the size it is today, DeVere was stunned by the many regional subsidiaries Compass held, a wide range of food service companies that included Canteen, Bateman and Restaurant Associates. When she recognize there was no systematic, standardized method for managing workers' compensation risks at the far-flung company, she assembled a cross-- subsidiary committee to find a solution. "There was just all this information coming from all these disparate sources using different kinds of metrics," DeVere recalls.

"I had no way to sort out what was meaningful in order to make trend analyses. I could not compare one subsidiary to another to determine who was most vulnerable to safety problems and costs, I needed one place where I could look at worker risks across the enterprise. So I turned to my broker."

Aon's claims management system, Risk Monitor, helped her systematize and categorize the workers' comp claims, she says. Benchmarks were established to compare internal workers' compensation data to best of breed in the same industry and other industries. If a particular location within the Compass organization failed to make the grade, DeVere obtained management approval to hold the district manager accountable.

Now with fifteen years behind her in the food service business, DeVere says she has learned the simple risk management maxim-- frequency leads to severity. "Restaurants don't incur the truly serious injuries, but we do have a lot of minor injuries," she explains. "There are lots of cuts and burns, slips and falls, seemingly little things that if left alone have a way of becoming bigger things. My theory is that if you slip and fall and you're over eighteen years of age, you're seriously hurt. I insist that anyone in this situation obtain immediate treatment."

DeVere has five safety managers who report to her from Compass' regional districts across the country. It is their job to identify the top ten locations within their region most in need of safety intervention. Given that Compass has some thirty-five hundred locations around the country, this is not an easy task, DeVere concedes. "Fortunately, they rely on the claims information system to discern who isn't up to snuff. Then they work with the district safety coordinators to turn the situation around," she says.

At present, DeVere is wondering what work will be like if the pending Au Bon Pain acquisition closes. The merger would add at least two hundred additional locations and thirty-seven hundred employees to the company. "I'm trying not to think about it, but I must, of course," she says and laughs half-heartedly. "Until then, I'm working with the risk manager at Levy Restaurants to make sure we have similar views toward risk management, and keeping my eye on Granada, which has a lot of its operations in Europe. Frankly, given the explosive growth of this company, I can't afford to sit still."

So does she miss the thought of being an RN? "What are you kidding me? I've got the best job in the world!"