Παρασκευή 29 Μαΐου 2009

Δημοσιεύω μία παλιά εργασία μου για τη Διαχείριση Ασφαλιστικών Κινδύνων που πιστεύω ότι μπορεί να αποτελέσει αντικείμενο συζήτησης

RISK MANAGEMENT IN INSURANCE COMPANIES (V.N.VAVILOUSAKIS)
TABLE OF CONTENTS
ACKNOWLEDGEMENTS. 3

Abstract 5

INTRODUCTION.. 6

BACKGROUND ABOUT RISK MANAGEMENT.. 7
1. RISK MANAGEMENT FROM ENTERPRISES’ POINT OF VIEW... 7
1.1 What is a risk. 8
1.2 Special features in enterprises’ risks. 9
2. WHAT IS RISK MANAGEMENT. 10
2.1 Risk analysis. 11
2.3 Risk management methods. 13
2.4 Financing of risks. 14
2.5 Organising risk management 16
2.5.1 Co-ordination and motivation. 16

LITERATURE REVIEW... 18

PREDICTING CUSTOMER POTENTIAL VALUE.. 47
AN APPLICATION IN THE INSURANCE INDUSTRY.. 47
1. INTRODUCTION.. 47
2. BACKGROUND AND MODEL.. 49
Potential value. 49
Customer Segmentation and Customer Potential 50
Antecedents of Potential Value. 52
Conceptual Model 53
3. EMPIRICAL MODELING.. 54
Data requirements. 54
Estimation Procedure. 55
4. APPLICATION TO THE INSURANCE INDUSTRY.. 60
Data. 60
Estimation Results. 61
Prediction of Purchases. 62
Prediction of Potential Value. 64
Market Segmentation and Implications. 65
5. DISCUSSION, RESEARCH LIMITATIONS AND FUTURE RESEARCH.. 67
Discussion. 67
Research Limitations and Future Research. 68

POLICY STATEMENTS. 69
1.0 Strategy. 69
1.1 Risk Management 69
1.5 Strategic Risk Assessments. 70
1.6 Risk Portfolios. 70
1.7 Roles and Responsibilities. 70
1.7.1 The Committee of Management 70
1.7.2 The Chief Executive. 70
1.7.3 Managers. 71
1.7.4 Employees. 71
1.7.5 Internal Audit 71
1.8 Risk Financing. 71
1.9 Resourcing the Effective Management of Risk. 71
1.10 Working with Tenants and Key Partners. 71
1.11 Evaluation of Risk Management Strategy. 72
2.0 Areas of Activity. 72
2.1 Compliance with Legislation. 72
2.2 Committee Control 72
2.3 Development 72
2.4 Housing Management 73
2.5 Housing Maintenance. 73
2.6 Financial Management 73
2.7 Loan Procurement 74
2.8 Insurances. 74
2.9 Personnel Issues. 75
2.10 Equal Opportunities. 75
2.11 Computer Security. 75
2.12 Fraud. 76
3.0 Implementing the Strategy. 76
4.0 Risk Monitoring. 77
5.0 Other Related Policies. 78

REFERENCES. 79

Abstract
For effective Customer Relationship Management (CRM), it is essential to have information on the potential value of customers. Based on the interplay between potential value and realized value, managers can devise customer specific strategies.
In this doctoral dissertation we introduce a model for predicting the potential value of a current customer. Furthermore, we discuss and apply different modeling strategies for
predicting this potential value.

Key-words: Customer Relationship Management, Customer Potential, Marketing Models, Insurance Industry




INTRODUCTION
The Risk Management Service incorporates the Emergency Risk Management Unit, Safety Risk Management and the Insurance and Risk Management section.
Risk Management relates to every area of the delivery of services, from the care worker who might be working on his or her own to data protection and community safety.
The Risk Management Service’ role is to try and minimise the risks which the county may encounter while delivering its services. It is a controlled way of identifying and evaluating risks.
The service also aims to prepare the council for a major incident affecting its premises such as major damage to County Hall or satellite buildings which could effect the service the council provides. One feature is to ensure that the essential business can continue and the services provided by the council can be maintained even if council property is damaged.
More than just reducing insurance claims, the risks are identified and evaluated so that people are then able to make a series of informed management decisions about how to manage each of the problems confronting them. Whether it relates to a lone worker or a school fire, people can then decide how the risk is to be tackled.
Emergency Risk Management co-ordinates the local authority response in a incident, most recently the fuel crisis, offers support to the emergency services and helps communities return to normality.


BACKGROUND ABOUT RISK MANAGEMENT
1. RISK MANAGEMENT FROM ENTERPRISES’ POINT OF VIEW
Risk management plays a vital part in the administration of enterprises.
A enterprise deals with systematic risk management on its own initiative, the risks threatening a enterprise are thus covered by the same target oriented planning as the other operations in a enterprise. The benefit gained is the same, i.e. there will be less chance occurrences and advantageous solution models can be used.
When a enterprise introduces risk management in its operations, the purpose is protection against risks. In view of this enterprises are considering preventive measures, centralising resources and clarifying internal responsibilities. In the beginning the measures will be aimed at big risks, but the subsequent aim is protection also against smaller risks.
Loss control has a long history in enterprises and has been complemented already for a long time by various insurance policies. Of these partial activities risk management forms an entity, which is more than the sum of the components. Its purpose is to awaken enterprises to a general risk awareness and prepare a comprehensive risk management policy by identifying and assessing the risks. A risk management policy should take into consideration the special features in a enterprise and it should comprise the principles, with which the risks in a enterprise can be managed.
There are business and life and non-life risks associated with the operations of a enterprise. Business risks, when coming true, can affect the autonomy of a enterprise, the image, quality of services, availability of manpower and general competitiveness regarding new inhabitants and enterprises.
Damage risks are risks to property, people and operations. These risks, when coming true, can cause considerable economic losses to enterprises, irreplaceable person damages and they can disturb operations quite considerably. Therefore it is important that enterprises identify risks and their consequences.
This requires an informed risk management policy and systematic risk assessments are an important part in identifying risks and in evaluating the probability that they could come true. Only when the risks have been identified and assessed, can the various ways to manage them be considered. On the basis of these risk assessments work can be started to remove or minimise risks and choose the risks that are suited to being totally or partly the responsibility of a enterprise.
Developing risk management in enterprises is a demanding task. Success requires that the organisation adopts risk management thinking on all levels and realises that it is an on-going process. Besides having the full support from the management of the enterprise, the process should be brought as close as possible to everyday work. An effective risk management system cannot be created in the enterprises without these.
1.1 What is a risk
There have been many definitions of a risk. Very often a risk means the possibility of an occurrence, which can cause or can have as consequence economic losses or accidents to the staff of a enterprise. A broader definition indicates that it is not just a question of something negative happening, but also that something positive does not happen.
Usually risks are placed in two groups:
Business risks
Damage risks
Business risks mean risks where, on the one hand, there is a possibility of loss, but also on the other hand the possibility of profit, if everything works out. These risks are typically connected to estimates regarding demand and supply when marketing products or services, predicting future development etc. Normally they cannot be insured and they remain the company’s own responsibility.
The below mentioned risk areas can be considered as business risks :
privatisation
outsourcing
conversion into new enterprises
property management, for example converting fixed assets to liquid assets
competitive bidding
co-operation and contract partners abroad
sale of enterprises
However, the main emphasis on the enterprises’ risks is on damage risks and they are the object of this guide.
Damage risks can be divided into three groups: personal risks, property risks and operational risks.
It is characteristic for damage risks that the damages usually are sudden and accidental. Some damage risks develop gradually, for example by wear and tear The result of this kind of damage is just loss, there is no possibility of profit.

Damage risks of a enterprise
1.2 Special features in enterprises’ risks

Personal life risks are a significant risk area in municipal operations. Usually a enterprise is the biggest employer in the area. Special feature are operations covering large groups of people, for example teaching, social services and health care; large groups of people are fed, transported and treated medically, etc. Looking after the well-being and safety of a enterprise’s staff and its citizens is best achieved by creating a framework for trouble-free and high quality operations.
A enterprise also has a so called moral liability for the safety of its citizens and it should actively work towards minimising these kinds of risks. For example dangerous materials in a enterprise should be organised so that they cause as little danger as possible.
A enterprise owns a large number of buildings and risks becoming a reality depend on the use of the building, the level of protection regarding the structure etc. These factors can be of assistance when estimating the size of the risk. Some of the buildings are old and might contain valuable works of art, important files and computer installations with files, so that a fire could be a very big risk indeed.
A enterprise could also be liable for damages due to negligence. Every type of operation has its own typical liability risks. There are also considerable risks connected with the operations of port authorities, rescue services, power plants and waterworks, and treatment of waste and the operations of a Construction Office. During severe sub-zero temperatures the enterprise must secure an uninterrupted supply of district heating and electricity.
The enterprise can be liable for damages, if an interruption is unnecessarily long or has not been announced properly. The operations of waterworks, for example, are a potential target for sabotage.
2. WHAT IS RISK MANAGEMENT

Risk management is a section of management concentrating on the risks in an organisation, thereby aiming at systematically reducing the costs of risks and other inconveniences. The main objective of risk management is to secure the continuity of operations also in case some threatening risk becomes a reality.

Various sections of systematic risk management
2.1 Risk analysis

The first and most crucial phase of a risk management process is identifying the risks. In many cases it is also the most time-consuming. In the identification phase dangerous factors are sought out by various means. Many methods have been developed to identify risks, such as questionnaires, financial reports, interviews, organisation diagrams and inspections made by external experts. In practice the identification can start as cause-consequence analysis.

Starting the risk analysis

The ultimate objective of analysing risks is to identify all the significant risks threatening a enterprise. On the basis of this analysis a decision can then be taken as to which risk management measures will be necessary to protect against these risks. It is important that the analysing work progresses, that it covers all the different kinds of risks, that risks are considered at the same level in different administrations and that focus is on the significant risks.
In a enterprise the starting point for the analysis is the management’s decision and the timetable.
Risk management must have a person in charge, i.e a person whose job it is at this stage to lead the analysis, co-ordinate and make a summary. That person will guide and supervise the proceeding of the analysis and name the enterprise’s own experts to deal with the most problematic questions. In view of a successful analysis it is important that the person in charge can also rely on the advice of external risk management experts. The co-operation between administrations also will be this person’s responsibility.


Reporting

A vital part of the analysis is reporting the results. This also means updating the reports annually. The administration prepares a report for itself on the basis of the analysis, but also the management of a enterprise needs a summary, where the risks threatening a enterprise have been listed. The summary does not need to be as detailed as the reports of an administration, but all the most important facts are to be collected in such a way that it is easy to form a general overview of the enterprise’s risks. It is recommended that regarding the whole enterprise, results per sector are completed by looking at the risks of interruption especially with regard to the interdependence.
Reporting also consists of suggestions as to measures to eliminate, minimise or transfer the risks revealed by the analysis. The enclosed summary sheet can be used as a framework for the charting summary.

Utilising the results of the prospects
Information obtained from risk analysis is the basis for the decisions, which form the risk management policy of a enterprise. A risk management policy creates a general set of rules for risk management in a enterprise. The biggest risks, i.e. top risks that threaten a enterprise are also revealed by the analysis. Being aware of these is important when considering various possibilities of financing risks.
On the basis of the information gathered a decision can be taken as to which risks are worth self insuring; which are worth insuring and at what deductible to choose; and how to finance the risks that remain as your own risk.
2.2 Evaluation
When the risks threatening a enterprise have been identified, an estimate is made regarding the possible losses they might cause if they came true. The key elements when evaluating risks are estimating costs of damage and probability within a certain time frame. At the same time the risks are placed in an internal order of priority.
In such an evaluation, a few risk groups can be formed on the basis of probability and size of risks. Primarily one can distinguish frequent risks on the one hand and rare top risks on the other hand.
To a enterprise the significance of risks depends on the size of the enterprise, but also on its financial situation, in other words its risk bearing capacity. Therefore every enterprise must decide for itself how big a damage is to be considered big, and when can it be considered small.
For example the division can be as follows:
The damage is

small
if the losses caused are max. 0.1% of income tax percentage
moderate
if the losses are 0.1 – 0.25 % of income tax percentage
big
if the losses are 0.25 – 0.5 % of income tax percentage
very big
if the losses are over 0.5 % of income tax percentage

This model gives a rough, but often sufficient picture of the financial consequences of a damage. When evaluating the significance of a risk, also the consequences of damage to the enterprise must be taken into consideration. Liability for example.
Furthermore it is wise to treat separately the risks that cannot be measured in financial terms, such as life risks.
2.3 Risk management methods
A result of the analysis is that the risks threatening a enterprise and the effect if they come true are known. The following phase is to create a strategy to control them. However, the decision making situation varies from case to case. It is therefore difficult to find an unambiguous model or diagram to help choose the best management method. The combined effect of many factors needs to be taken into consideration when weighing alternatives against each other. The objective must, however, be a solution, which strikes a balance between potential losses and protection costs. The process could, for example, be preventive measures as starting point and from there to financing risks. Preventive measures can be grouped in two sectors, removing and minimising risks.

Removing and minimising risks
Removing risks means measures that eliminate the possibility of damage. There are very few risks that can be eliminated completely. Removing one risk might also lead to the increase of another one. The alternatives are for example training of staff, replacing a flammable process with a safe one, renouncing a risky product or activity, limiting liability in contracts etc.
Minimising risks means reducing the probability of a risk coming true or minimising the resulting damages.
The measures to be used are for example various security checks, structural and practical preventive work, upkeep of good order, detailed planning of measures, fire extinguishing and rescue plans and development of efficient rescue and emergency services.
2.4 Financing of risks
A enterprise has to allow for the fact that even the most effective removal and minimising of risks cannot guarantee a totally risk-free existence for the enterprise, but there will always remain risks, which, if they come true, may cause substantial losses to the enterprise. When preparing for such risks a enterprise has the alternative of keeping the risks as its own liabilities or it can transfer the risks.

Keeping a risk as a enterprise’s own liability
A very important target in risk management is to try to clarify, which part of a enterprise’s risks can remain as its own liability. This portion is formed of risks, which cannot be transferred to an external body or which are to remain, by conscious decision, totally as its own liability and of such risks, where a enterprise would have a known or a hidden own risk in the insurance. The extent of the own risk depends on the size of a enterprise and its financial situation. Furthermore a enterprise needs to assess its own risk bearing capacity and the potential top risks. Risk bearing capacity means the biggest loss a enterprise can bear on its own. The top risks again are the biggest possible damages. Damages in power plants are an economic top risk in many enterprises.
Also extensive bodily injuries can occur in many areas. By comparing the risk bearing capacity and the top risks the ones can be identified, for which a enterprise ought to prepare itself by transferring the risk, at least the part that exceeds the risk bearing capacity. The following classification can be used to assess a suitable own risk according to the size of the enterprise (2000 price level).

Size of Enterprise
Own risk
Small
10.000 – 100.000 FIM
Medium
100.000 – 500.000 FIM
Big
500.000 – 1.000.000 FIM

Keeping small risks at your own risk is a relevant alternative for a enterprise especially when a enterprise is big enough. In keeping a risk as its own responsibility a enterprise can have a damage fund or it can use partial self-insurance, where the own responsibility is high. Other possibilities of financing an own risk could be the budget and borrowing.
The advantage of keeping risks as a enterprise’s own liability is of course that the enterprise does not pay insurance. A positive factor is also that big risks on your own responsibility or own risks encourage better prevention of risks. It must be underlined especially that carrying big risks requires effective risk management work.
Disadvantages are dealing with the damages and difficulties in forecasting damage expenses, as they cannot be estimated with the same precision as annual insurance fees. When deciding about increasing its own risk a enterprise needs to consider these factors and calculate whether a substantial own risk leading to smaller insurance fees corresponds to the costs of the own risks remaining as liability.

Transfer of risks
Risks can be transferred to another party against payment. To some extent risks can be transferred by contract for the other contract party to bear. Most often risks are transferred to insurance companies. Part of the insurances are compulsory, but a enterprise might on the other hand have insurances covering minor risks, which they could bear themselves. A enterprise should, in its risk management policy, define how big a risk it can take as its own responsibility and when to resort to insuring.
2.5 Organising risk management
Risk management is an on-going process, where success requires organisation, it also needs to be made a fixed part in the daily work of all employees and interest groups of the enterprise.
The task of a risk management organisation is to be responsible for questions related to arranging and co-ordinating a enterprise’s risk management. The responsibility of various administrations for carrying out their risk management is always their own.
Often risks are not clearly anybody’s responsibility, in such cases preventive work requires naming people who co-ordinate risk management.
The actual risk management work is naturally done with the co-operation of the whole municipal administration requiring the participation of all central administrations. Responsibility for a whole enterprise’s risk management is responsibility to lead the risk management project and to create a general set of rules for the municipal risk management work.
The co-ordination of risk management work can also be the task of a special working group representing the most important fields of an administration. It is a good idea to include persons responsible for general administration, personnel administration/working environment, environmental safety, fire- and rescue services, education and social services, legal services and a representative from the top management. Elected officials can also be included in the group. If the municipal insurances are handled centrally, the person responsible for these needs of course to be included.
Whatever the risk management organisation, a responsible person must always be named, a person who is responsible to the enterprise’s administration or management group for all the risk management work in a enterprise and who supervises that the reporting duty is fulfilled and that the risk management project progresses according to schedule.
2.5.1 Co-ordination and motivation
The task of the working group that co-ordinates risk management is to monitor risk assessment, so that in various administrations risks will be looked at in a uniform manner and with sufficient accuracy. The working group also needs to supervise the continuous updating of an already made thorough charting by updating it often enough, which requires 2 to3 meetings a year.
Another task is to follow the economic benefits gained from risk management and compare them to the costs, plan the financing of risks and insurances and co-ordinate preventive activities. Keeping statistics of damages is essential, they are useful in the follow-up of costs and when planning for preventive activities. Benchmarking information should also be gathered of accidents in other enterprises.
Such information can be obtained especially from insurance companies. They also inform of targeting preventive measures. The so called «near miss» situations are also interesting to study. These are situations where good luck has helped avoid major damages, but in other circumstances serious accidents could have happened.
Risk management needs the full support of a enterprise’s top management to be effective. The staff of a enterprise need to be convinced to accept risk management as part of their daily activities. Therefore the basic idea of risk management and the benefits obtained from well organised risk management have to be clarified to the staff. Mere requirements are not enough to create motivation, it is necessary to inspire people. The benefits obtained from risk management should be underlined. It is not just a question of monetary savings, but improving the safety and well being of people. These are factors, which cannot be measured in money. The general target is that risks should be given just as much attention as, for example, development of services and managing finances.
Above all, it is the enterprise’s reputation that is at stake

LITERATURE REVIEW
1.IntroductionThe management of risks is a central issue in the planning and management of any venture, but it is also something of an orphan within the acquisition establishment (at east in the U.S.). Risk management has not historically been a "branch activity" as noted in a bygone version of the Defense Systems Management College's System Engineering Handbook. "Branch" in this context refers, of course, to an organizational element within the engineering-development organizations common two or three decades or so ago that was probably derived from "branch of service" designations. The connotation being that there were not proponents per se for risk management as there were for reliability, safety, systems, electrical, PP&C, propulsion, human factors, guidance, C3I, etc. The situation is still somewhat loosely defined. The purpose here is to provide information for use in risk management by any and all stakeholders. The objective is not to foster risk management as an identifiable and separate specialty. The prescriptive portions of the discussions are cast from the perspective of a contractor performing an effort for some customer, typically an agency of government. The emphasis is on cross-specialty, cross-discipline, cross-functional and cross-technology development programs since such programs maximize risk opportunities and occurrences. In terms of program phases, the discussions are intended for a program in the pre-proposal, proposal or start-up phases. The reason for this timing is that risk management should be proactive, and activities later than these phases is hardly proactive in terms of avoiding risks. The underlying themes for what follows are:
management must know its job
risks are dominantly engendered by organizations attempting ventures with elements that push the envelopes of their experience (and capabilities)
risks are usually well known within an organization
ownership of risks is a central issue in risk management
the traditional steps in risk management are actually useful (planning, identification, analysis, management and tracking)
the system engineering effort is the key program ingredient for a risk management program to work.
The discussions in this note are based on the assumption that the programs under consideration involve significant development activities. That is, the software, hardware, operational concepts, etc. or combinations of these aspects do not exist at the start of the program, and the development of these aspects is accomplished to some specification in some allocated set of time and monetary constraints.
1.1 Risk Definition The simplest and possibly best definition of risk is: The possibility of loss, injury, disadvantage or destruction. Apply this definition to the issues of program management and you have the starting point for successful risk management. Please note that the "Apply...to the issues of program management..." is meant to imply a concerned, experienced, energetic and capable effort towards any and all issues of immediate and long-range concern within the purview of program governance. The position here is that no definition of risk, no matter how convoluted, will reduce risk one iota. Management must know its job and must do it. It is possible, of course, to gain some insight by considering the types of risks such as programmatic, technical, cost, schedule and sometimes supportability. There is also the consideration that acquisition risks are a part and often mingled with risks such as encountered in other venues such as health, safety, insurance/underwriting , finance, business, environment and politics. However, what happens very often with elaborate definitions is that much time and energy are wasted trying to characterize a risk as opposed to managing it. Risks are so often interwoven as to type as to be Gordian knots , and a "cut the knot" attitude is best. The recommendation here is that if a customer (either a contracting agency or a superior agency) requires some elaborate set of definitions (e.g., through contract terms) then use them (i.e., apply the Golden Rule), but otherwise avoid the trap of too much definition to the detriment of content. There are two definitions of risks that are currently fashionable within some procurement circles: proposal risks versus performance risks. The definitions tend to vary among sources. The preferred definitions are: Proposal Risks: Those risks inherent in the venture, i.e., to design and build a disposable external tank for a reusable spacecraft is inherently risky. Thus, an RFP for such a tank has embedded risks no matter who undertakes the development. Performance Risks: Those risks inherent in the proposed approach. A given contractor can implement an approach that has risks above and beyond those inherent in the venture. For example, a developer may elect to base key design decisions on analytical data rather than empirical data to reduce costs at some increase in risk. These definitions must be addressed during a proposal if they are included in the RFP, but after an award they are probably not too useful to a performing organization. Some sources define the proposal risk as being the risk associated with the contractor's approach and the performance risk as being related to the contractor's track record. 1.2 Risk Management Definition Basically, risk management is the sum of all proactive management-directed activities within a program that are intended to acceptably accommodate the possibility of failures in elements of the program. "Acceptably" is as judged by the customer in the final analysis, but from an organization's perspective a failure is anything accomplished in less than a professional manner and/or with a less-than-adequate result. The key words are:
proactive
management
accommodate
acceptably
professional
possibility
It is possibilities that are being accommodated. It is management's job to do the planning that will accommodate the possibilities. The customer is the final judge, but internal goals should be to a higher level than customer expectations. Risk management as a shared or centralized activity must accomplish the following tasks:
Identity concerns
Identify risks & risk owners
Evaluate the risks as to likelihood and consequences
Assess the options for accommodating the risks
Prioritize the risk management efforts
Develop risk management plans
Authorize the implementation of the risk management plans
Track the risk management efforts and manage accordingly
The highlighted activities are those that must be reserved for management's attention and action in those cases for which a risk management staff/secretariat are employed. This list exclusive of the management functions is consistent with the list espoused for years by the Defense Systems Management College (DSMC): risk planning, risk assessment, risk analysis and risk handling. The managerial functions are highlighted to once again emphasize that management is responsible and accountable for risk management. 1.2.1 Identify Concerns & Identify Risks A concern to be evaluated as a potential risk is literally any issue about which a doubt exists in some context. Later a procedure will be recommended for accomplishing the review of concerns and identifying those that actually engender risks. Some differentiation is needed because difficult things often get confused with risky things. Also, some people use the risk tag to justify additional funding when, in fact, no risk exists. Since risks will not be arbitrarily dropped as key management issues once they are identified, it is smart to spend the necessary time to identify concerns and then to assess the existence of the risks. Of course, risks identified by the customer in the RFP or some other formal fashion are automatically risks for the program. There is also a need for differentiating between identifying concerns and identifying risks to reflect the fact that in a contracting organization the Program Manager is responsible for all risks for the contract, and it is his exclusive right to formally declare that an issue is or is not a risk. (Common sense indicates that the PM had better listen to his subordinates, but the responsibility is still his.) Within the performing organization it is necessary for the PM to allocate responsibility for resolving risks to the appropriate function, specialty or discipline. Also, some individual needs to be tagged as the organizational focus for actions for each risk. The ownership of risks is essentially an allocation process tailored to the organization doing the job. Some organizations may elect to keep risk ownership and leadership at relatively high levels (e.g., functional leads, department heads, etc.) whereas in other cases it might be appropriate to allocate the ownership as low as possible in the organization considering spans and scopes of control for appropriate resources. A point to be made at this time is that risks are seldom deeply held secrets. Experience indicates that virtually all risks of consequence are more or less common knowledge. This point will be discussed again later, but it is worth noting that program-killing, lawsuit-engendering risks have been common knowledge on more than one doomed program! 1.2.2 Risk Manager A risk manager is recommended if a program is large enough to afford one. The role for this position will be to capture and formalize risk management activities and results. This role includes being spokesperson for the program for risks for major reviews and reports. For example, at the SRR and SDR, it is invariably necessary to describe the common elements of the risk management program before specifics are discussed on a subsystem-by-subsystem basis otherwise there is much repetition in formats. The risk manager can lay out the whole approach, and later presentations can focus on details of specific elements of the system. The risk manager's domain is essentially a secretariat-type function. It is not a shaker-mover position. The risk manager does not have direct responsibility for any risks per se. This position is somewhat analogous to that of program planning and control (those persons responsible for C/SCSC-driven activities, performance management reporting, etc.). The reality is less exalted that the title. Specific duties are discussed below. Experience indicates that programs of $100M/year will require a risk staff of probably no more than 3 persons for early phases (through SDR) and only one person later, possibly augmented by one or two staffers at the time of major reviews. Smaller programs can use proportionally smaller staffs to the point of having some person designated as a part-time risk manager. Experience also indicates that major programs also tend to be segmented into major subcontracts (or teaming relationships). For subcontracts appropriate to the scale of a $100M/year prime program, a one-person risk staff for each subcontractor is probably adequate with some help at major reviews. It is assumed that the prime and lower-tier companies work in concert in risk management if not in cooperation. Note: It is a fashion in some circles to project a risk management role that is considerably enhanced in scope relative to what is recommended here. In effect, there is one risk owner, the risk manager. In theory such a position sounds nice, but in fact it is felt that such an approach will not be as effective as having the risk owners also be the owners of the expertise, the resources and the mission to do the job. A separate highly-empowered risk manager will just be a nuisance in most cases, and a program manager who abdicates his responsibilities for risk management to such a position is truly at risk (and probably not too bright). Another prejudice about this super role is that today's systems are too complex for any one person to really understand at the level of professional competence. Remember the following as a hard and fast rule: Having an opinion is a far cry from understanding, but an opinion is closer to understanding than understanding is to professional competence, and professional competence is the starting point for solving difficulty problems. From this perspective, understanding is a relatively cheap commodity, but even understanding is almost impossible across the full span of today's systems. So, avoid the trap of an over-empowered risk management role if the system is at all complex. The risk management role as recommended here is not as attractive as a direct design role, but it will have its moments. 1.2.3 Evaluate the Risks as to Consequences & Likelihoods One of the more useful constructs of traditional risk management is that a risk as a possibility actually consists of a likelihood and of consequences. This definition is probably derived from the elementary mathematical concept of expectation of an event. Expectation for some event is defined as the product of its probability of occurrence and its value (in a generalized sense) if it occurs. Thus, a one-in-forty million lottery ticket for a prize of $20,000,000 has an expectation of fifty cents. For risk management the situation is normally much more fuzzy than the simple lottery example, and there is usually very little precision in either the metric for the probability of occurrence or the metric for the consequences. Therefore, the possibility expressed as a combination of probability and consequences is usually subject to debate even if some of the pseudo-mathematical approaches are used (and some of these are recommended). The recommendation here is to use whatever tools that are available and meaningful in a given situation (and, as noted, some are recommended below), but to not get hung up on mathematically appearing artifices that do not really have any more precision than an informed judgment. Again, avoid trying to untie a Gordian Knot, just cut the thing. There may be situations in which effectiveness analyses, engineering analyses, bean counting of interfaces, etc. may be necessary, but these are sideline issues to the exercising of judgment about the risks. Note: It is somewhat surprising that the cost and schedule aspects of risk consequences are not cast in terms of a C/SCSC perspective that provides an effective if not scientific tie between cost and schedule parameters. 1.2.4 Assess Options for Risk Management Risk management options are usually cited as risk handling options subdivided as avoidance, control, assumption, risk transfer, and knowledge and research Generally, the assessment of management options is a hip shot since the necessary decisions must occur early in a program when things are still fuzzy. However, if experienced personnel are given the facts, one can expect very good decisions since there is seldom any real mystery about the practicality of options available. (The practicality of any option is usually just an issue of schedule and funding.) Avoidance: Use an alternate approach that does not have the risk. This mode is not always an option. There are programs that deliberately involve high risks in the expectation of high gains. However, this is the most effective risk management technique if it can be applied. Control: The DSMC Risk Management Guide (RMG) defines this mode as: "Controlling risks involves the development of a risk reduction plan and then tracking to the plan." The key aspect is the planning by experienced persons. The plan itself may involve parallel development programs, etc. Assumption: Simply accepting the risk and proceeding. A word of caution: There appears to be a tendency within organizations to gradually let the assumption of a risk take on the aura of a controlled risk. This mental evolution is the kind of wrongly conditioned thinking that led to the Challenger failure. Risk Transfer: An attempt to pass the risk to another program element. Typically, used in the context of a government agency passing the risks to a contractor. There are some discussions in the DoD acquisition literature that this mode trades government risk for profit to the contractor. This belief is apparently founded on elementary economic theory and the mistaken belief that an executive in a procuring agency has avoided risks by passing the buck. What the executive will have done is, at best, a CYA exercise. Knowledge & Research: The DSMC RMG cites this mode as not being "true" risk handling, but rather a technique for strengthening other techniques. From a program management perspective this approach can best be viewed as an adaptation of the approach used by graduate students for their theses: intensive study associated with specialized testing. In effect, the student develops intellectual ownership of his problem in all of its aspects: theoretical, empirical and practical. Essentially, this mode is simply doing one's homework. This mode is critical for testing. The DoD's Test, Analyze, and Fix (TAAF) has a nice ring, but it is valid only in a vary narrow context: testing of production and preproduction prototypes to remove bugs. However, TAAF has been mistakenly applied to earlier development phases. Failure to analyze prior to testing generally poses a risk that trends in the test data will not be understood or key test results will mistakenly be taken as inconsequential. 1.2.5 Prioritize the Risk Management Efforts Once the risks have been evaluated in terms of likelihood of occurrence and consequences, and when options for risk management have been reviewed, it is then meaningful to rank the risks for the program manager to assign priorities. The task of prioritizing the risks is performed at the senior staff level to assure that all political, business and programmatic factors are weighted in the priority assessment. The purpose is to avoid the "successful operation, but the patient died" syndrome. The risk manager earns some of his pay at this point by sorting all of the mechanical aspects of the risks (ranks and risk management options) and presenting them to the senior management as a package. Note: The recommended risk management options will generally be of the "risk control" category above, and the risk management will be just special emphases or possibly additions to existing plans. For example, the risk management plan might be additional development tests, a re-review of make-or-buy decisions, a shift in schedule, etc. Management must exercise its judgment to prioritize resources for risk management purposes. The ranked risks are reviewed in terms of combined likelihoods and consequences and in terms of program level concerns with missions, functions, business objectives and political aspects. Assuming that the senior management is satisfied with the completeness of the risk management efforts leading to the review (identification, evaluations, options, etc.), the risks can be ranked or re-ranked in terms of program priorities and the primary options selected for each for the planning of risk management. The risk owners should be present to support the ranking and to assure that the priorities are reflected in their subsequent planning efforts. Note: The customer should not be a part of these reviews since business interests beyond the customer's purview will be discussed. Risks stipulated by the customer are, of course, included as required.
1.2.6 Develop Risk Management Plans At this point a hiccup in the average RFP will be discussed so that what is meant by risk management plan will be understood. Most RFPs from beginning to end refer to a risk management plan in the singular, and this plan in the singular refers to all of the topics discussed here. However, allowance is typically not made for multiple risk plans for risks that often have significantly different characteristics. Therefore, the recommendation is that the risk management program encompass a two-tier approach to risk management plans: a risk management program plan (RMPP) and risk-specific risk management plans (RMPs). The RMPP essentially captures all aspects of risk management at the program level and those aspects common to all risks. Note: In some risk manuals, plans roughly equivalent to Risk Management Plans are sometimes denoted as Risk Abatement Plans. For example, the DSMC RMG provides a suggested outline for a risk plan that is not attuned to the recommendations and suggestions presented here. The RMPP should encompass an approach to risk management that commits the program to significant emphases for all risks considered to be of moderate to high. Such risks will have specific risk management plans, and each risk will be referenced in C/SCSC-based reporting, e.g., Variance Reports by CAMs will have a flag indicating that a high or moderate risk is associated with the effort being reported. Risks considered to of a low ranking can be delegated to routine management, and such risks do not require specific risk management plans. Note: The relative treatment of high, moderate and low risks corresponds closely to the treatments suggested by Blanchard.Note: The use of high, moderate and low categories does not preclude finer numerically-based rankings, but the finer grained rankings are not usually recommended. For a large program (say hundred of millions of dollars) the RMPP can be developed with a page count of no more than 35 pages (assuming a large number of graphics). Individual RMPs can be on the order of 75 pages for high risk and 25 pages for moderate risks. The difference in the RMPs as a function of risk category is that the RMP for a high risk should be a stand-alone document with minimal references (directly including budgets, schedules, technical data, etc.). The RMP for a moderate risk can be largely based on references to appropriate sources. 1.2.7 Authorize the implementation of the risk management plans This step is usually accomplished by the simple act of the program manager's signature on the signature pages of the RMPP and lower-tier RMPs. The plans are under configuration control following this step. 1.2.8 Track the risk management efforts and manage accordingly. After the planning is accomplished and the RMPP is underway, the risk manager should be responsible for presenting the status of all risks at all reviews. Risk reviews should be a part of both technical and programmatic reviews. A part of this risk management effort will be the implementation of a risk management board consisting of senior managers. These persons do not have to be risk owners although they may be. This board is convened routinely to provide high-level visibility to the risk management process. The risk manager and owners of significant risks present summaries of progress or non-progress in managing the risks. Also, the program is routinely reviewed for the occurrence of new risks. The frequency at which the board meets will depend on the risks, the organization's structure (e.g., primarily internal responsibility versus significant subcontracting) and the overall schedule. As a minimum, the board should be convened prior to all major program reviews (SRR, SDR, etc.) to assure all parties have a mutual understanding of these critical areas before going to the customer. Monthly risk board sessions can be appended to normal internal management reviews. These monthly risk reviews will normally be intra-organizational affairs (intra-prime, intra-subcontract, etc.). The risk managers of subordinate organizations can transmit summaries to the risk manager for the prime for inclusion in the prime's risk review. The special reviews should include all organizations. These reviews are normally difficult to schedule since they will occur in the hectic periods prior to major reviews, and they may have to be via videoconference or teleconference. The video-based conference is preferred, but either mode works relatively well since the risk issues tend to be relatively static. (A program with highly volatile risk management issues across the board would be in a world of hurt.) 2. Background The background for risk management involves two facets of interest here: the fundamental causes of risks being realized in the acquisition of large complex systems, and the formal imposition of risk management as a bureaucratic and contract concern. The Denver airport and some of the first of the rapid transit systems in the U.S. of the modern era illustrate that not only the DoD has trouble with the acquisition of large-scale systems. However, large-scale systems do not have to be seemingly impossible. Disney World, the other home of Mickey Mouse, is a testimonial that complex systems can work so effectively as to be almost transparent to the user. 2.2 Formal Acquisition Policy and Procedures The basic policy and procedures for risk management in the U. S. DoD procurement processes flow from the "DoD 5000" documents beginning with the policy, DoD Directive 5000.1, "Defense Acquisition." These documents should be understood by contracting organizations. In addition to defining the driving forces behind risk management for procurement, these documents are good sources of motherhood for proposals. There is a Web site that should be consulted for copies and information for these documents,DoD Directives. 3. Risk Concepts There are only a few key concepts in the management of risks, and these concepts are easily mastered and applied. 3.1 First principles There are no fundamental scientific laws in risk management akin to the laws of motion, conservation and continuity from which applied scientific results are obtained. Most of risk management is qualitative and subject to judgment colored by experience, prejudice and politics. However, there is one fundamental principle that can be postulated and used. Specifically, any element of a venture that entails a new aspect for the performing organization is a source of risk. (Barring malfeasance, incompetence including criminal neglect, and accident, it can be argued that "newness" is the only real source of risk.) The attitude here is that if all risks associated with newness are accommodated then whatever remains will in all probability be of small import and impact. Risk management thus involves identifying the new aspects of the venture in question, and then adopting strategies to avoid, mitigate or otherwise accommodate the issues identified according to priorities suitable for the program. There is a temptation to include to the "customer's satisfaction" between "identified" and" according" in the previous sentence, but customer satisfaction is reflected in what is meant by suitable priorities. In the present context, inexperience is a synonym for newness. A caution: If inexperience is a primary source of risk then the hiring of experienced personnel may appear to be an immediate cure, but this approach must also be assessed for newness. If a previously unused consultant is hired to plug a gap in experience then the consultant poses a derived (and often very serious) risk. A person new to an organization, no matter how knowledgeable, is often more of a problem than a solution. Unless an organization has a good track record for using consultants then a special plan should be implemented to track the contribution of any consultants to assure that what is desired is being accomplished. If people are hired to plug gaps in experience then a similar risk prevails. The secret to risk management is to be creative in applying tests for newness to the activities, tools, people and products that constitute the venture. The key issue can be a new product, a higher or lower price, a tighter or looser specification, a higher or lower production rate, a new customer, a different time of year, a larger or smaller physical scale, a new paint, a new glue, new computer programs, a new manager, a new production machine, a new performance envelope, a new environment, new personnel, new subcontractors, new terms for proven subcontractors, tight schedules, new performance tolerances, unfamiliar parties to an interface definition, new types and/or scopes of interfaces, new corporate environment, etc. The issue that is being begged at this point is that of the seriousness of the risks so identified. (The seriousness is measured as noted earlier as the combined consequences and likelihood.) No two ventures will have the same risks and no two organizations will face the same consequences for a given set of risks. Therefore, it is all but impossible to generalize about seriousness as opposed to newness. Some assessments of relative seriousness of consequences are given in the discussions of ranking tools. However, experience indicates that the seriousness aspects tend to sort themselves once a given set of risks is postulated.
3.2 Ownership
Like risk itself, ownership of risk is a concept of many dimensions and interpretations. The most important aspect of ownership is a clear mutual understanding of the responsibilities among parties to a contract and/or the responsibilities among parties to a cooperative venture. The second most important aspect is for a similar understanding on an intra-organizational basis. It is common for government customers to weight risk in establishing the reach and scopes of procurement contracts. Part of this weighting is a consideration of risk retained by the government versus passing risks to a contractor (for higher profits). Such issues need to be fully understood by all parties to a contract. Failure to achieve this understanding can result in wrongly conceived priorities by the wrong organization and in the failure to assure that the real risk owner gets all facts and impacts germane to the risk. Every risk identified in a program should have an organization tagged for ownership, and a position holder should be tagged as managerial lead for its resolution. 3.3 Types of Risks The earlier disclaimer re the relative unimportance of defining risks by types is not being ignored here. Here the treatment loosely parallels that of the Risk Management Guide of the DSMC in which typing is accomplished through "risk facets" defined as a way of classifying risks. These facets are postulated as a means to understand and classify risks. One or more of the facets are assigned to any given risk. The facets are the names that have often previously been applied as labels for the types of risk: technical, supportability, programmatic, cost and schedule. In effect, the earlier typing criteria are now considered as characteristics. These characteristics match the matrix labels recommended earlier. The Risk Management Guide has good discussions of these different facets. These discussions are just paraphrased here: 3.3.1 Programmatic Risks Those risks that flow from or impose an impact on program governance, and those risks that impact program performance. The risks for governance may be external (political, statutory, litigious, or contractual) or internal (business priorities, staff limitations, ROI constraints, and learning curves). Risks that impact on program performance generally flow from issues of competence, experience, organizational culture, and skills of the management team. In this context, in contrast to present fashion re leadership that denigrates managers versus leaders, it is most important that the management team understand the nuts and bolts of management of the design, development, integration, test and verification processes. Basically, it is important that the management team fully understand the System Engineering process and its implications at each step in the overall process. 3.3.2 Schedule Risks At the highest level of concern, schedule risks are simply that not enough time exists to do the required job with the resources allocated... people and/or money and/or material. Problems with resources can be argued as being of a programmatic nature, i.e., an intrinsic flaw in the program. At a managerial level, the concern is more focused. For example, how does one incorporate flexibility in the tail end of the schedule to permit some maneuvering room for coping with problems that will inevitably occur as time and resources diminish. 3.3.3 Cost Risks At the highest level, cost risk is simply that there is not enough money to do the job required in the time allocated including reserves for reasonable contingencies. Again, an intrinsic flaw in the program. The causes of such risks can be estimating errors, low ball bids, business decisions, lack of understanding of requirements and political expediency. A management technique is to focus on all elements of the program that are new and to insure that management reserves are at least adequate compared to the costs of the new elements. Technical Note: It occasionally appears that the procuring agencies do not understand what is reasonable in terms of accuracy of estimates. Often, the implied levels of concern are at odds with any reasonable assessment. For example, the construction industry in the U. S. is a well-founded, well-understood and well-experienced industry (as it is, in fact, in any nation relative to local practices). In major construction the uncertainty in costs to build are historically about 30% at the stage of "door knob" estimates. As the design and specification of a particular project evolves to the level of detailed definitions, detailed drawings/specifications and detailed schedules, the uncertainty drops to 5% or so. In small-scale residential construction, it is common practice for a general contractor/ builder to add 25% to the quoted cost to construct any plan that the particular builder has not built before. (Secondary factors influence this margin, but the main factor is that of the uncertainties in the details. A significant other factor is the such homes tend to be custom builds, and buyers of custom homes tend to be picky.) It would seem to be entirely unreasonable to expect smaller uncertainties in endeavors involving significant scratch development of state-of-the-art hardware and/or software. 3.3.5 Technical The technical risks are performance risks associated with the end items. From the perspective of the buying organization the concern is that the system will not perform as required. From the perspective of the performing organization the concern is that the system will not meet it specifications (and hence not be purchased and/or not meet customer satisfaction goals). 3.3.6 Supportability The supportibility risk is that an otherwise acceptable system will cost too much to operate and maintain over its life cycle in terms of time, personnel and material resources. It is a fact that most systems cost more to sustain than to develop, and this fact is not new. It was a matter of comment in Goode and Machol in 1957 3.4 Development RisksA development effort always entails a measure of risk because such an effort always involve aspects that are new to the performing organization. The new aspects as a minimum are limited to "reach" aspects of the end item. For example, an experienced design-and-build team that is extending the performance range for a single parameter of a system probably has a minimal risk. However, a team formed as a result of winning a major proposal for stretching all envelopes for all subsystems of a complex system has many risks, some only remotely associated with the stretching of the performance envelopes. Such multiple risks situations are major challenges and are the most interesting from a management perspective. The management of risks associated with the development of the objective products is the emphasis in the next section of this note. Here, the focus is on some of those things that engender risks, but that are not directly aimed at the specification or SOW for the objective products. These are specific risks experienced in start-up situations. 3.4.1 CommunicationsOne of the first risk situations facing such a team is that it invariably requires additional staffing. When new people are hired some of the negative aspects are that the collective awareness of the nuances of the program is diluted, and people start making decisions with less than complete understanding of the nuances of the program, the company or the customer. The one and only and simple solution is communicate, communicate and communicate. Regular staff meetings are a must. Also, the Program Plan, the SEMP, the TEMP and other planning documents are of course elements of effective start-up communications. The purpose of such communications is to impart missions, functions, goals, priorities and other guiding information to all team members as soon as possible, particularly new team members. Every new employee should be given a "catch up" kit that contains all information about the program . (This approach ensures the quality and accuracy of the understanding by each employee.) This kit can include the RFP, the proposal and any planning that has been accomplished in at least draft form (program, system engineering, test, verification, staffing, training, logistics, etc.). It is also recommended that each new employee get a through introduction to the roles, personalities and functions of all support organizations: contracts, tech pubs, quality, safety, computer services, manufacturing, cleanroom, test lab, shipping and receiving, etc. Where the quality lab is located and the fact it has an Arbor Press is not something every newly hired stress analyst will know, but it is information that can get a quick and dirty compressive strength test performed if necessary. Another recommendation is to instil the use of meeting and discussion forms to reduce the risk of misunderstandings. These forms are no more than one page summaries of all key meetings (including telecons and videocons). The recommendation is that a form should be prepared for the following situations:
All meetings with customers, users and consultants.
All meetings with company elements outside the program per se.
Meetings within the program that have impacts outside the organizations represented in the meetings. (For example, if thermal design and structural design chiefs meet and make decisions, the results should be transmitted to weights, system engineering, stress, etc.)
Typically, the M&D forms are sent to function, specialty and discipline managers who are responsible for distribution within their areas of responsibility. On occasion, the forms are shared with customers. The forms should include participants (and e-mail address, phone numbers), date, place, issues discussed and key results (decisions, actions or closures). The M&D can be implemented as e-mail, but an archive should be established since these forms provide one of the best briefing packages for newly hired personnel. A special dividend of the M&D is that significantly less time will be spent in staff meetings providing background materials. The key aspects of almost every issue will have been previously communicated. 3.4.2 Engineering Data Base Start-up organizations created to perform major new programs always suffer from the lack of a mature and pervasive engineering data base. Individuals bring applicable materials to the effort, but the organization as a whole does not have a common data base of materials, suppliers, standards, reports, handbooks, etc. from which to synthesize solutions to problems. This fact significantly impacts the effectiveness of the organization as the necessary assembly and dissemination of data and information is accomplished. Typically, a major scratch start-up requires about six months to a year before the useful data base exists and has become effectively disseminated within the program. An aggressive data management function can accelerate the necessary diffusion of information and data (formal and informal). 3.4.3 Program Plan The purpose and scope for a well-founded program plan is described elsewhere on this site. The risk of concern here is that the Program Plan is often confused with the Program Management Plan (PMP). The Program Plan is an executive level document whereas the PMP is at the level of configuration management, quality and system engineering plans. Too often, Program Managers fail to formulate and promulgate a succinct, but definitive plan for their programs. The result is that lower tier plans often set goals and priorities at odds with the overall mission. A program plan needs to be produced to provide a summary with respect to the following aspects of the program:
Concise Description of Program
End Items & Major Interfaces
Major Goals & Priorities
Customer & Users
Performing Organization & Key Personnel
Schedule & Primary Groundrules
Technical Approach
Verification Approach
Facilities
Typically, the Program Plan should be prepared within a month or two of the start of the program (assuming a multi-year effort). For short efforts (say two years), the plan should be a kickoff document. 3.4.4 Concurrent Engineering Trick There are simple ways to avoid some of the risks of concurrence. Assuming that a program is organized with a PM, primary functional managers, and key support managers within the parent organization, one way to promote concurrence is to simply have all major documents (formal and informal) approved by all functional and support manager. This process is normally implemented as formal approval by the manager(s) of the producing department(s) and other managers sign in concurrence. In effect, every manager reviews all major documents. (Of course, the reviews are normally delegated to subordinates, but the managers are held accountable.) As a minimum, the following managers must review all documents: design, system engineering, software, program management (PMS), test, manufacturing, contracts, subcontracts, etc. A reciprocal process is to have all incoming materials routed to the same managers for review for (initial) impact assessments. "No impact" is an acceptable response, but the response is required. A recommended procedure is to have the data management function be responsible for accomplishing the necessary grunt work to get these procedures accomplished. Risks that can be avoided include:
Erroneous data sent to a customer
Conflicting information provided to different elements of the customer organization.
Technical managers for subcontracts making errors with respect to scope and priorities for subcontracts. ( A couple of errors seemingly reserved for young engineers overseeing their first subcontract.)
Lack of communication between organizational elements.
4. Risk Management Structure The basic structure recommended for risk management consists of a Risk Manager who is responsible for the definition, structure, implementation and coordination of a risk management approach consistent with the program, system engineering, test , manufacturing and verification plans. The risk manager works on the staff of the program manager. The risk management job is comparable to that of Configuration Manager, Data Manager, Program Management (PMS) and other staff level positions that do not have a direct objective product development role. It is the Risk Manager's job to coordinate the risk management activities within the prime's organization and with all subcontractors. The Risk Manager assists the Program Manager in the PM's role of Risk Board Chairman. The Risk Manager schedules and oversees the production of all risk reviews, either as stand alone events or as part of management reviews. This entails alerting risk owners and risk board members of support requirements for such reviews. The Risk Manager is responsible for preparing and distributing the minutes from risk board meetings. The risk manager is responsible for coordinating and presenting at least the summary of risk management activities at all major reviews. 4.1 Functions The basic functions for risk management are: Program Manager: Principal Risk Owner for Program Risk Board: A Non-Voting Advisory Board for assisting PM in resolving risk management issues. Risk Manager: Performs the duties described above. The Risk Manager also is responsible for: Writing the Risk Management Program Plan. Identifying requirements for risk management consultants. Providing training in risk management. Coordinate risk management inputs for ECPs. Coordinate risk management activities for subcontractors. Prepare briefing materials for risk management for program manager. 4.2 Phases The recommended approach to risk management involves three phases: Pre-Proposal/Proposal Start-up Post-SDR The emphasis will be on the risk manager's role in the discussions of these phases. 4.2.1 Pre-Proposal/Proposal The primary functions for the risk management are: Staging of a Proposal Manager's Risk Review for use as a proposal focus. Develop a list of concerns, and then filter the list for risks for inclusion in the risk list. Compile and maintain the status of the risk list. Provide any risk training required for the proposal. Write the inputs to the proposal re risk management. Develop work-arounds to overcome any shortcomings of the RFP with respect to risk. Provide whatever level of draft that is required by the RFP for the Risk Management Program Plan. If no requirement is imposed assure that at least an outline of the Risk Management Program Plan is included in the proposal. Assure that all proposal elements are kept a breast of risk issues and status of key risks. 4.2..2 Start-Up For the present purposes, the start-up phase is defined as that period of the program prior to the completion of the SDR. Tasks for Risk Management include: Finalize the Risk Management Program Plan. Develop a definition of training required, and develop a training plan. Coordinate the Risk Management Program Plans with the risk managers for subcontractors (primary) and team members. Train these organizations as required. (Usually just have the subcontractor Risk Managers attend the training at the prime.) Stage a Program Manager's Risk review to update the risk lists for post-award impacts . Present the risk management approach and available results at program and technical reviews. Coordinate the first and subsequent meetings of the Risk management Board. Issue a roles and responsibilities write-up for Board members. Coordinate Risk management activities and actions with all standing committees and working groups (test, interface, etc.) 4.2.3 Post-SDR The Risk Manager's primary job is to assist in the tracking of the risk management activities, and to accomplish the routine board and review functions. The Risk Manager provides a focus for risk assessment (re-review) for all ECPs. Any new risks are captured in the on-going process. The Risk manager's job can be abolished as a special activity at any time following the start-up provided there is confidence that the risk plans are being accomplished without significant problems. The risk assessment necessary for ECPs can be delegated to the Program Management Office (or whatever function is responsible for ECPs). 5. Risk Management Tools The primary functions for the risk management tools are to assist in the assessment of risks, to assure that risk assessments address all pertinent aspects of the program and to provide specific means of overcoming the underlying bases for the risks. The WBS, SOW and Proposal are recommended as structures for assessing risks. Make-or-buy decisions, development tests and engineering analyses are, of course, means of mitigating the risks by overcoming inexperience and/or a lack of knowledge of specific issues. The key to assessing risks is to identify any and all aspects of the program with some degree of newness. If this goal is accomplished then virtually all risks have been identified. The recommended review process is to have every functional element of the organization and the primary support organizations review every WBS element, every SOW paragraph and every proposal paragraph. Each reviewing organization will provide an item-by-item summary identifying items of on impact, items of concern and items that definitely involve new aspects. Normally, these reviews are performed by the appropriate organizations as "homework" prior to the program manager's Risk Reviews. 5.1 WBS The WBS encompasses the structure of everything that will be done or delivered in a program. Therefore, assessing each and every element of the WBS will, in most programs, assure overall closure of the risk assessment. Each WBS element should be reviewed by each organizational element as noted above. This approach is a beginning of concurrent engineering and assures that inter-functional, inter-discipline and inter-specialty concerns are accommodated. Specific attributes of the WBS that make it a valid basis for such reviews are: The WBS identifies in a structured form all elements of the program in each phase, and provides a comprehensive framework for assessing each and every aspect of the program for potential risks. The specification trees map directly to the WBS which provides traceability between performance requirements and risks for hardware and software items. The WBS provides a direct exposition of the system hierarchy and interfaces for purposes of identifying risk propagation. The WBS can also provide a single point-of-contact for each risk through the management structure, i.e., the individual responsible for the CWBS work package. One problem with the WBS as a review tool is that care must be taken to assure that all external influences on any elements are considered in the reviews. Such influences include interfaces of any type (intra-program and external) and such issues as GFE, special test equipment, etc. The specification and ICD "trees" can provide a structure to assure interfaces are not neglected. There is also the consideration that the WBS must be well formed or it becomes a risk in itself and a shaky basis for reviewing risks. Problems with the WBS should be reported on an element-by-element basis as an issue for consideration as a risk. A typical problem is the lack of interface hardware elements when such hardware is clearly need. Awkward WBS constructs can also create risks. For example, some WBS structures are very difficult for purposes of subcontracting, manufacturing scheduling, ICO for the prototypes, interface control, etc. 5.2 Statement of Work The SOW should be examined in a fashion similar to the WBS review, to the same extent and for the same purposes. This review should follow that of the WBS with special emphases on the items of concern from the earlier review. 5.3 Proposal The proposal may or may not be an element of the contract. Some agencies do not count it as a binding contract term (?), but, in any event, it provides another structure against which risk can be judged. It should be reviewed in the fashion of the review for the WBS and SOW.
5.4 Make or Buy DecisionsThe make or buy process usually weights risk as a factor in the decision to use internal or external resources. An often-used and reliable vendor for procurement of good and/or services that the vendor routinely provides is a low risk. However, the use of a new vendor who is working in an area new to that organization is at least as risky as doing it internally. However, the risk associated with using a subcontractor for a development effort can often be cost effective if the vendor has specific analytical skills and/or test capabilities that would be too costly to duplicate internally.
PREDICTING CUSTOMER POTENTIAL VALUE
AN APPLICATION IN THE INSURANCE INDUSTRY
1. INTRODUCTION
Since general recognition of the marketing principle that keeping customers is more profitable than attracting new customers [2], many companies have adopted relationship marketing [7]. In relationship marketing, managers strive to develop and maintain successful customer relationships [16]. Only recently, companies realized that in order to develop such relationships a differentiated approach is needed [3, 22].
Instead of treating all customers equally, managers have come to understand that it is more effective to develop customer-specific strategies. As a result, companies are now adopting customer relationship management (CRM). CRM means that companies manage relationships with individual customers with the aid of (customer) databases and interactive and mass customization technologies [17]. The adoption of CRM has been enhanced by recent developments in Information and Communication Technology (e.g. Database Technology, E-commerce, and the Internet).

By using customer information contained in databases, companies can invest in the customers that are (potentially) valuable for the company, but also minimize their investments in non-valuable customers. Figures on the turnover of each customer or customer profitability are often used as segmentation variables to distinguish between valuable and non-valuable customers. In this way database analysts construct customer pyramids, as shown in [19, p. 187]. This type of segmentation can be valuable in a single service setting, but it can also be misleading for multi-service or multi-product providers. These providers are not only interested in the current value of customers, but also attach importance to information on cross-selling opportunities.
For example, although a customer may currently purchase only a small number of the services offered by the focal company, he might potentially be very valuable, as he may also purchase many other services. Therefore, we propose to use not only information on the current value of a customer, but also the potential value of a customer [4, 12, 13]. Potential value is defined as the profit or value delivered by a customer if this customer behaves ideally, i.e., the customer purchases all products or services he currently buys in the market at full prices at the focal company [12].
Combining information on a customer's potential value and a customer's current value provides the CRM-manager with an opportunity to extend the "customer pyramid" segmentation. A two-by-two segmentation, as displayed in figure 1, is proposed, which creates a better basis for customer specific strategies. For example, companies can decide to target investments on the customers with a low current value, but high potential value. We will discuss such a segmentation of the customer base in section 2.

To obtain information on the potential value of a customer, analysts need data on the customer’s purchasing behavior at their own company, as well as at other companies in the market. Usually companies only have data on customers' purchasing behavior at their own company in their customer information file (CIF) [21]. Hence, models are needed to predict the potential value of a customer, based on the purchasing behavior in the CIF, and on any available socio-demographic data.
Zeithaml [22] states that a lot of work needs to be done on identifying the potential value of current customers. Numerous models have been developed to predict single transactions (e.g. [4]) and some work has been done to predict purchase patterns at the
focal supplier [20]. Kim and Kim [15] describe a model that estimates the upselling potential for a one-product or service provider, but apparently no models are available that predict the potential value of a customer in a multi-service context. An exception is the work of Kamakura, Ramaswamy and Srivastava [14], who describe a model that explains the financial maturity of customers. However, their approach depends critically on the hierarchy of investment objectives, which is not a general feature of multiple product or service industries.
Given the above literature overview on customer potential value models, the objective
of our doctoral dissertation is to develop a framework that provides insight into the potential value of customers to CRM-managers in a multi-service industry. We will compare different modeling approaches to find the most informative ones. Specifically, we will compare a choice-based model using Univariate and Multivariate Probit, with a potential value model, based on a linear regression model.
By this doctoral dissertation we extend the CRM-literature in the following respects. First, in the scientific context our study is the first to focus on the modeling and prediction of the potential value of customers of a multi-service provider. Thus, we compare the performance of competing models that predict customer potential value. Second, in a managerial context we provide CRM-managers in multi-service industries with a framework which can be used to predict customer potential. This framework takes
account of the data limitations a company usually has, by using socio-demographic information and transaction information from the customer database solely. The results can then be used as input for customer segmentation, which we will approach more conceptually in section 2.
The structure of this doctoral dissertationis as follows. In section 2, we start with a discussion on the potential value of customers and a segmentation based on it. Then we will provide our conceptual framework for customer potential. In section 3, we describe the methodology and the data requirements for the prediction of customer potential value.
In section 4, we present an application of this methodology in the insurance industry.
We also discuss the market segmentation and management implications for this application. Finally, we end with a conclusion, model limitations and directions for future model developments in section 5.

2. BACKGROUND AND MODEL
The first part of this section will be devoted to a discussion on customer potential value and a segmentation method for CRM that uses customer potential value. Next, we will describe the possible antecedents of a customer's potential value, and we will present our conceptual model.

Potential value
As already mentioned in the introduction, the potential value of a customer refers to the profitability of a customer if that customer buys all purchased products or services from the supplier [12]. Hence, customer value depends heavily on the number of purchases in the product or service category made by an individual customer [13].
The potential value is computed as the total profit margin on all purchases. From a managerial perspective a customer's potential profitability is very interesting, since customer specific optimal budgets for relational marketing efforts can be derived from
it [3].

We note that from a CRM-perspective the potential value of a customer reflects not only the current potential, but also the future potential [12]. This is especially true for markets with unstable purchase patterns. Since often no information is available on future purchase patterns, the prediction of this ideal measure of customer potential is difficult. Therefore, we focus on the current potential value of a customer. In our empirical application in the insurance market, purchase patterns are rather stable, so current potential and future potential are strongly linked.

Customer Segmentation and Customer Potential
In CRM, managers develop specific strategies for different segments of their customer base. The customer pyramid is often used as a segmentation method. Using this pyramid, strategies mainly focus on moving promising customers to the top of the pyramid and optimizing revenues from less promising customers by, for example, increasing prices or reducing costs [19]. However, although these strategies are useful, using a customer's current value as segmentation variable solely might lead to sub-optimal strategies. We will illustrate this statement with two examples. First, a customer might belong in the low value segment of the customer pyramid. Hence, companies would strive to optimize revenues by reducing costs (that is: lower service levels and marketing expenditures) and increasing prices. However, when considering the potential value of the customer, this might indicate huge cross-selling opportunities, and so a manager should invest in this customer in order to take a larger share of this potential value. Second, again using a customer pyramid, CRMmanagers might strive to move customers with a reasonable value into higher tiers of the pyramid. However, these customers might have reached their full potential and no cross-selling opportunities exist. Hence, investments in moving these customers into higher tiers would be wasted. Clearly, a more differentiated approach is needed, which explicitly takes the potential value of a customer into account. Such a differentiation can be derived from a two-by-two segmentation matrix as displayed in figure 1. Using this matrix CRM-managers can formulate better segment specific strategies. Note that this segmentation method can be fine-tuned by distinguishing more groups on each axis. We will briefly discuss the strategies for each segment:

Segment I: Segment I can be regarded as unattractive. It has low potential value and low current value. Therefore, it is expected that future profitability is low. In order to maximize the profitability of this segment, strategies should focus on cost reductions and possibly on price increases (i.e. less promotions) instead of trying to increase the purchase level.

Segment II: Segment II has high potential value, but the company has not succeeded in taking a large share of this value. Therefore, companies should aim to get a larger part of the customer potential in this segment. Customers in this segment have many opportunities for upselling activities. Of course, some customers might be more sensitive
to such activities than others.

Segment III: Segment III has low potential value and high current value. We are concerned here with relatively loyal customers with low up-selling possibilities. As loyal customers are important for companies [18], companies should strive to keep these customers. However, up-selling efforts are not likely to be successful.

Segment IV: This segment is the most valuable segment. These customers are loyal and have a large potential value. Losing this group of customers would really harm the company. Management should strive to keep this group of customers using all kinds of relational efforts. This group might, for example, get priority in the service delivery process.




Given the relevance of potential value in CRM, we will continue with a discussion on
the antecedents of potential value and a detailed description of our conceptual model.

Antecedents of Potential Value
In consumer research, consumer needs and the available resources are important drivers of acquisition decisions for products and services [11]. An individual's needs are affected by factors such as household composition, gender, attitudes (e.g. risk attitude) and social class [6]. The extent to which these needs can be satisfied depends on the consumer's resources. Complete information on needs and resources is hardly ever available, but you could use socio-demographic information relating to tastes, needs, and resources. For example, from research in the financial services industry, it is well known that the family lifecycle is a determinant of the type of services acquired [1]. In addition, Kamakura, Ramaswami and Srivastava [14] report that demographic factors, such as income, age, and education, are important determinants in the acquisition of financial services.
To predict the purchasing of different products or services, data on the purchasing of other products or services can also serve as important predictors. For example, Kamakura, Ramaswami and Srivastava [14] report strong interdependencies between the types of financial services purchased. Although we are not interested in the amount of interdependency, it might be very helpful to use purchase information of other products when predicting purchase decisions. This takes into account the possible information on the interrelationships.

Conceptual Model
The variables that can be used to predict the potential value of a customer in a marketing decision support system depend to a great extent on the availability of data.
Spring et al. [21] report that most companies that use a customer database have information on the purchasing behavior of customers at their own company. Often they also have information on some socio-demographic characteristics. Subjective information on attitudes and lifestyle is typically not available. Therefore, despite the possible effect of this type of variables on the potential value of a customer, these variables, in general, cannot be included in a model for a marketing decision support system. Hence, in our conceptual model we will consider socio-demographic characteristics and the purchasing behavior at the own company as the determinants of potential value. The conceptual model is displayed in figure 2. Note that the information on purchases at the company is also part of the customers potential. We account for this in the estimation strategy.


3. EMPIRICAL MODELING
In this section, we will present the empirical implementation of our conceptual model.
We start with a discussion of the data requirements. Next, we will discuss the empirical specification of the models for purchase behavior, for potential value, and a customer base segmentation based on these models.

Data requirements
Information about all of a customer's product purchases in the company's markets is needed to derive a customer's potential value. This information is usually not available, but a survey among customers is an easy way of obtaining this information.
Besides complete information on purchase behavior, predictors for these purchase decisions are also needed. From the conceptual model we concluded that both sociodemographic and actual purchase information at the company can be useful predictors of purchase decisions. Actual purchase information is usually stored in the customer information file (CIF). Some companies also have socio-demographic information in their CIF, but otherwise such information can be obtained from external suppliers, such as CCI.

Estimation Procedure
Estimation of potential value can be carried out with models at different levels of aggregation of behavior. A model for purchasing behavior for each product or service uses the data at the lowest level of aggregation. The individual purchases can also be aggregated into an individual specific measure of potential value. This measure of potential value can be modeled with a linear regression model. When interest is restricted to a segmentation of the customer base into a high potential and a low potential segment, the data on potential value can be summarized with the segment memberships of each customer. This can be modeled with a probit model.
The models that use less aggregated information, in general, provide more information about the driving forces of potential value. However, such models do not necessarily result in a better performance in predicting the aggregated variables. A model that is aimed solely at modeling the aggregate variable and not the underlying behavior, such as the probit model for segment membership, might be better.
At each level of aggregation of the data, it would be desirable to use different types of econometric models. At the lowest level of aggregation the dependent variable is the decision to purchase a certain product or service, which is a binary choice. Usually, a probit model is used to predict the purchases of the various services [10]. However, in many cases these purchase decisions are made simultaneously, or, at least, they are related. In our empirical application, which deals with the purchases of insurance policies, for example, the unobserved risk attitudes of the customers are likely to result in interdependencies across the decisions to purchase the different insurance policies. For this reason a multivariate probit model is also estimated. This model allows for correlations between the error terms in the probit equations for each service [5].



The main assumption underlying the regular probit model is that the errors are independent across individuals, but also across insurance types [10]. The multivariate probit model allows for correlations relating to the purchase decisions for the insurance types. Here the assumption is that the vector of errors, εi1,…..,εiJ, follows a multivariate normal distribution with an unrestricted covariance matrix [5]. As these correlations result in dependencies relating to the purchase decision for the various services, the multivariate probit model results in probabilities with which a customer purchases a certain portfolio of services.
In our empirical application both the multivariate probit model with an unrestricted covariance matrix and univariate probits for each type of insurance are used. The models are validated by comparing the hit rate of the models, i.e., the percentage of observations correctly predicted, with the hit rate of a naïve model. The models are tested for predictive accuracy with the test of Franses [8]. The estimation results for the purchase decisions can be used to predict potential value. However, the results can also serve a different purpose. Knowing which customers are more likely to purchase a particular service is also helpful in developing a target selection model for marketing activities for the service concerned.
Using information on the profitability of each product, a customer's potential value can be predicted with the estimation results of the multivariate probit model. A prediction for the potential value is obtained by multiplying the predicted probability of ownership of each possible service portfolio, by the expected profitability of such a portfolio. Thus we obtain the following equation to compute the potential value of customer i.


The above formulae for predicting the potential value of a customer use detailed information about purchase behavior of the different products. When you are solely interested in a customer's potential value itself, and not in the services that determine this potential value, a simple regression model can be used to predict the potential value of a customer. Predictions of potential value can then be based on an Ordinary Least Squares estimate of the following regression model:



From the resulting estimation results you can derive which customer characteristics determine potential value, but not how these characteristics influence the purchases of each type of service. Although this insight is lost, the regression model might still be the more appropriate model for predicting potential value as it is designed to model continuous variables.
The models for predicting potential value can be evaluated using well-known criteria like the Mean Absolute Prediction Error (MAPE). For comparison we also report these measures for the simplest possible prediction of a customer’s potential value, which is the mean potential value in the estimation sample.
When interest is limited to a segmentation of the customer base into a high potential and a low potential segment, a suitable model that can be used is the probit model for segment membership. This method can also be easily generalized for the case with multiple segments with the ordered probit model [10]. The probit model for membership of the high potential value segment is defined as follows, [see also equations (1) to (3)]:






In the empirical application we use a median split to segment the customer base into
two equally sized parts. The estimation results for the probit model for service purchases and the regression model for potential value are also used to segment the customer database into two segments of equal size, at least in the estimation sample.

4. APPLICATION TO THE INSURANCE INDUSTRY
In this section, we present the application of our methodology to an insurance company in the Netherlands. We start with a short description of the data. Then we estimate and evaluate the models for each aspect of behavior we are interested in.

Data
We use data from an insurance company in the Netherlands. This company is a large direct writer and does not use agents. They sell all types of insurance policies, ranging from fire and theft insurances to life insurance. The company aims to have close relationships with their customers and hence possesses a customer database in which information on the purchasing behavior of customers at the company, and some other characteristics, such as age and relationship duration, are stored.
Data on the ownership of different insurance policies were collected by means of a telephone survey among a proportionally stratified sample of about 2300 customers of the insurance company. The bases for stratification are relationship duration, purchase level of insurances and claiming behavior. Using this sampling methodology, we obtain a representative sample on these important characteristics. The survey also includes questions on age, education, household size, income, and home ownership. After deleting cases with missing values we obtained a final sample of 1612 customers. In line with the profile of customers of this company, our sample can be described as representing rather prosperous and well-educated people. A more detailed description of the sample characteristics is given in Appendix A.
Respondents were asked to indicate whether they had effected 12 types of insurance. To check the reliability of the answers, we compared the reported ownership with the available information from the customer database. It turned out that there was not a single case where ownership was not reported, meaning there were no discrepancieswith the customer information file. This indicated that the answers on the ownership questions were reliable.
Table 1 presents ownership rates for each of these 12 insurance types. Because of the confidential nature of our data, we report the insurance types in alphabetical order. The insurance types are: car, damages, disability, funeral, furniture, health, house, liability, legal aid, life, travel, and continuous travel insurance. The reported ownership rates of these insurance types are sorted by ownership rates, so they cannot be linked to the actual insurance types. The numbering introduced here will be used throughout the doctoral dissertation.



Estimation Results
For four insurance types the ownership rates were very close to 100%. To reduce modeling efforts and to save some space, it was assumed that all customers own these four types of insurance. The variation in potential value we wanted to explain therefore results from the remaining eight types of insurance. In order to capture nonlinear effects of the explanatory variables of age, income, and education, we used dummies for the separate classes in our models. The evaluation of the predictions was carried out on a sample that was not used for estimation. We split our sample into an estimation sample with 1000 households. The remaining 612 households were used to validate the models and to evaluate the prediction performance.

Prediction of Purchases
The prediction results for behavior at the lowest level of aggregation, the purchases of each insurance type, are presented in Table 2. All functions are significant (p<0.05), except the one for insurance 11 (p<0.10). We do not report the parameter estimates for the models, but the general conclusion is that socio-demographic variables as well as purchase data from the CIF serve as predictors for ownership. Important sociodemographic predictors are age, income, marital status and the ownership of a house.
Besides for the prediction of potential value, the ownership probabilities that result from the probit models can also be used to target direct mail campaigns for an insurance at customers who are more likely to own this insurance.
For each type of insurance, Table 2 presents the fraction of correct predictions in the validation sample for univariate probits, multivariate probit, and for a naïve model that predicts what is most often observed in the estimation sample. The p values in the table correspond to a test of predictive performance, where significant p values imply dependence between realizations and predictions [8].



From the table it is clear that for each type of insurance the models predict more than 50% correctly and the p values indicate that there are significant relationships between the predictions and the realizations for most insurance types. For some types of insurance the naïve model outperforms both probit models. However, on average, the hit rates for the probit models are substantially higher, with only a small difference between the two probit models. At first sight, it seems remarkable that the more complicated multivariate probit model does not perform better than the univariate probit model. However, the information about the correlations in the multivariate probit model, that is available through the observed insurance portfolio, is also used in the univariate probit models through the dummies of insurance ownership at the company. This already includes all the information in the data about the possible correlations that is available for prediction.

Prediction of Potential Value
The aim of our doctoral dissertationis not to predict ownership rates, but to estimate potential profitability of the customers and to develop CRM strategies, based on these estimates. From the insurance company we have information on the average contribution margins of each insurance type. Combining this information with the predicted ownership probabilities of the probit models, each customer's potential value can be predicted.
Table 3 reports the Mean Absolute Prediction Errors (MAPE) of the predicted potential values from the multivariate probit model and the regression model.The MAPE of a naïve model that always predicts the mean is also reported for comparison. The MAPE for the three models are all very similar (within 0.15%) and better than a model without explanatory variables, which is the naïve model in the table.



The small improvements of our model compared to a naive prediction model for insurance ownership and potential value are to some extent disappointing. From a management perspective, however, the advantage of linking observed characteristics to the observed behavior is that a segmentation of the customer base can be based on the observed characteristics. Such a segmentation can then be used in a decision support system. A segmentation cannot be created with the naive model, as it predicts the same potential value for each customer.

Market Segmentation and Implications
So far, we have discussed the estimation and prediction results for insurance ownership and customer profitability. The remaining question is whether these results can be used to construct a useful segmentation of the customer base.




Our first segmentation is based on potential value only. We distinguish customers with a high and a low potential value using a median split in the estimation sample.
This segmentation is often used in marketing practice (e.g. heavy users vs. low users) [6]. Table 4 presents the average actual potential value for the high and low potential value segment for each model. Also reported in each cell are the number of customers and the standard deviation of potential profit. For reasons of confidentiality we have indexed profits, so average profits are 100. The low value segment has, on average, 4% to 5% lower profit levels, while the high value segment, on average, yields 4% higher profits for the segmentation of the multivariate probit model and the regression model. Surprisingly, the probit model for segment membership does worse in predicting segment membership. This was not expected a priori, as the probit model is specially designed to model binary outcomes. Here the loss of information due to aggregation becomes visible.




In section 2, we discussed a segmentation based on customers' potential value and customer profitability. The results of this segmentation are shown in Table 5 for the customer potential segmentation based on the regression model. The most prominent aspect of the market segmentation for the insurance company under consideration is that it has a large segment of customers with a high potential value, but only a low current value (Segment II, top-left in the matrix). Our analysis identifies this segment as a segment at which one should target up-selling activities, since there are large potential gains in this segment that are not captured by the company. The fact that usually simple and less profitable insurance types are sold by direct writers explains the existence of this large segment.

The information of the customer base segmentation presented in table 5 can be stored in the CIF. This information can be used to direct customer contacts. For example, in call centers management might give customers in attractive segments priority, e.g. shorter waiting times, in the service delivery process compared to the customers in the less attractive segments.

5. DISCUSSION, RESEARCH LIMITATIONS AND FUTURE RESEARCH
Discussion
Our research mainly focused on the modeling of customer potential value. We discussed and compared different statistical methods to model this value: univariate probit, mulitivariate probit and regression analysis. With respect to the modeling of ownership our models perform somewhat better than the naïve model. However, multivariate probit and univariate probit have similar results. Given these results, it appears more appropriate to use univariate probit, as this technique is easily performed in most statistical packages. This technique does not predict very well,though, as only some specific insurance types could be predicted well with our data.
These insurance types, such as legal aid and continuous travel insurances, are typically related to a customer's socio-demographic characteristics. Ownership of other insurance types with less specific characteristics is more difficult to predict.
With respect to the prediction of potential value, regression analysis appears to have the best predictive power. This is also reflected by the fact that when we predict segment membership (that is: low potential value vs. high potential value), regression analysis also appears to predict better than the other methods.
In general, there is no theoretical reason why one of the models should perform better than the other models. Modeling purchase incidence has the advantage that it provides more insight into the services that drive customer potential value, but it also requires the largest amount of modeling. Models for behavior at higher levels of aggregation require less modeling efforts, but they might suffer from the loss of information due to aggregation. This is the case with the probit model for segment membership in our empirical application. Model validation and comparison of predictive performance is therefore of major importance when deciding on which model to use as input in a decision support system.

Research Limitations and Future Research
Our methodology only considers current potential value, whereas ideally a manager prefers information on current and future potential value of customers. To incorporate future potential value, panel information is needed which was not available. In future research, a longitudinal estimation strategy can be developed. Moreover, as with any segmentation, you can think of finer market segmentations. In addition to the proposed segmentation, you might consider responsiveness to up-selling activities as a third characteristic to include in the segmentation. Finally, our model was developed to predict the value of current customers. Future research can develop models that predict the potential value of new customers.




POLICY STATEMENTS
Insurance Companies acknowledgesthat there are risks associated with its activities, where risk is defined as “the chance of things going wrong”.
The Insurance Company recognises the need for, and value of, a comprehensive Risk
Management Strategy, which aims to minimise risk and the consequences – both
financial and non-financial - should anything go wrong.

1.0 Strategy
1.1 Risk Management
An Insurance Company has a duty of care to its tenants and employees, and in respect of its assets. It will meet this duty by ensuring that risk management plays an integral part in the management of the Insurance Company at a strategic and operational level.

1.2 Risk Management Cycle
Tenants First will apply a risk management cycle to identify, analyse control and
monitor the strategic and operational risks it faces. This strategy sets out how this
will be done. The Insurance Company’s internal audit will be responsible for ensuring that the cycle is rigorously applied.

1.3 Raising Awareness
Risk management is an active process that requires co-operation by all managers and
employees. The Insurance Company aims to make all employees aware of these risks
through training and communication.

1.4 Identifying Risks
The Insurance Company will take steps to identify and manage strategic and operational
hazards and the associated risks under the following headings:-

Strategic Operational
Political Professional
Economic Financial
Socio-democratic Legal
Technological Physical
Legislative Contractual
Environmental Technological
Competitive Environmental
Customer/Citizen


1.5 Strategic Risk Assessments
Risk Management will be built on the Insurance Company’s existing management arrangements. Strategic risk assessments will take place, annually, as part of Internal Management Planning and prior to making any decisions about significant changes in the Strategic Policy. It will be considered before new developments are undertaken.
Operational risk assessments will be completed on a cyclical basis depending on the scale of the individual risks. Full operational risk assessment will be undertaken annually in all areas of Insurance Company activity.

1.6 Risk Portfolios
The Insurance Company will develop strategic and operational risk portfolios associated
with the completed risk assessments. These will be used to inform ongoing risk management work.

1.7 Roles and Responsibilities
Roles and responsibilities for risk management are as follows:

1.7.1 The Committee of Management
The Committee of Management will accept overall responsibility for the development, implementation and review of the risk management strategy; and to oversee the effective management of risk by staff of the Insurance Company.

1.7.2 The Chief Executive
The Chief Executive will:
ensure that risk management strategy is implemented on a day to day basis and that risk is managed effectively across the Insurance Company.
develop and maintain the strategic risk portfolio for the Insurance Company.

1.7.3 Managers
Managers will manage risk effectively in their particular area of activity by
completing operational risk assessments and maintaining associated portfolios.

1.7.4 Employees
All employees will manage risk effectively as part of their duties.

1.7.5 Internal Audit
Will ensure that the risk management cycle is being rigorously applied and that risks
are being effectively managed as a result.


1.8 Risk Financing
Risk financing is considered an important element of risk management. The Finance Manager will liase with other managers and staff to determine an appropriate balance between losses to be financed through external insurance cover and self insurance.
Any self insurance will, however, be approved by the Committee of Management after discussion at the Management Team.

1.9 Resourcing the Effective Management of Risk
Tenants First is fully committed to resourcing the effective management of risk.
Resources will allow the raising awareness of risk management; the payment for
insurance and any risks retained; and an implementation of risk control action.

1.10 Working with Tenants and Key Partners
The Insurance Company will work closely with tenants and key partners i.e. Police, Fire and similar officers in completing and updating the strategic and operational risk
assessments.

1.11 Evaluation of Risk Management Strategy
The Risk Management Strategy will be evaluated at least annually to ensure progress
against targets for
Reducing the frequency of damaging events occurring
Reducing the severity of the consequences
These targets will be set out in the risk portfolios.

2.0 Areas of Activity
These should not be regarded as exhaustive.

2.1 Compliance with Legislation
In all its activities, the Insurance Company will aim to comply with legislation, statutory
requirements, codes of practice, its Rules, Scottish Homes’ guidance and all other relevant guidance or “best practice”. The Chief Executive and individual Managers have specific responsibilities for monitoring legislation, guidance, etc and for identifying when action is required by the Insurance Company.

2.2 Committee Control
Committee control is essential for proper risk management. To fulfil its responsibilities and exercise the necessary control over the Insurance Company’s activities, the Committee of Management has established and will regularly review the framework detailed in Annex 1.


2.3 Development
Managing development risk (applicable only where there is a development programme) is a key responsibility, given the large sums of money and the range of potential risks involved.
To maximise funding opportunities, the Insurance Company will only undertake projects
which –
Fulfil its own aims and strategy
Fulfil the strategic priorities of the local Councils and of Scottish Homes ( where
applicable )
Are financially viable in the short, medium and long term
Satisfy the financial criteria of potential lenders ( where applicable )

The measures, which the Insurance Company will implement to manage development risk,are detailed in Annex 2.

2.4 Housing Management
Rental income is the financial life-blood of the Insurance Company, and there are areas
where cumulative risks could have major impact. Poor delivery of services could lead to a loss of reputation, resulting in fewer applications for vacant housing and a loss of rental income. Poor voids management and inadequate follow-up of arrears would result in loss of rental income.
The measures, which the Insurance Company will implement to manage housing management risk, are detailed in Annex 3.

2.5 Housing Maintenance
Failure to ensure that day to day reactive repairs are dealt with promptly will result in much higher repair costs in the future. Failure to ensure that the annual cyclical and planned maintenance programmes are funded and adhered to will lead to significant deterioration in the quality of the building fabric, higher future repair costs, and loss of rental income through the inability to let properties. Failure to comply with the ‘duty of care’ to tenants, through not maintaining a safe environment, could result in damages claims and legal penalties, should accident or injury occur as a result of the Insurance Company’s negligence.
The measures, which the Insurance Company will implement to manage housing
maintenance risk, are detailed in Annex 4.

2.6 Financial Management
While the risks in every area of the Insurance Company’s activities tend to have financial
consequences, and managing risk almost always involves managing financial risk, there are general financial risks which are not specifically related to specialist areas.

The measures, which the Insurance Company will implement to manage general financial
risk, are detailed in Annex 5.

2.7 Loan Procurement
For as long as the Insurance Company continues to develop, it will require private finance in addition to HAG. It also requires to fund the repayment of loans, and will need to manage the risks associated with utilising large capital sums.
The measures the Insurance Company will take to manage private finance risk are detailed in Annex 6.

2.8 Insurances
Part of the Insurance Company’s strategy will be to insure against all relevant risks in
accordance with statutory requirements and professional advice, including the
following:
Employer’s Liability;
Buildings (material damage);
Public Liability;
Engineering (inspection only);
Office and Business Interruption;
Fidelity Guarantee.
Full details are contained in the Annual Report on Insurances.
An annual meeting will be held with the insurance company and/or brokers to ensure
that the Insurance Company’s insurance levels are adequate. Any self insurance will first be approved by the Committee of Management
All tenants are responsible for arranging their own home contents insurance. Tenants
will be reminded of this in, at least, one of the tenant newsletters each year, and the
Insurance Company will endeavour to ensure access to a group scheme for tenant
participation.

2.9 Personnel Issues
Staffing costs are a major part of the Insurance Company’s expenditure. It is, therefore,
important to ensure that new staff appointments are the best available to undertake the
duties; that staff receive the necessary training and development to maximise their
contribution; and that the increasingly complex range of personnel legislation is complied with - to avoid costly compensation claims.
The measures the Insurance Company will take to manage personnel risk are detailed in
Annex 7.

2.10 Equal Opportunities
The Insurance Company is developing and will maintain a detailed and comprehensive Equal Opportunities Policy, which complies with all current anti-discrimination legislation, together with related policies on Recruitment & Selection, Allocations, Appointment of Consultants and Contractors and Disability. Each Policy will be monitored as specified in the text, together with an annual equal opportunities report being made to the Committee of Management.

2.11 Computer Security
Through implementing its Information Technology Policy, the Insurance Company will
minimise the risk of:
breaches of confidentiality of data, by maintaining passwords and access levels;
importing “viruses” resulting in corruption of data.
The Insurance Company recognises the significant reliance placed on IT systems within the Organisation. The loss of these systems and the data held within them would cause extreme problems - administrative and financial. To minimise the risk of such a loss the Insurance Company is in course of compiling a Disaster Recovery Plan to be reviewed annually.

2.12 Fraud
The Insurance Company has minimised the risk of loss through fraudulent activities (internal and external) by implementing detailed policies, procedures and controls.

The Insurance Company will ensure that risks are continually minimised by:
reviewing all policies and procedures on a regular basis - updating procedures
whenever necessary.
arranging appropriate internal and external audit reviews annually. Agreed
recommendations from such audits will be implemented as soon as possible after
agreement.
take immediate action – as set out in its Fraud Policy - in the event of a fraud
being discovered, to prevent any reoccurrence.
maintaining a Fraud Register that is reviewed, at least annually, by the Committee
of Management.

3.0 Implementing the Strategy
a) The Chief Executive and Management Team shall maintain a single strategic risk
portfolio for the Insurance Company.

b) Managers shall maintain the operational risk portfolios for their particular areas
of activity.
c) The risk portfolios will be updated continually as further risk management work is
undertaken.
d) The risk portfolios will take the form of completed matrices of information for
strategic and operational risk.
e) The Chief Executive and Managers must, in close liaison with the Committee of
Management, identify and manage strategic risk in a systematic manner. This will
take place as part of the internal management planning process and in the context
of decisions on development and investment.
f) The first stage of implementing the strategy is the identification of risk. This
should be drawn from the information already held by those managing the Cooperative,
together with the risk experience from outwith the Insurance Company. This
information will inform on the frequency and consequences of risks materialising.
g) After risks and hazards have been identified, their likelihood will be considered,
together with the severity of the consequences. Both of these should be
categorised as low, medium or high occurrence or consequence. The outcome of
the analysis should be recorded in suitable matrices held for each area both
strategic and operational.
h) Once risks have been identified and analysed the Committee of Management
together with the Chief Executive and Managers can decide whether:
They wish to proceed with planned aims
The detail of objectives or targets needs to be refined to take account of the
foreseen risks.
Some form of additional action is necessary to reduce the likelihood of a
damaging event occurring or the severity of the consequences.
i) Operational risks may require the Insurance Company and its managers to supplement
their experience with site visits and discussions with staff and tenants.

4.0 Risk Monitoring
a) After risk control actions have been identified, the Chief Executive or manager
immediately responsible shall ensure:
The implementation of the agreed control action
The effectiveness of the action in controlling risk
The possibility of the risk changing as time goes on and any consequent
adjustment to the control action
b) Risks will be monitored according to their importance i.e. high risks should be
monitored quarterly, medium risks six monthly and low risks at least annually.

c) The Chief Executive and each Manager shall review their particular area of
activity at least annually to reassess risks, taking account of the possibility of any
new risk that may need to be added, analysed and the appropriate control action
taken. The portfolios of operational risks should, where possible, include
indicators which enable the risk to be monitored and reviewed.
d) An appropriate Risk Management Report will be submitted by the Manager
responsible for the area of activity to the Committee of Management or
appropriate Sub Committee at least annually.

5.0 Other Related Policies
Equal Opportunities Policy
Information Technology Policy
Fraud Policy
Financial Regulations
Tenant Participation Policy
Scheme of Delegated Authorities
Use of the Seal Policy
Development Policy
Allocations Policy
Maintenance Policy
Procurement Policy
Treasury Management Policy
Staff Conditions of Service
Recruitment and Selection Policy
REFERENCES

[1] G.A. Antonides and W.F. van Raaij, Consumer Behavior A European
Perspective (John Wiley & Sons, Chichester, 1998)
[2] G.R. Bitran and S.V. Mondschein, A Comparative Analysis of Decision Making
Procedures in the Catalog Sales Industry, European Management Journal 15,
No.2 (1997)
[3] R.C. Blattberg and J. Deighton, Managing Marketing by the Customer Equity
Test, Harvard Business Review 75, No. 4 (1996)
[4] J.R. Bult and T. Wansbeek, Optimal Selection for Direct Mail, Marketing
Science 14, No. 4 (1995)
[5] S. Chib and Greenberg, E. (1998) Analysis of multivariate probit models,
Biometrika 82, No. 2 (1998)
[6] J.F. Engel, R.D. Blackwell and P.W. Miniard, Consumer Behavior (The Dryden
Press, Forth Worth, 1995)
[7] S. Fournier, S. Dobscha and D.G. Mick, Preventing the Premature Death of
Relationship Marketing, Harvard Business Review 76, No. 1 (1998)
[8] P.H. Franses, A Test for the Hit Rate in Binary Response Models, International
Journal of Market Research 42, No. 2 (2000)
[9] A.W.H. Grant and L.A. Schlesinger, Realize Your Customers Full Profit
Potential, Harvard Business Review 73, No. 5 (September-October, 1995)
[10] W.H. Greene, Econometric Analysis, 3rd edition (Prentice Hall, New Jersey,
1997)
[11] J.R. Hauser and G.L. Urban, The Value Priority Hypotheses for Consumer
Budget Plans, Journal of Consumer Research 12, No. 4 (1986)
[12] J.L. Hesket, W.E. Sasser and L.A. Schlesinger, The Service Profit Chain (Free
Press, New York, 1997)
[13] J.C. Hoekstra and K.R.E. Huizingh, The Lifetime Value Concept in Customer
Based Marketing, Journal of Market Focused Management 3, No. 3/4 (1999)
[14] W.A. Kamakura, S.N. Ramaswami and R.K. Srivastava, Applying Latent Trait
Analysis in the Evaluation of Prospects for Cross-selling of Financial Services,
International Journal of Research in Marketing 8, No. 4 (1991)
[15] B.D. Kim and S.O. Kim, Measuring Upselling Potential of Life Insurance
Customers: Application of Stochastic Frontier Model, Journal of Interactive
Marketing 13, No. 4 (1999)
[16] R.M. Morgan and S.D. Hunt, The Commitment-Trust Theory of Relationship
Marketing, Journal of Marketing 58, No. 3 (July, 1994)
[17] D. Peppers and M. Rogers, The One to One Manager: Real-World Lessons in
Customer Relationship Management (Doubleday, New York, 1999)
[18] F.F. Reichheld, Loyalty Based Management (Harvard Business School Press,
Boston, 1996)
[19] R.T. Rust, V.A. Zeithaml and K. Lemon, Driving Customer Equity: How
Customer Lifetime Value is Reshaping Corporate Strategy (The Free Press,
New York, 2000)
[20] D.C. Schmittlein and R.A. Peterson, Customer Base Analysis: An Industrial
Purchase Process Application, Marketing Science 13, No. 1 (1994)
[21] P.N. Spring, P.C. Verhoef, J.C. Hoekstra and P.S.H. Leeflang, The Commercial
Use of Segmentation and Predictive Modeling Techniques for Database
Marketing, Working Doctoral dissertation(University of Groningen, 2000)
[22] V.A. Zeithaml, Service Quality, Profitability and the Economic Worth of
Customers, Journal of the Academy of Marketing Science 28, No. 1 (2000)



Annex 1 - Risk Management Strategy - Committee Control
a) Through the development of Social Inclusion Strategies, Tenant Participation and
Customer Care policies, to ensure, as far as possible, that Committee Members
represent tenants' interests and remain aware of issues in the wider local
community.
b) Undertake a review of the Committee of Management's composition, skills,
experience and training at least every year, and arrange to fill any gaps identified
in the most appropriate way e.g. co-option, specific training.
c) Maintain a relevant Committee structure with a detailed Scheme of Delegation to
Tenant Management Boards, Sub Committees and senior managers. Ensure
Committees have clear remits and standing orders. Review the structure, remits
etc annually.
d) Have clear aims and objectives with a specific strategy to achieve them. Review
progress with the strategy annually. Review the aims and objectives at least every
three years.
e) Ensure that all contract deeds and legal documents are properly signed and that all
Committee and staff members are aware of the terms of the Use of the Seal
Policy.
f) Ensure that Committee meetings are well conducted, including:
agenda papers issued at least 1 week before the meeting;
agenda items clearly identified as either for information or requiring a decision;
sufficient time given at all meetings to discuss and consider the implications of all
major items requiring a decision.
review of effectiveness of meeting.
g) Ensure that members of the Committee of Management participate in the detailed
preparation of the annual Strategy and Development Funding Plan, Internal
Management Plan and Budget, including targets and performance standards.
h) Appoint staff with the required skills and experience and ensure the staffing
structure is reviewed at least annually. Ensure that:
salary levels reflect the responsibilities of each post;
clear objectives and performance standards are set;
regular supervision sessions are undertaken for all staff;
ongoing staff training is provided.
i) Maintain a comprehensive range of policies and procedures requiring specific
monitoring reports to Sub Committees and/or Committee of Management,
together with a regular policy review cycle.
Tenants First Housing Insurance Company
Risk Management Policy 12
j) Ensure that the potential for conflict of interest is eliminated and that the good
reputation of the Insurance Company is maintained through adherence to the Committee
Code of Conduct and principles of good "governance".
k) Ensure Committee and staff members adhere to the policy on acceptance of
business gifts and benefits
l) Ensure that suitable internal controls are in place and reviewed on a regular basis
through regular reporting, internal audit and external audit.

Annex 2 - Risk Management Strategy - Development
a) Undertake an appraisal of each potential project, including financial and risk
appraisal examining long-term as well as short-term risks, and where appropriate
incorporating "sensitivity analysis". Where required, undertake site surveys
and/or structural surveys before deciding whether to proceed with a project.
b) Review the assumptions on which appraisals are based regularly, and at least
annually. Such assumptions should not be materially different from assumptions
used in preparing the Insurance Company's budget and Internal Management Plan.
c) At every stage in the development process, ensure that all relevant approvals are
obtained and that all current guidance and procedures (e.g. Scottish Homes
guidance on procurement) are followed by staff, through quarterly reports to the
Committee of Management.
d) So far as is possible ensure that the proposed mix of properties in each project,
including any "special needs" or shared ownership properties, reflects the known
needs, to minimise letting difficulties and potential loss of income.
e) Define clearly through specific policies and procedures those matters delegated to
staff for decision. In particular ensure adherence to the following, either through
reports to the Committee of Management or the submission of specific matters for
decision:
policy on Approved Lists of Consultants and Contractors;
policy on Appointment of Consultants and Contractors;
policy on the Signing and Witnessing of Documents;
Design Criteria and Standard Specification;
Scottish Homes Development Procedures Manual and related guidance;
Construction (Design and Management) Regulations 1995.
f) Maintain a detailed high-quality Design Criteria and Standard Specification from
which the design brief for each project is drawn, to ensure a high quality of
design, maximise the "popularity" of each project and minimise letting difficulties
and loss of rental income. Review the Criteria and Standard Specification at least
every three years, ensuring the full involvement of Housing Management and
Maintenance staff.
g) Ensure the appointment of competent consultants and contractors both through the
"vetting" process of Approved Lists and the policy on appointments.
h) Ensure that the responsibilities of the consultants for supervising the contractors
are clearly defined.
i) Ensure that all tender documents are comprehensive, detailed and unambiguous,
so that the contractor's responsibilities are clearly defined.
j) Ensure that all consultants and contractors have necessary insurances before
confirmation of any appointment. Ensure that insurance details are confirmed
every year as part of the annual review of contractors and consultants.

Annex 3 - Risk Management Strategy - Housing Management
a) Ensure adherence to the Allocations Policy which meets current guidance, is fair,
well publicised and supported by a detailed Tenancy Agreement and a
comprehensive range of estate management policies and internal procedures.
b) All properties for rent to be Membership Tenancies with a comprehensive Rent
Policy complying with Scottish Homes guidance and stock transfer conditions.
c) Maintain the attractiveness of estates to assist in lettings, through regular
inspections by staff, estate maintenance policies and stair cleaning services in
blocks of flats.
d) Regular monitoring of rent arrears, including early intervention where tenants are
experiencing arrears difficulties and the provision of advice to ensure that tenants
are maximising their entitlement to housing and other benefits.
e) Regular monitoring of voids, including close liaison with local Councils regarding
nominations and internally between Housing Management and Maintenance staff
to minimise void times.
f) Where "special needs" tenants require support from specialised agencies, establish
management or lease agreements specifying the levels of support.
g) Establish targets for allocations, arrears, voids, access (equal opportunities) and
report through reports to Management Team and Tenant Management Boards.

Annex 4 - Risk Mangement Strategy - Housing Maintenance
a) Establish and implement a comprehensive reactive maintenance policy and
procedures including the awarding of maintenance contracts to approved
contractors.
b) Ensure that the annual cyclical and planned maintenance programmes, as required
by property inspections, are completed by due dates.
c) Establish a high quality Design Guide for major improvements, from which the
brief for each project is drawn. Review the Guide at least every 3 years.
d) Ensure the appointment of competent consultants where required due to the size of
the project, and of contractors from the approved lists through the vetting process
and through adherence to the policy on procurement.
e) Ensure the responsibilities of consultants and supervising contractors are clearly
defined and all have the necessary insurances before confirmation of appointment.
f) Ensure that all tender documents are comprehensive, detailed and unambiguous,
so that the contractor's responsibilities are clearly defined and to minimise the risk
of increased works costs.
g) Implement the results of the Whole Life Costing system, undertake bi-annual
property inspections, and ensure any revised costings are input to budget
spreadsheets.
h) Ensure effective supervision of each project through regular reports and meetings,
including progress and cost reports as appropriate.
i) Identify repairs for which the Insurance Company is not responsible and report to the
Finance Section to reclaim the cost from the tenant.
j) Monitor tenant satisfaction through periodic surveys and return of "satisfaction
slips".
k) Minimise the risk of liquidation or early contract termination through establishing
the viability of contractors invited to tender and retaining a proportion of each
authorised payment to the contractor until the defects liability period is completed.
l) Where appropriate establish, as part of the contract arrangements, effective defects
period procedures and ensure these are adhered to.
m) Where appropriate establish, as part of the contract arrangements, and in
association with the Housing Manager, effective hand-over procedures to
minimise the time required for letting and potential loss of rental income.
Tenants First Housing Insurance Company
Risk Management Policy 17
n) Ensure all activities are carried out in accordance with current legislation, Cooperative
policies and procedures.

Annex 5 - Risk Management Strategy - Financial Management
a) Maintain clear financial policies and procedures ensuring separation of duties and
requiring all expenditure to be authorised at an appropriate level.
b) Operate an annual business planning cycle incorporating the production of a
Strategy and Development Funding Plan, Business Plan, Annual Budget and 3-5
year financial forecast, with involvement of Committee Members and Managers
in the detailed preparation.
c) Ensure that the annual budget cashflow forecast and balance sheet are approved
by the Committee of Management before the start of each financial year.
d) Monitor financial performance against budget through monthly reports to the
Management Team and quarterly reports to the Committee of Management.
Monitor performance against cashflow quarterly. Material variances must be
highlighted to the Management Team and the Committee of Management for
approval.
e) Review at least annually the implications and potential risks of any changes to the
financial arrangements that affect Housing Insurance Companys.
f) Ensure that individual responsibility for budgets and expenditure is clearly
specified and delegated, including appropriate references in Job Descriptions,
Action Plans and regular review as part of the staff appraisal process.
g) Ensure that appropriate arrangements are in place for identifying and reporting
any immediate problems or trends which may pose problems and that staff are
aware of their responsibilities for reporting such matters.
h) Maintain a comprehensive Treasury Management Policy, including annual targets,
and monitored by regular reports to the Committee of Management.
i) Ensure that the financial implications are assessed as part of any review of future
strategy or of overall aims and objectives where appropriate.
j) Ensure that detailed policies and procedures on Banking, Payroll and Petty Cash
are reviewed periodically and all amendments implemented.
Annex 6 - Risk Management Strategy - Loan Procurement
a) As part of the initial appraisal of each project, estimate the future costs of the loan
required and ensure that these can be incorporated into future budgets without
significant rent increases or other negative financial results.
b) Negotiate conventional mortgage arrangements in preference to "low start"
finance, to build up reserves in the medium to long term while avoiding any
significant impact on rent levels.
c) Ensure that proper procedures as to the procurement of private finance are adhered
to at all times.
d) Borrow from more than one lender.
e) Maintain a loan portfolio balanced between fixed and variable interest rates as
detailed in the Treasury Management Policy.
f) Retain the ability to renegotiate loans and/or to refinance them over a longer
period if necessary.
g) Ensure that loan facilities are in place prior to commencement of development
work to which the loan relates.
h) Commence the process of negotiating and agreeing each loan sufficiently in
advance of the date it will be required so as to avoid costly short-term borrowing.
i) Report quarterly to the Committee of Management on borrowing/investing, six
monthly on the loan portfolio and annually on adherence to the Treasury
Management Policy.
j) Maintain a reserve of unsecured property if possible or of cash which may be
offered as additional security if required.
k) Ensure that specialist legal and financial advice is obtained when required.
Annex 7 - Risk Management Strategy - Personnel
a) Review future staffing levels and structure annually, projecting forward three
years. Incorporate staffing projections into three year financial forecasts.
b) Ensure all new posts and changes to grades are approved by the Committee of
Management.
c) Maintain a comprehensive Policy and Procedure on Recruitment and Selection
ensuring that these comply with all current legislation.
d) Maintain comprehensive policies and procedures covering all major areas of
personnel practice including Induction, Appraisal, Absence Management,
Training and Development, Discipline, Appeals and Grievance, together with
Statements of Terms and Conditions of Employment which comply with current
legislation.
e) Ensure that the Insurance Company receives up to date advice on all aspects of personnel
legislation, codes of practice etc, through liaison with ACAS, membership of and
subscription to professional publications.
f) Promote "good practice" in all areas of work, setting and reviewing annual
objectives, establishing annual training budgets and identifying appropriate
training opportunities.
g) Minimise the risk of "misinformation" by establishing regular departmental and
company staff meetings.
Αναρτήθηκε από στις Δεν υπάρχουν σχόλια:
Εγγραφή σε: Αναρτήσεις (Atom)