Dave Duden and Dave O'Neil look at the current state of risk management information systems.

These days, risk management information systems (RMIS) are following form with both the risk management industry and society in general, displaying simple RMIS Darwinism. Rapid advances in technology, and catastrophic events previously unheard of are now reality. When was the last time you were involved in a conversation that started, "Well, before September 11...?" Just like the rest of the world, the RMIS industry has gone through recent disasters and seen a technological light at the end of the tunnel.

Obviously, risk managers - and, in turn, the RMIS industry - are exposed to the world at large. It simply makes sense that the end result of today's environment is a new bag of technological tools and a fresh set of expectations from key stakeholders. These adjustments are manifest in vendor products and also in the expectations of the risk management community at large.

Advances in the RMIS sector
If there is one technological breakthrough that has not been over-hyped, it is the internet. By now, everyone knows how important the internet is, and it is in no way overstating the case to say that the future of information truly is based on the internet. RMIS software is positioned to maximise on this.

The internet has changed RMIS - and will continue to change the systems - in two primary respects. The first is the general acceptance of the internet. Wide-ranging public access and apparent advantages of being `on the net' are becoming increasingly obvious to us all. Customers, partners and competitors are leveraging the internet like never before, and RMIS simply follows suit. The second factor that is pressing RMIS onto the internet is an economic benefit. Pulling and pushing electronic data is a highly efficient, productive and interactive process when compared to the old silo-based approach of hard copy reports. The dynamic and accessible nature of the internet makes sense from both the top and bottom lines. It means faster, cheaper information at the tap of a keyboard, click of a mouse, or even in response to your voice. This trend will continue to be mainstream, vendors know this and are all putting intranet capabilities into their strategic developments for the future.

As a result of the fast and efficient access the internet affords, the concept of application service providers (ASPs) has emerged. ASPs are internet-delivered software products that are outsourced from a vendor for the end user, who pays a utilisation price. This ability to `rent' software has radically changed the field of players and options for risk managers. Barriers to entry and the ability to pick and choose specific, pertinent modules have made the industry much more agile and mobile when it comes to facing what risk managers require. For the RMIS customer, this means greater efficiencies and the distinct ability to focus on the information, not the application. Data with fewer problems result in a more efficient and productive solution, and the end result is a focus on the risk work at hand. All work and no software headaches make the risk manager a happy customer.

According to Moore's Law, computer processing power doubles every 18 months. Although more of a rule of thumb than a law, Gordon Moore, founder of chipmaker Intel, was highly accurate with his prediction. With the advent of cheaper storage capacity and higher processing power has come the ability to retain significant risk information at a fraction of the cost. The ability to access vast amounts of data at such an inexpensive rate is a huge win-win for organisations, particularly for the risk manager. Data translates into identifiable, advanced risk trends and exposures previously untracked by the risk manager. Further, the risk manager now has the ability to monitor and act upon the trends with superior acumen, giving a broader picture of risk and factors that could deeply affect an organisation. Risk managers now have the potent ability to give more precise calculations and determinations of frequencies, severities of exposures and losses at an exceptionally cheap price.

The technology needed to tie incongruent data sources together is growing by leaps and bounds and XML (extensible mark up language) technology and proficient electronic data transfer (EDI) are becoming the norm. Data standards are making disparate systems talk with relative ease. Just as it becomes cheaper and easier to compute and store information, it is also easier to tie information together. This is where RMIS gets powerful expansive capability. Establishing new information paths creates an enhanced, integrated information web for the risk manager to easily tap into. Data such as payroll from a human resources information system and time lost due to injury, for example, can be seamlessly merged into a risk management information system. This combination of previously independent variables yields a novel relation and can help report relevant exposures and reactions. Variables can be further tracked and traced by results-driven metrics, or data modeling with predictive value. The data is there; it is increasingly becoming limited only by one's creativity.

Current system integration
Vendors are realising the market for wholesale enterprise-wide software projects is quickly drying up. Corporate budgets have shrunk, some vendor promises have been broken and the customer is very wary. This means that instead of starting from scratch with a large budget, companies want to put an integrated solution into play. The new mantra is often, "Use the old mainframe and help stitch together a solution with bale wire." This creates a situation where software must deal with and harmoniously co-exist with on-hand infrastructure in an economic mode. The use of portals, data aggregators and user interfaces allows companies to preserve their investments, but still grow technologically. Instead of large-scale change, RMIS projects get pointed and connected, keeping project costs lean and efficient, but still allowing for innovation and growth for the risk manager. It has become a more flexible and cost-effective approach to software solutions.

Data mining/modeling
The advances in software and technology have provided a means to analyse risk and the severity of risk, predict potential claims costs and detect subrogation opportunities or fraud as soon as a claim is filed. No longer do you have to wait for a claim to develop in its lifecycle before subrogation or fraud potential becomes evident, or identify claims that may benefit most from case management, or the potential duration of a claim, or define thresholds for risk, risk classes and business units. Banks, retailers, telecommunications organisations, credit card companies, international intelligence and law enforcement agencies also use this technology.

Intelligent decision-making software assists in reducing losses, increases operating efficiencies and enables multiple types of risk assessment methodologies. Use of key data elements within a claim or risk management system assists in the production of detailed characterisations. The technology automatically reviews characteristics and identifies differences between objects. The data mining/modeling technology completes processing of inputs and produces scores and explanations. This technology eliminates manual and/or subjective analysis and ensures the use of a uniform approach throughout the organisation and business model.

In wake of September 11, the risk management community had never been under such close scrutiny. Since then, the pressure for fast and accurate information has grown as the burden of potential disasters weighs heavier than ever. Forecasting, exposure tracking and cost management are not merely the buzzwords of today's risk management departments, they are becoming mandates. The profound new role of the risk manager requires sharper tools. For the risk manager, is to balance organisational needs and scarce risk management resources.

Return on investment
One big push is for return on investment (ROI) for RMIS. ROI is becoming a basis on which many technology purchases are made across an organisation. Corporate leaders are not willing to experiment and wait for results. Instead, they want a proven product with a quick payback on dollars spent. A demonstrable result of a new or improved RMIS is a must.

Previously mentioned advances in technology are part of the vendor solution, but the reality is the vendor must be able to deliver. Advances in risk identification, risk analysis tools and total cost to purchase are all on the minds of the risk manager. There must be proven business case for purchases in such anxious economic times. Many of the RMIS advantages come about with greater efficiencies in workflow, or data aggregation. Often, however a deeper dollar value is expected when an RMIS solution is evaluated.

After ROI, risk managers also want software implementation schedules that mean results. Guaranteed up-and-running systems are necessary to continue business operations. As the operations are critical, so become the tools to run with. The cry of "lead, follow or get out of the way" is on everyone's mind. If the RMIS is not up to speed in form, function and follow through, it will be bypassed. The amount of downtime needs to be minimised and the day-to-day business must not suffer. After all, risk managers want a new tool, not a new job.

Just as poor implementation is a turn off, so is poor service. Many risk managers ask, "How is the vendor going to help me succeed?" The professional services side of technology is often overlooked by many vendors and this not what risk managers want to see. Heavy training, an easy learning curve, and flexible call centre help are all hallmarks of success measured by today's risk managers. The risk manager wants to be at ease with the system and its future. Staff need adequate training and preparation and when an issue arises there better be someone on the other end of the freephone number. This service attention is a partnership approach. Risk managers want service and they want it now.

Risk managers deal with multiple layers of confidential information. Security consciousness is paramount. Any breach of security is an obvious black eye, or potential lawsuit. Risk managers need to have the confidence that their system has safekeeping built in. Unfriendly hacker denial is a must.

Along with the need for safe and secure data, risk managers need normalised and reliable data. Scrubbing and putting old data into the new RMIS is a low glamour, but a quintessential affair. Data conversions that are reliable are the only acceptable situation.

In the end, technological growth and business expectations in our current environment are forcing extra-responsive RMIS and implementations. It is simple RMIS Darwinism.

By Dave Duden and Dave O'Neil
Dave Duden is national risk and insurance technology practice leader, based in Hartford, and Dave O'Neil is risk and insurance technology manager, based in Boston, of Deloitte and Touche RMIS/LabTM. The authors may be reached at www.rmislab.com .